Vendor Compliance (VenCo) Platform

Vendors are digital service providers used by companies for digital media and digital processes. Companies that conduct operations with digital media (e.g. as publishers, website operators, ecommerce shops, retail media, etc.) are legally responsible for vendor compliance. To enable companies to meet this responsibility, ePrivacy has built the Vendor Compliance (VenCo) platform together with leading publishers.

These companies already use the VenCo database:

Check and optimize your website vendors with the VenCo platform

As part of the VenCo platform, ePrivacy provides assessments of vendors' compliance with data processing standards (such as the IAB TCF) and the GDPR. For this purpose, data is collected, checked and evaluated. This data is available on the VenCo platform in the form of reports, assessments and interfaces for monitoring vendor compliance. If required, individual or group audits of vendors can be carried out.

Large website operators use many different technical vendors on their sites, which, for example, deliver personalized advertising and measure user activity across the board.

Vendors use a wide variety of technologies to process personal data. These processing operations must comply with the requirements of the agreed contracts and also with the GDPR. The operators of the digital media have the responsibility to check the compliance of the vendors data processing and to ensure the compliance of the vendors on a regular basis.

Technical vendors include all uses of web and app scripts (SDKs, pixels, tags, etc.) that are not set by their own website domain. among others, the following vendors are included in the VenCo Platform:

  • IAB TCF Vendors listed in the IAB Global Vendor List.
  • Custom vendors that are not on the Global Vendor List, such as the Meta Pixel, Google Tag Manager, Amazon Pixel, Microsoft Advertising UET (Universal Event Tracking) or other tracking providers.
  • ID providers for the digital advertising ecosystem, such as ID5, netID
  • etc.

Technologically, these vendors are often integrated via Consent Management Platforms (CMPs) and use a variety of technologies to collect and process data about internet users. These include:

  • 3rd party cookies
  • First Party Data
  • Local Storage
  • ID Solutions
  • SDKs
  • etc.

For website opoerators it is a major challenge and often not feasible to check and ensure the compliance with the large number of different vendors on one's own website. In some cases, over 100 vendors are used on websites. That is why ePrivacy has built the VenCo platform together with leading publishers and operates it for all customers.

Leading website operators are constantly confronted with requests for information from the data protection authorities in Germany and other EU member states. These relate to the processing of personal data under the GDPR, including:

  • Lawfulness of the processing (Art. 6(1) DSGVO)
  • Information requirements (Art. 13 DSGVO)
  • Data protection by technology and by default (Art. 25(2) GDPR)
  • Responsibility and demonstrability of compliance (Art. 5(2) GDPR)

Via the VenCo platform, ePrivacy checks the vendors used and ensures that, for example, the IAB EU TCF and associated data protection requirements are complied with. This significantly reduces the risks for website operators.

The following services are included in the VenCo platform

The VenCo platform is operated by ePrivacy and provides all participants with regular and up-to-date details about their vendors' compliance with the TCF and related privacy requirements. This includes:

  • Legal basis and consent
  • Cookies type and scope
  • Storage time and duration of the cookies used
  • Type and scope of other trackers (LSO, etc.)
  • Privacy policy
  • TCF string
  • Type of service
  • Territorial scope
  • International data transfer
  • Vendor contact information
  • Name of the product or service
  • Usage of Google Additional Consent Mode
  • Matching data and GAP Analysis with the Global Vendor List
  • Matching data with results from our crawler
  • Regular mailing of questionnaires to the vendors
  • etc.

This information is collected for over 1000 vendors operating within the IAB EU TCF or in some cases even operating beyond it as IT service providers.

ePrivacy has further developed its own crawler for this purpose, which is used to determine the current activity of the vendors and to verify whether the data collected by questionnaire and by the IAB TCF Global Vendor list are consistent and complete.

As part of the use of the VenCo platform, ePrivacy makes the collected and verified information available to all licensees as a document or via API. This allows publishers, e-commerce shops, website operators, advertisers, etc. to get the most important information about their vendors and thus ensure that the vendors are used in a privacy-compliant manner. Inquiries from clients, compliance departments, and authorities can be answered very efficiently and comprehensively.

Looking to gain a comprehensive understanding of vendor behavior on your website? VenCo platform provides your company with a holistic view of vendor activity, allowing you to make informed decisions and optimize your operations.

Do you have questions or recommendations for us?

We are glad to receive your comments.