Vendors and purposes

Introduction

Our consent notice is collecting consent for a given set of vendors and purposes as it is a requirement under the GDPR.

You must configure the list of vendors that are embedded in your app and the associated purposes will be automatically determined. Additionally, you must make sure that the consent status is shared with the vendor and that it is correctly enforced.

We support vendors from the IAB global vendors list and from our own list of vendors. You can also add custom vendors as needed if they are not supported by either list.

Vendors

As per the regulation, the consent notice collects consents for a specific set of vendors and purposes. You must configure the notice to let it know what vendors are used in your app and it will automatically determine what purposes are required. That list of purposes and vendors is the one used in the preferences popup as well.

We currently support three types of vendors:

  • Didomi vendors: We manage this list ourselves and map the purposes.

  • IAB vendors: A list of vendors managed by the IAB in the IAB global vendors list.

  • Custom vendors: Any vendor that you are configuring yourself.

Didomi vendors

Important

You must manually pass the consent information to these vendors or block their SDKs as needed. Read our Third-party SDKs section to learn how.

For Didomi vendors, you can configure the list of vendors embedded in your in the app.vendors.didomi configuration object of your didomi_config.json file:

{
"app": {
"vendors": {
"didomi": [
"google"
]
}
}
}

Here is our current list of vendors in that list:

ID

Name

Products

google

Google

Google DFP, AdSense and Adx

amazon

Amazon

Amazon A9

facebook

Facebook

Facebook widgets (Like/Share buttons)

twitter

Twitter

Twitter widgets

IAB vendors

You can configure the list of IAB vendors that you want to collect consent for.

IAB vendors will automatically pull the consent status of the user from the Didomi SDK. You do not need to manually pass consent information to them. Do make sure that you have the latest versions of your third-party SDKs as the IAB specification support is usually very recent.

By default, the SDK is configured to collect consent for all IAB vendors.

Include all vendors from the IAB list (default)

The parameter iab can be set to an object to include the entire list of IAB vendors from the global vendors list:

{
"app": {
"vendors": {
"iab": {
"all": true,
"exclude": [3]
}
}
}
}

When this option is enabled, consent will be collected every time new vendors are added to the list. Didomi updates the list from the IAB global vendor list once every month which means that your visitors will see the consent notice every month. Previously collected consents will not be re-collected.

The app.vendors.iab.exclude parameter is optional and allows you to exclude some IAB vendor IDs from the list.

Custom list of IAB vendors

You can set a custom list of vendors embedded in your app in the app.vendors.iab configuration object:

{
"app": {
"vendors": {
"iab": {
"include": [1, 2, 3, 4, 5]
}
}
}
}

The list of IDs passed must be vendors coming from the IAB global vendors list.

Custom vendors

Important

You must manually pass the consent information to these vendors or block their SDKs as needed. Read our Third-party SDKs section to learn how.

You can configure your own custom vendors and map them to purposes by specifying a unique ID, their name and privacy policy URL:

{
"app": {
"vendors": {
"custom": [
{
"id": "custom-vendor",
"name": "Custom Vendor",
"purposeIds": [
"cookies"
],
"policyUrl": "https://www.test.com"
}
]
}
}
}

You must specify all the fields (id, name ,purposeIds and policyUrl ) for custom vendors. If one of them is not present, the vendor will be ignored and consent will not be collected. The list of available purpose IDs is below.

You ID will also be prefixed with c: once registered so that any request to the Didomi SDK API must specify that prefix. For instance, if you wanted to know if you had consent for the vendor custom-vendor, you would do: Didomi.getInstance().getUserConsentStatusForVendor('c:custom-vendor').

Map custom vendor to IAB vendor

You can map a custom vendor to an IAB vendor if you need to override the default configuration of the IAB vendor (for adding new purposes to it, for instance). To do so, simply add an iabId property to the custom vendor definition with the ID of the IAB vendor that you want to override:

{
"app": {
"vendors": {
"custom": [
{
"id": "custom-vendor",
"name": "Custom Vendor",
"purposeIds": [
"cookies"
],
"policyUrl": "https://www.test.com",
"iabId": "1"
}
]
}
}
}

Purposes

As mentionned before, if you are using standard vendors from the IAB or Didomi lists, you do not need to specify purposes. You can specify purposes for custom vendors.

Standard purposes

We currently support the following list of purposes:

Name

Description

ID

Information storage and access (Cookies)

The storage of information, or access to information that is already stored, on your device such as advertising identifiers, device identifiers, cookies, and similar technologies.

cookies

Personalisation

The collection and processing of information about your use of this service to subsequently personalise advertising and/or content for you in other contexts, such as on other websites or apps, over time. Typically, the content of the site or app is used to make inferences about your interests, which inform future selection of advertising and/or content.

advertising_personalization

Ad selection, delivery, reporting

The collection of information, and combination with previously collected information, to select and deliver advertisements for you, and to measure the delivery and effectiveness of such advertisements. This includes using previously collected information about your interests to select ads, processing data about what advertisements were shown, how often they were shown, when and where they were shown, and whether you took any action related to the advertisement, including for example clicking an ad or making a purchase. This does not include personalisation, which is the collection and processing of information about your use of this service to subsequently personalise advertising and/or content for you in other contexts, such as websites or apps, over time.

ad_delivery

Content selection, delivery, reporting

The collection of information, and combination with previously collected information, to select and deliver content for you, and to measure the delivery and effectiveness of such content. This includes using previously collected information about your interests to select content, processing data about what content was shown, how often or how long it was shown, when and where it was shown, and whether the you took any action related to the content, including for example clicking on content. This does not include personalisation, which is the collection and processing of information about your use of this service to subsequently personalise content and/or advertising for you in other contexts, such as websites or apps, over time.

content_personalization

Analytics & Measurement

The collection of information about your use of the content, and combination with previously collected information, used to measure, understand, and report on your usage of the service. This does not include personalisation, the collection of information about your use of this service to subsequently personalise content and/or advertising for you in other contexts, i.e. on other service, such as websites or apps, over time.

analytics

These purposes are automatically mapped to IAB purposes for all vendors in the IAB vendor list or in the Didomi list.

Custom purposes

You can add additional purposes if needed with the app.customPurposes property. This is useful for storing consent to custom purposes that are specific to your company or to some of your vendors.

Example:

didomi_config.json
{
"app": {
"customPurposes": [
{
"id": "my_custom_purpose",
"name": {
"en": "My custom purpose",
"fr": "Ma propre finalité"
},
"description": {
"en": "A more complete description of why you are collecting data and how you are processing it",
"fr": "Une description plus complète de la raison pour laquelle vous collectez des données et comment vous les traitez"
}
}
]
}
}

ID format

The ID assigned to your custom purpose must be a lowercase string with only alphabetical characters, numbers, - or _ ([a-z0-9-_)]). The SDK will throw an error in your browser console if that is not the case.

Custom purposes are treated the same way as standard purposes and can be mapped to custom vendors as needed. Didomi will store the consents from the user to these purposes and make them available through our API just like any other purpose.