Skip to content

Frequently asked questions

1. Who is the administrator of the data collected using WP Pixel?

The data controllers are the companies within the Wirtualna Poland Group, namely: https://holding.wp.pl/en/contact/data-on-group-companies.

2. Does WP share data from WP Pixel with external entities (partners)?

Data from WP Pixel is not disclosed to external entities.

3. Can clients act as data controllers?

Clients serve as joint controllers for the following processing activities: collection, hashing, transmission, storage, matching and comparison, and statistical analysis. For all other operations and purposes of personal data processing, WP and the Client are independent data controllers.

4. What types of cookies are utilized by WP Pixel?

Name Category Durability period File type Country of processing Legal basis
WPcpx marketing 30 days constant Poland consent
__wph.XXXX <-
SHA1 of Purchase data		 ensuring the correct operation of the script (avoiding the repeated sending of the same data multiple times) 30 days constant Poland justified interest
__wph_clid marketing 30 days constant Poland consent
__wph_a unique user identifier 2 years constant Poland consent
__wph_st unique session identifier 24 hours sessional Poland consent
__wph_a.key unique user identifier 2 years constant Poland consent
__wph_a.ts timestamp 2 years constant Poland consent
__wph_a.accessed timestamp of the last refresh 2 years constant Poland consent
dm_tr_se internal D/A/H sessional Poland consent
visitor_dm_tr internal D/A/H 365 seconds constant Poland consent
wp_tr internal D/A/H sessional Poland consent
visitor_wp_tr internal D/A/H 365 seconds constant Poland consent
__atid required for settlements between Domodi and the Client 30 days constant Poland justified interest
__ath required for settlements between Domodi and the Client 30 days constant Poland consent
__atid2 required for settlements between Domodi and the Client 30 days constant Poland consent
__ath2 required for settlements between Domodi and the Client 30 days constant Poland consent
__atu required for settlements between Domodi and the Client 30 days constant Poland consent
__ats required for settlements between Domodi and the Client 30 days constant Poland consent
__att required for settlements between Domodi and the Client 30 days constant Poland consent

6. What exactly data is collected using WP Pixel?

  1. User identifiers, including identifiers created based on the user's email address (if applicable), and detailed information:
    • regarding their activity on the Service, such as date and time of interaction,
    • information that the user visited the homepage, product page, or made a purchase,
    • time spent by the user on the Service.
  2. Page address - URL;
  3. Identifier, category, name, price, or quantity of products with which the user interacted on the Service;
  4. Type of device used by the user to access the Service;
  5. User's browser type or other software used to access the Service;
  6. User's geographic data: country, city, approximate location.

7. What are the objectives of processing the data collected by WP Pixel?

  1. WP enhances the effectiveness of advertising activities conducted on behalf of the Client. The Client's advertising and related needs for the coded Service include, in particular:

    1. Retargeting users who did not complete the conversion process on the Client's website,
    2. Personalization of advertising creatives,
    3. Using the data as a training set to create so-called look-alikes (similar user groups) for the purpose of conducting sales/acquisition campaigns,
    4. Reporting and creating user profiles for the service.

  2. Developing and enhancing the efficiency of WP's advertising stack, creating a synergy effect between partners and WPM, allowing all WPM partners to benefit from better campaign execution. Here, data from a single implementation of WP Pixel is fully anonymized. Data collected from all sources (including data collected via WP Pixel) is used for the development of WP's advertising platforms, primarily for:

    1. Effective ad-buying algorithms,
    2. Solutions for personalizing creative content,
    3. Generating reports and statistics offered by WPM.

Validated and enriched data are distributed to WP's advertising platforms to carry out the agreed-upon media activities.

This is standard data usage employed by the largest entities in the internet industry, including Google, Facebook, and Criteo. At the same time, WP ensures that data from individual WP Pixel implementations is anonymized and added to a common pool, where it constitutes a small fragment of user information.

Detailed terms of use for data obtained through WP Pixel technology are outlined in the Advertising Product Terms and Conditions, which are included with advertising orders.

WP's advertising platforms primarily include Audience Center (a DMP-class platform), where customer segments (e.g., retargeting) are created, and the Marketing Cloud platform, which facilitates the delivery of advertising campaigns.

Increasing the number of conversions means that WP can use the information obtained from the code to optimize the displayed products so that the partner achieves the highest possible number of conversions and sales.

Determining user engagement means assessing the level of user engagement with the content on the client’s site. WP segments users into groups such as "abandoned carts" and "abandoned products".

Personalizing product offers for users - tools created by WP tailor the display of products to the appropriate users who have visited the partner’s site or taken the desired action on the site. This allows the partner's products to effectively compete with other stores within personalization mechanisms.

8. What is the proper way to implement the GDPR notice?

According to the GDPR, your website must allow EU residents to consent to or reject the processing of personal data. This means users must have the ability to control the activation of cookies and tracking modules that collect their personal data directly on the website.

The GDPR guidelines state that your website's cookie notice cannot contain pre-ticked checkboxes, and continued scrolling or browsing by users cannot be considered valid consent for processing personal data.

Key principles:

  • Prior to activating any cookies (except those that are essential), you must obtain prior and explicit consent if consent is the chosen legal basis.
  • Including explicit consent for WP directly on the Client's GDPR notice is a condition for using WP Pixel.
  • Users must have the option to consent to individual cookies, meaning they must be able to choose which cookies to activate, rather than agreeing to all or none.
  • Consent must be given voluntarily, which means it cannot be forced or obtained through manipulation, such as using dark patterns.
  • Users must be able to withdraw or change their consent as easily as they gave it.
  • Consents must be securely stored as legal documentation.
  • Consent must be renewed at least every 12 months. However, some national data protection guidelines recommend more frequent renewals, such as every 6 months. Check local data protection guidelines to ensure compliance.


Example of GDPR ( https://www.cookiebot.com/ )

rodo1

rodo2

9. Is it required to include a note about cooperation with WP in the Privacy Policy?

It is recommended to include WP as a data recipient in the Client’s Privacy Policy.

Additionally, according to the data processing agreement and Article 26 of the GDPR, the client is obligated to provide data subjects with the joint arrangements of the co-controllers (e.g., by redirecting them to WP's privacy policy, which will include the joint arrangements).

This obligation is outlined in Section III.5 of the Agreement: “The parties commit to providing data subjects with information about the co-administration and the arrangements regarding the scope of responsibilities of the co-controllers, as well as the relationship between them and the data subjects, i.e., the essential content of the arrangements between the parties as referred to in Article 26(2), second sentence of the GDPR".

10. What personal data collected by WP Pixel should the Client inform the website user about?

The Client should inform the website user about the scope of data collected by WP Pixel as part of their informational obligations under Article 13 of the GDPR (the scope is detailed in the data processing agreement - Section II.2.).

11. What is the basis for adopting a co-controller model?

  1. According to the EDPB guidelines 07/2020 regarding the concepts of controller and processor under the GDPR, “the assessment of joint controllership should be based on a factual rather than formal analysis of the actual impact on the purposes and means of processing. All existing or planned arrangements should be examined in light of the actual circumstances of the relationships between the parties".

  2. According to the EDPB guidelines 8/2020 on social media user targeting, “By placing a pixel on their website, the website owner exerts a decisive influence on the means of processing. Collecting personal data of website visitors and transferring it to the social media provider would not occur without the placement of this pixel. On the other hand, the social media provider has developed and offers a piece of software code (the pixel) that leads to automatic collection, transfer, and evaluation of personal data for marketing purposes on behalf of the social media provider. As a result, joint controllership exists concerning the collection of personal data and its transfer via pixels, as well as regarding the targeting and subsequent display of ads to the user on the social media platform and any related campaign information".

  3. According to the CNIL’s position, “if multiple entities are involved in the setting and reading of cookies (e.g., when publishers facilitate the setting of cookies that are then read by advertising agencies), each of them must be considered as joint controllers".

  4. Additionally, in light of the CJEU case law, joint controllership may exist when the involved entities pursue goals that are closely related or complementary. This can occur, for example, in cases of mutual benefits resulting from the same processing operation, provided that each involved entity participates in determining the purposes and means of that processing operation. However, the concept of mutual benefits is not decisive and may only serve as an indication. The CJEU has clarified that a website operator participates in determining the purposes (and means) of data processing by embedding a social media plugin on the website to optimize the visibility of their goods on the social network. The Court found that the processing operations in question were conducted in the economic interest of both the website operator and the social media plugin provider (Judgment in Case C-40/17, Fashion ID GmbH & Co. KG v. Verbraucherzentrale NRW eV, ECLI:EU:C:2018:1039, para. 80).

  5. Furthermore, as a joint controller of data, WPM bears direct responsibility for ensuring compliance with data processing regulations. If WPM were to be considered a data processor acting on behalf of its clients, the responsibility would rest with the clients. Therefore, adopting such a cooperation model is also safe for the client.

12. Are there any known cases of rulings or decisions issued by supervisory authorities concerning the co-controller model?

  • EDPB Guidelines 07/2020 on the concepts of controller and processor,
  • EDPB Guidelines 8/2020 on social media user targeting,
  • CJEU Judgment of June 5, 2018, in Case C-210/16.