Since it came into effect in 2018, the General Data Protection Regulation (GDPR), has been a hot topic in the marketing world. Here we will explain what GDPR is and how EXADS ensures that you are compliant when using our ad serving platform.
The General Data Protection Regulation (GDPR) is a data privacy and security law implemented by the European Union (EU), that regulates the way in which data related to people in the EU is collected, processed and used.
Therefore, even organizations that are not EU based but are offering their services and products in the EU space or collect personal information from EU citizens, need to be GDPR compliant.
In a nutshell, GDPR aligns the data protection laws across all EU member states, reinforces the individual’s right to privacy and protection of personal data, and penalizes any breaches.
Personal data: Any information that can directly or indirectly identify an individual. Examples: names, IP, email addresses, location information, ethnicity, gender, bank details, web cookies, etc.
Data processing: Any action taken regarding data, such as: using, collecting, recording, erasing, storing, disclosing, etc.
Data controller: The person/organization that decides why data is collected and how it will be processed.
Data processor: The person or organization that processes the data on behalf of the data controller.
Lawfulness, fairness and transparency: data must be processed in a lawful, fair and transparent manner to the data subject.
Purpose limitation: data must be collected and processed for specified, explicit and legitimate purposes.
Data minimization: data collected and processed must be kept to the minimum required for the purposes specified.
Accuracy: data acquired must be kept accurate and up to date.
Storage limitation: data must be deleted once it is no longer necessary for the purposes that it has been collected for.
Integrity and confidentiality: data must be processed in a secure way, using appropriate technical or organizational measures.
Accountability: the data controller is responsible and accountable for the compliance to all above mentioned principles.
GDPR defines consent as “Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
The GDPR-defined “unambiguous” consent is required to read or write any information, such as cookies, to or from a consumer’s device. Legitimate interest, however, allows us to process and retain personal data collected via those cookies.
EXADS participates in the IAB Europe Transparency & Consent Framework (“TCF”) and complies with its Specifications and Policies. EXADS’s identification number within the framework is 1084.
As EXADS has implemented the TCF, it contributes to make us GDPR compliant when participating, as Data Processor, in the delivery of digital advertising. Our clients can rest assured that we are constantly monitoring the evolving guidance and legislation.
Under the TCF, EXADS and its clients can gather data on the legal bases of “Consent” and “Legitimate Interest”, when applicable.
“Consent” is required for the following purposes:
Data is gathered on the basis of “Legitimate Interest” for the following purposes:
Regarding the legitimate interest, it is important to point out that since EXADS participates as a Data Processor (Ad Server) and does not make decisions about the use of limited data to select advertising or measure ad performance, among other TCF purposes, our clients do so as Data Controllers (Ad Networks). Therefore, those who must manifest their legitimate interest in selecting and measuring ads, or other purposes related, are EXADS´ clients. To this end, a full explanation of the purposes that embrace the legitimate interest can be found on IAB Europe Transparency & Consent Framework Policies.
At EXADS we embedded a privacy-conscious culture. This is why all of our innovations consider privacy from the initial design stage, all the way to development and implementation.
By prioritizing privacy we minimize the risks of non-compliance whenever we release a new product or process. EXADS is committed to following the 7 Principles of Privacy by Design: