General terms and conditions

1 – Object 

​First-id has developed a solution enabling website and mobile application publishers to have a unique reference for each of their visitors, in order to improve the browsing experience by personalizing the content and advertising displayed to you.

When browsing sites and applications linked to First-id, subject to the user’s explicit consent, First-id may assign a unique identifier generated at random and stored in a cookie associated with the First-id domain. This identifier is then passed on to publishers who can use it in their platforms to help advertisers target more effectively.

What is a “cookie” ?

A “cookie” is a piece of information, generally small in size and identified by a name, which may be sent to your browser by a web site you visit. Your web browser will store it for a certain period of time, and send it back to the web server each time you reconnect. Cookies have many uses: they can be used to memorize your customer ID with a merchant site, the current contents of your shopping cart, an identifier enabling your browsing to be tracked for statistical or advertising purposes, etc.

2 – Processing the creation and transmission of a unique identifier

​a) What does this processing involve?

​When a visitor first comes to a site linked to First-id, and once he has explicitly consented, his browser is redirected to the First-id portal, which will determine whether he already has an identification number or whether one needs to be created for him.

The number is then transmitted to the publisher of the site consulted, who will generally store it in a cookie and use it for its own purposes of tracking the browsing habits of Internet users.

This redirection takes only a few milliseconds, and is therefore invisible to the visitor. The purpose of this processing, carried out under the responsibility of First-id, is to create and transmit to site and application publishers a unique identifier enabling them to track your browsing habits.

b) What does the First-id identifier look like?

The main characteristics of the identifier generated by First-id are as follows:

•    2 randomized characters, with no special characters
•    No sharing of user information between Clients
•    Anonymization of information collected by technical intermediaries

Example of a First-id unique identifier : aevyknye48g9rx5328jr29839655w5pg

c) What personal data does First-id process?

​First-id processes the following categories of data:

When creating the identifier, First-id may take into account certain information to determine the identity of the Internet user, if this information is sent by the Customer:

  • IP address (V4 and V6) and publisher domain from the site on which this information was collected,
  • User Agent and technical footprints relating to the terminal used, such as RAM, number of processors on the user’s terminal and screen resolution,
  • hashed e-mail addresses (only if the e-mail opt-in for advertising use has been obtained) and e-mail source publisher,
  • Timestamp,
  • Complete URL of the page from which data was collected
  • First-party cookies,
  • Mobile ID (MAID).

​d) What data does First-id keep?

First-id only keeps technical logs to verify the proper functioning of its technical solution. These logs may contain :

  • IP address (V4 and V6) and publisher domain from the site on which this information was collected,
  • User Agent and technical footprints relating to the terminal used, such as RAM, number of processors on the user’s terminal and screen resolution,
  • hashed e-mail addresses (only if the e-mail opt-in for advertising use has been obtained) and e-mail source publisher,
  • Timestamp,
  • Complete URL of the page from which data was collected
  • First-party cookies,
  • Mobile ID (MAID).

e) What are the retention periods?

The online advertising and web analytics ecosystem generally keeps browsing data and identifiers associated with Internet users for a minimum of 13 months. In the case of web analytics, for example, this period provides statistics covering an entire year + one month, enabling us to estimate trends over more than one year.
This retention period is applied to the identification of the Internet user by First-id.
The retention period for each identifier on each site depends on the duration indicated by each site.

f) What is the legal basis used by First-id?

The processing carried out by First-id is based on the Internet user’s consent, obtained on the site or application of the publisher using the First-id solution. Each site must request consent, which is not global.

If the site’s CMP is based on TCF, then the consent information will be contained in the TC String collected by First-id.

g) What purposes does First-id declare to TCF?

• Purpose 1 : Store and/or access information on a device
• Purpose 2 : Use limited data to select advertising
• Purpose 3 : Create profiles for personalized advertising
• Purpose 4 : Use profiles to select personalized advertising
• Purpose 7 : Mesure advertising performance

• Feature 1 : Match and combine data from other data sources
• Feature 2 : Link different devices
• Feature 3 : Identify devices based on information transmitted automatically
• Special feature 2 : Actively scan device characteristics for identification

data categories declared to TCF are : 

• IP addresses
• Device characteristics
• Device identifiers
• Probabilistic identifiers
• User-provided data
• Non-precise location data
• Privacy choices

h) What are the use cases associated with first-id?

This identifier can be used by the main digital platforms to enable numerous use cases, so the actual purposes for which the first-id identifier is used are entirely up to the publisher, who remains the sole decision-maker. The purposes for which the first-id identifier has been designed are as follows:

  • Advertising activation.
  • Retargeting when a brand wants to communicate with its prospects, or exclusion when a brand does not want to target web users who are already customers.
  • Advertising audience measurement to find out whether a visitor has already been contacted, or to attribute the benefit of a sale to an advertising campaign.
  • Data exchange for advertising purposes between different partners,
  • Enhanced user experience,
  • Deduplication of the audience of a group’s sites in its analytics tools.

i) Who do we share it with?


We share information with our subcontractors in order to correctly identify Internet users who have given their consent. The list of subcontractors is in paragraph 3.

We also share information with our customers, generally site or application publishers, or advertisers, so that they can offer you personalized experiences.

j) What rights do Internet users have?

In accordance with the RGPD, Internet users have the following rights:

  • of access – What personal data we hold about them, how it has been processed, as well as to request a copy,
  • rectification – If they wish us to correct the personal data we hold about them,
  • erasure – If they wish us to delete their personal data held by us,
  • portability – to provide them with a copy of their personal data held by us,
  • and limitation – To limit the use of their personal data held by us,

by contacting First-id’s DPO on the contact details given below.

They may also withdraw their consent to the use of cookies by First-id at any time by going to https://whatismy.first-id.fr/, where they can manage their preferences with regard to First-id and, in particular, deactivate the service permanently.

If they do not give their consent to First-id when they arrive on a site, they will not be redirected to the First-id portal and no cookie will be read or written by First-id.

Should First-id fail to respect their rights, they have the right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (www.cnil.fr).

3 – Exploiting ‘Flex’ integration

 First-id has created the Flex integration, which enables a partner company to generate and use First-id for its own publishers and advertisers.

This integration relies solely on an SDK called on a site (the Helper) or on an API for applications. Internet user identification is then based on the reading of various signals to check whether they are associated with an identifier that has already been generated, but without calling up the First-id Portal. These signals are listed in point 2c.

This integration always requires the Internet user’s consent, and in the case of a TCF CMP, the purposes requested are listed in point 2g.

The First-id Helper only runs if the user has given First-id consent via the CMP. First-id’s technical platform is also able to interface with non TCF CMPs in order to verify that First-id has received the Internet user’s consent.

Within the framework of a partnership, the partner company may use First-id to enhance the performance of its own platforms, after obtaining the agreement of its own publisher and advertiser customers.

4 – marketing Communications

 Within the framework of a partnership, First-id and the partner company may communicate on the existence and purpose of their mutual contract. In addition, each party may use the name and brand of the other party as a commercial reference in the promotion of its activities.

5 – International data transfers

First-id uses the following subcontractors:

  • Amazon Web Services, for data hosting (AWS).
  • Akamai, through Orange Business, for content delivery network (CDN) management.
  • Google, to manage First-id employees’ office automation (Google Workspace).

First-id’s three subcontractors may transfer data outside the European Union. First-id has signed standard contractual clauses with these three companies, which are also members of the Data Privacy Framework.

6 – Security

As part of its services, First-id undertakes to take all technical and organizational measures necessary to ensure the security, confidentiality, integrity, watertightness and availability of data and the resilience of the systems used to access it.

First-id implements measures against accidental or illicit destruction, accidental loss, alteration, unauthorized distribution or access, as well as any other form of illicit processing.

First-id maintains state-of-the-art data security. To this end, First-id carries out regular assessments of the security level of its processing and that of its partners. In the event of modifications to security measures, these must under no circumstances have the effect of weakening the level of security.

First-id regularly reviews its data collection, storage and processing practices, including physical security measures, to protect against unauthorized access to systems.

First-id limits access to information to employees, subcontractors and agents who need the information to process it for First-id, and who are subject to strict contractual confidentiality obligations.

7 – DPO contact information

If you have any questions or suggestions about this policy and our privacy practices, you can contact First-id’s DPO .

​​​First-id
5, avenue jean monnet
92130 Issy les Moulineaux

(Mise à jour : 07/01/2025)