{"_id":"5b07415b2583550003b42413","project":"5429beef1163360800ed31fa","version":{"_id":"5429beef1163360800ed31fd","__v":22,"project":"5429beef1163360800ed31fa","createdAt":"2014-09-29T20:19:59.904Z","releaseDate":"2014-09-29T20:19:59.904Z","categories":["5429beef1163360800ed31fe","55e74e1f5d36b32b002563fa","55e7500a73169617001f2e86","55e76b8196131b2f00bf4b72","55e89569cdbb8a350096df9c","55f8935eb089b71700a8364e","55f8a67d3bb4bb0d0022d093","55f9dbefc7ef770d00d9bf6d","5601c21a22ecf60d002b27b3","5601c21ff12aee0d001bb06e","5601c2256c7b610d00280db5","5601c22c22ecf60d002b27b4","5603738d0c78b00d0039af47","5626f70bfcbbc621004ebf52","566f7a1ae144ab0d00e9732f","566f85ca7820960d00c3b93d","56708ce43a32d20d00c45cbf","56708d436995210d003aad8e","5736471abe10a9200030732c","57a82c7aff9bd30e00a6f1c1","591b8500e3992319007190f4","5a3718305c66a60012d960ba"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"category":{"_id":"57a82c7aff9bd30e00a6f1c1","project":"5429beef1163360800ed31fa","version":"5429beef1163360800ed31fd","__v":0,"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2016-08-08T06:53:46.702Z","from_sync":false,"order":10,"slug":"client-support","title":"Client Support"},"user":"5625457f23053b2300f596c9","githubsync":"","__v":0,"parentDoc":null,"updates":[],"next":{"pages":[],"description":""},"createdAt":"2018-05-24T22:48:59.470Z","link_external":false,"link_url":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":2,"body":"Polymorph Inc. is fully committed to be GDPR compliant. As a part of it, we've taken multiple measures,\n\n1. We've updated our privacy policy to reflect our new terms - https://getpolymorph.com/privacy-policy/. We require our customers to display the link to our privacy policy in your current privacy policy to be fully transparent with your users.\n\n2. Polymorph Labs Inc. acts as a \"Data Processor\" as per EU distinction. We work on your behalf to process users' personal data. Please refer to DPA agreed between both parties (customer and Polymorph Inc.) for detailed terms.\n\n3. To ensure GDPR compliance we've put multiple technical mechanisms in place to allow you to communicate opt-out or opt-in status of a user to Polymorph,\n\n**For S2S Integrations**\n\nWe will continue to rely on a valid UUID parameter (a unique identifier for the user. Alternatively passed as 'IDFA' or 'GAID') passed in the ad request. In case the user has opted out we expect the value of '00000000-0000-0000-0000-000000000000' to indicate that user has opted-out and do not wish to be tracked going forward. When the user has been indicated as opted-out we will not store any unique identifier or IP address for that user. We will also NOT pass that information to any of the demand partners. \n\nFor Web: Refer to uuid parameter specified in this document - https://dev.getpolymorph.com/docs/ads-api-web\n\nFor Mobile Apps: Refer to uuid parameter specified in this document https://dev.getpolymorph.com/docs/ads-api-native-apps for details.\n\n**For RenderJS V2 Integration**\n\nWe by default opt-out user if they are from GDPR compliance countries so their cookie will be overridden by 00000000-0000-0000-0000-000000000000 and we won't store their IP address either. IP address will be used only to convert to its corresponding Geo-location information and will be discarded subsequently. For cookie syncing with other DSPs same will happen. \n\nIf you want to override this default behavior in cases where you do have valid Opt-in from the user in EU, \n\na. Pass a valid UUID value. When a value is explicitly mentioned it will be treated as an opted-in user,\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"adsnativetag.defineAdUnit({\\n\\tuuid: 'A_VALID_UUID_VALUE'\\n});\",\n      \"language\": \"javascript\"\n    }\n  ]\n}\n[/block]\nb. Alternatively, you can pass a simple flag if you don't wish to assign your own UUID,\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"adsnativetag.updateConfig({\\n    isGDPROptedIn: true //default is false\\n});\",\n      \"language\": \"javascript\"\n    }\n  ]\n}\n[/block]\nFor non-EU countries, our default workflow will continue as is, i.e. we will continue to cookie the user and by default, their UUID will be recorded and passed to other demand partners as well. If you want to indicate the user has opted in, please specify UUID as follows,\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"adsnativetag.defineAdUnit({\\n\\tuuid: '00000000-0000-0000-0000-000000000000'\\n});\",\n      \"language\": \"javascript\"\n    }\n  ]\n}\n[/block]\n4. To exercise the right of Data Portability, Right to Correct and Data Erasure, please contact contact:::at:::getpolymorph.com and allow up to 60 days for us to process the request. We will follow up with detailed instructions on the information we will need to exercise such users' rights.","excerpt":"","slug":"gdpr-compliance","type":"basic","title":"GDPR Compliance"}
Polymorph Inc. is fully committed to be GDPR compliant. As a part of it, we've taken multiple measures, 1. We've updated our privacy policy to reflect our new terms - https://getpolymorph.com/privacy-policy/. We require our customers to display the link to our privacy policy in your current privacy policy to be fully transparent with your users. 2. Polymorph Labs Inc. acts as a "Data Processor" as per EU distinction. We work on your behalf to process users' personal data. Please refer to DPA agreed between both parties (customer and Polymorph Inc.) for detailed terms. 3. To ensure GDPR compliance we've put multiple technical mechanisms in place to allow you to communicate opt-out or opt-in status of a user to Polymorph, **For S2S Integrations** We will continue to rely on a valid UUID parameter (a unique identifier for the user. Alternatively passed as 'IDFA' or 'GAID') passed in the ad request. In case the user has opted out we expect the value of '00000000-0000-0000-0000-000000000000' to indicate that user has opted-out and do not wish to be tracked going forward. When the user has been indicated as opted-out we will not store any unique identifier or IP address for that user. We will also NOT pass that information to any of the demand partners. For Web: Refer to uuid parameter specified in this document - https://dev.getpolymorph.com/docs/ads-api-web For Mobile Apps: Refer to uuid parameter specified in this document https://dev.getpolymorph.com/docs/ads-api-native-apps for details. **For RenderJS V2 Integration** We by default opt-out user if they are from GDPR compliance countries so their cookie will be overridden by 00000000-0000-0000-0000-000000000000 and we won't store their IP address either. IP address will be used only to convert to its corresponding Geo-location information and will be discarded subsequently. For cookie syncing with other DSPs same will happen. If you want to override this default behavior in cases where you do have valid Opt-in from the user in EU, a. Pass a valid UUID value. When a value is explicitly mentioned it will be treated as an opted-in user, [block:code] { "codes": [ { "code": "adsnativetag.defineAdUnit({\n\tuuid: 'A_VALID_UUID_VALUE'\n});", "language": "javascript" } ] } [/block] b. Alternatively, you can pass a simple flag if you don't wish to assign your own UUID, [block:code] { "codes": [ { "code": "adsnativetag.updateConfig({\n isGDPROptedIn: true //default is false\n});", "language": "javascript" } ] } [/block] For non-EU countries, our default workflow will continue as is, i.e. we will continue to cookie the user and by default, their UUID will be recorded and passed to other demand partners as well. If you want to indicate the user has opted in, please specify UUID as follows, [block:code] { "codes": [ { "code": "adsnativetag.defineAdUnit({\n\tuuid: '00000000-0000-0000-0000-000000000000'\n});", "language": "javascript" } ] } [/block] 4. To exercise the right of Data Portability, Right to Correct and Data Erasure, please contact contact@getpolymorph.com and allow up to 60 days for us to process the request. We will follow up with detailed instructions on the information we will need to exercise such users' rights.