Comply with GDPR privacy framework
Overview
User privacy and data security are built on trust. Equativ helps you respect user privacy and deliver effective advertising campaigns.
Our platform complies with major privacy regulations, such as the GDPR and the ePrivacy Directive. The platform helps you collect, process, and share data with transparency and user consent.
When you integrate Equativ solutions, you're responsible for obtaining valid user consent before you process personal data or share it with third parties, such as Equativ.
Understanding consent and the consent string
To legally share user data with Equativ, you must use a consent string, for example, a TC String from the IAB Transparency and Consent Framework. This string encodes user preferences for data processing.
A Consent Management Platform (CMP) typically manages the consent string. The string determines what data you send to the Kamino platform.
API integration: consent-based workflow
If you integrate the Kamino platform through APIs, you must check user consent before you include personal information in requests to the Kamino platform.
Consent workflow
The consent workflow is as follows:
- A user lands on your site.
- Your CMP or internal systems check and return the user consent.
- If the user opts in, send user-specific parameters in all Kamino API calls.
- If the user opts out, you can still make API calls for ad delivery and tracking, but you must exclude user parameters.
To learn how to interpret the consent string and determine user preferences, see the CMP documentation or consult your internal teams.
User parameters (send only if the user opts in)
Send the following parameters in all API calls when the user opts in:
| Query string parameter | Value example | Required (if opt-in) | Description |
|---|---|---|---|
user[gdpr_consent] |
CQIVcVgQIVcVg... | Yes | The GDPR consent string, for example, a TC String from a CMP. |
user[session_id] |
session_xyz456 | Optional | A unique session identifier that resets at the beginning of each session. |
user[user_id] |
abc123 | Yes | A retailer-defined unique identifier for the user. This identifier must remain consistent across page types for at least 30 days. |
Don't send these parameters if the user opts out.
User parameters for purchase tracking events
When you send purchase events to the /tracking/buy endpoint through a POST request, you must include these user parameters in the body under the context.user object.
For example:
{
"context": {
"user": {
"user_id": "abc123",
"session_id": "session_xyz456",
"gdpr_consent": "CQIVcVgQIVcVg..."
}
},
"cart": {
}
}
Include this data only if the user explicitly opts in. For users who opt out, omit the context.user block entirely.
JavaScript tag integration: consent and cookies
If you use the Kamino JavaScript tag integration, the client side handles the consent flow.
Consent workflow
The consent workflow is as follows:
- The Kamino JavaScript tag loads on your site.
- The tag listens for consent signals, for example, through
__tcfapior a CMP event. - If the user opts in, the tag sends the user consent and identifiers. The tag then activates tracking and ad personalization.
- If the user opts out, the tag avoids sending personal identifiers. The tag can still track non-personal data for analytics and ad serving.
If a user opts out and you don't want ads or non-personal tracking to occur, don't load the tag.
You're responsible for checking user consent before you load the Kamino JavaScript tag.
Cookies set on opt-in
When a user opts in, the Kamino JavaScript tag loads the following cookies from the .kaminoretail.io domain:
| Cookie name | Value example | Expiration | Description |
|---|---|---|---|
kamino_optin |
CQIVcVgQIVcVg... | 365 days | The GDPR consent string, for example, a TC String from a CMP. |
kamino_session |
session_xyz456 | Session | A unique session identifier that resets at the beginning of each session. |
kamino_user |
abc123 | 365 days | A Kamino-defined unique identifier for the user. |
The Kamino tag automatically respects user consent and sets these cookies only when consent is valid.
Differences between opt-in and opt-out users
Kamino can deliver most ad formats even if a user opts out. Ad delivery often uses non-personal data, such as:
- Device type
- Keywords
- Page ID
- Page type
You don't need consent to serve ads based on non-personal data. However, the following features rely on personal data and require an opt-in:
| Feature | Requires opt-in |
|---|---|
| Audience targeting (not available yet) | Yes |
| Cart-based targeting (not available yet) | Yes |
| Personal user-based reporting | Yes |
Kamino tracks impressions, clicks, and basic interactions for all users, including users who opt out. However, Kamino doesn't use that data for:
- Conversion rate segmentation
- Exposed versus non-exposed analysis
- Incremental lift reports
- New customer detection