Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
AdOcean is a third party ad server developed by Gemius and widely used across Polish and Central European publishers. It delivers display, video and rich media creatives, manages frequency capping, and reports impressions and clicks via persistent advertising cookies on adocean.pl. Because it places third party tracking cookies and integrates with the IAB TCF, prior consent is mandatory under GDPR and ePrivacy in Europe.
AdOcean is a third party ad server developed by Gemius (Poland) and used by publishers, agencies and advertisers across Central and Eastern Europe (Poland, Czech Republic, Hungary, Romania, Latvia and Russia historically). It supports campaign trafficking, frequency capping, geo and behavioural targeting, video and native ad formats. AdOcean is registered as an IAB Europe TCF v2.2 vendor.
AdOcean places persistent third party cookies on adocean.pl, principally a unique identifier (id), capping cookies (cap_*) and the IAB TCF cookie (tcf_*). Server side it logs IP, user agent, timestamp, requested ad slot, referrer URL, geo location derived from IP and TCF consent string. Cookies typically have a 6 to 24 month lifespan.
Article 5(3) ePrivacy and Article 6(1)(a) GDPR require prior consent before AdOcean can drop a cookie. The Polish UODO and CEE supervisory authorities have aligned on the IAB TCF v2.2 framework for advertising consent. Loading AdOcean before consent constitutes a clear breach.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Pair AdOcean with a TCF v2.2 certified CMP. Block the AdOcean tag until the TC string is set with consent for vendor 280 (Gemius) and the relevant purposes (1, 2, 3, 4, 7, 9, 10). The CMP must offer reject as easily as accept and store proof of consent. AdOcean honours the TC string and will not load profiles when consent is missing.
AdOcean infrastructure runs in the EU (Poland). No transfer outside the EEA is involved for the core service. Some demand side partners (DSPs) may transmit data to the US; those onward transfers are governed by the partner Data Privacy Framework certification or SCCs.
Sign the Gemius/AdOcean DPA, register AdOcean in your record of processing, configure your CMP for vendor 280, list AdOcean cookies in the cookie banner, monitor for tag fires before consent through automated audit tools and run an annual DPIA review with focus on cross site capping risks.
Websites using AdOcean must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is required for AdOcean integrations on EU facing publisher websites. Cross site frequency capping and audience attribution amount to systematic large scale monitoring under Article 35 GDPR.
Sample consent text
We use AdOcean (operated by Gemius) to deliver and measure the ads displayed on this website. With your consent, AdOcean places third party advertising cookies on your device for frequency capping and reporting. You can manage your preferences in the cookie settings.
Third-party domains contacted
adocean.plgemius.plgemius.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| id | persistent | 24 months | Unique third party identifier set by AdOcean on adocean.pl used to identify the browser across publishers and apply frequency capping rules. |
| cap_* | persistent | 6 months | Frequency capping cookie tracking how many times a given creative was shown to the browser to enforce campaign caps. |
| tcf_* | persistent | 12 months | IAB TCF v2.2 consent string cache used by AdOcean to align ad delivery with the latest user consent state. |
AdOcean places tracking cookies for advertising — comply with GDPR using FlowConsent.
AdOcean sets persistent third party cookies on adocean.pl, mainly a unique identifier (id), capping cookies (cap_*) and the IAB TCF cookie (tcf_*). Lifespan ranges from 6 to 24 months.
Yes. AdOcean writes third party advertising cookies which are non essential. Article 5(3) ePrivacy and Article 6(1)(a) GDPR require prior, specific and informed consent before the tag fires.
Consent is the only valid basis. Legitimate interest cannot justify cross site advertising trackers and frequency capping cookies.
No, the core AdOcean service runs from Poland (EU). Onward transfers to US ad networks may occur through DSP integrations and rely on the partner DPF certification or SCCs.
A DPIA is required because AdOcean enables systematic large scale monitoring of behaviour for advertising purposes (cross site capping, audience targeting), triggering Article 35 GDPR.
Use a TCF v2.2 certified CMP, gate the AdOcean tag on consent for vendor 280 (Gemius), sign the DPA, document the integration in the record of processing and run an annual audit on tag firing pre consent.
Alternatives include Google Campaign Manager 360, Adform (DK), Equativ (FR), Smart AdServer (FR) and Xandr (Microsoft). Adform and Equativ are EU based and offer comparable functionality with simpler transfer profiles.
List AdOcean as a third party advertising processor by Gemius, name cookies id, cap_* and tcf_*, retention up to 24 months, IAB TCF vendor 280, EU data residency, possible onward transfers via DSP integrations and link to the Gemius/AdOcean privacy policy.