Skip to main content

Universal Vendor List

The consent that is managed in the individual Privacy Manager configurations is accessible in the Universal Privacy Manager API. This makes the integration of Privacy Manager for the conditional firing of tags a lot easier. Consent data attributes like purposes, data categories, and vendors from the “local” Privacy Managers are mapped to universal purposes and vendors. This section provides insight into the mappings.

Universal Purposes Mapping

The table below shows all Privacy Manager purposes mapped to the universal purposes.

Note

The Global Privacy Manager uses the universal purposes, so no mapping is used.

ID

Name

10000

Store and/or access information on a device

10001

Strictly Necessary

10002

Functional

10003

Analytics

10004

Marketing

10005

Personalization

10006

Social Media

CCPA Mapping

The table below shows the CCPA purposes and data categories mapped to the universal purposes.

ID

Name

CCPA - Purposes

CCPA - Data Category

10000

Store and/or access information on a device

8

1,2,3,4,5,6,7,8,9,10

10001

Strictly Necessary

2,3,5,7

1

10002

Functional

4,5,7

1,4,5,9

10003

Analytics

1,6,9

1

10004

Marketing

8,10,9

1,5,8

10005

Personalization

8,9, 10

1,5,8

10006

Social Media

8,10

1

Example: If the user opted out of CCPA purpose “9”, then Universal Privacy Manager API will return “false” for purposes “10003” and “10004”.

CCPA - Purposes and Data Categories

The tables below show an overview of all purposes and data categories on the CCPA vendor list.

CCPA - Purposes

ID

Name

Description

1

Auditing Interactions with Consumers

Auditing includes counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and other compliance auditing with regard to concurrent transactions.

2

Security

Security involves detecting security incidents, protecting against malicious or fraudulent activity, and prosecuting offenders

3

Debugging/Repair

Debugging relates to the identification and repair of impairments to intended, existing functionality.

4

Certain Short-term Uses

Short-term, transient uses are a business purpose provided that the personal information is not disclosed to another third party, not used to build a profile about a consumer, or alter an individual’s experience outside the current transaction (including contextual ads as part of the same interaction).

5

Performing Services

The services performed may be either by the business or a service provider. These services include “maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services.

6

Internal Research for Tech Development

Allows for research into technological development and demonstration.

7

Quality and Safety Maintenance and Verification

The quality and safety business purpose includes activities related to the improvement, upgrade or enhancement of the service or device owned, manufactured, manufactured for, or controlled by the business. It also includes the verification or maintenance of the quality or safety of a service or device.

8

Selling

Selling means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating personal information for monetary or other valuable consideration.

9

Operating our Website(s)

To track your use of our websites and tailor your web experience.

To monitor and improve our website and services.

10

To market our products and services to you

  • To fulfill or meet the reason you provided the information. For example, if you share your name and business contact information to inquire about our products or services, we will use that personal information to respond to your inquiry. We may also share this personal information with our marketing partners (i.e. lead generation).

  • To register for and/or allow you to subscribe to our special offers, demonstrations of our products and services, or seminars and events.

  • To sign you up to participate in surveys or even contests that we might provide.

  • To allow you to access content we make available.

  • To provide you with access to our products.

CCPA - Data Categories

ID

Name

Description

1

Identifiers

Such as a real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

2

Biometric data

Such as fingerprints and facial recognition data.

3

Internet or network activity data

Such as IP addresses, browsing history, search history, and interactions with online sites, apps or advertisements.

4

Commercial information

Including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

5

Geolocation data

Information that can be used to identify an electronic device's (historic) physical location.

6

Professional or employment-related information.

Information about an individual’s educational or professional career job titles, salary, work history, school attended, employees, employment history, evaluations, references, interviews, certifications, disciplinary actions, etc.

7

Education information

Information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).

8

Inferences

Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

9

Categories from CA Civil Code 1798.80

Name, address, telephone number, employment, credit card number, debit card number, or any other financial information

GDPR Mapping

The table below shows the GDPR purposes (both TCF and Custom) mapped to the universal purposes.

ID

Name

GDPR - Purpose

GDPR - Special Feature

10000

Store and/or access information on a device

1

10001

Strictly Necessary

25

10002

Functional

26

1

10003

Analytics

7,8,9,10,27

10004

Marketing

2,3,4,5,6,7,28,30

1,2

10005

Personalization

3,4,5,6,29,31

1,2

10006

Social Media

29

Example: If the user opted out of GDPR purpose “7” then Universal Privacy Manager API will return “false” for purposes “10003” and “10004”.

GDPR Purposes and Special Features

The tables below show an overview of all GDPR purposes and special features (both TCF and Custom).

GDPR - Purposes

ID

Name

Type

Description

1

Store and/or access information on a device

TCF

Vendors can:

  • Store and access information on the device such as cookies and device identifiers presented to a user.

2

Select basic ads

TCF

To do basic ad selection, vendors can:

  • Use real-time information about the context in which the ad will be shown, to show the ad, including information about the content and the device, such as device type and capabilities, user agent, URL, and IP address.

  • Use a user’s non-precise geolocation data.

    Note

    Non-precise means only an approximate location involving at least a radius of 500 meters is permitted.

  • Control the frequency of ads shown to a user.

  • Sequence the order in which ads are shown to a user.

  • Prevent an ad from serving in an unsuitable editorial (brand-unsafe) context\nVendors cannot

  • Create a personalized ads profile using this information for the selection of future ads without a separate legal basis to create a personalized ads profile.

3

Create a personalized ads profile

TCF

To create a personalized ads profile vendors can:

  • Collect information about a user, including a user's activity, interests, demographic information, or location, to create or edit a user profile for use in personalized advertising.

  • Combine this information with other information previously collected, including from across websites and apps, to create or edit a user profile for use in personalized advertising.

4

Select personalized ads

TCF

To select personalized ads vendors can:

  • Select personalized ads based on a user profile or other historical user data, including a user’s prior activity, interests, visits to sites or apps, location, or demographic information.

5

Create a personalized content profile

TCF

To create a personalized content profile vendors can:

  • Collect information about a user, including a user's activity, interests, visits to sites or apps, demographic information, or location, to create or edit a user profile for personalizing content.

  • Combine this information with other information previously collected, including from across websites and apps, to create or edit a user profile for use in personalizing content.

6

Select personalized content

TCF

To select personalized content vendors can:

  • Select personalized content based on a user profile or other historical user data, including a user’s prior activity, interests, visits to sites or apps, location, or demographic information.

7

Measure ad performance

TCF

To measure ad performance vendors can:

  • Measure whether and how ads were delivered to and interacted with by a user

  • Provide reporting about ads including their effectiveness and performance

  • Provide reporting about users who interacted with ads using data observed during the course of the user's interaction with that ad

  • Provide reporting to publishers about the ads displayed on their property

  • Measure whether an ad is serving in a suitable editorial environment (brand-safe) context

  • Determine the percentage of the ad that had the opportunity to be seen and the duration of that opportunity

  • Combine this information with other information previously collected, including from across websites and apps

Vendors cannot:

  • Apply panel- or similarly-derived audience insights data to ad measurement data without a Legal Basis to apply market research to generate audience insights (Purpose 9)

8

Measure content performance

TCF

To measure content performance vendors can:

  • Measure and report on how content was delivered to and interacted with by users.

  • Provide reporting, using directly measurable or known information, about users who interacted with the content

  • Combine this information with other information previously collected, including from across websites and apps.

Vendors cannot:

  • Measure whether and how ads (including native ads) were delivered to and interacted with by a user.

  • Apply panel- or similarly derived audience insights data to ad measurement data without a Legal Basis to apply market research to generate audience insights (Purpose 9)

9

Apply market research to generate audience insights

TCF

To apply market research to generate audience insights vendors can:

  • Provide aggregate reporting to advertisers or their representatives about the audiences reached by their ads, through panel-based and similarly derived insights.

  • Provide aggregate reporting to publishers about the audiences that were served or interacted with content and/or ads on their property by applying panel-based and similarly derived insights.

  • Associate offline data with an online user for the purposes of market research to generate audience insights if vendors have declared to match and combine offline data sources (Feature 1)

  • Combine this information with other information previously collected including from across websites and apps.

Vendors cannot:

  • Measure the performance and effectiveness of ads that a specific user was served or interacted with, without a Legal Basis to measure ad performance.

  • Measure which content a specific user was served and how they interacted with it, without a Legal Basis to measure content performance.

10

Develop and improve products

TCF

To develop new products and improve products vendors can:

  • Use information to improve their existing products with new features and to develop new products

  • Create new models and algorithms through machine learning\nVendors cannot:

  • Conduct any other data processing operation allowed under a different purpose under this purpose

25

Strictly Necessary Cookies

Custom

These cookies are necessary for the website to function and do not store personally identifiable information. They are usually set in response to user actions to enable key features like setting and maintaining logins or privacy preferences. These cookies typically can’t be switched off, however, certain browsers can block or alert you about these cookies. Be aware that blocking these cookies will affect site functionality.

26

Functional

Custom

These cookies enable a better user experience via enhanced features such as personalization. If these cookies are disabled, some or all of these features may be adversely affected.

27

Analytics

Custom

These cookies collect anonymous, aggregated data and enable us to identify our most popular pages and content to improve our site and the experience we offer visitors. Disallowing these cookies negatively affects our ability to improve our products and services.

28

Advertising

Custom

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

29

Social Media

Custom

These cookies enable visitors to share our content with their friends and social networks. They may track activities across websites to build a user profile to offer more relevant content on other sites visited.

30

Direct Marketing

Custom

Direct Marketing cookies allow us to combine email addresses with other available information to enable advertisers to reach users via an email newsletter. This provides us greater control over the information available to advertisers and allows us to set clear expectations around these emails. Consenting to this purpose helps us fight spam.

31

Data Sharing

Custom

Sharing of segment data and modeling information with selected vendors. The vendor can combine data segment and modeling information with their own data to reach the target groups that are likely to be interested in the products or services offered by the vendor. An individual cannot be directly identified from this data. Data are stored only for a short period of time to execute the campaign.

GDPR - Special Features

ID

Name

Type

Description

1

Use precise geolocation data

TCF

Vendors can:

  • * Collect and process precise geolocation data in support of one or more purposes.

    Note

    Precise geolocation means that there are no restrictions on the precision of a user’s location; this can be accurate to within several meters.

2

Actively scan device characteristics for identification

TCF

Vendors can:

  • Create an identifier using data collected via actively scanning a device for specific characteristics, such as installed fonts or screen resolution.

  • Use such an identifier to reidentify a device.

In this section: