Privacy Policy For Customer Match Lists
Management Summary
Use of customer match lists and targeting
By using customer match lists, ads can be shown to existing customers, or campaigns can be optimized through bid adjustments. Customer match lists enable you to target similar target groups (“Similar Audiences”). This targeting option is designed to target users whose characteristics are similar to your existing customers. As soon as users from the Customer Match list are logged into a Google or Facebook account, this form of targeting is possible. You can determine the period of validity of the lists yourself. The size limit for customer match lists is 10,000 email addresses.
The use of Customer Match is only possible by uploading a file with email addresses to the AdWords or Facebook account. On Facebook, telephone numbers can also be used for identification.
Consent of affected users
Before using customer match lists, you should ensure that there is a detailed note regarding the use of customer match lists in the data protection declaration. To use customer match lists, effective consent from customers is required. This consent can be obtained, for example, from online shop customers during the check-out process, during the opt-in or through a “cookie banner”. The topic of data protection is important to us, which is why a paragraph on customer match lists has been added to our data protection declaration:
Hashing for Google AdWords
The owner of the customer data is always responsible for data protection. By using secure hash algorithms, email addresses can no longer be converted back into plain text. Encryption in hash codes therefore offers optimal protection. The hash algorithm SHA-256 is used to upload email addresses to Google AdWords. In Google AdWords there is the possibility to upload already encrypted lists or lists in pure text format. Lists of email addresses in text format are automatically encrypted by the AdWords system using the SHA-256 algorithm. It is strongly recommended to “hash” the lists before uploading!
Practical tip for hashing
The hashing process is case sensitive. For this reason, all email addresses must be written in lower case and must not contain spaces.
As soon as the upload has taken place, the hash values are compared with existing Google accounts. If there is a match, the Google account is automatically added to the Customer Match list. After the Custom Match list has been created, the file with the uploaded email addresses is automatically deleted.
Important for data protection: no new addresses to Google and Facebook!
Since the data is encrypted before transmission, Google or Facebook can only compare it with your own address database. If a hash code does not match any existing code, this unknown email address cannot be converted back into plain text. Google or Facebook therefore do not receive any new email addresses! You may have to explain this very clearly to lawyers if they express concerns – if this is understood, you usually get the green light.
Hashing for Facebook
The hashing of the email addresses for Facebook takes place during the upload itself. The email addresses are hashed in the browser and then sent to Facebook. Facebook compares the uploaded, hashed email addresses with the encrypted email addresses of Facebook users and, if there is a match, adds the users to the Customer Match list. Hashed email addresses that cannot be assigned to a Facebook user are automatically deleted after matching. The entire process can be seen in the image below:
Step 1 shows the comparison of the uploaded, encrypted email addresses with those of the Facebook users. In step 2, users with matching email addresses are separated from users without a match. Step 3 shows the collection of users with a “match” in a separate customer match list. Finally, in the last step, the encrypted email addresses are deleted again.
Conclusion
With Customer Match, advertisers can use their own customer base for targeted advertising within Google Search, YouTube, Gmail or Facebook. We recommend that you strictly adhere to the legal framework. The Vienna Chamber of Commerce, among others, offers a free one for all memberstelephone legal advice, information sheets, workshops and courses on the subject of data protection. Before using Customer Match Lists, please remember to obtain the consent of the affected users and supplement the data protection declaration. Thereafter, nothing stands in the way of using email addresses for advertising activities.
