This information can not be considered as legal advice, where an attorney applies the law to your specific circumstances. We insist that you consult an attorney if you would like some advice on your interpretation of this information or its accuracy. You may not rely on this page as legal advice nor as a recommendation of any particular legal understanding.
Data processor vs data controller
For the purposes of the General Data Protection Regulation (GDPR), ADMAX acts as data processor of the personal data used.
Within the purposes defined by the data controller and with the consent of the user, ADMAX may pass personal data on to server to server advertising partners and buyers for the ad request to be processed and for their own needs. However these may also collect additional data and act as controllers and / or processors of that data.
Legal basis for processing personal data
The GDPR requires that processors have valid reasons and legitimate interests for processing personal information.
ADMAX relies on several legitimate interests to process personal data:
- security purposes
- detection and prevention of fraudulent trafic
- detection and prevention of invalid inventory
- optimization of the real-time sale of advertising inventory
- reporting and billing to our publishers
- within the purposes defined by the data controller and with the user consent, passing the data to advertising partners and buyers for the ad request processing and for their own needs
All the personal data we use is pseudonymized and we are undertaking all actions to further pseudonymize the data that we process.
We are working with all our partners and customers to implement a compliant and standardized Consent Management Framework.
Our solution is compatible with all CMP APIs chosen by publishers to pass along the user consent string to ourselves and our partners. We comply with IAB EU’s standard and with the OpenRTB method to pass consent to buyers and partners.
If need be, we also provide a CMP API for publishers to pass along consent to advertising partners.
Data transfer outside the EU
Personal data is processed and stored within the European Union, in Amazon and Google data centers in Dublin, Ireland. For GDPR purposes, AWS and GCP act as sub-processors of personal data we process.
No data is transfered or processed outside of the European Union by ADMAX.
Access and deletion of Personal Data
Security is at the core of ADMAX concerns which implements the appropriate technical and organizational measures to ensure the security and confidentiality of this data and to protect it from any access, modification, disclosure or deletion by unauthorized persons. Access to personal data is strictly restricted to certain employees of ADMAX specifically appointed for such purposes in connection with their duties, and to technical partners of ADMAX who contribute to the delivery of its services.