The Criteo privacy promise

For Criteo, privacy is not an afterthought — it’s our guiding principle. 

As a French company founded in 2005, Criteo’s privacy protections have consistently adhered to or surpassed what’s been required by law, including GDPR, for over 14 years. We understand the sensitivity of customer data and are committed to protecting its confidentiality and security. 

 

We always:

  • Collect only the data that is required to deliver our service 
  • Store SHA256 hash of MD5 hash of emails 
  • Minimize data retention 
  • Ensure data security 
  • Provide a user-friendly opt-out tool 

 

We never: 

  • Record directly identifying information 
  • Store any original files containing emails 
  • Use or store your audience data for any other purpose 
  • Impact your intellectual property with respect to customer data 
  • Use any 3rd-party-owned or managed data centers 

 

Industry Leadership: Investing in Best Practices 

Criteo has an extensive number of certifications that are reviewed annually by governing and standards bodies, and supports initiatives that deliver greater transparency and control to users.

We are a proponent of the IAB Transparency and Consent Framework and were early adopters of industry best practices such as the AdChoices program, as well as:

Privacy by Design Principles

Criteo goes to great lengths to protect and process your customer data in compliance with applicable Privacy and Data Protection Laws. Our product teams develop every feature with privacy in mind. 


It’s the cornerstone of Privacy by Design, a four-step approach that ensures an industry-leading level of safety for marketers and consumers alike: 

  1. Power of Information: Our privacy standards are deliberately rigorous. We know that the more a consumer understands what we do, the more confident they’ll feel. 
  2. User Choices: We make every effort to enhance the shopping experience, but we respect that some consumers would rather opt-out. We make it easy for them to do so with a single click. 
  3. Security and Access: Data is always securely collected and retained using state-of-the-art pseudonymization techniques that are considered best-practice under the GDPR. 
  4. Privacy Counsel: Our team of privacy experts constantly assess risks, provide company-wide privacy training, and help us to build even better products. 

 

Our Commitment to Global Privacy 

We require a high level of data protection and privacy requirements on all our partners across the world. Thus, should the relationship with one of our partners involve cross-border data flows outside the European Union, our partner is formally required to comply with best-practice data protection standards and adhere without any restrictions or limitations to the Standard Contractual Clauses adopted by the European Commission. 

Protecting consumers’ privacy and being clear and transparent about business practices is essential to our global organization. When customers understand exactly how their information is being used and are given control over their personal browsing data, it strengthens their trust in us and, ultimately, your business. 

0%
0%