BidSwitch and GDPR

Following General Data Protection Regulation (GDPR) definitions, BidSwitch is always considered to be a data processor as it does not provide any services to end users/data subjects or work with them directly. Also BidSwitch does not gather or manage GDPR consent and relies on Suppliers to obtain and document user consent for its stated purposes and to include BidSwitch as a declared data processor.

  • Suppliers (or their Consent Management Provider) being the ones who gather user consent should include it in Bid Requests sent to BidSwitch using the user consent string.

  • BidSwitch passes this information to Buyers in its protocol using the following fields

    • For protocol v5.3 regs.ext.gdpr and user.ext.consent.

    • For protocol v5.7 regs.gdpr and user.consent or regs.gpp.

    • BidSwitch also supports the TCF v2.x consent string format for the processing of its own consented to purposes.

  • Buyers must respond appropriately if user consent has not been given. If you do not have consent, you cannot use personal data and may not have the right to use cookies. Each party is responsible for determining what that means for their business. If user consent explicitly states that it is not given, then do not respond with an ad which utilises user information, and neither access nor store information on the user’s device e.g. cookies, IFA, fingerprints. For more information see the following links:

  • For user syncing, BidSwitch supports the gdpr, gdpr_pd, and gdpr_consent macros in the sync URL, see the Supplier Initiated User Sync or Buyer Initiated User Matching for details.

Transparency & Consent Framework 2.x

The Transparency & Consent Framework (TCF) has a number of current valid versions, TCF v2.0, v2.1, and v2.2, with v1.1 having been sunset on September 30, 2020. You can read more about that in this Dates You Need To Know For The TCF V2.0 Switchover article. Use the following information to update your integration with BidSwitch to use TCF 2.x.

  • You need to adopt the TCF 2.x consent string when sending or receiving bid requests. Buyers can expect to get version 2.x of the string when their Suppliers start to send it to BidSwitch. You can read more about the the information encoded within the consent string here: Transparency and Consent String with Global Vendor & CMP List Formats

  • You need to be registered with the IAB and listed in the Global Vendors List (GVL) so that any user consent granted to you and the purposes for which it has been granted can be validated. Currently two GVLs exist:

  • For user syncing:

    • You need to update the user syncing URL that BidSwitch uses to sync cookies with you to include your Global Vendors List ID as part of the consent macro

    • You need to support v2.x consent string

    • It is recommended to support the gdpr_pd macro

    • Or you need to support the new Global Privacy Platform (GPP) framework

# v2.x Original TCF syncing macros. 128 is BidSwitch's GVL ID. You will need to use yours
//your.sync.url?bidswitch_ssp_id=${SSP}&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_128}&gdpr_pd=${GDPR_PD}

# v2.x GPP syncing macros. 128 is BidSwitch's GVL ID. You will need to use yours
//your.sync.url?bidswitch_ssp_id=${SSP}&gpp=${GPP_STRING_128}&gpp_sid=${GPP_SID}

BidSwitch TCF 2.x Position

BidSwitch uses the following TCF 2.x framework components to comply with the GDPR. The information given below can be verified within BidSwitch’s node in the IAB’s Global Vendors List v2 (GVL). The BidSwitch Vendor ID is 128, and the BidSwitch’s TCF 3.0 Global Vendors List Entry section is a copy of this entry.

Purposes

For all of the purposes which the framework covers, BidSwitch uses user consent as the sole legal basis for processing their data.

  • Purpose 1 - Store and/or access information on a device

  • Purpose 2 - Select basic ads

  • Purpose 3 - Create a personalised ads profile

  • Purpose 4 - Select personalised ads

  • Purpose 5 - Create a personalised content profile

  • Purpose 6 - Select personalised content

  • Purpose 7 - Measure ad performance

  • Purpose 8 - Measure content performance

  • Purpose 9 - Apply market research to generate audience insights

  • Purpose 10 - Develop and improve products

Special Purposes

BidSwitch does not process user data for either of the TCF 2.0 special purposes.

  • Special Purpose 1 - Ensure security, prevent fraud, and debug

  • Special Purpose 2 - Technically deliver ads or content

Features

BidSwitch uses user consent as the sole legal basis for processing user data for Feature 1 and 3.

  • Feature 1 - Match and combine offline data sources

  • Feature 2 - Link different devices

  • Feature 3 - Receive and use automatically-sent device characteristics for identification

Special Features

BidSwitch uses user consent as the sole legal basis for processing user data for Special Feature 1.

  • Special Feature 1 - Use precise geolocation data

  • Special Feature 2 - Actively scan device characteristics for identification

BidSwitch’s TCF 3.0 Global Vendors List Entry
{
  "128":{
    "id":128,
    "name":"BIDSWITCH GmbH",
    "purposes":[
      1,
      2,
      9,
      10
    ],
    "legIntPurposes":[

    ],
    "flexiblePurposes":[

    ],
    "specialPurposes":[
      1
    ],
    "features":[
      1,
      3
    ],
    "specialFeatures":[
      1
    ],
    "cookieMaxAgeSeconds":31536000,
    "usesCookies":true,
    "cookieRefresh":true,
    "usesNonCookieAccess":true,
    "deviceStorageDisclosureUrl":"https://www.bidswitch.com/devicestorage.json",
    "dataRetention":{
      "stdRetention":365,
      "purposes":{

      },
      "specialPurposes":{

      }
    },
    "urls":[
      {
        "langId":"en",
        "privacy":"https://www.bidswitch.com/privacy-policy/"
      }
    ],
    "dataDeclaration":[
      1,
      2,
      3,
      4,
      5,
      6,
      8,
      9,
      11
    ]
  }
}