Processing Description

ANNEX II: DESCRIPTION OF THE PROCESSING – ADDENDUM FOR AUDIENCE INSIGHTS

With Audience Insights, advertisers* and/or publishers and/or data partners (e.g. retailers or data vendors) can combine their data to derive aggregated insights about their respective audiences.

To that end, a first audience (Seed Audience) provided by one party is matched, and its properties are assessed, against a second audicence (Base Audience) provided by another party to derive the desired insights. The Seed Audience is typically provided by an advertiser or its data partner. The Base Audience is typically provided by a publisher or an advertiser’s data partner.

An example of such an insight could be: On average, data subjects in the Seed Audience are twice as likely to be sports-interested than the average data subject in the Base Audience. Critically, these insights are always aggregated in nature, i.e. they never refer directly or indirectly to individual data subjects and thus do not constitute personal data. Therefore, Decentriq refers to Audience Insights as a Privacy-Preserving use-case.

This Addendum shall complement the processing description contained in Annex II DPA for Audience Insights collaborations.

^{*Advertisers can delegate their use of Decentriq Data Clean Rooms partially to a third party, such as typically their agency or in certain cases a data partner. Where a third party uses Decentriq Data Clean Rooms to process personal data on behalf of an advertiser, Decentriq shall assume that the advertiser has duly appointed and instructed such third party. Any processing of an advertiser’s personal data by the relevant third party shall be deemed on behalf of and as instructed by the relevant advertiser.
‍}

Categories of data subjects whose personal data is processed 

Where the Controller is an advertiser:

• Customers and/or prospects (i.e. consumers and potential consumers of Controller’s goods/services)

Where the Controller is a publisher:

• Users (i.e. users of Controller’s digital media)

Where the Controller is a data partner:

• Consumers (i.e. shoppers, market research participants, or consumers of third-party products and/or services, depending on the Controller’s business model)
  ‍

Categories of personal data processed

Where the Controller provides data for the Seed Audience

• matchingId – This is the identifier to match the collaborating parties’ respective data. A hashed email address is the most common type of matchingId, others include email address, phone number or arbitrary strings.
• audienceType – This is a freely determined label used to group sets of matchingIds.

Where the Controller provides data for the Base Audience

• matchingId – This is the identifier to match the collaborating parties’ respective data. A hashed email address is the most common type of matchingId, others include email address, phone number or arbitrary strings.
• activationId – This is a publisher/data partner internal identifier, typically derived from first-party cookies, or identifiers used for customer loyalty programs, or third-party identifiers such as universal-IDs (Note: in Audience Insights collaborations, the activationId is not part of the output (see below, Nature of the processing – Step 4) and it’s not effectively used for activation purposes).
• segment – These are interest-based segments based on the users’ behavior. Most publishers and data partners perform this categorization.
• demographics – Typically age and gender, in certain cases additional information such as area codes, etc.

Note: The audienceType field is only a convenience feature for the provider of the Seed Audience. It enables the provider of the Seed Audience to upload more than one Seed Audience (i.e., set of matchingIds) into the same DCR. Each audienceType is handled completely independently of the presence of any other audienceType (and independently of the matchingIds therein).

Sensitive data processed (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

• Not applicable
  ‍

Nature of the processing

Decentriq provides Audience Insights as a partially pre-configured DCR delivering easy-to-use functionality for the specific use-case described herein.

For individual processing Steps also refer to Annex II.
‍

Step 1 – Local encryption and upload

As described in Annex II.
‍

Step 2 – DCR configuration and data provisioning

The Controller approves the DCR configuration for the audience insights use-case with all other parties involved.

The functionality of the DCR is pre-configured for audience insights by Decentriq.

The authorizations associated with the DCR are determined by the Controller itself and/or any of the parties collaborating with the Controller, subject to approval by the Controller.
‍

Step 3 – Execution of computations

The computed data typically include the following values:

• overlapSize – the number of distinct matchingId found in both, the Seed Audience and the Base Audience
• audienceSize – the number of distinct matchingId in the Seed Audience.

Depending on the data provided with the Base Audience, the results may include additional insights such as:

• affinityRatio – The ratio shareInOverlap / shareInBaseAudience (see below for these fields’ descriptions). The affinityRatio indicates an over- (or under-)representation in the overlap vs. the entire Base Audience.
• shareInOverlap – The percentage of users in the overlap which are in this group relative to all users in the overlap.
• shareInBaseAudience – The ratio addressableUsersInBaseAudience (see below) relative to all users in the Base Audience.
• addressableUsersInBaseAudience – The number of data subjects in the Base Audience in this group.

All of the above values are noised using differential privacy-based approaches as well as suppressed (i.e., not reported if too small) to ensure output privacy (i.e. to ensure that it is not possible with reasonable effort to re-identify individual data subjects by combining the insights with data from other sources).
‍

Step 4 – Output delivery

Results are delivered to all participants of the collaboration, both visually in the platform UI and as a downloadable file.
‍

Step 5 – DCR decommissioning and data deletion

As described in Annex II.
‍

Purpose(s) for which the personal data is processed on behalf of the controller

The purpose of the processing is to derive aggregated insights about the advertisers’ customers based on the publishers’ and/or data partners’ attribute data. Insights are then typically used for marketing purposes (e.g. strategic non-personal marketing decisions such as budget allocation or target group definition).

Note: This corresponds to Purpose 9 – Understand audiences through statistics or combinations of data from different sources under IAB Europe’s TCF Policies (V. 2025-01-16.5.0.a).
‍

Duration of the processing

The data uploaded to the Service by Controller as described in Step 1 above remains stored on the Service (in encrypted form and non-accessible for any other party) until either (i) Controller deletes the data, which is possible any time at Controller’s discretion or (ii) Controller quits using the Service, in which case Decentriq deletes all of Controller’s data on the Service within the frame of Decentriq’s off boarding process. Note that in no event Decentriq will delete any Controller data without reasonable prior notification to Controller.

Audience Insights collaborations are incidental and typically extend over a period of several days or weeks from DCR configuration (Step 2) to DCR decommissioning (Step 5). The actual duration of any collaboration depends on the level of coordination between the collaborating parties.

Where the Controller entertains an ongoing relationship with Decentriq, it may choose to keep its data on the Service and use it for other collaborations.

In any case, the Controller may delete its data from the Service and thereby withdraw it from any processing by Decentriq at anytime. The Controller is always in full control.
‍

For processing by (sub-) processors, also specify subject matter, nature and duration of the processing

See Annex IV

‍

ANNEX II: DESCRIPTION OF THE PROCESSING – ADDENDUM FOR LOOKALIKE AUDIENCES

Lookalike Audiences allows advertisers* to build lookalike audiences consisting of publisher users or consumers in the data inventory of a data partner (e.g. a retailer or a data vendor) who are similar to the advertiser’s existing customers.

To that end, a first audience (Seed Audience) provided by one party is matched, and its properties are assessed, against a second audience (Base Audience) provided by another party to determine which data subjects in the Base Audience are similar to the data subjects of the Seed Audience. The Seed Audience is typically provided by an advertiser or its data partner. The Base Audience is typically provided by a publisher or an advertiser’s data partner.

The lookalike audience as a result is delivered to the provider of the Base Audience for activation. Since this process involves an aggregation step in form of model training (explained below), no personal data is transferred from one party to the other. Therefore, Decentriq refers to Lookalike Audiences as a Privacy-Preserving use-case.

This Addendum shall complement the processing description contained in Annex II DPA for Lookalike Audiences collaborations.

^{*Advertisers can delegate their use of Decentriq Data Clean Rooms partially to a third party, such as typically their agency or in certain cases a data partner. Where a third party uses Decentriq Data Clean Rooms to process personal data on behalf of an advertiser, Decentriq shall assume that the advertiser has duly appointed and instructed such third party. Any processing of an advertiser’s personal data by the relevant third party shall be deemed on behalf of and as instructed by the relevant advertiser.
‍}

Categories of data subjects whose personal data is processed

Where the Controller is an advertiser:

• Customers and/or prospects (i.e. consumers and potential consumers of Controller’s goods/services)

Where the Controller is a publisher:

• Users (i.e. users of Controller’s digital media)

Where the Controller is a data partner:

• Consumers (i.e. shoppers, market research participants, or consumers of third-party products and/or services, depending on the Controller’s business model)
  ‍

Categories of personal data processed

Where the Controller provides data for the Seed Audience

• matchingId – This is the identifier to match the collaborating parties’ respective data. A hashed email address is the most common type of matchingId, others include email address, phone number or arbitrary strings.
• audienceType – This is a freely determined label used to group sets of matchingIds.

Where the Controller provides data for the Base Audience

• matchingId – This is the identifier to match the collaborating parties’ respective data. A hashed email address is the most common type of matchingId, others include email address, phone number or arbitrary strings.
• activationId – This is a publisher/data partner internal identifier, typically derived from first-party cookies, or identifiers used for customer loyalty programs, or third-party identifiers such as universal-IDs).
• segment – These are interest-based segments based on the users’ behavior. Most publishers and data partners perform this categorization of their users and consumers, respectively.
• Optional: embeddings – vectors based on users’ behavior for content recommendations. These embeddings are also well suited for computing lookalike audiences.

Note: The audienceType field is only a convenience feature for the provider of the Seed Audience. It enables the provider of the Seed Audience to upload more than one Seed Audience (i.e., set of matchingIds) into the same DCR. Each audienceType is handled completely independently of the presence of any other audienceType (and independently of the matchingIds therein).

Sensitive data processed (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

• Not applicable
  ‍

Nature of the processing

Decentriq provides Lookalike Audiences as a partially pre-configured DCR delivering easy-to-use functionality for the specific use-case described herein.

For individual processing Steps also refer to Annex II.
‍

Step 1 – Local encryption and upload

As described in Annex II.
‍

Step 2 – DCR configuration and data provisioning

The Controller approves the DCR configuration for the lookalike audiences use-case with all other parties involved.

The functionality of the DCR is pre-configured for lookalike audiences by Decentriq.

The authorizations associated with the DCR are determined by the Controller itself and/or any of the parties collaborating with the Controller, subject to approval by the Controller.
‍

Step 3 – Execution of computations

The Controller

1. matches its dataset against the dataset of its collaborating party on their respective matchingId field;
   ‍
2. trains one or more lookalike machine learning models (provided by Decentriq) based on the result of the matching and the Base Audience;
   
   Note: the trained models do not constitute personal data. They are represented as model parameters (numbers and in some cases decision rules). The value of each parameter depends on many (usually all) data subjects in the input data, and the parameters’ computation can be considered an aggregation of personal data to non-personal data.
   ‍
3. runs tests against each model to assess the fidelity and quality of the model. The main test is to do a “split”,randomly assigning the data subjects in the advertiser audience into “train” or“test” groups. The train group is used to train the model, which is then evaluated against the test group, using the standard Receiver Operator Characteristic (ROC) curve methodology. Supplemental methods, such as calculating an average similarity score using standard Cosine Similarity methodology or average “distance” (L2-norm) in embedding space may also be used, based on the availability of embedding data and sufficient computational resources;
   
   Note: The model quality scores do not constitute personal data. They are represented as a charts that show how well a model would perform at different sensitivity scores or audience sizes. The resulting model is not accessible outside of the DCR and is only used to generate the lookalike audience. The model quality scores are accessible outside of the DCR. They are viewable by the collaborating parties, and Decentriq within Decentriq Data Clean Rooms.
   
   *** The following explanations are solely to the processing of personal data contained in the Base Audience. The personal data contained in the Seed Audience is not further processed after the matching and model training step. ***
   ‍
4. The lookalike audience is generated by applying the previously trained models(which do not constitute personal data) to the Base Audience (which is only accessible to its provider and which does not constitute personal data from the other collaboration partner or partners’ perspective) and selecting the most similar users from the result. The advertiser (or its agency) first determines the desired size of the lookalike audience on a slider in the user interface. This is expressed in terms of a share of the entire Base Audience. The advertiser (or its agency) can see the model quality metrics here, and how they vary for different slider positions.

To generate the lookalike audience, the model is applied to the Base Audience and a 0…1 similarity score is computed for each activationId. From this list, the activationIds with the highest scores are selected until the desired size of the lookalike audience is achieved.
‍

Step 4 – Output delivery

The resulting lookalike audience can then be downloaded as a file from the DCR only by the provider of the Base Audience for activation (i.e., to configure the ad delivery system to target this list of data subjects with advertiser’s ads). The lookalike audience consists exclusively of individuals in the Base Audience and does not contain any personal data contained in the Seed Audience. The output is merely a subset of the Base Audience that is returned to the provider of that Base Audience.

Note: it is possible for the provider of the Base Audience to expressly authorize the provider of the Seed Audience to download the resulting lookalike audience. In this case, the provider of the Base Audience effectively transfers personal data about its users or consumers, respectively, to the provider of the Seed Audience and the collaboration is no longer Privacy-Preserving.
‍

Step 5 – DCR decommissioning and data deletion

As described in Annex II.
‍

Purpose(s) for which the personal data is processed on behalf of the controller

The purpose of the processing is the activation of the lookalike audience with advertiser’s campaigns – either on the digital advertising channels of the provider of the Base Audience or on third-party digital advertising channels.

Note: This corresponds to Purpose 2 –Use limited data to select advertising and/or Purpose 4 – Use profiles to select personalised advertising under IAB Europe’s TCF Policies (V.2025-01-16.5.0.a).
‍

Duration of the processing

The data uploaded to the Service by Controller as described in Step 1 remains stored on the Service (in encrypted form and non-accessible for any other party) until either (i) Controller deletes the data, which is possible any time at Controller’s discretion or (ii) Controller quits using the Service, in which case Decentriq deletes all of Controller’s data on the Service within the frame of Decentriq’s off boarding process. Note that in no event Decentriq will delete any Controller data without reasonable prior notification to Controller.

Lookalike Audience collaborations are incidental and typically extend over a period of several days or weeks from DCR configuration(Step 2) to DCR decommissioning (Step 5). The actual duration of any collaboration depends on the level of coordination between the collaborating parties.

Where the Controller entertains an ongoing relationship with Decentriq, it may choose to keep its data on the Service and use it for other collaborations.

In any case, the Controller may delete its data from the Service and thereby withdraw it from any processing by Decentriq at anytime. The Controller is always in full control.
‍

For processing by (sub-) processors, also specify subject matter, nature and duration of the processing

See Annex IV

‍

ANNEX II: DESCRIPTION OF THE PROCESSING – ADDENDUM FOR REMARKETING

Remarketing allows advertisers* to build remarketing audiences to address specific users in publisher inventories and/or consumers in data partner inventories..

To that end, a first audience (Seed Audience) provided by one party is matched against a second audience (Base Audience) provided by another party to determine the overlap between the Seed Audience and the Base Audience. The Seed Audience is typically provided by an advertiser or its data partner. The Base Audience is typically provided by a publisher or an advertiser’s data partner.

This overlap audience is then shared either (by default) with the provider of the Base Audience or (only if expressly authorized by the later) with the provider of the Seed Audience for activation. Since this step does not include aggregation, it constitutes a transfer of personal data to the recipient of the overlap audience. In any case, the data subjects contained in the overlap audience are by definition already known by which ever party receives the overlap audience. The privacy of all the other data subjects in the Seed Audience and in the Base Audience is preserved.

This Addendum shall complement the generic description contained in Annex II DPA for Remarketing collaborations.

^{*Advertisers can delegate their use of Decentriq Data Clean Rooms partially to a third party, such as typically their agency or in certain cases a data partner. Where a third party uses Decentriq Data Clean Rooms to process personal data on behalf of an advertiser, Decentriq shall assume that the advertiser has duly appointed and instructed such third party. Any processing of an advertiser’s personal data by the relevant third party shall be deemed on behalf of and as instructed by the relevant advertiser.
‍}

Categories of data subjects whose personal data is processed

Where the Controller is an advertiser:

• Customers and/or prospects (i.e. consumers and potential consumers of Controller’s goods/services)

Where the Controller is a publisher:

• Users (i.e. users of Controller’s digital media)

Where the Controller is a data partner:

• Consumers (i.e. shoppers, market research participants, or consumers of third-party products and/or services, depending on the Controller’s business model)
  ‍

Categories of personal data processed

Where the Controller provides data for the Seed Audience

• matchingId – This is the identifier to match the collaborating parties’ respective data. A hashed email address is the most common type of matchingId, others include email address, phone number or arbitrary strings.
• activationId – This is a publisher/data partner internal identifier, typically derived from first-party cookies, or identifiers used for customer loyalty programs, or third-party identifiers such as universal-IDs).

Note: The audienceType field is only a convenience feature for advertisers. It enables advertisers to upload more than one audience (i.e., set of matchingIds) into the same DCR. Each audienceType is handled completely independently of the presence of any other audienceType (and independently of the matchingIds therein).

Sensitive data processed (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

• Not applicable
  ‍

Nature of the processing

Decentriq provides Remarketing as a partially pre-configured DCR delivering easy-to-use functionality for the specific use-case described herein.

For individual processing Steps also refer to Annex II.
‍

Step 1 – Local encryption and upload

As described in Annex II.
‍

Step 2 – DCR configuration and data provisioning

The Controller approves the DCR configuration for the remarketing use-case with all other parties involved.

The functionality of the DCR is pre-configured for remarketing by Decentriq.

The authorizations associated with the DCR are determined by the Controller itself and/or any of the parties collaborating with the Controller, subject to approval by the Controller.
‍

Step 3 – Execution of computations

The Seed Audience and the Base Audience are matched on their respective matchingId field.
‍

Step4 – Output delivery

By default, the overlap audience (i.e. all matchingIds that are represented in both, the Seed Audience and the Base Audience) are returned to the provider of the Base Audience for activation. In derogation from the default setting, the provider of the Base Audience can authorize the provider of the Seed Audience to download the overlap audience.

Any recipient of the overlap audience will learn that the data subjects contained therein are not only represented in its own but also in the other party’s data. Note that the recipient of the overlap audience does not learn this information about data subjects who are in the other party’s data but not in its own data.There is no other information a recipient of the overlap audience learns about the data subjects represented in the other party’s dataset.
‍

Purpose(s) for which the personal data is processed on behalf of the controller

The purpose of the processing is the activation of the overlap audience with advertiser’s campaigns. Typically, audiences are activated either on the Base Audience provider’s own digital media channels or on third-party publisher’s digital media channels or on the open web, as separately agreed with the provider of the Seed Audience on a case-by-case basis.For the avoidance of doubt, Decentriq has no control over the use of the results.

Note: This corresponds to Purpose 2 –Use limited data to select advertising and/or Purpose 4 – Use profiles to select personalised advertising under IAB Europe’s TCF Policies (V. 2025-01-16.5.0.a).
‍

Duration of the processing

The data uploaded to the Service by Controller as described in Step 1 remains stored on the Service (in encrypted form and non-accessible for any other party) until either (i) Controller deletes the data, which is possible any time at Controller’s discretion or (ii) Controller quits using the Service, in which case Decentriq deletes all of Controller’s data on the Service within the frame of Decentriq’s off boarding process. Note that in no event Decentriq will delete any Controller data without reasonable prior notification to Controller.

Remarketing collaborations are incidental and typically extend over a period of several days or weeks from DCR configuration (Step 2) to DCR decommissioning (Step 5). The actual duration of any collaboration depends on the level of coordination between the collaborating parties.

Where the Controller entertains an ongoing relationship with Decentriq, it may choose to keep its data on the Service and use it for other collaborations.

In any case, the Controller may delete its data from the Service and thereby withdraw it from any processing by Decentriq at anytime. The Controller is always in full control.
‍

For processing by (sub-) processors, also specify subject matter, nature and duration of the processing

See Annex IV

‍

ANNEX II: DESCRIPTION OF THE PROCESSING – ADDENDUM FOR RULE-BASED AUDIENCES

Rule-based Audiences allows advertisers* to build audiences consisting of data subjects in collaborating parties’ (either publishers or data partners) data inventories based on certain filtering criteria further described hereafter.

To that end, a first audience (Seed Audience) provided by one party may be matched, and its properties assessed, against a second audience (Base Audience) provided by another party to determine in which segments of the Base Audience the Seed Audience is over- or underrepresented (i.e. affinity score). The Seed Audience is typically provided by an advertiser or its data partner. The Base Audience is typically provided by a publisher or an advertiser’s data partner.

The audience as a result is delivered to the provider of the Base Audience for activation. The details of any activation shall be mutually agreed between the provider of the Base Audience and the provider of the Seed Audience.

This Addendum shall complement the processing description contained in Annex II DPA for Rule-base Audiences collaborations.

^{*Advertisers can delegate their use of Decentriq Data Clean Rooms partially to a third party, such as typically their agency or in certain cases a data partner. Where a third party uses Decentriq Data Clean Rooms to process personal data on behalf of an advertiser, Decentriq shall assume that the advertiser has duly appointed and instructed such third party. Any processing of an advertiser’s personal data by the relevant third party shall be deemed on behalf of and as instructed by the relevant advertiser.
‍}

Categories of data subjects whose personal data is processed

Where the Controller is an advertiser:

• Customers and/or prospects (i.e. consumers and potential consumers of Controller’s goods/services)

Where the Controller is a publisher:

• Users (i.e. users of Controller’s digital media)

Where the Controller is a data partner:

• Consumers (i.e. shoppers, market research participants, or consumers of third-party products and/or services, depending on the Controller’s business model)
  ‍

Categories of personal data processed

Where the Controller provides data for the Seed Audience

• matchingId – This is the identifier to match the collaborating parties’ respective data. A hashed email address is the most common type of matchingId, others include email address, phone number or arbitrary strings.

• audienceType – This is a freely determined label used to group sets of matchingIds.

Where the Controller provides data for the Base Audience

• ‍matchingId – This is the identifier to match the collaborating parties’ respective data. A hashed email address is the most common type of matchingId, others include email address, phone number or arbitrary strings.

• activationId – This is a publisher/data partner internal identifier, typically derived from first-party cookies, or identifiers used for customer loyalty programs, or third-party identifiers such as universal-IDs).

• segment – These are interest-based segments based on the users’ behavior. Most publishers and data partners perform this categorization of their users and consumers, respectively.

• Optional: demographics – Typically age and gender.

Note: The audienceType field is only a convenience feature for the provider of the Seed Audience. It enables the provider of the Seed Audience to upload more than one Seed Audience (i.e., set of matchingIds) into the same DCR. Each audienceType is handled completely independently of the presence of any other audienceType (and independently of the matchingIds therein).

Sensitive data processed (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

• ‍Not applicable
  ‍

Nature of the processing

Decentriq provides Rule-based Audiences as a partially pre-configured DCR delivering easy-to-use functionality for the specific use-case described herein.

For individual processing Steps also refer to Annex II.
‍

Step 1 – Local encryption and upload

As described in Annex II.
‍

Step 2 – DCR configuration and data provisioning

The Controller approves the DCR configuration for the Rule-based Audiences use-case with all other parties involved.

Decentriq provides a set of pre-configured filtering rules for advertisers/agencies. There are two types of filtering rules:

• ‍filtering in (include): only include data subjects in from Base Audience that match specific criteria
  ‍
  • example 1: data subject is amongst the Seed Audience
  • example 2: data subject belongs to a specific Base Audience segment like “sport fan”, or “male”

• ‍filtering out(exclude): only include data subjects from the Base Audience that DO NOT match specific criteria
  ‍
  • example 1: data subject is not amongst the Seed Audience (customer suppression case)
  • example 2: user does not belong to a specific Base Audience segment like “sport fan”, or “male” (exclusion targeting case)

The functionality of the DCR is determined by the advertiser’s or its agency’s choice of inclusion and/or exclusion rules, which it can freely combine, subject to any limitations set by its collaborating parties.

The authorizations associated with the DCR are determined by the Controller itself and/or any of the parties collaborating with the Controller, subject to approval by the Controller.
‍

Step 3 – Execution of computations

1. Matching Seed Audience against Base Audience on their respective matchingId field
   ‍
2. Comptation of affinity scores foreach segment in the Base Audience (i.e. over-/ underrepresentation of the Seed Audience in the segment); and
   ‍
3. Generation of rule-based audiences by applying the filtering rules determined by the advertiser (or third party appointed by the advertiser) and selecting all the data subjects from the Base Audicence that correspond to the criteria.
   ‍

Step 4 – Output delivery

The resulting audience can then be downloaded as a file from the DCR only by the provider of the Base Audience** for activation (i.e., to configure the ad delivery system to target this list of data subjects with advertiser’s ads). Typically, audiences are activated either on the Base Audience provider’s own digital media channels or on third-party publisher’s digital media channels or on the open web, as separately agreed with the provider of the Seed Audience on a case-by-case basis. For the avoidance of doubt, Decentriq has no control over the use of the results.

The audience consists exclusively of individuals in the contained Base Audience. However, depending on the filtering rules determined by the advertiser or its agency, the provider of the Base Audience may be in a position to relate these individuals to individuals in the Seed Audience. In that case, the provider of the Seed Audience effectively transfers personal data to the collaborating party.

^{** By default, since the resulting audience only includes data subjects from the Base Audience, it is only delivered to the provider of the Base Audience to safeguard data subject privacy. However, the provider of the Base Audience can authorize the provider of the Seed Audience to export the resulting audience (e.g. where the provider of the Base Audience is a data partner and the purpose of the collaboration is for the advertiser as the provider of the Seed Audience to activate the resulting audience on the digital media channels of a third-party publisher or on the open web which requires the collaborating parties to use a universal ID as the activationId). In this case the provider of the Base Audience transfers personal data to the provider of the Seed Audience, which typically requires that the provider of the Base Audience has collected the data subjects explicit consent for transferring their personal data to third-party advertisers for the purposes of personalized advertising.
‍}

Step 5 – DCR decommissioning and data deletion

As described in Annex II.
‍

Purpose(s) for which the personal data is processed on behalf of the controller

The purpose of the processing is the activation of the rule-based audience with advertiser’s campaigns – either on the digital advertising channels of the provider of the Base Audience or on third-party digital advertising channels.

Note: This corresponds to Purpose 2 – Use limited data to select advertising and/or Purpose 4 – Use profiles to select personalised advertising under IAB Europe’s TCF Policies (V.2025-01-16.5.0.a).
‍

Duration of the processing

The data uploaded to the Service by Controller as described in Step 1 remains stored on the Service (in encrypted form and non-accessible for any other party) until either (i) Controller deletes the data, which is possible any time at Controller’s discretion or (ii) Controller quits using the Service, in which case Decentriq deletes all of Controller’s data on the Service within the frame of Decentriq’s off boarding process. Note that in no event Decentriq will delete any Controller data without reasonable prior notification to Controller.

Rule-based Audience collaborations are incidental and typically extend over a period of several days or weeks from DCR configuration (Step 2) to DCR decommissioning (Step 5). The actual duration of any collaboration depends on the level of coordination between the collaborating parties.

Where the Controller entertains an ongoing relationship with Decentriq, it may choose to keep its data on the Service and use it for other collaborations.

In any case, the Controller may delete its data from the Service and thereby withdraw it from any processing by Decentriq at anytime. The Controller is always in full control.
‍

For processing by (sub-) processors, also specify subject matter, nature and duration of the processing

See Annex IV

‍

‍

Change log:

^{Version: 1.0
Date: April 1, 2025
Changes: N/A
Comments: None}