Vendors refer to digital service providers used in companies' digital media and processes. Companies that operate digital media (e.g., marketers, website operators, e-commerce shops, retail media, etc.) are legally responsible for the compliance of these vendors. To enable companies to fulfill this responsibility, ePrivacy, in collaboration with leading publishers, has developed the Vendor Compliance (VenCo) platform.

• Comprehensive vendor management and compliance assessment/evaluation 
• ePrivacy reviews and optimizes your technical vendors based on over 45 criteria 
• Access to the VenCo platform and API with all vendor test results 
• Ensuring that vendors comply with the IAB TCF framework 
• Overview of tracking technologies used, such as first-party data, local storage, ID solutions Individual 
• special audits as well as support for data protection inquiries

As an independent  service provider, ePrivacy can conduct assessments of your technical vendors very reliably and efficiently.

As part of the VenCo platform, ePrivacy creates assessments regarding the compliance of vendors with data processing standards (such as the IAB TCF) and GDPR. For this purpose, data is collected, reviewed, and evaluated. These data are available on the VenCo platform in the form of reports, assessments, and interfaces for controlling vendor compliance. Individual or group assessments of vendors are also conducted as needed. You can access the platform by clicking here.

Large website operators use many different technical vendors on their sites, which, for example, deliver personalized advertising and measure user activity across the board.

Vendors use a wide variety of technologies to process personal data. These processing operations must comply with the requirements of the agreed contracts and also with the GDPR. The operators of the digital media have the responsibility to check the compliance of the vendors data processing and to ensure the compliance of the vendors on a regular basis.

Technical vendors include all uses of web and app scripts (SDKs, pixels, tags, etc.) that are not set by their own website domain. among others, the following vendors are included in the VenCo Platform:

• IAB TCF Vendors listed in the IAB Global Vendor List.
• Custom vendors that are not on the Global Vendor List, such as the Meta Pixel, Google Tag Manager, Amazon Pixel, Microsoft Advertising UET (Universal Event Tracking) or other tracking providers.
• ID providers for the digital advertising ecosystem, such as ID5, netID
• etc.

Technologically, these vendors are often integrated via Consent Management Platforms (CMPs) and use a variety of technologies to collect and process data about internet users. These include:

• 3rd party cookies
• First Party Data
• Local Storage
• ID Solutions
• SDKs
• etc.

For website opoerators it is a major challenge and often not feasible to check and ensure the compliance with the large number of different vendors on one's own website. In some cases, over 100 vendors are used on websites. That is why ePrivacy has built the VenCo platform together with leading publishers and operates it for all customers.

Leading website operators are constantly confronted with requests for information from the data protection authorities in Germany and other EU member states. These relate to the processing of personal data under the GDPR, including:

• Lawfulness of the processing (Art. 6(1) DSGVO)
• Information requirements (Art. 13 DSGVO)
• Data protection by technology and by default (Art. 25(2) GDPR)
• Responsibility and demonstrability of compliance (Art. 5(2) GDPR)

Via the VenCo platform, ePrivacy checks the vendors used and ensures that, for example, the IAB EU TCF and associated data protection requirements are complied with. This significantly reduces the risks for website operators.

The VenCo platform is operated by ePrivacy and provides all participants with regular and up-to-date details about their vendors' compliance with the TCF and related privacy requirements. This includes:

• Legal basis and consent
• Cookies type and scope
• Storage time and duration of the cookies used
• Type and scope of other trackers (LSO, etc.)
• Privacy policy
• TCF string
• Type of service
• Territorial scope
• International data transfer
• Vendor contact information
• Name of the product or service
• Usage of Google Additional Consent Mode
• Matching data and GAP Analysis with the Global Vendor List
• Matching data with results from our crawler
• Regular mailing of questionnaires to the vendors
• etc.

This information is collected for over 1000 vendors operating within the IAB EU TCF or in some cases even operating beyond it as IT service providers.

ePrivacy has further developed its own crawler for this purpose, which is used to determine the current activity of the vendors and to verify whether the data collected by questionnaire and by the IAB TCF Global Vendor list are consistent and complete.

As part of the use of the VenCo platform, ePrivacy makes the collected and verified information available to all licensees as a document or via API. This allows publishers, e-commerce shops, website operators, advertisers, etc. to get the most important information about their vendors and thus ensure that the vendors are used in a privacy-compliant manner. Inquiries from clients, compliance departments, and authorities can be answered very efficiently and comprehensively.

Looking to gain a comprehensive understanding of vendor behavior on your website? VenCo platform provides your company with a holistic view of vendor activity, allowing you to make informed decisions and optimize your operations.