Please note: Information contained herein is designed only as hints and reflect our interpretation of the law again. AdSpirit can not provide legal advice. Consult an attorney in any case!
Applies DSGVO for me?
Probably yes. The DSGVO applies to all companies in the European Economic Area (EEA), such as Germany, Austria, Italy, France, etc. AND the DSGVO applies the data of persons from the EEA come into contact with Personal for all companies.
Do I need to change my privacy policy? (Do I need a privacy policy?)
Basically a privacy policy for each website is recommended. it is important when data is transmitted to third parties - that is always the case when you have included the code from another company on your web page (in this case about codes of Google Analytics, AdSense, Facebook or other social icons and, of course, the codes of AdSpirit). Unless you deliver to third-party websites with Advertising should also indicate your publisher accordingly that these also include a privacy policy (see below: What needs into my privacy policy?)
What needs into my privacy policy?
For this, there is the Internet a variety of templates to which you can refer. You should also explicitly mention that you code by third parties (see above, eg Google, AdSpirit, Facebook, etc.) use that these third parties will possibly use cookies and how this should be prevented. You should also refer to the privacy policies of third parties. In the case of AdSpirit please refer to www.adspirit.de . You should also refer to the cookie Warnings and opt-out of your ad server. The URL is on your ad server under http://[Ihre-AdServer-Domain]/privacy.php .
Do I have to sign contracts?
In the case of AdSpirit you have already completed a contract with us. This should refer to our terms and conditions, which in turn contain an order data processing contract. This means that between you and governed us all contractual things.
Additionally, you should, if you deliver advertising on third-party websites or have housed as an advertiser a tracking or retargeting pixels on another web page, for example, include these also order data processing contracts.
How do I set up my AdServer correctly?
AdSpirit provides you with various options under Settings > (Global Settings) > Privacy to operate your ad server in compliance with DSGVO.
You should also talk to your advertisers and find out whether they are going to ask for the user's consent themselves or expect you to provide consent or pre-filter traffic. (see also the section "How do I give consent to my advertisers?")
How do I obtain the consent of my visitors?
Consent should usually be obtained through a CMP (Consent Management Provider) (for more on CMPs, see the section "What is a CMP?"). For more information see here.
How does the approval from the CMP get into my AdServer?
See the help section on approval.
What happens with the advertisement if the visitor does not agree? Is there a default solution?
AdSpirit delivers advertising to visitors even if they do not agree (or even reject it). In this case certain functions cannot be used, depending on the settings (see here). In general, it is advisable to create a default campaign that has no restrictions (no targeting, capping, volume limits, etc.) and is switched to low priority in order to absorb the traffic that was not taken up by the other campaigns.
Wie werden Views/Klicks/Actions gezählt wenn der Besucher nicht zustimmt?
Views, clicks etc. are still counted as before. There are restrictions in the case of other reports.
Wie gebe ich die Zustimmung an meine Advertiser weiter?
If an advertiser requires the consent of the user, you should give him the Consent string via placeholder %gdpr% (Replaced with 0/1 for DSGVO affiliation of the user) and %gdpr_consent% (Replaced by the Consent string) in the code and/or as a precaution set a DSGVO-targeting to play the campaign(s) of the advertiser only if consent is given.
In the case of OpenRTB, AdSpirit will automatically transmit the DSGVO information, if available, with the bid request.
If I have changed my data protection settings in the AdServer and cookies are only set after approval - do I also prevent advertisers from setting cookies if no approval is given?
No. The setting relates solely to AdSpirit and the cookies that AdSpirit sets. To ensure that an advertiser also does not set any cookies or unintentionally process data, he must be informed of this (see section "How do I pass on my consent to my advertisers?").
I assume "legitimate interest" for setting cookies - what do I have to consider?
AdSpirit no longer supports "legitimate interest" as a basis for cookies.
What exactly happens in case of rejection?
If there is no IAB TCF v2 signal or the signal means "rejection", the AdServer will react as follows:
- No cookies are set
- Certain functions are deactivated (see list here). Campaigns that use these functions are excluded from the delivery.
- No personal data will be processed.
- No information on the user's terminal device is accessed or processed.
- No user profiles are created.
- Only campaigns that do not use functions based on user data (e.g. geo-targeting, frequency capping etc. see list) can be delivered.
How can a visitor exercise his right of objection?
If a visitor has agreed and now wishes to exercise the right of objection, the visitor can call up the CMP again and change his or her settings there. AdSpirit asks the CMP for approval for each individual banner display. If the approval has changed, AdSpirit will implement the above-mentioned points from this point on.