Does your website use third-party services? Get GDPR compliant in minutes.

ONiAD

What does Oniad do?

Spanish digital advertising platform that automates campaigns and tracks conversions across Google Ads, Meta, TikTok and other channels.

What Oniad is

Oniad is a Spanish AdTech vendor based in Barcelona. The platform helps small and medium businesses run digital advertising campaigns across Google Ads, Meta, TikTok and similar channels, while centralising conversion tracking through a pixel, server side events and an attribution dashboard.

Cookies and data

The Oniad pixel writes oniad_uid (visitor identifier), oniad_session and a third party match cookie used to synchronise the visitor with Google, Meta and other advertising partners. Conversion events sent to Oniad include the URL, IP, user agent, hashed email when available and the conversion value.

GDPR and ePrivacy posture

All Oniad cookies are non essential and require Article 5(3) ePrivacy consent. The downstream advertising partners (Google, Meta, TikTok) also need consent. Oniad supports IAB TCF v2.2 so the consent string can be propagated to the advertising chain.

Get GDPR compliant in 10 minutes

Free plan available · No credit card required

Try FlowConsent free

Hosting and transfers

Oniad SL processes campaign data in Spain. Downstream destinations (Google, Meta, TikTok) are US controllers. Sign Standard Contractual Clauses with each non EU destination, complete a Transfer Impact Assessment and check the DPF certification of every partner.

Implementation steps

Block the Oniad pixel until consent, integrate IAB TCF v2.2, sign the DPA with Oniad and SCCs with each non EU advertising destination, complete a DPIA, document the destinations in your RoPA and provide a clear withdrawal mechanism.

GDPR consent category

Marketing

Websites using Oniad must obtain user consent under GDPR regulations.

Legal basisConsent (Art. 6(1)(a) GDPR and Art. 5(3) ePrivacy) for the Oniad cookies, the cross site identifiers and the conversion data shared with advertising partners. Legitimate interest is not appropriate for behavioural advertising under EDPB Guidelines 8/2020.

Risk levelhigh

Applicable regulationsGDPR, ePrivacy Directive, IAB TCF v2.2, UK GDPR, Spanish LSSI

DPIA considerations

A DPIA is recommended because Oniad combines behavioural conversion tracking with cross site identifiers shared with multiple US advertising platforms.

Sample consent text

We use Oniad to manage advertising and measure conversions. With your consent, the Oniad pixel sets cookies on your device and shares conversion data with our advertising partners.

Technical details

Tracking methodJavaScript advertising and conversion tracking pixel that captures page views, conversions and audience signals, sets first and third party cookies and synchronises identifiers with Google Ads, Meta and other downstream advertising partners.

Server locationSpain (Oniad SL, Barcelona)

Third-party domains contacted

oniad.comads.oniad.comcdn.oniad.comsync.oniad.comrtb.oniad.comconsensu.org

Cookies placed

Name	Type	Duration	Purpose
oniad_uid	first_party	1 year	First-party advertising identifier set by the ONiAD pixel to recognise the visitor across pages and to participate in real time bidding auctions.
oniad_sync	third_party	180 days	Third-party cookie used by ONiAD for cookie syncing with demand side and supply side partners during real time bidding auctions.
euconsent-v2	first_party	1 year	IAB Europe Transparency and Consent Framework v2.2 cookie that stores the visitor consent choices for advertising and audience measurement purposes.
ONIAD_SESSION	first_party	Session	Short-lived cookie that groups bid request signals belonging to the same session for frequency capping and fraud prevention.
oniad_aud	third_party	90 days	Audience segment cookie used by ONiAD to associate the visitor with retargeting and contextual segments before serving advertising.

Oniad places tracking cookies for advertising — comply with GDPR using FlowConsent.

Get started free Scan your site

Frequently asked questions

Does ONiAD set cookies on visitor devices?

Yes. ONiAD writes first-party measurement cookies, third-party advertising cookies, and similar identifiers used for cookie syncing with demand side and supply side partners. These identifiers are stored on the visitor device and used for cross site advertising and audience building, so ePrivacy Article 5(3) applies and consent is required before they are written or read.

Is consent required to use ONiAD in the EU?

Yes. ONiAD operates programmatic advertising and audience profiling through real time bidding, which the AEPD, CNIL, and EDPB consider non essential and dependent on consent. The platform must be loaded only after the visitor has accepted advertising and audience measurement purposes, and the IAB TCF v2.2 signal must reflect that choice and travel with each bid request.

What is the legal basis for advertising through ONiAD?

Advertising, profiling, and audience building rely on Article 6(1)(a) GDPR consent. Some narrow purposes such as frequency capping or ad fraud detection can rely on Article 6(1)(f) legitimate interest if the controller has documented a balancing test. The AEPD cookie guidance and the EDPB direct marketing guidelines warn against using legitimate interest for personalised advertising at large scale.

Are bid requests sent outside the EEA?

Yes, regularly. Real time bidding integrates demand side platforms, supply side platforms, and verification vendors located in the United States, the United Kingdom, Israel, and Asia. Transfers must rely on Standard Contractual Clauses and, where applicable, the EU: US Data Privacy Framework. Controllers are expected to complete a transfer impact assessment and to limit the personal data sent in the bidstream as recommended by the EDPB.

Do I need a DPIA before using ONiAD?

Yes. The combination of large scale advertising profiling, real time bidding with multiple recipients, cross site tracking, and transfers outside the EEA matches several criteria from the EDPB DPIA guidelines and the Spanish AEPD list. Document the bidstream recipients, the categories of data, the consent and legitimate interest decisions, and the residual risk after mitigations.

How do I implement consent gating with ONiAD?

Use a consent management platform certified within the IAB Europe Transparency and Consent Framework v2.2, configure it to refuse all advertising and audience purposes by default, and set ONiAD scripts to load only after consent. Make the refuse choice as accessible as the accept choice, and propagate the consent string to all downstream partners through the GVL TC string.

What are the alternatives if consent is refused?

When consent is refused, switch ONiAD to a non personalised, contextual advertising mode that does not rely on identifiers from the visitor device. You can sell context based inventory by language, content category, and page metadata, use server side frequency capping based on aggregated counters, and avoid loading cookie syncing pixels. Reporting can be aggregated and identifier free.

How should the cookie policy describe ONiAD?

List ONiAD as the controller of advertising profiling activities and describe the cookies it sets, their duration, and purpose. Provide a clear list of downstream partners, including the IAB TCF Global Vendor List entry, and describe the categories of data shared. Mention the legal basis, the use of Standard Contractual Clauses and the EU: US Data Privacy Framework, and the channels for exercising data subject rights.

Get compliant — Try FlowConsent free

Free plan · 10-min setup