Affiliate Marketing: Processor Agreement for Advertisers

Back to Legal

Affiliate Marketing Advertisers - Version 1.3 of 06-11-2023

This is an additional agreement between Daisycon B.V. (CoC number 39073684, registered P.J. Oudweg 5, 1314 CH, Almere, The Netherlands) and their Advertisers and between Advertisers and the Publishers promoting Advertisers through Daisycon (version 1.3 as of 06-11-2023). For our Lead Generation services we have a seperate processor agreement, which is available in Dutch.

Taking into account that:

  • The advertiser has entered into an agreement with Daisycon by signing a contract (Network Agreement).
  • The Advertiser enters into an agreement with the Publisher at the moment that the publisher is accepted into the advertiser campaign (Affiliate Agreement).

This agreement contains provisions regarding the processing of data, to be qualified as a Processor Agreement as referred to in the General Data Protection Regulation (hereinafter: GDPR). This page can be consulted at any time.

  1. In the context of the execution of the Agreement between the Advertiser and Daisycon, Daisycon may store and process data of transactions with the Advertiser (hereinafter: Transaction Data) of the Advertiser. The Parties agree that, in so far as Daisycon processes Transaction Data for the Advertiser, Daisycon can be regarded as the Data Processor within the meaning of the GDPR and the Advertiser as the Data Controller. The Publisher (s) who generated the Transaction for the Advertiser or contributed to it (if set up) will receive standard insight into basic, anonymous, information about the transaction, such as the Compensation paid for this. If the Publisher stores Transaction data, the Publisher can also be designated as a Data Processor. Daisycon and the Publisher will therefore only process Transaction data in the context of executing the Agreement with the Advertiser and on behalf of the Advertiser. The advertiser makes an effort to communicate/save as little as possible personal data on Daisycon but shares at least pseudonised Transaction ID’s. These Transaction ID’s are not shared with third parties. The purpose of the processing of Transaction ID’s is to identify and therefore enable validation of Transactions. If the Advertiser passes on personal data to Daisycon, the Advertiser must anonymize or pseudonymize the data as much as possible.
  2. In the context of the execution of the Agreement between the Advertiser and Daisycon, Daisycon can store and process data to match a click from the publisher to the Transaction of the Advertiser (hereinafter: Matching-data). The parties agree that, in so far as Daisycon processes matching data on behalf of the Advertiser, both Daisycon and the Advertiser can be regarded as the Data Controller in the sense of the GDPR. The advertiser determines the purpose of the data processing (to do performance based online marketing) It is also in control of whether or not to pass on the data (by calling the Conversion Pixel on its website). How the data processing is done and which resources are used are determined by Daisycon. Daisycon will therefore only process Matching data in the context of executing the Agreement with the Advertiser and on behalf of the Advertiser. The data is not used to create or use ‘behavioral’ customer profiles. Due to the limited privacy aspect and the fact that Daisycon needs this data for its services, Daisycon invokes Legitimate Interest within the GDPR on the basis of permission. As a result, Daisycon does not require explicit permission from the Consumer to perform the matching.
  3. In the context of the execution of the Agreement between Publisher and Advertiser, Advertiser can store and process data (in particular so-called ‘Prefilling’ data on the Advertiser’s website). The parties agree that insofar as the Advertiser and / or Daisycon processes data on behalf of Publisher, Advertiser and / or Daisycon can be regarded as the Data Processor in the sense of the GDPR and Publisher as the Data Controller. Advertiser and Daisycon will therefore only process data within the framework of the execution of the Agreement with Publisher and only if prior consent has been made regarding the data and how the permission for obtaining and sharing the data is guaranteed by Publisher.
  4. Depending on the settings that Advertiser establishes in his account and the information that the advertiser provides, the publisher (s) who have generated the transaction (s) will receive insight into more – not to be traced back to individuals – Transaction data. Advertiser is responsible for the data that is sent and the settings in his account with which data is shared with the Publisher (s).
  5. Publisher who are affiliated with the Campaign of the Advertiser at Daisycon must adhere to the agreements as laid down in the Standard Processor Agreement for Publishers as included in the General Publisher Terms and Conditions of Daisycon.
  6. Advertiser protects his passwords and takes full responsibility for his own account as well as the use by third parties of his accounts. Advertiser is responsible for all activities that take place under his Account, with the exception of the activities of Daisycon support staff as mentioned in this article. The Advertiser will inform Daisycon immediately after it has become known to the Advertiser of unauthorized use of the Advertiser’s account or any other breach of the security of which the Advertiser is aware. The support staff of Daisycon (or its 100% subsidiaries) may from time to time log in to the Service using the password of Advertiser (password is always hidden) to maintain or improve the Service, including to help Advertiser in case of problems or support.
  7. Daisycon is the Data Controller for the processing of personal data of the representatives and personnel of Advertiser. Daisycon shall process and share this personal data within the group company structure with other affiliated companies for the performance of the agreements with Advertiser and for administrative, financial and marketing purposes. Insofar as the affiliated company processes the personal data of the Advertiser for marketing of their own services, the affiliated company shall be a Data Controller. For every other data processing action, the affiliated company shall be the Data Processor on behalf of Daisycon. The legitimate interest of Daisycon and its affiliated companies serves as lawful basis for the transfer and processing of this personal data.
  8. Advertiser and Daisycon guarantee that they fully comply with all applicable legal obligations, including but not limited to the obligations arising from the GDPR, with respect to the data and in particular personal data.
  9. Advertiser must publish and share the use of Daisycon’s services and the way in which it collects data to the Subject. This can be done by displaying a prominent link to the privacy policy page from Daisycon services (available at https://www.daisycon.com/en/privacy).
  10. The Advertiser will make all reasonable efforts to ensure that a Visitor receives clear and comprehensive information about the storage and processing of data and the matching process in connection with the services provided by Daisycon, when such activity takes place in connection with the Service and when the giving such information and obtaining such consent is required by law. A standard text in its privacy statement is available via https://www.daisycon.com/en/standard-text-privacy-statement-advertisers/
  11. The advertiser warrants to Daisycon that these data are not unlawful and do not infringe the rights of third parties, (ii) that they are entitled to provide the data to Daisycon, and (iii) that they are entitled to appoint Daisycon as Data Processor of the concerning data. Advertiser grants Daisycon the right to use subprocessors themselves, provided subprocessors meet the agreements as laid down in this Processor Agreement.
  12. Advertiser exampts Daisycon from all liabilities of third parties, including subprocessors, that of any kind result from the processing of data by Daisycon and / or that are the result of violations of warranties as stated above by the Advertiser.
  13. In the case of a data breach involving data from the Advertiser, Daisycon undertakes to report this to the Advertiser within 24 hours.
  14. In the case of a data breach involving data from the Publisher, Advertiser undertakes to report this to Daisycon within 24 hours.
  15. Daisycon states that data from Advertiser is only stored on servers within the EU or otherwise only in countries that guarantee an adequate level of protection.
  16. Both Daisycon and Advertiser make all reasonable efforts in its systems and the data transfer between Advertiser and Daisycon and / or Publisher and Advertiser to protect against loss and / or against any form of unlawful use. All parties involved will implement appropriate technical and organizational measures, taking into account, among other things, the state of the art. Advertiser declares to have taken note of the measures taken by Daisycon and to have established that these measures guarantee an adequate level of security with regard to the data being processed.
  17. Advertiser and Daisycon declare they won’t store more –personal- data then necessary for the service and for no longer than is strictly necessary for the performance of its service or after termination of the Agreement, unless this is based on a legal obligation.
  18. Both Daisycon and Advertiser are bound to secrecy of all data and information that it processes as a result of this Processing Agreement, except to the extent that such data or information is apparently not secret or confidential, or are already generally known.
  19. Daisycon is at all times entitled to adjust this Processor Agreement. The Advertiser will receive a digital notice. If Advertiser does not object within 14 days after the notice, the Advertiser is considered to accepted the adjusted Processor Agreement.
  20. This Processor Agreement will be in force during the term of the Agreement between the Advertiser and Daisycon and the Advertiser and Publisher. If the Agreement ends, this Processor Agreement shall end by operation of law, except when the nature of the processing and / or the nature of the provision require the continuation of the specific provisions of this Processor Agreement.
  21. The leading supervisor is the Dutch Data Protection Authority (DPA).

Download the Processor Agreement for Advertisers here.

Standard text privacy statement advertisers

You may use this standard text as an advertiser to include in your privacy statement for the visitors of your website. Advertisers at Daisycon are obliged to inform its visitors about the services that Daisycon performs for them. You may, but are not obliged to use this text for this.

This text is an example. You are free to adjust it, or use other techniques. Daisycon does not accept any liability for the content of this statement.


For the cookie and data processing with regard to Daisycon’s services, Daisycon’s standpoint is that you do not need to ask explicit permission to the consumer in advance. The privacy impact for the visitors is very limited and within GDPR, Daisycon relies on the lawful bases for processing this data based on Legitimate Interest. For more information, read the Daisycon Cookie and Privacy Statement.

Read here comprehensive information about what you as an advertiser at Daisycon must do to comply with the GDPR. Keep in mind that if you give personal details in the conversion pixel, you should expand this standard text with information about what data you share and what the purpose is. Of course you must comply with the agreements in the standard processor agreement.

Start standard text:

[NAME ADVERTISER] uses the performance based marketing service from Daisycon. Performance based marketing is a fair form of advertising because the advertiser only reimburses for actual and measurable results. In order to be able to compensate for this measurable result, a match must be made between the publisher / website that the visitor has forwarded and the transaction that has been generated by this.

To use this service, we pass anonymous transaction data to Daisycon. This data concerns; product descriptions, sales value, and demographic and geographical characteristics. These cannot be traced back to a person and are only used for statistical purposes and shared with Daisycon. In addition to the anonymous transaction data, we provide the following data that fall under the GDPR; 1) pseudonymized transaction IDs. These transaction IDs are not shared with third parties and only by our use for validation purposes. 2) Your IP address will also be passed on to Daisycon through the technical process. This address is only stored anonymously in the Daisycon system.

For the above service our partner Daisycon stores data and so-called affiliate cookies and matching processes are used. The use of affiliate cookies, matching data and the storage of data does not endanger the privacy of the visitor of this website. See the cookie and privacy statement of Daisycon about this.

No consumer profiles (behavioral user profiles) are created via the services provided by Daisycon. With regard to the data processing within the GDPR, we rely on the authorization basis for Legitimate Interest. We do however need to inform our visitors about the use. A processor agreement with Daisycon has been concluded for the storage and processing of these transaction data.

Additional text cross device matching (optional)

Daisycon offers its advertisers the possibility to cross-device a match between the click at the publisher and the transaction with the advertiser. If you use this option as an advertiser, you must add the text below to the standard text.

Add to “data covered by the GDPR”

(hashed) email address and / or pseudonymised account id. This data is not stored by Daisycon, but is directly converted into anonymous hashes. This information is not shared with third parties. This data is only used in the process of assigning transactions.


Some advertisers decide to provide personal information in the conversion pixel. Daisycon strongly advises advertisers not to do this. If you decide to still share personal data with Daisycon, then you must explicitly state in your privacy statement what information you share with Daisycon and what the purpose of this is. You can read more information about this subject here.

Back to legal