BidSwitch and GDPR

Following General Data Protection Regulation (GDPR) definitions, BidSwitch is always considered to be a data processor as it does not provide any services to end users/data subjects or work with them directly. Also BidSwitch does not gather or manage GDPR consent and relies on Suppliers to obtain and document user consent for its stated purposes and to include BidSwitch as a declared data processor.

  • Suppliers (or their Consent Management Provider) being the ones who gather user consent should include it in Bid Requests sent to BidSwitch using the user consent string.

  • BidSwitch passes this information to Buyers in its protocol using the regs.ext.gdpr and user.ext.consent fields. BidSwitch supports both consent string formats, v1.1 and v2.0.

  • Buyers must respond appropriately if user consent has not been given. If you do not have consent, you cannot use personal data and may not have the right to use cookies. Each party is responsible for determining what that means for their business. If user consent explicitly states that it is not given, then do not respond with an ad which utilises user information, and neither access nor store information on the user’s device e.g. cookies, IFA, fingerprints. For more information see the following links:

For user syncing, BidSwitch supports the gdpr, gdpr_pd, and gdpr_consent macros in the sync URL, see the Supplier Initiated User Sync or Buyer Initiated User Matching for details.

Transparency & Consent Framework 2.0

The Transparency & Consent Framework (TCF) has two versions, v1.1 which operated from May 2018 to April 2020 and v2.0 which began being the accepted method of complying with the GDPR from April 2020 onwards. You can read more about the changeover period on the IAB’s Dates You Need To Know For The TCF V2.0 Switchover article.

Use the following information to update your integration with BidSwitch to use TCF 2.0.

  • You need to adopt the TCF 2.0 consent string when sending or receiving bid requests. As BidSwitch supports both versions, Suppliers you can begin sending this to us without notifying us. Buyers can expect to get version 2.0 of the string when their Suppliers start to send it to BidSwitch. You can read more about the changes to the information encoded within the consent string here: Transparency and Consent String with Global Vendor & CMP List Formats

  • You need to be registered with the IAB and listed in the Global Vendors List v2 so that any user consent granted to you and the purposes for which it has been granted can be validated.

  • For user syncing:

    • You need to support the new gdpr_pd macro and support v2.0 of the consent string

    • You need to update your user syncing URL which BidSwitch uses to sync cookies with you to include your Global Vendors List ID as part of the consent macro

# v1.1 syncing macros
//your.sync.url?bidswitch_ssp_id=${SSP}&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}

# v2.0 syncing macros. 128 is BidSwitch's GVL ID. You will need to use yours
//your.sync.url?bidswitch_ssp_id=${SSP}&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT_128}&gdpr_pd=${GDPR_PD}

BidSwitch TCF 2.0 Position

BidSwitch uses the following TCF 2.0 framework components to comply with the GDPR. The information given below can be verified within BidSwitch’s node in the IAB’s Global Vendors List v2 (GVL). The BidSwitch Vendor ID is 128, and the BidSwitch’s TCF 2.0 Global Vendors List Entry section is a copy of this entry.

Purposes

For all of the purposes which the framework covers, BidSwitch uses user consent as the sole legal basis for processing their data.

  • Purpose 1 - Store and/or access information on a device

  • Purpose 2 - Select basic ads

  • Purpose 3 - Create a personalised ads profile

  • Purpose 4 - Select personalised ads

  • Purpose 5 - Create a personalised content profile

  • Purpose 6 - Select personalised content

  • Purpose 7 - Measure ad performance

  • Purpose 8 - Measure content performance

  • Purpose 9 - Apply market research to generate audience insights

  • Purpose 10 - Develop and improve products

Special Purposes

BidSwitch does not process user data for either of the TCF 2.0 special purposes.

  • Special Purpose 1 - Ensure security, prevent fraud, and debug

  • Special Purpose 2 - Technically deliver ads or content

Features

BidSwitch uses user consent as the sole legal basis for processing user data for Feature 1 and 3.

  • Feature 1 - Match and combine offline data sources

  • Feature 2 - Link different devices

  • Feature 3 - Receive and use automatically-sent device characteristics for identification

Special Features

BidSwitch uses user consent as the sole legal basis for processing user data for Special Feature 1.

  • Special Feature 1 - Use precise geolocation data

  • Special Feature 2 - Actively scan device characteristics for identification

BidSwitch’s TCF 2.0 Global Vendors List Entry
{
    "128": {
        "id": 128,
        "name": "BIDSWITCH GmbH",
        "purposes": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10],
        "legIntPurposes": [],
        "flexiblePurposes": [],
        "specialPurposes": [],
        "features": [1, 3],
        "specialFeatures": [1],
        "policyUrl": "http://www.bidswitch.com/privacy-policy/",
    }
}