1) What is the GDPR?

The GDPR stands for the General Data Protection Regulation, which creates consistent data protection rules across the European Union. It is a far-reaching reform in EU data protection laws and has a global impact on how companies use personal information. Personal data means any information relating to an identified or identifiable natural person.

The GDPR will replace the existing Data Protection Directive (Europe Directive 95/46/EC). Meaning, from May 25, 2018, the Data Protection Directive will no longer apply.

Under the GDPR, companies can be fined up to €20 Million or up to 4% of the worldwide annual revenue of the prior financial year, whichever is higher, for breaching the GDPR requirements.

The GDPR applies (directly or indirectly) to:
(a) companies located within the EU; or
(b) companies located outside of the EU which offer goods or services to, or monitor the behaviour of, individuals within the EU; or
(c) companies who process personal information about individuals within the EU on behalf of their customers who need to comply with the GDPR.

2) What is the difference between data controller and data processor?

Data Controller means the natural or legal person (corporation), public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;

Data Processor means a natural or legal person (corporation), public authority, agency or other body which processes personal data on behalf of the controller.

3) Is Mobfox a data controller or a data processor?

Under the GDPR, we assume the position of a data processor. We process personal data to provide our customers, such as app developers and owners (which are the data controllers) with our service while doing so only on our customers’ behalf and lawful instruction – all as stated in the DPA signed between the two parties.

4) I am a publisher and I have EU traffic. What does Mobfox require me to handle?

We advise you to check out our Publisher Terms of Service HERE and make sure that you are fully compliant with the requirements of the GDPR. Please also make sure to pass us the relevant indications for the user’s sufficient consent under applicable laws and regulations. See requirements for Android and iOS on our Github page.

5) I am a demand partner. What indication do you have for user consent?

As a demand partner, we firstly advise you to get familiar with our demand side DPA here. Please make sure that you are fully compliant with the GDPR requirements.

Mobfox’s parameters for indicating consent and some more information are fully described in our GDPR Documentation HERE.

6) I am a publisher and I’ve received an application from an end user regarding his personal data records. How can I handle this with Mobfox?

Data subjects’ rights applications will be addressed by Mobfox’s Privacy Compliance Team. Please send the application to the following address:

Please make sure that your application describes the circumstances clearly. We will get back to you as soon as possible.

7) What is a DPA?

The data processing addendum is the document that makes the legal relationship between the data controller and the data processor, or between one data processor to another.

The DPA addresses specific GDPR requirements about how and under which terms personal data will be processed by the data processor or data sub-processor on behalf of the data controller.

8) Where should I turn with my questions about Mobfox’s GDPR policy?

Please feel free to reach out at any time to