GDPR Roadmap for MANTIS

We’ve built a slew of tools and instructions to help enable easier compliance with GDPR restrictions. On this page, we’ll walk you through them.

JavaScript Tags

As an advertiser or publisher, you are obligated to ask for consent from a user before you embed any third-party scripts that may track them through cookies or their IP address. We recognize that not every one of our network members will have a chance to implement such interfaces by the deadline so we are going to make it a little easier for you.

Starting May 25, 2018, our JavaScript tags will serve two versions depending on if we geo-locate the user within the EU or not. This tag delivery system will NOT store any long term information about the user, it will simply return alternative source code based on their location. If the user is within the EU, all of our tags will require you to set a new “consent” flag to true/false in order for us to use cookies or capture the user’s IP address. Instructions on how to configure our tags with consent can be found on the applicable pages in the help center.

Advertisers

Failure to implement a consent management platform on your website, with proof of consent sent to us, means you will have no ability to track conversions through our system for visitors within the EU. However, you may still be able to rely on first-party click-through tracking (i.e., UTM codes) even if we aren’t able to track them on your behalf.

Publishers

Failure to implement a consent management platform on your website, with proof of consent sent to us, means we will be unable to attribute traffic from your website to the conversions on an advertiser’s platform using our in-house conversion tracking software. While this may not have an immediate impact on revenue, the lack of transparency may cause advertisers to exclude your property from their campaigns due to the lack of data insights available.

Privacy Policies

Javascript Tags

For any network member who implements our JavaScript tags, you are required to include a reference to our Privacy Policy in your own Privacy Policy. You are also required to include a link to our Privacy Policy in whatever consent management platform you use prior to enabling MANTIS tags on your website. The MANTIS Privacy Policy will be updated by May 25, 2018 to adhere to the latest GDPR guidelines.

Network Members

We will be updating the Master Services Agreement (MSA) for all network members to include a reference to a separate Privacy Policy on May 25, 2018 that outlines our use of your personally identifiable information (see below). By continuing to participate as an advertiser or publisher on MANTIS, you are in effect agreeing to the updated changes in the MSA.

Data Protection Officer

In addition, we’ve appointed a Data Protection Officer, who can be reached at privacy@mantisadnetwork.com.

Network Member Data

While the changes to our JavaScript tags will ensure you are in compliance with GDPR, MANTIS must also make changes to its system to ensure we handle the data of our advertisers and publishers in a secure and compliant way. We are currently in the process of auditing our systems and intend to be fully compliant with GDPR requirements by the end of Q2.

Personally Identifiable Information (PII)

As a member of the MANTIS network, we have captured various pieces of your PII including such things as: First Name, Last Name, E-Mail Address, Phone Number, Mailing Address, and other user-submitted data. In addition, it is necessary to share some of this information with third party vendors for things like billing and invoicing, sending product announcements, and other such services required to operate the network. We will provide a full disclosure of all systems we use to collect data, why we use them, and what data we store in each system by the end of Q2.

Data Rights

As the owner of your PII, you have the right to ask for an export of all of your user data we have on record. Additionally, you can request its removal where appropriate, if desired. We will provide an online interface for capturing such requests, and we will work with all vendors to ensure they are in compliance with requests to remove personal data by the end of Q2.