PRIVACY POLICY OF First-id
1 - Object
The First-id company has developed a solution allowing website and mobile application publishers to have a unique identifier for each of their visitors, for the purpose of improving the browsing experience, through the personalization of content. and advertisements displayed to you.
When you browse the sites and applications linked to First-id, subject to your explicit consent, First-id may assign you a unique identifier generated randomly and stored in a cookie associated with the First-id domain. This identifier is then sent to publishers who can use it to get to know you better.
First-id also implements processing consisting of operating a platform for purchasing advertising space, based on standardized technologies within the advertising ecosystem. These two processing operations are described below and are partly based on cookies.
What is a cookie" ?
A "cookie" is a series of information, generally small in size and identified by a name, which can be transmitted to your browser by a website to which you connect. Your web browser will keep it for a certain period of time, and send it back to the web server each time you reconnect to it. Cookies have multiple uses: they can be used to memorize your customer identifier with a merchant site, the current content of your shopping cart, an identifier allowing you to trace your navigation for statistical or advertising purposes, etc.
2 - Processing of creation and transmission of a unique identifier
a) What does this treatment consist of?
When a visitor comes for the first time on a site linked to First-id, and once he has explicitly consented, his browser is redirected to the First-id portal which will determine if he already has a number of identification or if it is necessary to create one for him.
The number will then be transmitted to the publisher of the site consulted, which will generally store it in a cookie and use it for its own purposes of monitoring the navigation of Internet users.
This redirection is of the order of a few milliseconds, and therefore invisible to the visitor. This processing, carried out under the processing responsibility of the company First-id, is intended to create and transmit to site and application publishers a unique identifier allowing you to track your browsing.
b) What does the First-id identifier look like?
The main characteristics of the identifier generated by First-id are as follows:
- 32 randomized characters, with no special characters,
- No sharing of user information between Clients,
- Anonymisation of information collected by technical intermediaries.
Example of a First-id unique identifier: aevyknye48g9rx5328jr29839655w5pg
c) What personal data does First-id process?
First-id processes the following categories of data:
When creating the identifier, First-id may take into account certain information to determine the identity of the Internet user, if this information is sent by the Client:
- IP address (V4 and V6) and publisher domain from the site on which this information was collected,
- User Agent and technical informations relating to the terminal used, such as RAM, number of processors on the user's terminal and screen resolution,
- hashed email addresses (only if the email opt-in for their advertising use has been obtained) and the source publisher of the e-mail,
- Timestamp,
- Full URL of the page from which the data was collected
- First-party cookies,
- Mobile ID (MAID).
d) What data is kept by First-id?
First-id only keeps technical logs to verify the proper functioning of its technical solution. These logs may contain:
- IP address (V4 and V6) and publisher domain from the site on which this information was collected,
- User Agent and technical informations relating to the terminal used, such as RAM, number of processors on the user's terminal and screen resolution,
- hashed email addresses (only if the email opt-in for their advertising use has been obtained) and the source publisher of the e-mail,
- Timestamp,
- Full URL of the page from which the data was collected
- First-party cookies,
- Mobile ID (MAID).
e) What are the retention periods?
The online advertising and web analytics ecosystem generally keeps browsing data and identifiers associated with Internet users for a minimum period of 13 months. In the case of web analytics, for example, this period provides statistics covering an entire year + one month, so that trends can be estimated over more than one year.
This retention period is applied to the identification of the Internet user by First-id.
The retention period for each identifier on each site depends on the duration indicated by each site.
f) What is the legal basis used by First-id?
The processing carried out by First-id is based on your consent, obtained on the site or application of the user publisher of the First-id solution. Each website needs to get a consent from the user, it’s not global.
The consent information in the TCF CMPs of each site where First-id is integrated will be contained in the TC String collected by First-id.
g) What are the purposes declared to TCF by First-id :
- Purpose 1 : Store and/or access information on a device
- Feature 1 : Match and combine data from other data sources
- Feature 2 : Link different devices
- Feature 3 : Identify devices based on information transmitted automatically
- Special feature 2 : Actively scan device characteristics for identification
The categories of data reported to TCF should be updated to include :
- IP addresses
- Device characteristics
- Device identifiers
- Probabilistic identifiers
- User-provided data
- Privacy choices
h) What are the use cases associated with First-id?
This identifier can be used by the main digital platforms to enable a wide range of use cases. The actual purposes for which the first-id identifier is used are therefore entirely up to the publisher, who remains the sole decision-maker. The purposes for which the first-id identifier has been designed are as follows:
- Advertising activation.
- Retargeting when a brand wants to communicate with its prospects, or exclusion when a brand does not want to target web users who are already customers.
- Advertising audience measurement to find out whether a particular Internet user has already been contacted, or to attribute the benefit of a sale to an advertising campaign.
- Exchange of data for advertising purposes between different partners,
- Improving the user experience.
- Deduplication of the audience of a group's sites in its analytics tools.
i) What are your rights?
In accordance with the GDPR, you have a right of access, rectification, erasure, portability, and limitation, by contacting the DPO of First-id at the contact details indicated below. You can also permanently withdraw your consent to the use of cookies by First-id at any time by going to the page https://whatismy.first-id.fr/ which allows you to manage your preferences with First-id and which allows in particular to deactivate the service permanently.
If you do not give your consent to First-id when you arrive on a site, you will not be redirected to the First-id portal and no cookies will be read or written by First-id.
In the event of non-respect of your rights by the company First-id, you have the right to lodge a complaint with the “Commission Nationale de l'Informatique et des Libertés” (www.cnil.fr).
3 - International data transfers
First-id uses the following subcontractors:
- Amazon Web Services, for data hosting (AWS).
- Akamai, via Orange Business, for management of the content delivery network (CDN).
- Google, to manage First-id employees' office automation (Google Workspace).
First-id's three subcontractors may transfer data outside the European Union. First-id has signed standard contractual clauses with these three companies, which are also members of the Data Privacy Framework.
4 - Contact details of the DPO
If you have any questions or suggestions regarding this policy and our privacy practices, you may contact the First-id DPO:
by email : dpo@first-id.fr
by mail :
First ID
5 Avenue Jean-Monnet
92130 Issy-les-Moulineaux
France
(Updated: 01/07/2024)