Home » GDPR Overview and Guidance

GDPR Overview and Guidance

Guidance to help publishers comply with the GDPR

ExoClick commits to comply with the European Union’s General Data Protection Regulation (GDPR), which applies to users in the European Economic Area (EEA) and the UK.

Controller Responsibilities

Both you and ExoClick operate as joint controllers of personal data for specific purposes. We operate as a controller because we regularly make decisions on the data to deliver and improve the product. For example, testing ad-serving algorithms, monitoring end-user latency, and ensuring the accuracy of our systems. Additionally, we use data to deliver relevant and high-performing ads.

The designation of ExoClick’s publisher websites as controller does not give ExoClick any additional rights over data derived from a publisher’s use of those websites. ExoClick’s uses of data continue to be controlled by the terms of its contract with its publishers, and any feature-specific settings chosen by a publisher through the user interface of our products.

We are asking that you seek consent for your use of our ad products on your properties.

Processor Features

ExoClick operates as a data processor for some features. As such, ExoClick only processes data on behalf of, and on the instruction of, relevant publishers.

Consent Support

It exists a range of tools that help you with gathering user consent across your websites. At ExoClick, we recommend our publishers to use a Consent Management Platform (CMP) that has integrated with the IAB’s Transparency and Consent Framework (TCF) when serving ads to users in the European Economic Area or the UK. Find more details on how to integrate TCF.

Comply with EU User Consent Policy

Under our EU User Consent Policy, you must make certain disclosures to your users in the European Economic Area (EEA) and the UK and obtain their consent for the use of cookies or other local storage where legally required, and for the collection, sharing, and use of personal data for ads personalization. This policy reflects the requirements of the EU ePrivacy Directive and the General Data Protection Regulation (GDPR).