GDPR

How Emerse works with GDPR

Below, we explain what the new data protection law called GDPR means to you as a customer and how we, as a supplier in today’s complex online eco-system for online marketing, satisfy the new regulations. In this article, we mean to help you understand how you are affected. We also explain how users of the Emerse smart-tag can customize their site and privacy policy accordingly.

If you are an individual

The text on this page is primarily for our clients. If you are an individual looking for information about our privacy policy, it can be found here: https://www.emerse.com/privacy-policy/

What is GDPR?

With the Internet, our way of communicating and how we perform our everyday tasks has changed drastically. We e-mail and we share documents. We shop online and often fill in our personal information without considering how the information might be used. This is why the EU has pushed through a new European data protection regulation called the GDPR, (General Data Protection Regulation). This comes into force in May 2018. This Regulation will affect the way companies collect, store and use personal data and is designed to give individuals better control over their personal data.

Why is personal data collected?

We and our customers are able to collect different types of digital information such as IP addresses and the websites people visit, etc. This is with the express purpose of providing customized and relevant communication – all intended to give visitors a better browsing experience. It means that we help filter out some of the irrelevant information from among the media noise.

Personal data that has been identified or encrypted, but can still be used to identify a person remains personal data and is covered by GDPR. However personal data that has been made anonymous in such a way that you can no longer link it to an individual is no longer counted as personal data.

What is retargeting?

Being served content you don’t want, is a poor online experience. But being offered content that fits you perfectly is of course more interesting. To give a few examples; if you have small children you would probably find it relevant to receive diaper ads, or if you recently bought a new car, to be served car insurance deals. This is remarketing, a marketing technique where you can show ads to people who have been on a particular website or used a certain mobile app. This technique usually increases brand awareness, generates conversions, and is cost-effective marketing served from those who already know that you exist and have shown an interest, evidenced by your prior activity.

Retargeting works like this; when a user visits your website, the person gets a cookie connected to their browser. In turn, your ad may appear on other sites that the same person browses. Emerse, with our internal systems, can run re-targeting on almost all ad-powered pages on the Internet. This not only includes ad services like Google AdWords, Facebook, and Instagram, but also other pages like Aftonbladet, Expressen, and others.

How Emerse works with industry colleagues on GDPR

Along with industry colleagues from other AdTech companies within Programmatic, both in Europe and globally, Emerse was one of the first companies to support IAB’s Transparency & Consent Framework. This is a framework that enables a legitimate and flexible way of collecting consumer consent for the delivery of relevant online content. The intention is to avoid several different interfaces and standards. IAB Europe (Interactive Advertising Bureau) is Europe’s leading online marketing organization and represents over 5 500 organizations. As a sign of our active support, you can find us at advertisingconsent.eu

Emerse holds a license from EDAA for use of the Online Behavioral Advertising (OBA) icon. This means that the company works to support the advertising ecosystem in accordance with current consumer-friendly display ad standards.

How you, as an Emerse customer, should update your site and policy

To begin with, it is important that your company gets independent legal advice about GDPR. It’s a complicated regulatory framework that affects large parts of any organization, not just its site or the advertising on that site. Our recommendations are general recommendations. Because every business is unique, individual requirements for GDPR may differ. This is why we advise clients to take their own legal advice. If you run your business in Sweden, you might also care to contact Datainspektionen, who are responsible for the roll-out of GDPR in Sweden. Their customer service and in-house lawyers can help with many issues.

If you use our smart-tag to build an audience for retargeting, you need to obtain approval on your website for this data storage. There are a few different ways to do this as described below. Please note that you do not have to use the Emerse plug-in to obtain consent, you are free to choose any other solution either.

If you wish to use our technical solution for GDPR customization, two tags will need to be installed. One to opt-in, shown regardless of where the user lands on your site, it creates a pop-up for approval. Also one in the form of a check box where the user can choose to opt-out.

This is how to do it:

1. Install our plug-in on your site

Our plug-in asks the visitor for permission to store personal data. The following two tags therefore replace our previous Smart-Tag. If you already have a tool that manages personal data, then the previous tags can be used instead. If you have an earlier tag from us, you may want to upload it in our tool to convert it to the new format for GDPR. Note that there are two tags that need to be entered.

The tool can be found at: https://tags.emerse.com/tools/gdpr-consent

Enter the following tag to load on all pages. It is recommended to insert it at the end of the page, but it will work no matter where it is inserted. This tag replaces the previous tag from us if it already exists.

<! – Emerse Consent Request Popup ->
<script type = “text / javascript”>

  var emerse = emerse || [];
emerse.push ([‘load’, ‘tag-id’]);
emerse.push ([‘policy url’, ‘https://example.com/privacy-policy’]);
emerse.push ([‘language’, ‘sv’]);

(function () {var e = document.createElement (‘script’);
e.type = ‘text / javascript’; e.async = true;
e.src = ‘//static.emerse.com/consent.js?c=’ + (new Date ()). getTime ();
var s = document.getElementsByTagName (‘script’) [0];
s.parentNode.insertBefore (e, s);
}) ();
</ Script>

Enter the following tag on the page for your privacy policy or equivalent. It loads a check box that allows the user to retrieve permission for data collection required under GDPR. Note that the checkbox must not be checked as default if the user has not given explicit approval.

<! – Emerse Consent Request Checkbox ->
<Label>
<input type = “checkbox” name = “emerse-consent” id = “emerse-consent-box”>
I would like to receive further offers and information through
digital advertising and consent to the collection of information
for that purpose.
</ Label>
<script type = “text / javascript” src = “// static.emerse.com/opt-out.js”> </ script>

Make sure to customize text, links, etc. in conjunction with the checkbox, so that it matches other material on the site.

Note that you must also update information in relation to other services and technologies you use on your site, examine how these store personal data and what you might need to do to be GDPR compliant with these services.

2. Request permission for storing personal data

GDPR requires asking web browsers for permission to store their personal data. This is best done by the user getting a popup displayed separately (similar to the pop-ups we’ve seen for a long time for cookies around the web). In this way the user is clearly informed that you store personal data and that a third party (Emerse) also does this.

It is important that the tags, “code snippets“, you use (on the site where personal data is stored. For example, Emerse Smart-tag) is not loaded and executed unless the user has clicked and approved the data storage. The scripts for these tags should then be placed within a “shell” so that they are only loaded after the user clicked OK. You should store the visitor’s decision in some way, for example through a cookie, so that you do not have to ask the user for permission each time they visit your site.

There are third party solutions on the market such as Google Tag Manager where you can enable a feature that asks the user for permission to store personal data. If you are using GTM, you can use this feature.

3. Inform visitors about what data is stored and how you use it

Somewhere in your company’s Privacy Policy or the online data policy on your site, an add-on is required where visitors can read about current retargeting and third party data collection for banner advertising. Here Emerse is listed together with other third parties, for example:

“In the context of retargeting and banner advertising, we use third party services that save cookies on our site. This is about the following providers:

  • Emerse Sverige AB, Lilla Fiskaregatan 1A, 222 22 Lund, Sweden: Emerse Privacy Policy
  • Company 2, Street Address, Postal Address, Country, Link To Their Privacy Policy
  • Company 3, Street Address, Postal Address, Country, Link To Their Privacy Policy
  • and so forth …. “

4. Inform visitors about how they can opt out (opt-out) data storage

Emerse smart-tag always stores data about web browsers anonymously, and can never be linked to a user’s name or address. There is also no way for us to link the anonymous data into a cookie for example, and link it to name later on.

Visitors can choose to withdraw their consent to data storage by simply unchecking the box that is embedded in our plugin. If you choose not to use this solution, we encourage you as a customer to make sure that your site is clear about where visitors can decline data storage and whom to contact if they have any questions in this matter.

For further information. Here are some useful pages on GDPR that we would particularly like to recommend:

https://gdpr.iab.com/

https://www.iabeurope.eu/category/policy/gdpr-implementation/

https://ec.europa.eu/info/law/law-topic/data-protection_en

http://advertisingconsent.eu/

https://iabtechlab.com/standards/gdpr-transparency-and-consent-framework/

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

You are also welcome to contact Robert Whelan, Data Protection Officer at Emerse, via mail robert.whelan@emerse.com or phone +46 46 3780106.

Back To Top