Self-Certify your compliance

Introduction

The “European Principles Documents”, consist of the IAB Europe OBA Framework, EASA Best Practice Recommendation on OBA, Technical Specifications for use of the OBA Icon across Europe, and a set of Self-Certification Criteria. Together, these documents apply consumer friendly standards to Online Behavioural Advertising.

The “Self-certification criteria for companies participating in the European Self-Regulatory Programme on OBA”, provide a comprehensive set of criteria for self-certification of compliance. The Self-certification of compliance shall be limited to those requirements applicable to each participating company’s business model; however, should a company be subject to multiple obligations, the self-certification must cover all such applicable provisions. In other words, if a company fulfils more than one role in the advertising eco-system, then it should comply with the requirements applicable to each of these roles.

Self-certification of compliance under this document and the OBA Self-Regulatory Programme does not exempt Companies from fulfilling their obligations under applicable national laws.

This form represents the technical means for companies to submit their Self-Certification of compliance to EDAA. The data collected via this form will only be used by EDAA and by approved Independent Certification Providers, and only for the specific purpose of ensuring compliance with the OBA Self-Regulatory Programme.

A PDF version is available for download here. This is to facilitate the gathering of information internally (between IT, legal, commercial teams) in order to ensure that the self-certification is completed in a fully comprehensive and accurate manner. The final submission must be made via the online form below – or by sending us a signed copy of the PDF version at info[at]edaa[dot]eu – within six months of licensing.

N.B. All companies acting as Third Parties within the Programme, following their self-certification, must complete the final compliance step by undergoing an independent verification of compliance through one of multiple approved Certification Providers. Further information on this final step, along with contact details of providers, can be found here

How to submit your self-certification

Submission of your self-certification of compliance to EDAA should be done by following the steps below:

Once submitted, the EDAA will directly receive your self-certification; you will also receive a copy of the submission as well as confirmation of receipt. If you do not receive this email, please contact us at

info[at]edaa[dot]eu.

Note:

Participating companies acting as Third Parties have to submit their self-certification to an independent certification of compliance, and it is expected that companies will do so within one month from submitting their self-certification. This independent certification can only be performed by the EDAA-approved Independent Certification Providers, and the final step of the certification is granting of the Trust Seal signifying full compliance with the IAB EU Framework on OBA. More details on Certification Providers and the Trust Seal can be found here.

Company information: *please make sure you complete all applicable questions, and if not applicable enter N.A Please let us know which valid EDAA Licence Agreement your company currently holds
Identification data:
*
*
*
*
*
*
*
*
*
*
Contact person:
*
*
*
Role in the market: Check all that apply:
Company is involved in OBA:
Criteria for self-certification of compliance - Third Parties: Under the terms of the IAB Europe OBA Framework and EASA Best Practice Recommendation on Online Behavioural Advertising, a number of provisions apply to signatory companies acting as Third Parties: Data security: Safeguards: Companies should maintain appropriate physical, electronic, and administrative safeguards to protect the data collected and used for OBA purposes, including any backups.
Data Storage: Companies should retain data that is collected and used for OBA only for as long as necessary to fulfil a legitimate business need, or as required by law.
Sensitive Segmentation: Children's segmentation:
Other sensitive segments:
Education:
Complaints handling: Web users may make complaints about incidents of suspected non-compliance with the Principles of the IAB Europe OBA Framework. While web users will have available a number of ways to make complaints, Companies must ensure that, regardless of what means the user uses to submit the complaint (whether directly to the Company or through an industryor self-regulatory body), proper processes are in place to ensure a timely and satisfactory response and resolution of the issue, if necessary.
What is the time interval to respond to user complaints and address the substance of the complaint? Describe mechanism for complaints to be filed directly with the company: Describe the process in place for responding to enquiries made by national self-regulatory bodies onOBA-related issues and formal unresolved OBA complaints: Third Party Privacy Notice: Third Parties should give clear and comprehensible notice on their websites describing their OBA data collection and use practices.
The Third Party Privacy Noticeincludes the following information (check all that apply):
Third Party Enhanced Notice: Third Parties should provide "enhanced notice" of the collection and use of data for OBA purposes via the Ad Marker in or around the advertisement, in accordance with the provisions of the Technical Specifications
User Choice: Each Third Party should make available a mechanism for web users to exercise their choice with respect to the collection and use of data for OBA purposes and the transfer of such data to Third Parties for OBA.
Explicit consent:
Does the company collect data via specific technologies or practices that are intended to harvest data from all or substantially all URLs traversed by a particular computer or device across multiple web domains and use such data for OBA?
Does the company seek to create or use OBA segments relying on use of sensitive personal data, as defined under Article 8.1 of Directive 95/46/EC (racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, health, sex-life)?
If you have selected either checkbox above, does the company obtain web user's Explicit Consent, prior to engaging in OBA using that information?
Withdrawal of Explicit Consent obtained with regard to question 1 or 2 above:
Best-practice recommendations for self-certification of compliance: Under the terms of the IAB Europe OBA Framework and EASA Best Practice Recommendation on Online Behavioural Advertising, a number of provisions apply differently to signatories, according to their role in the online advertising value chain. A signatory can simultaneously play several roles; in such circumstances, self-certification must cover all applicable provisions Best practice recommendation - Advertisers:
Best practice recommendation - Agencies
Best practice recommendation - Publishers
Please provide the wording that you use in your footer link:
Please provide the URL of the information page that opens when clicking on the footer link: The information page contains(tick all that apply):
Date: *
Signed by (Full name and function): *
Unsure of your obligations and responsibilities? Unsure if your company should obtain a licence? Please refer to the FAQs section and European Principles Documents. If you still have unanswered questions, please contact us directly.