Adform DMP Data Privacy

  • Updated

Adform DMP Audience Policies

Adform Enterprise DMP clients and Data Providers have to comply with the Adform DMP Audience Policies. Please take the time to review the policies before you start using the Adform Data Management Platform.

Data Protection and Privacy Framework and Compliance

General Data Protection Regulation

What is GDPR?

The General Data Protection Regulation (GDPR) is the European data protection law that has been in force since May 25th, 2018. GDPR is aimed at strengthening and unifying the privacy protection of EU data subjects with a special focus on digital technologies, innovation, and globalization with an indirect effect on cross-border and international data transfers.

GDPR introduced several new data privacy rights for members of the European Union, including the Right to Access and the Right to be Forgotten. This means that any EU citizen whose personal data has been collected by your business can request to access or delete their data at any time. To comply with GDPR, the Adform supports data access and delete requests.

US State Privacy Laws

The following US states have enacted or enforced privacy laws, enabling the right for consumers to opt out of having personal data collected, processed or sold:

  • California (California Privacy Rights Act, effective from January 1, 2023)

  • Virginia (Virginia Consumer Data Protection Act, effective from January 1, 2023)

  • Colorado (Colorado Privacy Act, effective from July 1, 2023)

  • Connecticut (Connecticut Data Privacy Act, effective from July 1, 2023)

  • Utah (Utah Consumer Privacy Act, effective from December 31, 2023)

Adform has been consistent in its approach to data protection as part of its general product standards. This has been extended to reflect the requirements of privacy laws by US states as well as to improve existing standards.

Adform Privacy Center

In regards to data subject rights, the Privacy Center to be found on Adform’s webpage sets forth the Privacy Policies and procedures pertaining to the individual’s rights applicable regardless of origin:

How Adform Services and Products Comply with GDPR and US States Privacy Laws

Adform as a company is committed to achieving GDPR and US states privacy laws compliance. We are committed to developing and further improving our products to help our customers adhere to GDPR and US sates privacy laws requirements to the best of their ability. This is because Adform services and products are designed to ensure the consistency and accuracy of data across all our full-stack systems. Adform provides levels of assurance combined with appropriate technical and organizational measures – such as pseudonymization and encryption that support data minimization and help protect the rights of consumers as stated under the applicable law.

Privacy by Design

Adform’s data privacy strategy delivers a platform explicitly built to service the strict needs of the most privacy and security-conscious companies across the world’s most highly regulated industries. Privacy by design means:

  • Full avoidance of sensitive data and subjects (sexual preferences, health data, etc.).

  • Data is regularly scanned for directly identifiable personal data.

  • IP addresses are truncated.

  • We offer one-way / two-way encryption fully under client control while data remains available for reporting and exports.

Data Security

Adform preserve the confidentiality, integrity, security, and availability of information by applying a strict risk management process that includes solid IT systems, reliable Human Resources and secure processes and procedures. Adform has a Security Incident and Data Breach Management Policy in place.

Our Information Security Management System (ISMS) is certified to ISO/IEC 27001, data centers are certified with Security Operations Centers (SOCs), examined by external audits and independent security penetration tests. Adform is one of the few ISMS ISO/IEC 27001 certified integrated advertising platforms in the world.

Data centers serving EU customers are based in Europe. Collected data is physically stored on high-end servers operated by Adform in European Data Centers. All data centers and Adform platform are certified according to best practice standards like ISAE. Adform is ISO 27001 certified thus secure and able to handle personal data in accordance with regulations. Data processing agreements are already incorporated in client contracts.


Adform Cookie IDs are used to link each interaction to an individual device, Adform generates a unique Adform Cookie ID for every new device which interacts with any form of Adform tracking:

  • Adform Cookie ID, by default, expires 60 days after user's last interaction.

  • Adform Cookie ID is Adform data, i.e. Adform is the Controller of Adform Cookie ID. As a Controller of Adform Cookie ID Adform enforces the EU citizens' rights under GDPR.

  • For Adform to serve cookies lawfully, Adform clients and publishers shall implement appropriate notice and consent mechanisms upon its digital properties (websites).

  • Adform processes the personal data collected in the context of the placement of the Adform Cookie according to the legal basis it has established as appropriate.

  • The client has no access to Adform Cookie ID unless the client utilizes Adform Master Data Service (Adform service to export client's own transaction level data, including Adform Cookie ID as a part of Master Data) and signs Master Report Data Transfer Agreement with Adform.

  • Adform considers Adform Cookie ID to be pseudonymous personal data (under GDPR Article 4 paragraph 5) because Adform Cookie ID cannot be linked to a natural person by Adform without using the additional data that would pertain to that cookie. However, since Adform client may have some additional data enabling the client to link Adform Cookie ID to a natural person, Adform Cookie ID is not fully anonymized data.

We use the same Adform Cookie ID when delivering services to all Adform clients, however, data collected by Adform for each client is accessible only to the particular client. All client data is stored on Adform owned hardware and subject to the data security standards as described above. Each client's data is logically separated to ensure that each client can only access his data. Adform does not share clients' data between clients.

Where first-party IDs are shared by the Client, Adform acts within the boundaries as set forth in the data processing or privacy compliance agreement that has been agreed between Adform and Client.


To learn more about how Adform cookies are set, see Adform Cookies.

IP Addresses

IP addresses from which a device interacts with a client´s website or mobile application is also exposed to Adform's ad servers. IP addresses are anonymized (IPv4: replacing the last octet of an IPv4 address with a fixed string, IPv6: deleting the last 24 bit of the prefix; deleting the Interface Identifier) prior to saving them inside of our platform.

Controller, Joint Controller, or Processor?

The role of Adform in regards to processing of the personal data collected via its own cookie or received from its clients depends on various variables. Those variables pertain to the nature of the data that we process (third-party vs first-party), the particular services and features that a client chooses to purchase from Adform, the purposes, and processing activities that the client is exploring. The role of the parties is defined in the respective data processing or privacy framework agreement entered between the parties. Read more about instances, where Adform acts as a joint controller.

Opt-Out of Online Advertising

To Opt-Out from Adform targeted advertising and website tracking click here.

End users can opt out of global data collection by visiting the websites of our industry standards partners:

DMP clients can also remove users from all previously created audiences in three different ways:

When sending individual deletion requests, you can submit any previously onboarded user IDs, along with the deletion request.

Interactive Advertising Bureau (IAB) Transparency and Consent Framework

The IAB Transparency and Consent Framework (TCF) offers publishers and vendors standardized and unified means to reach transparency and compliance requirements towards users as required by current data protection and privacy regulations. Data Subjects need to consent to a significant part of the processing of their personal data. This involves cookies, mobile or first-party IDs.

Consequently, the ad tech industry (in the content of IAB) has developed an industry-supported TCF that provides a mechanism that enables first parties (digital media/publishers/brands) and third parties (vendors) to:

  • Obtain prior consent to store information on a user’s device or access already stored information in accordance with the ePrivacy Directive and GDPR requirements.

  • Offer data subjects more control over how vendors use the data collected about them and the specifics of their data for processing.

  • Establish a necessary legal basis for the processing.

  • Establish a standardized and simplified communication process for consent management platforms (“CMPs”) and how consent is handled between a publisher, its ad tech vendors, and advertisers in the programmatic advertising chain.

  • Display and ensure transparency of the downstream vendors.

The consent signals facilitated through the TCF and as such communicated to Adform allow Adform to process the user data in compliance with the applicable data privacy and protection regulations.


Adform is an approved IAB TCF Vendor registered with vendor ID 50.

Adform DMP evaluates the users’ choices stored in the IAB TC string for the following purposes, defined in the IAB Europe Transparency & Consent Framework Policies.

  • Purpose 1: Store and/or access information on a device (consent) 

  • Purpose 3: Create a personalized ads profile (consent) 

  • Purpose 4: Select personalized ads (consent) 

  • Purpose 2: Select basic ads (flexible) 

  • Purpose 7: Measure ad performance (flexible) 

  • Special Purpose 1: Ensure security, prevent fraud, and debug (LI) 

  • Special Purpose 2: Technically deliver ads or content (LI) 

  • Feature 1: Match and combine offline data sources (LI) 

  • Feature 2: Link different devices (LI) 

  • Feature 3: Receive and use automatically-sent device characteristics for identification (LI)

Read more about how to pass IAB consent signals to Adform.

Interactive Advertising Bureau (IAB) Multi State Privacy Agreement

Adform has been a signatory of IAB Multi State Privacy Agreement (MSPA), which is an industry contractual framework intended to aid advertisers, agencies, technology vendors and publishers for implementing US privacy laws.

Was this article helpful?

How we can make it better?

Thank you for your feedback!