Permission: Vendor list - GDPR
Vendor lists are configurable registries of authorized third-party vendors who can be authorized to process user data, access users' devices, and/or use the data stored on those devices for specific purposes. In order to guide your organization through the configuration process In this article, we will cover how:
Create vendor list with vendor list wizard
To start, click Vendor Management on the left-hand navigation and select GDPR TCF from the panel.
The subsequent page will list all existing vendor lists for the GDPR TCF regulatory framework. Click New.
When creating a new vendor list, you will automatically activate the vendor list wizard to guide you through the configuration process.
Note: In order to confirm the configurations made in the wizard you will need to select Save and Close from the wizard modal or the Dismiss icon in the upper-right hand corner of the wizard. If Cancel is selected in the wizard, your configurations since the last save point will be lost.
Regardless of the actions taken within the vendor list wizard, you will need to click Save in vendor list builder to save your overall configuration.
In the following sections we will cover the various configurations that are made in each tab:
Select properties and scope
|Name||The internal name for your vendor list.|
|Applies Scope||Determines the geographic regions where Sourcepoint will provide consent strings. When a user is identified as being in the geographic area defined in the vendor list, the consent strings that our system generates will include all preferences.|
Determines how an end-user's consent preferences are shared across different properties within and outside your organization.
When an end-user selects their consent preferences on your property, the privacy manager will utilize the consent scope for the associated vendor list to share or not share the preferences.
|Select Properties this list applies to||
Properties associated with a vendor list will inherit the vendors, purposes, and legal bases configured for the vendor list. This information will be surfaced in privacy managers, OTT messages, and/or first layer messages configured for the property.
Note: While properties can be added to multiple inactive vendor lists, a property can only be associated with a single active vendor list. Click here to learn more about active statuses for vendor lists.
|Consent Cookie Expiration||The length of time (in days) before a consent cookie is considered expired.|
|Vendor Legal Basis||
For vendors who have declared a flexible legal basis for a purpose, you can set the legal basis to one of the following defaults:
|Add IAB Special Features||
Enable the following IAB-specific special features for your vendor list:
|Manage IAB Stacks||
IAB stacks allow your organization to group the 10 IAB purposes and 2 IAB special features into pre-determined groupings. When configured for your vendor list, these stacks can be surfaced in lieu of each purpose listed individually in privacy managers for associated properties.
Note: IAB stacks include multiple permutations of IAB purpose groupings. However, a single IAB purpose in your GDPR TCF vendor list can only be in one IAB stack at a time. As you add IAB stacks to your vendor list, other IAB stacks will be un-addable due to these colliding purposes (i.e. one or more purposes in your added IAB stack also exists in another IAB stack).
|Advanced IAB Settings||
Configure the following IAB settings for your vendor list:
Custom purposes settings
A custom purpose on a GDPR TCF vendor list is a configurable purpose created by your organization and can be applied to vendors on your vendor list.
From the Custom Purpose Setting tab, you can either create a custom purpose using an entirely manual workflow or leverage a Sourcepoint-provided custom purpose that you can edit.
First, select all languages that you will support in your messaging experience.
With the languages selected, either click Add New to add a single new custom purpose or use the Select Default field to select one of more recommended custom purposes and click Apply.
Note: Please be aware that the Sourcepoint recommended purpose Necessary Cookies defaults to a Disclosure only type of purpose (i.e. the custom purpose can only utilize Disclosure only or Not applicable. If you desire to set any other custom purposes to Disclosure only then this must be done in the vendor list builder after you have finished the wizard workflow.
Your custom purpose(s) will be added to the list to input/edit a name, description and default legal basis. You will be required to provide translations for the name and description for each added custom purpose in the languages you have selected.
Click Save to confirm the name, description, legal basis, and translations for your added custom purpose(s).
Vendors can be added to your vendor list either through a vendor scan (if enabled for your organization) or manually.
When viewing the Vendor Scan Results, the data populated in the table is dependent on the type of scanning your organization utilizes for its properties. Please refer to the table below for more information:
|Scanning feature||Available Data|
|DIAGNOSE||The vendor scan results table will populate vendors and vendor insights found on your property via the scan.|
|No Scanning feature||The vendor scan results table will not populate any vendors.|
Vendors found via scanning can be selected from the table. These selected vendor will appear in the Selected Vendors panel.
Known Vendors are vendors recognised by the IAB and/or Sourcepoint and relevant information about the vendor are stored in our systems.
Unknown Vendors are vendors not recognised by the IAB and/or Sourcepoint, no information about the vendor are stored in our systems at the present time though should be added in the future. This happens for example if a vendor is new.
Furthermore, you can manually add a vendor to your vendor list by clicking All System Vendors.
All vendors in our system are divided into categories IAB Vendors, Custom Vendors, Google ATP Vendors.
IAB Vendors are vendors registered with the IAB. These vendors will be added to the purposes they have declared in the GVL and any flexible legal basis will be decided on the default set by vendor list.
Custom Vendors are vendors not registered with the IAB or belong to Google ATP. When adding a custom vendor, it should categorize the vendor's legal basis according to the
Default Custom Vendor Consent Type setting in the purpose's vendor list custom settings.
Google ATP Vendors are vendors that belong to Google Ad Tech Providers. Google ATP vendors will be added to your vendor list under the purposes that are the same as Google Advertising Products.
From the tab, you can filter the list of vendors across IAB, Custom, and Google ATP vendors and select individual vendors from the list. These selected vendor will appear in the Selected Vendors panel.
Edit vendor list with vendor list wizard
While the vendor list wizard can be used to create a new GDPR TCF vendor list, it can also be used to update/edit that vendor list as well. To re-access the vendor list wizard, navigate to an existing GDPR TCF vendor list and click the icon.
Use the vendor list wizard to edit your GDPR TCF vendor list.