Iubenda logo
Start generating


Table of Contents

Criteo and the GDPR – How to be compliant


Short on time? Jump to our guided setup ->

What is Criteo and Criteo Dynamic Retargeting?

Criteo is an advertising service provided by Criteo SA which allows User Data to be utilized for advertising communication purposes.

Criteo Dynamic Retargeting is a remarketing and behavioral targeting service provided by Criteo, that connects user activity on a particular site with the Criteo advertising network. This type of service allows websites and their partners to inform, optimize and serve advertising based on past use of this Application by the User.

Transparency Obligations for Criteo’s Services

When using Criteo tools to either utilize your user data for advertising communication purposes such as tracking their interaction with your content or ads, or to manage the re-marketing of your ads, you need to ensure that you adequately inform your users about these processes.

Conversely, your users should be informed that they can swiftly withdraw their consent and opt out of personalized advertising.

This was also recently confirmed by the French data protection authority, the Commission nationale de l’informatique et des libertés (CNIL).

How does iubenda help?

iubenda’s range of products assist you in maintaining compliance as required both under the GDPR and as highlighted by CNIL. 

Do I need a Privacy Policy if I use Criteo on my website?

Yes, you do.

If you’re managing your ads and/or retargeting through Criteo, then add the appropriate service to your privacy policy – in this case, the Criteo and/or Criteo Dynamic Retargeting service clauses that you’ll find in the privacy policy generator.

Such clauses provide your users with information about the nature of these services and a direct link to Criteo’s privacy policy, which includes information on how user data will be processed in a transparent and comprehensive manner. The provision of such information in turn helps to ensure that your users freely give informed consent to either service as required by the GDPR.

By adding either of the Criteo clauses to your privacy policy, you will also be addressing your contractual obligations as joint controller in terms of Criteo’s data protection agreement (DPA), since iubenda’s privacy policy will provide disclosure about this joint controllership.

Moreover, the privacy policy also provides for accessibility to Criteo’s DPA which describes the protection and security obligations between yourself and Criteo as joint controllers with respect to the processing of personal data of your users, in accordance with the requirements of the applicable data protection laws. 

Do I need a Cookie Policy if I use Criteo on my website?

Yes, you do.

Criteo may install cookies on your visitors’ devices, as stated in their Service Privacy Notice. Therefore, you’ll need a Cookie Policy as well.

Not sure if your website is installing cookies?
Check out our guide to identify the cookies your site installs in browsers.

→ How to generate a Cookie Policy in 10 seconds

Do I need a Cookie Banner if I use Criteo?

In general, websites that use third-party cookies as well as their own cookies for tracking and analytics must comply with the law and to do so are required to obtain the user’s express consent.

Therefore if you operate in the EU or could potentially have EU users, you need to comply with the Cookie Law and will need a cookie banner or notice.

If your users accept the use of the Criteo services by means of iubenda’s Privacy Controls and Cookie Solution, you will have obtained your users’ consent, proof of which is then stored by the iubenda Consent Preference Log, if this feature has been enabled.

→ Discover iubenda Cookie Solution
Quickly generate a fully customizable cookie banner, seamlessly collect consent, and implement prior blocking with asynchronous re-activation.

What about the withdrawal of consent?

Should your users wish to withdraw their consent to the processing of personal data by Criteo or opt-out of personalized advertising by Criteo, the services clauses available in the iubenda Privacy Policy generator provide an accessible link to “Disable Criteo Services” button contained in Criteo’s privacy policy. With one simple click, this will enable:

  • the withdrawal of consent, 
  • the opting out of personalized advertising and 
  • the deposit of Criteo cookies on your users’ browsers.

Alternatively, users can withdraw their consent directly from our cookie banner.

How to Create a GDPR Privacy and Cookie Policy for Criteo

With iubenda, you can easily declare which services your website uses to collect data. You can find the “Criteo” service under Advertising and the “Criteo Dynamic Retargeting” service in the Remarketing and behavioral targeting section of our Privacy and Cookie Policy Generator.

Not sure what services to select and add to your privacy policy?
Scan your website using the Site Scanner feature of iubenda and get a list of all services used on your website right away.

Trusted by 90.000 clients, iubenda is the easiest and most professional way to generate and manage privacy & cookie policies and terms & conditions, to store and manage user consent, and to comply with the ePrivacy (Cookie Law), the GDPR and the CCPA.