Title: How revive ad server handles the personal data?
1How revive ad server handles the personal data?
2- Data controller or data processor works based
on GDPR(General Data Protection Regulation). - Here we are going to have a discussion about
how the revive ad server software deals with the
personal data and what kind of personal data can
be handled by the software. - If you want to install a third party plugins
in your revive ad server or if you want to do any
modification to the software, make sure with the
developers or vendors about how the plugins or
modifications treat a personal data.
3 Users
- When we use the revive ad server software to
create and manage the advertising campaigns to
review the statistics of such campaigns, there we
require a username. - There are number of data points have been used
by the software for each username, that will be
considered as a personal data.
4- Username It is an identifier of the individual
users which helps to log in to the software - Password The password will be stored in an
encrypted form for logging into the software - Name Contact name of the user can be the
alias or nick name of the individual, it is not
necessary to give the actual name. - Mail address This is mainly used for sending
the password reset when we do the requisition.
5For the application security and to protect the
personal data, organisations used to operate
their own revive ad server implementation which
are advised to ensure a secure password policy.
- For example
- Recommending the user to change the password
at a regular interval of time and making sure to
not use the same password which has been used
elsewhere. - When the user got logged into the software, it
maintains a session on their behalf. - On the users own device, the ID of that
session will be stored in a session cookie and it
will be referenced in a database table which has
been created by the software.
6Ok, what about the database table? Whether it
stores our ID?
- No, If an user logout from that, the session
ID in the database table immediately be destroyed
and the corresponding cookie in the particular
device also will be removed. - If a particular user remains inactive for a
time duration of 30 minutes, the session becomes
invalid and eventually the stored data will be
deleted during the garbage collection
7What happens if we do not properly log out from
that session?
- When the user closes the browser without logging
out, the cookie session will be deleted and where
the session ends resulting in the user also being
logged out. - Even with the GDPR, some of the people considers
that session ID as a personal data, but it is
completely randomised and in itself meaningless
built of data with just a temporary usefulness. - In a session, the data will be stored, it is
actually a reference to the user and no extra
personal data will be there, just it is for the
temporary usage preferences.
8- GDPR clearly specifies that an organisation needs
to disclose the use of personal data to the data
subjects who are involved. - The organisation who uses the revive ad server
must disclose some of the relevant information to
its users such as - Who is managing the data, what is the name of
the organisation and who is ultimately
responsible for this - Enable the individuals to log in on the
software in order to stay logged in without
having to enter the password for every single
action and to reset the password if required - How long the data will be protected and
stored - How their rights are related with the personal
data and who else can get their data.
9- Revive ad server is one of the many software
applications where the user has an access to work
for an organisation, it is actually better to
create a single disclosure to the users about all
the organisations software and the personal data
usage for the organisations software portfolio. - This disclosure may contain a description
about how the user can exercise the rights with
regard to their personal data.
10For example The rights to review what data has
been processed, rectifying any errors in it, the
right to object to processing and so on. GDPR
stipulates that a data subject can be enabled to
give consent to the data processing organisation
before personal data can be processed. Here,
the data subject is referred to the user of the
software or an employee or associate of the
organisation, such consent is considered as a
lawful processing as part of the performance of a
contract.