General Data Protection Regulation (GDPR) FAQs
Knorex is committed to privacy and data protection and have put in place various processes and procedures that are aligned with GDPR core principles and compliance obligations.
What is the GDPR?
The EU General Data Protection Regulation (GDPR) is a European privacy law that became enforceable on May 25, 2018. Any organization, regardless of its location inside or outside of EU, that wishes to reach EU users and to collect personal data from EU residents must comply with the GDPR.
What role does Knorex play?
Under the GDPR, a “Data Controller” is defined as a natural person or legal entity that, alone or jointly with others, determines the purposes and means in which personal data is being processed. A “Data Processor” is a natural person or legal entity that processes personal data on behalf of the Data Controller.
Knorex considers its advertising customers and partners as Data Controllers with respect to the data collected from their respective websites and mobile apps. Knorex acts as a Data Processor when providing advertising services to them in accordance with their instructions.
What has Knorex done to comply with the GDPR?
Within Knorex, we have reviewed and made appropriate changes and improvements to our business processes, IT systems, and information security policy. Externally, we work closely with our partners and customers to comply with GDPR obligations.
Some of our key initiatives include the following:
- We have been approved as a vendor on the Global Vendor List (GVL) under the IAB Europe Transparency & Consent Framework (TCF) v2.0. This requires us to adhere to the TCF Policy and Terms & Conditions, to provide transparency on how we comply with GDPR requirements, and to work closely with publishers under GDPR rules.
- We have been part of the AdChoices program for a few years, providing consumers with the option to opt-out easily from ad tracking and targeting. Whenever an ad using Knorex platform is shown to a consumer, the consumer can easily discover that Knorex is responsible for displaying that ad and begin to find out how we are using the data and protecting their privacy. The consumer also has the option to opt out from further targeting or tracking via the linked webpage from the ad.
- We have established our Privacy & Data Protection team and appointed a Data Protection Officer to educate, inform, and advise our organization on privacy compliance matters, including technical and organisational measures to protect personal data from unlawful processing, unauthorised access or accidental loss/destruction.
- We have set up a dedicated user support team to address any queries and requests relating to personal data and privacy protection.
- We have made technical changes to our platform, products and related services, and infrastructure, to ensure compliance and, more importantly, to give our customers and users more control over their data.
- We have prepared relevant documents and information as guidance to our vendors and customers.
- We have applied data hashing techniques to pseudonymize data to reduce privacy risks to individuals. Additionally, we also use our in-house contextual targeting technology that does not rely on sensitive personal data to advertise to audience segments.
- We have collected and processed pseudonymous data with just enough detail to help our customers target their intended audience. Our technology helps customers make more relevant, personalized product recommendations, and promote those items most likely to interest and engage consumers.
- We have provided tools for individuals to easily opt out from ad tracking and to allow them to exercise their rights and choices regarding the processing of their personal data.
How can EU individuals exercise their rights to the processing of personal data under the GDPR?
We have worked with many independent third parties and our internal teams to provide various opt-out tools and mechanisms for individuals to exercise their rights under the GDPR (e.g. right to access, rectification and erasure.) User requests can be submitted to us via a web form or via email to us: firstname.lastname@example.org. Upon receipt of a valid request, we will respond promptly and within the required timeframe.