Privacy Compliance: General Data Protection Regulation (GDPR) and ePrivacy Directive

The GDPR establishes new requirements for companies that collect, use, and share data from European Union (EU) citizens. Online activities using cookies, such as marketing and advertising, are also subject to the existing ePrivacy Directive (Cookie Directive). Under these regulations, websites must now gather more robust consent before placing cookies on users in the EU.

We built a tool that collects cookie consent from EU residents for NextRoll’s services without disrupting your other site visitors. You can either activate our tool or use a solution of your own. NextRoll has joined industry leaders partnering with the IAB EU in an effort to create an industry-wide solution for GDPR compliance.

How this affects your site traffic

  • If your company is based in the European Union: All of your traffic, EU and non-EU, needs to comply with GDPR and the ePrivacy Directive.
  • If your company is based outside of the European Union: Your EU traffic (individuals in the EU who visit your page, as well as ads being served to individuals in the EU) needs to comply with GDPR and the ePrivacy Directive. 

Your GDPR customer requests

If you have customers who want to see data such as their statistics and personal information, or customers who want to exercise their right be forgotten or other rights offered to EU citizens under GDPR, reach out to our Customer Support team. Note that you’re collecting your own data regarding the data subject, and AdRoll is collecting additional data for our own purposes (subject to our legal agreements).

In addition, you can ask us to collect data that we use solely at your direction, including your customer email addresses, should you decide to provide this data to us for marketing purposes. In general, you’re the controller of data that you collect for your own purposes, and will need to address this data with the data subject directly.

For data that we collect for our own ad targeting purposes, we are the controller of this data, and you can direct the data subject to us.

The process is as follows:

  1. Submit your request to NextRoll.
  2. NextRoll will reply with an affidavit for the data subject to complete.
  3. The data subject will complete and submit the affidavit and any supporting material.
  4. NextRoll will respond to the data subject directly.

For data you provide (such as email addresses) for limited marketing activities on your behalf, you are the controller, and you can direct us to take action with respect to this data on behalf of the data subject.

The process is as follows:

For your customers who want to see their data, available data will depend on how the customer was tracked.

  • If your customer was tracked through a cookie by visiting one of our partners or another NextRoll client, we need the customer to provide their NextRoll cookie ID to remove any associated data or to provide raw data.
  • If your customer was tracked via email address from your CRM list or our AdRoll Email product, as the controller of your customers’ email data, you will need to direct us to process any access or right to be forgotten (or any other subject access related) request.. We will need the email in question to process these requests. If we get requests directly from a customer related to an email related to a CRM campaign, we’ll direct the customer back to you as the controller to log the request. In the normal course, we respond with confirmation of any steps taken or information requested, and you include this information in any communication with the data subject, combining information from across your other data processors.

Remarketing with the GDPR

NextRoll can still do cookie-based targeting and remarketing under the GDPR, but in some instances we need more robust consent prior to placing a cookie. We’ll do this through a cookie consent tool.

Our GDPR solutions are aimed at helping you to comply with the GDPR and the related ePrivacy Directive for your NextRoll activities while maintaining your overall ad performance.

For more information, check out our NextRoll GDPR web page.

Note: The NextRoll tool gathers consent for AdRoll’s cookie, our exchange partners through which we display your ads, and measurement and fraud tools such as Pixalate. If you have other tracking tools on your site, especially those which use cookies, you may need to find alternative tools that can cover consent for those tools. We do not make any representations or warranties that our tool guarantees compliance or works with all websites at all times. Please seek legal advice from your own attorney for your company’s unique circumstances and compliance requirements.

Was this article helpful?

We're sorry to hear that!

Please tell us why.