Last updated: April 1, 2026
Our Commitment to Data Protection
Veridia SAS is a French company subject to the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the French Loi Informatique et Libertés. Data protection is a core architectural principle of our platform, not an afterthought.
This page describes how we approach GDPR compliance in our operations and our platform.
Data Controller Information
Entity: Veridia SAS
Registered in: Paris, France
Contact: Available via our contact page
Our Platform and Personal Data
Veridia's platform processes programmatic advertising data sourced from advertising exchanges via the OpenRTB protocol. This data may include device identifiers, approximate location information, and audience attributes that constitute personal data under GDPR.
We process this data under the following principles:
- Purpose limitation: Data is processed solely for the purposes of programmatic advertising data quality assessment, enrichment, and delivery to our clients for their advertising operations.
- Data minimisation: We collect and retain only the data fields necessary for our stated processing purposes.
- Consent validation: Our Veridia Comply module parses and validates IAB TCF consent strings in real time, ensuring that only data with valid consent is processed and delivered.
- Storage limitation: Processed data is retained only for the period necessary to fulfil our contractual obligations, after which it is securely deleted.
- Security: We implement appropriate technical and organisational measures including encryption in transit and at rest, access controls, and regular security assessments.
Data Subject Rights
We respect the rights of data subjects under GDPR, including the rights of access, rectification, erasure, restriction, portability, and objection. Data subjects who wish to exercise these rights in relation to data processed through our platform may contact us via the contact page.
Data Protection Impact Assessments
We conduct Data Protection Impact Assessments (DPIAs) for processing activities that may present high risks to the rights and freedoms of individuals, in accordance with GDPR Article 35.
Sub-processors
We use a limited number of sub-processors for infrastructure and hosting services, all located within the European Economic Area. Details of our sub-processors are available to clients and prospective clients upon request.
Cross-Border Transfers
Our data processing infrastructure is located within the EU. We do not transfer personal data outside the EEA unless appropriate safeguards under GDPR Chapter V are in place.