The General Data Protection Regulation (GDPR) is imminent – companies must have implemented the legal requirements of the GDPR for the processing of personal data by 25 May 2018. The effects of this continue to cause a great deal of unrest. We as ADITION can announce in the run-up to the GDPR that we are “GDPR ready”!

However, this is not the end of the story. Various changes also have to be made on the customer side, which is why we would like to highlight some information on our GDPR implementations here:

Technical Implementations

Site operators should make sure that they offer their own, customer-specific OptIn/Out for their ADITION network on their disclaimer pages and inform the end user in detail about the purposes for which the ADITION adserving technology is used.

On Tuesday, May 15th, we will publish another release. You will then find your individual network-specific OptIn/Out tags at /NetworkSettings/Privacy.

It should also be noted that the links previously used by OBA will cover the requirements of the GDPR from 25 May.

For questions regarding network specific OptIn/Out, please contact the ADITION-Support.

More Information

Allowance of the DoNotTrack-Headers within a request

  • If a DoNotTrack Header (DNT=1) is included in the request, all cookies except the OptOut cookie will be deleted.
  • There is no access to user-related data.

Uniform handling of OptOut variants in the request

  • The use of a DoNoTrack header (DNT=1) or an OptOut means that user-related data is no longer accessed. For all OptOut variants, frequency capping is not supported.

Since the networks stored in the ADITION GUI may contain personal data, e.g. for sending auto-reports, we offer our customers the option of storing a password policy for the respective network.

This password policy includes …

  • the complexity of the password
  • the reusability of the password
  • the period of validity of the password
  • the minimum length of the password
  • the restriction to IP areas from which a login to ADITION can be made (optional)

The password policy settings can only be activated via the ADITION-Support.

The AdSDK has been enhanced with the following functions:

  • Transfer of an OptOut parameter through the app to the AdSDK, for signalling the OptOut status on the part of the publisher/app operator.
  • Allowance of theDoNotTrack settings of the operating system.

Due to possible deletion instructions for CookieIDs, conversion reports containing them will be automatically deleted one month after creation. Reports can be recreated at any time, which sets a new deadline. It is also possible to export reports and save them locally.

Note: This provision does not apply to reports that were prepared before the GDPR came into force.

More Information and Measures

Individual instructions for deletion or information of stored user data can be ordered by the ADITION client via via the email address datenschutz@adition.com

The following information is required for the order:

The following point “Data Privacy Workflow” explains how the data protection workflow looks in detail.

An overview of ADITION’s data privacy workflow can be found here:

(Zum Vergrößern Schaubild bitte anklicken)

As a technical service provider, ADITION processes personal data such as IP addresses and identifiers (cookies) on behalf of its customers, for which the conclusion of an Personal Data Processing Agreement in accordance with article 28 EU GDPR is required.

Not: Anyone who has so far failed to sign a corresponding Personal Data Processing Agreement should do so as soon as possible, because: The responsibility for the permissibility of data processing does not lie with ADITION, but with you as a customer. A missing Personal Data Processing Agreement leads to inadmissibility of data processing. This can lead to measures by the supervisory authority, fines or claims by affected users, etc.

Launched on 24 April 2018, IAB Europe’s GDPR Transparency & Consent Framework (Framework) has a simple objective – to help all parties in the digital advertising chain ensure that they comply with the EU’s General Data Protection Regulation when processing personal data or accessing non-personal or personal data on user devices.

The Framework is particularly relevant for “first parties”, publishers and other suppliers of online services, who partner with “third parties” to enable those third parties to process user data on one of the legal bases laid down by the Regulation. The Framework standardises the capture of user consent for data processing and “signals” this information across the advertising supply chain. It is open-source, not-for-profit with consensus based industry governance led by IAB Europe with significant support from industry parties and technical support from IAB Tech Lab.

A key piece of the Framework is a unique registry of third-party data controllers, a Global Vendor List, on whose behalf consent may be requested by the first parties that have the direct interface with users.

Both ADITION and the other companies of the European Full Tech Stacks by virtual minds are already registered for the framework or are currently in the registration process.

Further information on the IAB Transparency & Consent Framework is available at advertisingconsent.eu.

We would like to emphasize that ADITION does not provide any legal advice. This must be done through an appropriate lawyer and/or data protection officer.