Chartboost takes the privacy of our developers and their end-users seriously. We know that user data is important to our developers’ values and operations. That is why we are taking measures to support our partners’ compliance with EU data protection requirements, including those set forth in the General Data Protection Regulation (“GDPR”), effective May 25, 2018.
For more information, we encourage our customers to read through the resources provided below.
What is GDPR?
The General Data Protection Regulation (“GDPR”) is a new European privacy law that is set to replace the current EU Data Protection Directive (“Directive 95/46/EC”). The GDPR is intended to strengthen the security and protection of personal data in the EU.
To whom does the GDPR apply?
The GDPR applies to all organizations operating in the EU and processing “personal identifiable data” of EU residents. Personal data is any information relating to an identified or identifiable natural person.
Is Chartboost a controller or processor?
Chartboost is a “Controller” with regard to the personal data that we process of European data subjects. Chartboost relies on its publishers to have the appropriate legal grounds or consent for Chartboost to process such data.
We have a dedicated team working on GDPR compliance to implement appropriate measures by May 25th, 2018.
What data does Chartboost collect through its advertising service?
Chartboost collects data (including device ids and IP addresses) to optimize our in-app advertising network and to enhance performance and targeting. Also, Chartboost may collect post-install events associated to its customers’ users.
What are Chartboost’s data transfer practices for data transferred outside of the EU?
Chartboost is certified for the EU-US and Switzerland-US Privacy Shield Frameworks.
How does Chartboost plan to handle requests from EU users (data subjects) of partners under the GDPR?
Does Chartboost have a record of processing activities and is this record of processing activities regularly recorded and updated?
Yes. Chartboost maintains an internal record of processing activities that is updated regularly by a dedicated, cross-functional team.
What technical and organizational measures does Chartboost have in place to secure user data?
Chartboost has developed security measures and protocols. An overview of Chartboost’s security policies and measures may be obtained under a Non-Disclosure Agreement (“NDA”) in specific cases.
How can Chartboost publishers prepare for GDPR enforcement?
Chartboost encourages publishers to begin preparing for the GDPR by reviewing their privacy and data security processes and policies to ensure compliance by May 25, 2018.
How does the Chartboost SDK register user consent for the use of personal data?
Publishers should call the “setPIDataUseConsent” API from the Chartboost SDK and pass in the appropriate value for whether consent exists, does not exist, or is unknown. Publishers are required as part of Terms of Service to obtain the consent from their users before Chartboost will process any personal data and pass it to the Chartboost SDK via the above method.