The EU General Data Protection Regulation has enter in force on May 25th 2018. For a matter of transparency, you will find bellow the roadmap Kwanko followed to comply.
Kwanko gathered a group of stakeholders to audit all personal data processed for its activity.
The result of the work is a personal data mapping, with for each personal data, the following information :
As an example, the mapping went through the followings: cookie tracking, event tracking, our PartnerTag technology, our email de-duplication tool, all our lead generation products…
Each time, we have paid a specific care to Kwanko’s role and the legal basis of the processing.
This mapping allowed us to build our Record of processing operations.
Kwanko built some training courses via its internal dedicated tool to grow the awareness of its team on the topic. The training courses will be extended in time.
In addition, we reviewed some internal procedures to make sure all personal data is processed with the required confidentiality.
Finally, we reviewed our internal regulation.
Kwanko has updated its Publishers and Advertisers Terms & Conditions on the light of GDPR.
Kwanko designed a Data Protection Addendum (DPA) for our advertisers, in particular, to bring their attention on their Data Controller role.
Kwanko nominated a DPO, you can reach him on: firstname.lastname@example.org
Kwanko will be waiting for the final version of the ePrivacy regulation (especially for all which concerns web navigation data).
Kwanko ambitions to create a long-term relationship based on confidence with its clients. The new EU General Data Protection Regulation is an opportunity Kwanko has grasped to 1/ prove its total transparency towards its clients and 2/ proactively help its clients to accompany them if the new legal framework.
Overall, we should always keep in mind that GDPR’s goal is to bring a better experience and more confidence to users, who are your clients and who allow, you as much as us, to keep on doing our business. More confidence of the users in the digital advertising ecosystem will benefit all.
In the GDPR framework, Kwanko acts as a Data Processor, letting its clients be the Data Controller being able to decide freely on the means and purpose of the processing operations Kwanko executes on its behalf.
As of July 2018, the last update of this post, we do not pronounce ourselves on the impact of the upcoming e-Privacy directive. We are following advancement on the text but will be waiting for the final versions which may differ from an EU country to the other.
For CPM and CPC campaigns, GDPR doesn’t have any impact worth to notice as no Personally Identifiable Information (PII) is at stake. The e-Privacy directive and consent rules on cookies usage will have a much bigger impact on these type of campaigns.
For CPL campaigns, Kwanko’s role, as a Data Processor and in regard of the processing means and purpose set by the client, is to collect, store, transfer and/or track a lead for the client.
Leads are collected by the publisher, for its ‘partners’. Consent collection is thus the publisher’s responsibility. Kwanko’s role, as Data Processor, is to organize the lead transfer to the client in a secure environment, either by API or by SFTP. In addition, Kwanko collects and stores the lead as a unique sale id for a legal purpose.
The following rule is compulsory to follow :
For CPA campaigns, Kwanko’s role is to track events in order bring back together a sale and an ad displayed on Kwanko’s network. These tracking means can use PII as an email address or an IP address. In addition, Kwanko must store a unique sale id. This unique sale id can be a PII, for which Kwanko does not proceed to any other operation than the collect and the storage to respect its contractual, legal and fiscal obligations.
For retargeting campaigns, Kwanko uses its PartnerTag which allow its publisher network to access to the content of pages the user is visiting. Kwanko never has access to this data, so, a fortiori, neither collects or stores this data (data goes straight from the user browser to the publisher).
To assess the impact GDPR will have on the PartnerTag, we are waiting for the final version of the future ePrivacy directive (which may change from an EU country to the other), which will regulate cookie-based retargeting technologies by making the consent to such retargeting compulsory.
As part of our publisher’s network, we consider you first and foremost as a partner. This is why we think that together, GDPR can become more an opportunity rather than an obstacle.
First, lets not forget that GDPR’s goal is to offer a better experience and build more trust to our users, who, at the end of the day, allow you like us to grow our business. We believe that if users have more trust in publishers and advertisers, the regulation will have an overall positive impact.
By being relevant and transparent, we will be, together, on our way to compliance.
3 concrete examples:
|GDPR impact||What it means||What does Kwanko do about it|
|Definition of roles||Publishers are Data Controller for all data collected and transferred to Kwanko or its advertisers. That means that publishers are responsible of the legal basis of the processing of all personal data, whatsoever its form (argsite, email, phone number…). Kwanko is the Data Processor, as a supplier of technical means.||Kwanko has updated its Terms & Conditions and brings its help to publishers, for instance with this web page.|
|Consent||Publishers, as Data Controllers, have the obligation to collect the consent of users for each given processing, and according to GDPR guidelines.
||Kwanko has updated its Terms & Conditions and brings its help to publishers, for instance with this web page.|
|Minimization||Together, the publisher and Kwanko, commit in collecting, storing and processing only the personal data necessary for the final purpose, as well as storing personal data only the time necessary for the given purpose.||While mapping its personal data, Kwanko went through all of them to define the maximum storing time.|
|User Rights||Together, the publisher and Kwanko commit themselves in offering the right “to access” and “to be forbidden” to all users who would make the demand. Also, we commit in facilitating the fulfillment of the demand.||Kwanko is simplifying the process of demand for access, transfer, modification or deletion of a user personal data.|
|Safety||Together, the publisher and Kwanko commit in offering a secured environment for the collection, transmission and storage of all personal data they process.
Example : pseudonymization by an MD5 hash will support the security of a personal data (ex : email) transmission.
|Kwanko has set up internal process to make sure all its team is aware of the confidentiality required by processing personal data.
Kwanko designed a Security Policy.
To have access to, modify, delete or transfer to personal information we may have on you, please do the request using the following form: