Privacy Compliance: General Data Protection Regulation (GDPR) & ePrivacy Directive

 Legal Disclaimer

The NextRoll tool gathers consent for RollWorks' cookie, our exchange partners through which we display your ads, and measurement and fraud tools such as Pixalate. If you have other tracking tools on your site, especially those which use cookies, you may need to find alternative tools that can cover consent for those tools. We do not make any representations or warranties that our tool guarantees compliance or works with all websites at all times. Please seek legal advice from your own attorney for your company’s unique circumstances and compliance requirements.

The GDPR establishes new requirements for companies that collect, use, and share data from European Union (EU) citizens. Online activities using cookies, such as marketing and advertising, are also subject to the existing ePrivacy Directive (Cookie Directive). Under these regulations, websites must gather more robust consent before placing cookies on users in the EU.

We offer you different choices to collect cookie consent from EU residents for NextRoll’s services without disrupting your other site visitors. You can either activate our NextRoll Cookie Consent Banner or use a Custom Cookie Consent Banner. NextRoll has joined industry leaders partnering with the IAB EU in an effort to create an industry-wide solution for GDPR compliance.


How GDPR impacts your site traffic

Where is your company located? Impact on your website traffic
Your company is located outside of the EU, UK, and BR.

Your EU traffic (individuals in the EU who visit your page, as well as ads being served to individuals in the EU) needs to comply with GDPR and the ePrivacy Directive. 

Your company is located in the EU, UK, or BR. All of your traffic, EU and non-EU, needs to comply with GDPR and the ePrivacy Directive.


Your GDPR customer requests

If you have customers who want to see data such as their statistics and personal information, or customers who want to exercise their right to be forgotten or other rights offered to EU citizens under GDPR, reach out to our customer support team. Note that you’re collecting your own data regarding the data subject, and RollWorks is collecting additional data for our own purposes (subject to our legal agreements).

In addition, you can ask us to collect data that we use solely at your direction, including your customer email addresses, should you decide to provide this data to us for marketing purposes. In general, you’re the controller of data that you collect for your own purposes, and will need to address this data with the data subject directly.

For data that we collect for our own ad-targeting purposes

For data that we collect for our own ad targeting purposes, we are the controller of this data, and you can direct the data subject to us.

The process is as follows:

  • Submit your request to NextRoll.
  • NextRoll will reply with an affidavit for the data subject to complete.
  • The data subject will complete and submit the affidavit and any supporting material.
  • NextRoll will respond to the data subject directly.
For data that you provide

For data you provide, such as email addresses for limited marketing activities on your behalf, you are the controller, and you can direct us to take action with respect to this data on behalf of the data subject.

The process is as follows:

For your customers who want to see their data, available data will depend on how the customer was tracked.

  • If your customer was tracked through a cookie by visiting one of our partners or another NextRoll client, we need the customer to provide their NextRoll cookie ID to remove any associated data or to provide raw data.
  • If your customer was tracked via email address from your CRM list or our RollWorks Email product, as the controller of your customers’ email data, you will need to direct us to process any access or right to be forgotten (or any other subject access related) request. We will need the email in question to process these requests. If we get requests directly from a customer related to an email related to a CRM campaign, we’ll direct the customer back to you as the controller to log the request. In the normal course, we respond with confirmation of any steps taken or information requested, and you include this information in any communication with the data subject, combining information from across your other data processors.


Retargeting under GDPR

NextRoll can still do cookie-based targeting and retargeting under GDPR, but in some instances, we need more robust consent prior to placing a cookie. We’ll do this through a cookie consent tool.

Our GDPR solutions are aimed at helping you to comply with the GDPR and the related ePrivacy Directive for your NextRoll activities while maintaining your overall ad performance.

For more information, check out our NextRoll GDPR web page.


Was this article helpful?
0 out of 0 found this helpful

Articles in this section

Chat with an agent
Mon - Fri 10am - 6pm EST
Send a support email
Mon - Fri 10am - 6pm EST