Permission: Vendor list - GDPR
In this article, we will cover the following configurations specific to a GDPR Standard vendor list:
- Apple data broker
- Disclosure only purpose
- Manage custom purposes
- Manage custom stacks
- Manage vendor cookies
- Configure default legal bases for custom vendor
- Configure default legal bases for custom ATP vendor
- Consent scope
- Advanced settings
To start, click Vendor Management on the left-hand panel and select GDPR Standard from the menu.
Select a vendor list from the subsequent page or click New to create a new GDPR Standard vendor list.
Apple data broker
The Apple data broker setting is an optional designation that your organization can apply to a vendor on your GDPR Standard vendor list that will impact an end-user's consent string and subsequent experience of your privacy manager. In this article, we will cover:
Note: In order to utilize the apple data broker feature, your organization must fulfill the following pre-requisites:
• Property is utilizing Sourcepoint's Unified SDK
• iOS tracking message is enabled on account
A vendor who is designated as an apple data broker by your organization is only impacted by the designation when an end-user selects Don't Allow Tracking (or some permutation of this user option) in Apple's App Tracking Transparency message.
If an end-user selects Don't Allow Tracking, the following will automatically occur for a vendor designated as an Apple data broker:
- Vendor grants will return a
FALSEvalue for the vendor - End-user will be unable to enable vendor from the privacy manager
To designate a vendor as an apple data broker, click the name of a vendor on the vendor list.
Click the checkbox inline with Apple Data Broker and select Apply changes when finished.
Vendors designated as Apple data brokers will be marked in the vendor list builder.
Use the Filter By dropdown menu to narrow down the vendor list to just Apple data brokers.
Disclosure only purpose
Note: Only custom purposes can be set as disclosure only. See: Manage custom purposes for more information.
The disclosure only feature allows you to configure a custom purpose that does not have a consent toggle (opt-in/opt out). To enable the feature for a custom purpose, click the custom purpose name from your vendor list.
From the subsequent dialog box, check the box next to Disclosure only and click Apply changes when finished.
When enabled for the custom purpose, vendors can either be configured as Disclosure only or Not Applicable for the custom purpose.
The vendor(s) will appear in your privacy manager under the disclosure only custom purpose which will not have an opt-in/opt-out toggle.
Manage custom purposes
A custom purpose on a GDPR Standard vendor list is a configurable purpose created by your organization and can be applied to vendors on your vendor list.
To add a custom purpose, click + Add Custom Purpose at the bottom of the vendor list builder.
Use the subsequent modal to input a Name and optional Description for the new custom purpose. Click Create purpose when finished.
Note: The Google Consent Mode Category field should only be filled-in if your organization is implementing Google Consent Mode for your property. Click here for more information about Sourcepoint's integration with Google Consent Mode.
The custom purpose will be added to end of the purpose column. Set the legal basis for the new custom purpose for each vendor in your vendor list.
To edit general settings, consent and reject actions, or to delete the custom purpose, click the name of the purpose.
Use the subsequent modal to edit or delete the custom purpose.
Manage custom stacks
Custom stacks allow your organization to group purposes in your vendor list into pre-determined groupings. When configured, these stacks can be surfaced in lieu of each purpose listed individually in privacy managers for associated properties. Like a folder system for purposes, the individual purposes can be navigated to by the end-user by clicking the stack in the privacy manager.
Click Manage Stacks at the bottom of the vendor list builder.
From the subsequent modal, input a name, optional description in the provided fields and select the custom purposes that should be included in the stack. Click Create Custom Stack.
Note: A custom purposes can only be included in a single custom stack at any given time.
Repeat as necessary and click Apply Changes when finished.
The purposes included in the custom stacks will be grouped together in the vendor list builder under the custom stack name. Any purposes not included in a custom stack will be listed separately.
Click Save to apply the changes.
Manage vendor cookies
The provenance, duration, and purpose for cookies used by vendors on a vendor list can be documented by your organization. Cookie information documented for each vendor will subsequently be surfaced in privacy managers that use the vendor list to which the vendor belongs.
From the vendor list builder, click the name of a vendor from the list. Cookies can be documented for custom, and custom ATP vendors.
Click the Cookies tab in the subsequent modal. Use the provided functions to add, remove, and edit cookies used by the vendor.
Click Apply changes when finished.
Vendor cookie information will be surfaced in privacy managers on properties associated with the vendor list.
Configure default legal bases for custom vendor
When custom vendors are added to a vendor list, their legal bases for purposes default to the legal bases that the have declared. Alternatively, your organization can customize the default legal bases for custom vendors so that legal bases are automatically decided every time a custom vendor is added to your vendor list.
From the vendor list builder, click + Add Vendor.
Select the Custom Vendor tab and then click Configure Custom Purposes and Legal Basis.
The dropdown menu will have Use Custom Vendor Defaults selected. This setting uses a custom vendor's declared legal bases for purposes when they are added to your vendor list.
To configure your own default legal bases for newly added custom vendors, deselect Use Custom Vendor Defaults and update the legal basis for each purpose. Click Apply when finished.
Configure default legal bases for custom ATP vendor
When custom ATP vendors are added to a vendor list, their legal bases for purposes default to the legal bases that the have declared. Alternatively, your organization can customize the default legal bases for custom ATP vendors so that legal bases are automatically decided every time a custom vendor is added to your vendor list.
From the vendor list builder, click + Add Vendor.
Select the Custom ATP Vendor tab and then click Configure Custom Purposes and Legal Basis.
Determine your own legal bases for custom ATP vendors, manually declare the legal basis for each purpose in the dropdown menu.
Click Apply when finished.
Consent scope
The Consent Scope field for a vendor list determines how an end-user's consent preferences are shared across different properties within and outside your organization.
When an end-user selects their consent preferences on your property, the privacy manager will utilize the consent scope for the associated vendor list to share or not share the preferences. The following
Consent Scopes can be selected for a GDPR Standard Vendor List:
| Consent Scope | Description |
| Single Site | An end-user's consent preferences will only be set for the property where the end-user provided their consent.. |
| Shared Site |
An end-user's consent preferences will be shared across a defined group of sites within your Sourcepoint account. Note: Selecting this option requires that your organization has configured authenticated consent on your properties. |
From the vendor list builder, navigate to the Consent Scope field at the top of the page and use the dropdown menu to select a consent scope for the vendor list.
Click Save when finished.
Advanced settings
The advanced settings modal for a GDPR Standard vendor list allow a user to configure settings that will applied to the entire vendor list.
Click *Advanced settings*.
The following advanced settings can be edited for the GDPR Standard vendor list:
| Advanced Setting | Description |
| Write 1st party cookies to root domain |
When enabled, consent selections will be stored/persist across the site’s root domain (e.g. test.com) and its respective subdomains (e.g. finance.test.com). This will ensure that users do not see the same consent message when moving from root to subdomain or vice versa. |
| Write 1st party cookies from the server |
When enabled, the 1st-party cookie will be set by the server by passing a cookie from the server back to your site instead of using the on-site code to set the cookie. This setting should be enabled if your organization has set up a CNAME subdomain. |
| Consent cookies expiration | The length of time (in days) consent cookies are valid. |
| Base vendor consent and reject actions on vendor grants |
Vendor grants inform a publisher whether a vendor has been granted consent for all the purposes for which they are asking consent. Generally, this setting is used to manage custom vendors. When enabled, the Vendor List will fire consent and reject actions based on the vendor grant. Note: A vendor grant only returns a |
| Do not store UUIDs server side |
Only available for android apps. When enabled, end-user consent will not be stored in the server. Note: Enabling this option will remove all user related metrics from Sourcepoint reporting for android apps. You will only be able to report on page view data for android apps. |
Use the subsequent modal to edit the advanced settings for the vendor list. Click Apply Changes when finished.