Criteo Privacy Guidelines for Clients and Publisher Partners

As a global company with headquarters in Europe, Criteo has a strong foundation of dealing with several industry best practices, standards and regulations. It is Criteo’s view that consistency and certainty around privacy and data protection is a win-win for businesses and the consumers they serve. It is for this reason that Criteo is committed to comply with applicable laws and regulations in all countries where it operates, including notably the General Data Protection Regulation (GDPR) that harmonizes the different data privacy laws across the European Union’s member states and any future regulatory and legislative initiatives around data protection and privacy, such as the California Consumer Privacy Act (CCPA) or the Brazilian General Data Protection Law (LGPD).

Criteo is supporting its clients and publisher partners through their compliance journey by sharing guidelines and best-practices about how to meet their own legal obligations:

1. You are required to be transparent with the users who visit your properties

• Clear, easily accessible and comprehensive information about the collection and use of data related of your users must be provided on your properties.
• This information can be provided in a privacy policy accessible directly from your properties (such as via a link in the footer of the homepage)

• Depending of the data protection regulation that applies to you, the information required may be slightly different. For instance, websites and apps that targets the European market, the information required by the GDPR notably includes:

• • the purposes of the processing for which data collected on your properties are intended i.e. data collected by Criteo via cookies and non-cookie technologies are used for the purpose of serving targeted advertising
  • the legal basis for the processing of these data i.e. the use of data for the purpose of serving targeted advertising relies on the user’ consent
  • the recipients of the data i.e. Criteo
• Disregarding the laws that apply to you, this is Criteo’s view that transparency with users is always required if we want to foster trust in our respective services and in the digital economy as a whole. Being transparent involves to describe in a comprehensive and user-friendly way how their data will be used and by who. That’s the reason why Criteo strongly recommends that its partners include in their privacy policies a notice about the data collection for the purpose of serving interest based advertising such as the one below:

Suggestion of information clause to be included in your website’s Privacy Policy

Our website integrates technologies of trusted advertising partners (third-party companies) that allow the recognition of your device and the collection of information about your browsing activity in order to provide advertisements about goods and services likely to be of greater interest to you. In particular, these partners collect information about your activity on this website to:

•   [If you are a client] enable us to show advertisements for our products and/or services to you on third-party websites and apps.]
•   [Or if you are a publisher] enable brands and e-commerce sites to show advertisements for their products and/or services to you on our website.]

Our partners may use non-cookie technologies on which browser settings that block cookies might have no effect. Your browser may not permit you to block such technologies. For this reason, please keep in mind that you can block the collection and use of information related to you by advertising companies for the purpose of serving interest based advertising by visiting the following platforms of self-regulatory programs of which those companies are members:

•   The NAI’s opt-out platform: http://www.networkadvertising.org/choices/
•   The EDAA’s opt-out platform http://www.youronlinechoices.com/
•   The DAA’s opt-out platform: http://optout.aboutads.info/?c=2&lang=EN

[Only for advertisers and publishers sharing data with Criteo for cross-device linking purposes, such as advertisers live on Shopper Graph] We may share data, such as technical identifiers derived from your registration information on our website or our CRM system with our trusted advertising partners. This allows them to link devices or browsers and provide you a seamless experience across the different environments used or likely used by you.

To read more about the technologies used by our partners and their linking capabilities, if applicable, please refer to their privacy policy listed in the above-mentioned platforms or listed below:

• [Add link to your partner’s privacy policy, including Criteo privacy policy: http://www.criteo.com/privacy/]”

• In any case, Criteo contractually requires from its partners to include in their privacy policies a link to Criteo privacy policy (https://www.criteo.com/privacy/) that provides users with detailed information about Criteo services and technologies, and the way users can exercise their rights.

2. You shall collect the consent of EU users across your properties for your use of Criteo services when legally compulsory

• Under Criteo Terms and Conditions, in all countries where collecting consent is mandatory for the use of our services, it is our clients and publishers partners’ responsibility to collect valid consent of their users prior to any Criteo tags being fired. This is justified by the fact that Criteo has no control on the choice mechanisms you decide to use on your properties to collect the consent of the users for the different third party tags implemented on their properties.
• In particular, under EU laws, consent is considered valid provided that:
  • Users are informed at the moment they are giving their consent about the use of cookies and non-cookie technologies by Criteo for the purpose of serving targeted advertising.

Suggestion of cookie notice for countries where consent is mandatory
By continuing to browse on our website, you accept the use of cookies and non-cookie technologies to provide you with tailored content and advertising across websites.

• • Users can refuse the collection and use of data by Criteo through the Criteo tags as simply as they could consent to it

• The user’s consent must be demonstrable. For this reason, we suggest the following vendors that offer solutions to add and manage valid consent functions on your properties. If you have any questions, comments or concerns about these vendors, their offerings and services, you can contact them directly.

• Cookiebot
• Crownpeak
• Civic UK

For more information about the GDPR and its application to advertisers and publishers:

Article 29 Working Party guidance on Consent under the GDPR (2018)

Article 29 Working Party guidance on Transparency under the GDPR (2018)

Please note that the information provided here does not constitute legal advice, nor is this information intended to create or rise to the level of an attorney-client relationship. You should seek professional legal advice where appropriate.

Last updated: 06/25/2019