As the performance marketing platform, Offer18 is committed to providing its customers with full transparency and control over their users’ personal data, empowering them in their GDPR compliance journey.


What is the GDPR

On May 25, 2018, The European Union enforces a new data privacy law, the General Data Protection Regulation (GDPR). A primary aim of the GDPR is to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach it.
Any company that collects or processes personal data of persons in the EU falls under the scope of the GDPR, even if the company has no physical presence in the European Union. This means that most businesses with a global or online presence, including Offer18 customers are affected.

GDPR Compliance as Shared Responsibility Between Data Controllers and Data Processors
Data Controller

Offe18 clients are data controllers.

Data Processor

Offe18 is a data processor.

Our responsibility to You on Behalf of Your Data Processor.

We enable our users at the account level to opt in for real-time IP obfuscation and unique Device ID blanking for all EU countries.

1) IP obfuscation - replacing the last octet of the IP with a 0 for German IPs and all EU countries.

2) Device ID blanking will replace any values from these macros with empty string.

Data Collection and Retention

IP addresses and the above listed Device IDs will have a 120-day rolling retention.

All log reporting will have a 12-month rolling retention period.

Data Deletion Process:

The measures that are required by articles 17, 30 and art. 32 para. 4 GDPR. include:

System Physical Access Control

Our physical data centers are secure. Security measures include having security officers onsite, monitoring and alarm systems, video/CCTV monitors and much more. No person, not even a member of Offer18, has self-determined access to the servers.

Data Access, Usage and Transmission Controls

Tools in place to protect unauthorized access, usage or transmission of data. The data cannot be changed or deleted by unauthorized persons during transmission.

Availability Control and Rapid Recoverability

Frequent backups protect all stored data against loss. Offer18 creates continuous backups in same location. With this, we can restore data if lost. If data is lost we will inform immediately.

Deleting Affiliate, Advertiser, and Account Employee Personal Data

You will have an option to permanently delete any personal data you store regarding your affiliates, advertisers, or employees.

Privacy in system

Offer18 ensuring that personal data is processed strictly in accordance with our customers’ instructions and configurations.

Personal Data is collected only when assurance of user consent is obtained
No selling or re-brokering of personal data
Opt-out/opt-in options
Honoring do-not-track privacy choices

We updated our Terms and Conditions and Privacy Policy, and User Agreement.

While the content on this page is to help you understand the GDPR when working with third parties, the information contained should not be as legal advice. You need to consult with your own legal advisor with respect to interpreting your unique obligations under the GDPR and the use of a company’s products and services to process personal data.