GENERAL Data protection regulation (gDPR) FAQs
At Knorex, we are committed to yours and your customers’ data privacy and data protection. When it comes to complying with the European Union (EU) regulation on data protection called the General Data Protection Regulation (GDPR), we have compiled these frequently asked questions (FAQs) to help you understand about the measures that we have taken since its commencement to govern the privacy and data protection of EU consumers/residents.
On May 25, 2018, the EU began to enforce the GDPR across all European member states. Any organization, regardless of its location inside or outside of EU, that wishes to reach EU users and to collect personal data from EU residents must comply with GDPR.
What is personal data?
Under GDPR, personal data (GDPR Article 4(1)) can be broadly defined into two forms:
- Personally Identifiable Information (PII). PII is specific information that can be used to identify, locate or contact you. Such PII may include, but not limited to your name, company name, address, email address, phone, and other contact information. The amount and type of information that we gather may vary depending on the nature of your interaction with the Websites.
- Non-Personally Identifiable Information (NPII) or pseudonymous information. NPII is information other than PII, including aggregate information derived from PII, that may allow for singling out individual behaviours without directly identifying the individual e.g. device ID, online identifiers (e.g. cookie ID, mobile advertising ID, IP address) or any other technical identifiers. Such information also include what we record in our server logs typically made available by your web browser when you use or access the websites, for instance, browser type, date/time of visit, IP address, computer information, operating system, referrer addresses, and other generally-accepted log information.
Does Knorex collect and process personal data?
We collect and process pseudonymous personal data to enable us or our partners and customers to render our advertising services without directly identifying consumers.
We use web cookies and device IDs to collect intent data and browsing history. We also use non-cookie-based method based on our proprietary contextual engine to collect the interests and browsing behavior of user segments of interest. These data are collected from users in non-identifying and pseudonimized way.
As defined by GDPR, we do not collect sensitive data which is information that reveals the race or ethnic, religion or philosophical beliefs, sexual orientation, political affiliation, trade union membership, health/medical status or information, genetic/biometric data of the consumer/user.
What has Knorex done to comply with the GDPR?
We work closely with our partners and customers to fulfil our GDPR compliance obligations through these key initiatives:
- Registered as an approved vendor that is part of the Global Vendor List (GVL) under the iAB Europe Transparency & Consent Framework (TCF) where Knorex is required to adhere to TCF Policy and Terms & Condition to provide transparency on how we comply with GDPR requirements and enable us to work closely with publishers under GDPR rules.
- Enrolled into the AdChoices program for a while now to provide consumers to opt-out easily. Whenever an ad using Knorex platform is shown to a consumer, the consumer can easily recognize and click to see that Knorex is responsible for displaying the ad and see how we are using the data and protecting their privacy. The consumer is also provided the option to opt-out from further targeting or tracking via the linked webpage from the ad.
- Established our Privacy & Data Protection team and appointed our Data Protection Officer to educate, inform, advise on our organization, products and services and also to implement technical and organisational measures to protect personal data against unlawful processing, unauthorised access or accidental loss/destruction.
- Set up a dedicated user/customer support to address of any personal data queries and requests.
- Made technical changes to our platform and related services, business operation and our systems to comply with GDPR requirements.
- Knorex uses data hashing techniques to pseudonymize the data to meet data protection obligation as GDPR encourages such process to “reduce the risk to the data subjects” (See GDPR Recital (28)). Additionally, we also use our in-house contextual targeting product that do not rely on sensitive personal data to advertise to segments of audience.
- Knorex collects and processes pseudonymous data with enough details to help our customers target the intended audience. Our technology is based on making relevant, personalized product recommendations and promoting those items most likely to interest and engage a consumer.
- We also provide the facility for individuals to easily opt-out and enforce their rights to have their data erased and not to be tracked.
What role does Knorex play?
Under the GDPR, a Data Controller is defined as a person or legal entity that determines the purpose and way in which personal data is being processed. Separately, Data Processor processes personal data based on the instructions given by the Data Controller.
Knorex considers its advertising customers and partners as Data Controllers with respect to the data collected from their respective websites and mobile apps and Knorex acts as a Data Processor when providing advertising services to them in accordance to their instructions given to us.
How can an EU individual request "to be forgotten" or for their "right of access" or "to be erased"?
We have worked with numerous independent third parties and also internally, we have provided various tools and methods (http://knorex.com/privacy) for individual to carry out the opt-out easily.
As required by applicable law, including the U.S.-E.U. Privacy Shield Framework, upon request, we will provide you with information about whether we hold any of your personal information. You may request to access, update or delete any of your data by using the opt-out tools that we have provided or by emailing us at email@example.com. We will respond to these requests within a reasonable timeframe.