LumenAd serves the sole responsibility of staging, deploying, optimizing and reporting on conversion focused, cross- channel media campaigns. We have also audited the measures taken by all partners in our tech stack to ensure compliance, regardless of whether or not a data exchange occurs.
It is the responsibility of each brand/agency partner to ensure they comply with all applicable data privacy laws.
GDPR regulates the collection and usage of personal data. It gives users control over how their data is used by companies, if it’s collected in the first place, the right to be forgotten, and more. GET THE FULL STORY HERE.
Users have a right to know who is using their data. This means they need to have the ability to see everywhere their data is sent and to have the option to opt out by vendor.
Currently, two important compliance components are consent mechanisms and data portals. Both are needed for EU IP addresses.
Consent partners will help you establish your consent mechanism, often through a Consent Management Platform (CMP). If you need a consent partner, YOU CAN FIND A VERIFIED LIST HERE.
A separate, easily navigable data portal is what facilitates users’ access to and control of their data.
Every brand/agency partner should review the IAB TECHNICAL SPECS on consent and notice.
Data minimization is a key part of GDPR. It keeps data lean without holding onto bloated data sets that could be GDPR non-compliant. LumenAd regularly flushes all irrelevant data.
If you’re currently operating under “legitimate interest” as a legal basis for consent, outlined documentation is needed to justify that interest.
For advertisers who don’t have a consent mechanism in place, all LumenAd specific tags will be blocked from firing on users with EU specific IP addresses via a IP lookup implemented in GTM.
GDPR regulates the collection and usage of personal data. Personal data includes any information that can be used to identify an individual. Data factors include anything pertaining to a person’s physical, physiological, genetic, mental, economic, cultural, or social identity.
name, email address, location data,
IP address, cookie data, and much more
Under the GDPR, data subjects will have several rights that need to be accomodated. All brands need to ensure these rights can be exercised easily via a ‘My Data Management’ page or data portal on their website(s), which can then be easily linked to in all communications.
The right to access information about how personal data is used.
The right to access personal data held by any organization.
The right to have incorrect personal data deleted or corrected.
The right to have personal data rectified/erased.
(often referred to as the “Right to Be Forgotten”)
The right to restrict or object to automated processing of personal data.
The right to receive a copy of their personal data.
If at any time a data subject would like to access, correct or delete personal data, please follow these steps:
No part of this page constitutes official legal advice. Do not use this as an official guide for compliance.
All parties should seek independent legal advice in relation to GDPR compliance and all applicable data privacy laws.