Vendor list configuration (GDPR Standard)

   Permission: Vendor list - GDPR

In this article, we will cover the following configurations specific to a GDPR Standard vendor list:

To start, click Vendor Management on the left-hand panel and select GDPR Standard from the menu.

Screen_Shot_2023-02-02_at_8.46.35_AM.png

Select a vendor list from the subsequent page or click New to create a new GDPR Standard vendor list.

gdpr_standard.png


Apple data broker

The Apple data broker setting is an optional designation that your organization can apply to a vendor on your GDPR Standard vendor list that will impact an end-user's consent string and subsequent experience of your privacy manager. In this article, we will cover:

  Note: In order to utilize the apple data broker feature, your organization must fulfill the following pre-requisites:

Property is utilizing Sourcepoint's Unified SDK
iOS tracking message is enabled on account

A vendor who is designated as an apple data broker by your organization is only impacted by the designation when an end-user selects Don't Allow Tracking (or some permutation of this user option) in Apple's App Tracking Transparency message.

If an end-user selects Don't Allow Tracking, the following will automatically occur for a vendor designated as an Apple data broker:

  • Vendor grants will return a FALSE value for the vendor
  • End-user will be unable to enable vendor from the privacy manager

To designate a vendor as an apple data broker, click the name of a vendor on the vendor list. 

Screen_Shot_2021-12-09_at_1.15.18_PM.png

Click the checkbox inline with Apple Data Broker and select Apply changes when finished.

Screen_Shot_2021-12-09_at_1.16.30_PM.png

Vendors designated as Apple data brokers will be marked in the vendor list builder.

Screen_Shot_2021-12-09_at_1.17.21_PM.png

Use the Filter By dropdown menu to narrow down the vendor list to just Apple data brokers.

Screen_Shot_2021-12-09_at_1.18.47_PM.png


Disclosure only purpose

  Note: Only custom purposes can be set as disclosure only. See: Manage custom purposes for more information. 

The disclosure only feature allows you to configure a custom purpose that does not have a consent toggle (opt-in/opt out). To enable the feature for a custom purpose, click the custom purpose name from your vendor list. 

Screen_Shot_2021-12-14_at_4.11.22_PM.png

From the subsequent dialog box, check the box next to Disclosure only and click Apply changes when finished. 

Screen_Shot_2021-12-14_at_4.17.59_PM.png

When enabled for the custom purpose, vendors can either be configured as Disclosure only or Not Applicable for the custom purpose. 

Screen_Shot_2021-12-14_at_4.21.15_PM.png

The vendor(s) will appear in your privacy manager under the disclosure only custom purpose which will not have an opt-in/opt-out toggle.

Screen_Shot_2021-12-14_at_4.25.09_PM.png


Manage custom purposes

A custom purpose on a GDPR Standard vendor list is a configurable purpose created by your organization and can be applied to vendors on your vendor list.

To add a custom purpose, click + Add Custom Purpose at the bottom of the vendor list builder.

Screen_Shot_2021-12-09_at_1.20.04_PM.png

Use the subsequent modal to input a Name and optional Description for the new custom purpose. Click Create purpose when finished.

Screen_Shot_2022-06-30_at_2.06.18_PM.png

  Note: The Google Consent Mode Category field should only be filled-in if your organization is implementing Google Consent Mode for your property. Click here for more information about Sourcepoint's integration with Google Consent Mode. 

The custom purpose will be added to end of the purpose column. Set the legal basis for the new custom purpose for each vendor in your vendor list.

Screen_Shot_2021-12-09_at_1.22.52_PM.png

To edit general settings, consent and reject actions, or to delete the custom purpose, click the name of the purpose.

Screen_Shot_2021-12-09_at_1.24.14_PM.png

Use the subsequent modal to edit or delete the custom purpose. 

Screen_Shot_2021-12-09_at_1.25.56_PM.png


Manage custom stacks

Custom stacks allow your organization to group purposes in your vendor list into pre-determined groupings. When configured, these stacks can be surfaced in lieu of each purpose listed individually in privacy managers for associated properties. Like a folder system for purposes, the individual purposes can be navigated to by the end-user by clicking the stack in the privacy manager.

1.gif

Click Manage Stacks at the bottom of the vendor list builder.

Screen_Shot_2021-12-09_at_1.27.25_PM.png

From the subsequent modal, input a name, optional description in the provided fields and select the custom purposes that should be included in the stack. Click Create Custom Stack.

  Note: A custom purposes can only be included in a single custom stack at any given time.

Repeat as necessary and click Apply Changes when finished.

Screen_Shot_2021-12-09_at_1.29.45_PM.png

The purposes included in the custom stacks will be grouped together in the vendor list builder under the custom stack name. Any purposes not included in a custom stack will be listed separately.

Click Save to apply the changes.


Manage vendor cookies

The provenance, duration, and purpose for cookies used by vendors on a vendor list can be documented by your organization. Cookie information documented for each vendor will subsequently be surfaced in privacy managers that use the vendor list to which the vendor belongs.

From the vendor list builder, click the name of a vendor from the list. Cookies can be documented for custom, and custom ATP vendors.

Screen_Shot_2021-12-09_at_1.31.24_PM.png

Click the Cookies tab in the subsequent modal. Use the provided functions to add, remove, and edit cookies used by the vendor.

Screen_Shot_2021-12-09_at_1.32.36_PM.png

Click Apply changes when finished.

Vendor cookie information will be surfaced in privacy managers on properties associated with the vendor list.


Configure default legal bases for custom vendor

When custom vendors are added to a vendor list, their legal bases for purposes default to the legal bases that the have declared. Alternatively, your organization can customize the default legal bases for custom vendors so that legal bases are automatically decided every time a custom vendor is added to your vendor list.

From the vendor list builder, click + Add Vendor.

Screen_Shot_2021-12-09_at_1.35.02_PM.png

Select the Custom Vendor tab and then click Configure Custom Purposes and Legal Basis.

Screen_Shot_2021-12-09_at_1.35.27_PM.png

The dropdown menu will have Use Custom Vendor Defaults selected. This setting uses a custom vendor's declared legal bases for purposes when they are added to your vendor list.

To configure your own default legal bases for newly added custom vendors, deselect Use Custom Vendor Defaults and update the legal basis for each purpose. Click Apply when finished.

Screen_Shot_2021-12-09_at_1.37.50_PM.png


Configure default legal bases for custom ATP vendor

When custom ATP vendors are added to a vendor list, their legal bases for purposes default to the legal bases that the have declared. Alternatively, your organization can customize the default legal bases for custom ATP vendors so that legal bases are automatically decided every time a custom vendor is added to your vendor list.

From the vendor list builder, click + Add Vendor.

Screen_Shot_2021-12-09_at_1.35.02_PM.png

Select the Custom ATP Vendor tab and then click Configure Custom Purposes and Legal Basis.

Screen_Shot_2021-12-09_at_1.39.25_PM.png

Determine your own legal bases for custom ATP vendors, manually declare the legal basis for each purpose in the dropdown menu.

Click Apply when finished.

Screen_Shot_2021-12-09_at_1.41.15_PM.png


Consent scope

The Consent Scope field for a vendor list determines how an end-user's consent preferences are shared across different properties within and outside your organization.

When an end-user selects their consent preferences on your property, the privacy manager will utilize the consent scope for the associated vendor list to share or not share the preferences. The following

Consent Scopes can be selected for a GDPR Standard Vendor List:

Consent Scope Description
Single Site An end-user's consent preferences will only be set for the property where the end-user provided their consent..
Shared Site

An end-user's consent preferences will be shared across a defined group of sites within your Sourcepoint account.

  Note: Selecting this option requires that your organization has configured authenticated consent on your properties.

From the vendor list builder, navigate to the Consent Scope field at the top of the page and use the dropdown menu to select a consent scope for the vendor list.

Click Save when finished.

Screen_Shot_2021-12-09_at_1.50.22_PM.png


Advanced settings

The advanced settings modal for a GDPR Standard vendor list allow a user to configure settings that will applied to the entire vendor list. 

Click *Advanced settings*.

Screen_Shot_2021-12-09_at_1.52.09_PM.png

The following advanced settings can be edited for the GDPR Standard vendor list:

Advanced Setting Description
Write 1st party cookies to root domain

When enabled, consent selections will be stored/persist across the site’s root domain (e.g. test.com) and its respective subdomains (e.g. finance.test.com).

This will ensure that users do not see the same consent message when moving from root to subdomain or vice versa. 

Write 1st party cookies from the server

When enabled, the 1st-party cookie will be set by the server by passing a cookie from the server back to your site instead of using the on-site code to set the cookie.

This setting should be enabled if your organization has set up a CNAME subdomain.

Consent cookies expiration The length of time (in days) consent cookies are valid.
Base vendor consent and reject actions on vendor grants

Vendor grants inform a publisher whether a vendor has been granted consent for all the purposes for which they are asking consent. Generally, this setting is used to manage custom vendors. When enabled, the Vendor List will fire consent and reject actions based on the vendor grant.

  Note: A vendor grant only returns a true value when an end-user consents to all purposes for which your organization is requesting. If an end-user consents to only some of the purposes, the vendor grant will return a false value.

Do not store UUIDs server side

Only available for android apps. When enabled, end-user consent will not be stored in the server. 

  Note: Enabling this option will remove all user related metrics from Sourcepoint reporting for android apps. You will only be able to report on page view data for android apps.

Use the subsequent modal to edit the advanced settings for the vendor list. Click Apply Changes when finished.

Screenshot_2023-03-10_at_10.06.23_AM.png

Was this article helpful?
0 out of 0 found this helpful