Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Majin is a Japanese advertising technology platform offering programmatic display, video, and shopping ads for advertisers and agencies, with audience targeting, cross device tracking, product feed management, and real time bidding focused on the Japanese and broader Asia Pacific market.
Majin is a Japanese advertising technology platform that operates a programmatic media buying and selling stack for advertisers, agencies, and publishers focused on the Japanese and broader Asia Pacific market. The product covers display, video, native, shopping ads, and connected TV inventory, and integrates with major demand side platforms, supply side platforms, ad exchanges, and product feed providers. Pages that include Majin scripts call its measurement and audience services and participate in real time bidding auctions. Majin also offers Japanese language reporting, audience segments, and shopping ad campaign management with deep links into Yahoo Japan and other local properties.
Majin writes first-party measurement cookies and uses third-party cookies and similar identifiers for cross site advertising. A typical session involves a unique Majin identifier, partner cookies dropped through cookie syncing, and ad verification beacons. Real time bid requests carry the IP address, user agent, the page URL, the referrer, the product identifiers from the merchant feed, and audience segments. On mobile, the platform can use the IDFA or Android Advertising ID where the operating system permits. Where third-party cookies are blocked, Majin relies on first-party identifiers, contextual signals, and probabilistic device matching.
Under GDPR, advertising profiling and audience building based on online activity require a clear legal basis, normally consent. ePrivacy Article 5(3) requires that ad cookies, pixels, and any storage on the device be activated only after consent. The CNIL cookie guidelines, the Spanish AEPD cookie guidance, and the BfDI position confirm that prior consent is required for Majin style scripts, that the refuse option must be as accessible as the accept option, and that strictly necessary frequency capping or fraud prevention may rely on legitimate interest as long as the processing is documented. The Digital Services Act adds restrictions on profiling minors and on sensitive data.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Each bid request typically reaches several dozen demand side platforms, supply side platforms, ad exchanges, and verification vendors, many of which are established outside the EEA, including in Japan, the United States, the United Kingdom, and Singapore. Japan benefits from an EU adequacy decision adopted in 2019, so transfers to Majin in Japan do not require Standard Contractual Clauses for processing covered by the supplementary rules. Transfers to other third countries rely on Standard Contractual Clauses and, for certified US recipients, the EU: US Data Privacy Framework, with the IAB TCF signal propagated where used.
Publishers and advertisers using Majin must integrate a consent management platform that exposes a clear analytics, advertising, and personalisation purpose, and that supports the IAB TCF v2.2 where the integration is TCF aware. Majin scripts and partner pixels should be loaded only after consent for advertising and audience purposes, with sensible separation between strictly necessary measurement, profiling, and personalised advertising. Configure the platform to refuse legitimate interest where the EDPB does not consider it appropriate, and verify that no advertising cookie is set before opt in.
Map each Majin pixel, partner, and cookie in the cookie policy and the records of processing. Sign the data processing agreement with Majin, document the EU Japan adequacy decision for transfers to Japan, and obtain the sub processor list. Run a DPIA and a transfer impact assessment for downstream partners outside Japan, document supplementary measures such as IP truncation in the bidstream, and verify the propagation of consent strings end to end. Test pages with consent denied to confirm that no advertising cookie or identifier is sent.
Websites using Majin must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended because Majin performs systematic profiling for advertising and shopping ads, real time bidding with multiple recipients, and cross device tracking that the EDPB and the CNIL identify as high risk processing. Document the categories of personal data, the bidstream recipients, the legal basis per purpose, the IAB TCF signal handling where used, the retention applied to logs and audiences, and the supplementary measures used for transfers outside the EEA, including Japan under the adequacy decision.
Sample consent text
We use Majin to deliver and measure programmatic and shopping advertising. With your consent, we and our partners store and access information on your device for advertising, profiling, and audience measurement, and may transfer data to ad tech partners in Japan and other countries. You can accept, refuse, or change your choice at any time from the cookie settings link in the footer.
Third-party domains contacted
majin.tokyoads.majin.tokyortb.majin.tokyosync.majin.tokyocdn.majin.tokyoCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| majin_uid | first_party | 1 year | First-party advertising identifier set by the Majin pixel to recognise the visitor across pages and to participate in real time bidding auctions. |
| majin_sync | third_party | 180 days | Third-party cookie used by Majin for cookie syncing with demand side and supply side partners during real time bidding auctions. |
| majin_seg | third_party | 90 days | Audience segment cookie used by Majin to associate the visitor with retargeting and shopping ads segments before serving advertising. |
| majin_session | first_party | Session | Short-lived cookie that groups bid request signals belonging to the same session for frequency capping and fraud prevention. |
Majin places tracking cookies for advertising — comply with GDPR using FlowConsent.
Yes. Majin writes first-party measurement cookies, third-party advertising cookies, and similar identifiers used for cookie syncing with demand side and supply side partners. These identifiers are stored on the visitor device and used for cross site advertising and audience building, so ePrivacy Article 5(3) applies and consent is required before they are written or read.
Yes. Majin operates programmatic advertising and audience profiling through real time bidding and shopping ads, which the CNIL, the AEPD, and the EDPB consider non essential and dependent on consent. The platform must be loaded only after the visitor has accepted advertising and audience measurement purposes, and the IAB TCF v2.2 signal must reflect that choice where the integration is TCF aware.
Advertising, profiling, and audience building rely on Article 6(1)(a) GDPR consent. Some narrow purposes such as frequency capping or ad fraud detection can rely on Article 6(1)(f) legitimate interest if the controller has documented a balancing test. The CNIL cookie guidelines and the EDPB direct marketing guidelines warn against using legitimate interest for personalised advertising at large scale.
Yes. Majin operates from Japan, which benefits from an EU adequacy decision adopted in 2019. Real time bidding integrates demand side platforms and supply side platforms in the United States, the United Kingdom, and Singapore that do not benefit from adequacy. Transfers to those recipients must rely on Standard Contractual Clauses and, where applicable, the EU: US Data Privacy Framework. Controllers are expected to complete a transfer impact assessment.
Yes. The combination of large scale advertising profiling, real time bidding with multiple recipients, cross site tracking, and transfers to multiple jurisdictions matches several criteria from the EDPB DPIA guidelines and the CNIL list. Document the bidstream recipients, the categories of data, the consent and legitimate interest decisions, and the residual risk after mitigations.
Use a consent management platform with clear advertising and audience purposes, ideally certified within the IAB Europe Transparency and Consent Framework v2.2, configure it to refuse all advertising and audience purposes by default, and set Majin scripts to load only after consent. Make the refuse choice as accessible as the accept choice, and propagate the consent string to all downstream partners.
When consent is refused, switch Majin to a non personalised, contextual advertising mode that does not rely on identifiers from the visitor device. You can sell context based inventory by language, content category, and page metadata, use server side frequency capping based on aggregated counters, and avoid loading cookie syncing pixels. Reporting can be aggregated and identifier free.
List Majin as the controller of advertising profiling activities and describe the cookies it sets, their duration, and purpose. Provide a clear list of downstream partners and describe the categories of data shared. Mention the legal basis, the EU Japan adequacy decision for transfers to Japan, the use of Standard Contractual Clauses and the EU: US Data Privacy Framework for other jurisdictions, and the channels for exercising data subject rights.