GDPR compliance

The EU General Data Protection Regulation (“GDPR”) requires us and our clients to maintain an adequate level of protection for all and any personal data we collect and/or process.

This page explains how we secure such an adequate level of protection at TrackAd, and how we have organized and manage our GDPR compliance.

  1. In which cases does TrackAd process personal data?

Our services are mostly based on the collection, centralization, analysis and comparison of data provided by our clients, or collected on behalf of our clients.

Some of this data (typically: order IDs, lead IDs, cookie IDs) are personal data within the meaning of Article 4.1 of GDPR. It is however indirectly identifying data, in that TrackAd itself is not able to connect that data to identified individuals.

Besides, as any business, TrackAd collects, retains and use data relating to its leads and clients and their employees or representatives, for the purpose of managing its commercial activities. This data includes personal data.

  1. Is TrackAd a data processor or a data controller?

When we collect, retain and/or use personal data for the technical purpose of providing our services to our clients, this processing of personal data is performed by TrackAd in a capacity as the data processor of the concerned client, i.e. on behalf and under the instructions of that client.

The processing activities we perform as data processor, and TrackAd’s and the concerned client’s respective obligations and liabilities in that context, are detailed in our GDPR Data Processing Agreement, which we will provide you with a copy of if you decide to purchase our services.

Other processing activities involving personal data (for instance for the purpose of managing our business relationships and direct marketing) are performed by TrackAd in a capacity as data controller, i.e. in an autonomous and independent manner and under our own exclusive responsibility.

  1. Where can I find more information about TrackAd’s GDPR commitments under these two different qualifications?

Our GDPR commitments as our clients’ data processor are stipulated in our GDPR Data Processing Agreement, which is a binding contractual commitment towards our clients as imposed by Article 28 of GDPR. This Data Processing Agreement is only pushed to TrackAd’s actual clients and is effective as long as our service agreement is in force.

As for processing activities we perform as data controller, the guarantees we have set up are described, in a purely declarative manner, in our Privacy Policy as published on this website:

  1. Does TrackAd have a DPO (Data Protection Officer)?

Yes. TrackAd’s DPO was officially appointed with a declaration filed to the French Data Protection Authority (“CNIL”). You may contact our DPO by email at

  1. Why should I trust this GDPR statement?

Our compliance with GDPR and more generally with data protection and privacy laws and regulations is the result of a significant investment made by TrackAd throughout the past years.

The effort was led by TrackAd’s DPO, who is a professional law firm with strong expertise and experience in these matters. We relied on the applicable guidelines and recommendations from the French Data Protection Authority and its EU counterparts.

Technical aspects of data security are managed by our internal expert teams and those of our web hosting service provider, who is located in the European Union and holds several globally recognized InfoSec certifications.

Please do not hesitate to reach out to us if you need any further information!