Daisycon maintains the principle of privacy by design. In short, this means that we save as little (personal) data as possible. One of the outcomes of this is that we do not want advertisers to pass on personal data to us without any clear necessity.
In a few cases, an advertiser can decide to use for example an unencrypted email address as transaction ID. This is to identify the transaction at a later time. Daisycon strongly advises advertisers against doing this and to use an pseudonymised parameter as a transaction ID instead. Should an advertiser choose to use personal data (only as an exception), both Daisycon and advertiser are still compliant with the GDPR. The transaction ID is not shared with third parties (not even the publisher). The standard data processing agreement that Daisycon concludes with its advertisers, includes among other things, a confidentiality clause and Daisycon secures the data adequately. There is a legitimate interest in using the personal data, as the advertiser cannot otherwise perform performance-based marketing. The risk to the consumer’s privacy is extremely limited.