Clickio is committed to full compliance with GDPR. We have spent months working with legal counsel and demand partners to fully understand implications for us and our publishers.

We introduced updated Terms and Conditions for Publishers (effective from May 25) and will publish an updated Privacy Policy that covers all data subjects in the coming days.

On this page, we tried to answer the most common questions related to Clickio's GDPR compliance. If your question is not answered, please send it to gdpr@clickio.com, or contact your account manager.
Is Clickio a controller or a processor?
GDPR introduces the distinction between "Controllers" and "Processors". A controller determines the purposes and means of processing personal data. A processor is responsible for processing personal data on behalf of a controller. GDPR places specific legal obligations on processors. For example, processors are required to maintain records of personal data and processing activities, and they have legal liability it they are responsible for a data breach (see ICO GDPR guide).

Clickio acts as a processor for our publishers. We undertake to process the personal data from the publisher's website only on behalf of the publisher and only in accordance with the instructions of the publisher. This means serving advertising impressions using advertising exchanges and vendors explicitly approved by the Publisher.
Do publishers need to collect consent on behalf of Clickio?
Because Clickio acts as a Processor for publishers, they do not need to collect additional consent on Clickio's behalf. Consent granted to the publisher covers Clickio's activity as a processor.

However, publishers need to collect consent on behalf of Google Ad Exchange and other advertising vendors that are authorized to buy or measure ad impressions on publishers' websites. Many of these vendors act as Controllers. Clickio provides the full list of such vendors.
Does Clickio set cookies on website visitors' browsers?
Clickio's code actively manages which demand sources get access to each impression. In many cases, we need to keep the same set of demand sources for the whole duration of a user's session. Such "session-level A/B testing" is an important way to determine how different demand sets and ad layouts affect metrics such as session depth and session length. To be able to test on session-level, we set a cookie with a session id and the id of the chosen setup in the user's browser. This short-term cookie expires after about 15 minutes of the end of the session. No information associated with such individual cookies is stored.
Does Clickio algorithms use personal data to optimise advertising?
Clickio does not target EEA users based on any personal information. We do not store session IDs, IP addresses or precise location data. All the optimisation in EEA is based on broad-segment data.
Does Clickio store personal data of website users?
Clickio codes automatically send certain user information to our servers, This information includes the IP address and browser details. However, we do not store personal information for any purpose.
From which locations does Clickio serve codes to EEA-based website visitors?
We only use servers located in the EU to serve advertising codes to website users from EEA.
Does Clickio codes support HTTPs?
Of course, all Clickio codes fully support HTTPs connections.
Why is Clickio not present in the list of ad technology providers published by Google?
Google published a list of ad technology providers that are serving and measuring ad impressions bought through Google Ad Exchange and other Google products. This is the list of "demand-side" technology providers, which act on behalf of advertisers. The list provides publishers with information that is needed for consent disclosures in accordance with the Google's EU user consent policy.

In contrast, Clickio is a "sell-side" provider and acts on behalf of publishers. Clickio does not buy impressions on the Ad Exchange. As a Google's Channel Partner, we facilitate publishers' access to the exchange using our own Google Ad Exchange account.
What is Clickio's GDPR roadmap?
  • Update our Privacy Policy by May 25, 2018, consolidating all information related to all data subjects in one document. [DONE]
  • Provide publishers with the full list of buy-side vendors by May 17, 2018. [DONE]
  • Release Clickio Consent Tool to all publishers by May 17, 2018. [DONE]
  • Register as a Consent Management Platform in IAB Framework by May 25, 2018. [DONE]
  • Make Clickio Consent Tool compatible with IAB Framework by May 25, 2018. [DONE]