Consent Experience on Mobile App

Introduction

The Utiq technology seeks to establish a robust consent and user transparency experience which has been carefully developed with the aim of putting users’ privacy first and ensure compliance with applicable privacy and data protection laws.

Utiq Privacy Requirements, documented here, apply for all the digital properties, being websites or apps.
This documentation aims to ensure the correct implementation of the requirements that Utiq Customers must comply with as part of their involvement in the provision of the Utiq technology with the focus on Mobile App.

Guidelines and Resources:

The detailed explanation of Utiq Privacy Requirements for all the digital properties (e.g. websites, apps, etc.) can be found here: Utiq Privacy Requirements.
In this page, we provide a summary, references to the main guideline and examples in the context of Mobile Apps.

Our documentation is a living entity, evolving alongside our solution. As a result, we may update it from time to time, including any texts provided.

For any questions, if you need assistance, or if you require any deviations from the Utiq guidelines, please contact csm@utiq.com.

Pre-requisites and checklist for go-live

To enable the Utiq technology in your app, we require all the items listed in the go-live checklist page to be implemented ahead of go-live:

1. Implement one of the two options for Utiq Consent Experience

As part of the standard integration of the Utiq technology, we currently support 2 options for the Utiq consent experience:

Option A: Integrated model

Integrated model is considered the default option, if you meet all the minimum Utiq standards for using the Integrated model.

If you are using a Consent Management Platform (CMP), please follow the step-by-step guidelines below to implement Utiq Privacy Requirements in your CMP.

Guidelines and Resources:

• Utiq “Integrated Model” requirements, step-by-step guideline and detailed explanation can be found here: Option A: Integrated consent model

• Utiq Transparency Texts to be used can be found here: Utiq Transparency Texts (for Advertisers and Publishers)

Example of a set-up in Mobile App context, using Didomi CMP:

Known limitations and remedies:

• Utiq as custom vendor:
  If your CMP is not listing any other vendors (and only listing the purposes), the configuration of “Utiq as vendor” can be omitted. If your CMP is listing other vendors, Utiq must be configured also as a custom vendor.

• Utiq logo: if your CMP doesn’t allow to add images, Utiq logo can be replaced with the word “Utiq” in bold.

• Hyperlinks: if your CMP doesn’t allow to add hyperlinks, please add the URL of the hyperlink as plain text in brackets.

• Scrollable text: if, by adding Utiq text, the buttons won’t be visible, please consider amending your CSS to include a scrollable text, making sure that buttons always remain visible.

Option B: Separate pop-up model

If you are unable to implement the default Option A: Integrated model or if you do not meet the minimum Utiq standards for using the Integrated model.

To ensure to Users a consistent UX, Utiq SDK does not provide an out-of-the-box dedicated Utiq Consent pop-up. Therefore, you should build a custom pop-up that matches the look and feel of your App to capture Utiq consent separately.

Please make sure your custom pop-up follows the Utiq Product and Privacy Requirement and consent pop-up characteristics, including:

• Utiq consent text (including clickable and configurable elements).

• Look & Feel, layout and design elements.

• Correct set-up of the consent capture journey (including the correct configuration of accept and reject functions).

• Ensures consent synchronization between user’s preferences expressed in Advertiser/Publishers’ apps with Utiq’s consenthub.

• Utiq consent validity timeframe.

Guidelines and Resources:

• Utiq “Separate pop-up model” requirements, mock-up and detailed explanation can be found here: Option B: Separate consent pop-up model

• Utiq Transparency Texts to be used can be found here: Utiq Transparency Texts (for Advertisers and Publishers)

Example of a set-up in Mobile App context:

2. Set up the dedicated “Manage Utiq” page linked via a footer hyperlink

Guidelines and Resources:

• Utiq Privacy Requirements detailed explanation can be found here: Setup the dedicated “Manage Utiq” page linked via a footer hyperlink

• Utiq Transparency Texts to be used can be found here: Utiq Transparency Texts (for Advertisers and Publishers)

In the context of Mobile Apps, the dedicated “Manage Utiq” link can be accessed via:

• a link in the footer of your pages (e.g. in case of WebView)

• the app menu

• any other location depending on your app setup, as long as it is available at any time and in an easy and accessible way.

Please liaise with our Customer Success team at csm@utiq.com for the dedicated assessment.

Example of a set-up in Mobile App context:

3. Include reference to Utiq technology in the domain’s privacy statement

Utiq technology must be referenced in your Privacy Statement/Notice. The option to open the Privacy Statement shall be located in an easily visible place for the user to find.

Guidelines and Resources:

• Utiq Privacy Requirements detailed explanation can be found here: Include reference to Utiq technology in the domain’s privacy statement

• Utiq Transparency Texts to be used can be found here: Utiq Transparency Texts (for Advertisers and Publishers)

Example of a correct set-up in Mobile App context:

Utiq Transparency Texts

• Utiq Transparency Texts (including “Utiq consent text”, “Manage Utiq” page text“ and “Include reference to Utiq technology in the domain’s privacy statement” page text) can be found at the following link: Utiq Transparency Texts (for Advertisers and Publishers).

• Utiq Privacy Statement is hosted in Utiq consenthub and available at the following link: https://consenthub.utiq.com/pages/privacy-statement

Correct configuration of accept and reject functions

• The CMP must be configured to ensure that Utiq calls are only triggered if user accepts Utiq consent. This means if the user either clicks on:

  • “accept all” or

  • accept Utiq custom purpose and Utiq customer vendor (if configured).

• Utiq technology must be off by default.

• No Utiq calls to enable the Utiq technology shall be triggered if a user clicks on reject option.

Utiq Consent synchronization

Users can withdraw Utiq consents in the following ways:

• via the consent revocation dedicated functionality in the “Manage Utiq” page: users can revoke their Utiq consent directly through the site. The revocation will only apply to that site in this case.

• via consenthub

• (Integrated Model only) via the CMP: by re-opening the CMP and changing the Utiq preferences, the users can withdraw Utiq consent.

Synchronization of the three options must be ensured.

Guidelines and Resources:

Utiq Consent synchronization documentation can be found at the following links:
Android SDK | Integration-with-other-CMPs
iOS SDK | Integration-with-other-CMPs

Consent Validity Timeframe

Guidelines and Resources:

Utiq Consent validity timeframe documentation can be found at the following links:

• for Option A: Integrated model → here

• for Option B: Separate pop-up model → here

Testing

The following page contains all the details for testing the Utiq Privacy Requirements: Testing
These tests should be completed before taking the technology into production use.