Triblio is committed to protecting the privacy of its customers and their users. In conjunction with European Union legislation of the General Data Protection Regulation (GDPR), we want to ensure our customers are confident Triblio is able to uphold those standards.
The GDPR applies to any organization who is marketing and/or tracking behaviors of those within the EU and EEA. If you are processing any personal data of Europeans, this legislation applies to you.
The two key elements to the GDPR is consent from the individual which expressly gives you permission to process their personal data and accountability to prove compliance.
GDPR and Display Ad Targeting
Triblio has developed an umbrella solution to handle GDPR compliance of ad buying across our inventory partners. We approach GDPR in the following manner:
- Triblio ingests the GDPR string and consent signal in the bid request from our inventory partners.
- If necessary consent is obtained in the bid request, we will collect personal data including but not limited to the user’s advertising identifier, and precise location. For users from EEA who have given explicit opt-in consent, Triblio is able to achieve expressive and accurate user targeting.
- Publishers are responsible for obtaining consent from their EEA (European Economic Area, which includes UK) users to share personal data with their technology partners.
Triblio as a Processor
What data does Triblio collect?
Where is collected data stored?
The United States
How is data transferred between the EU and the US?
Data is transferred securely on SSL connections between the EU and the US under the EU Privacy Shield.
Triblio is a member of the EU Privacy Shield
What data is collected from integrations with marketing automation and CRM integrations?
Data from CRM and marketing automation is stored in Triblio based on the configurations selected by the user. If those configurations are removed, the data is removed from Triblio.
How is the data secured by the processor?
All data in Triblio using industry standard encryption practices at the row and database level. Further details on how Triblio handles sensitive data is available in the SOC-II Audit Report.
How can an individual opt-out of Triblio tracking?
How long does Triblio hold client data for?
Triblio holds customer data for the term of the arrangement. Encrypted backups are subsequently held for a two week time period.
In the event of a terminated relationship, how can the data be retrieved?
In the event of termination, Triblio will delete all customer data. Upon written request made within thirty days of termination, Triblio will provide temporary access to the platform to retrieve Customer Data. After thirty days, Triblio will delete all Customer Data in its possession or control.
Who can access Triblio's data from the controller?
Users with accounts into the platform.
Who has access to clients data at Triblio?
Accessing customer data is not permitted under Triblio Employee policy. Access to customer data is only permitted when requested by the customer to resolve an issue.
What security certifications are in place?
Triblio performs an annual SOC-II Type 2 Audit.
Anonymizing IP Addresses
IP Addresses are listed as a type of Personal Data in the GDPR and ICO guidance. Triblio protects customers from utilizing IP addresses in targeting for advertising in Europe by removing the final digit from an address before utilizing it for targeting prospects or customers. Therefore no prospect or business in the EU/EEA is ever targeted by a single IP address, i.e. Personal Data.
If you have more detailed questions about GDPR regulations, please email them to email@example.com