FWP 1 d697105dfwp.htm FWP FWP

Filed Pursuant to Rule 433

Issuer Free Writing Prospectus dated March 20, 2014

Relating to Preliminary Prospectus issued March 17, 2014

Registration Statement No. 333-194347

Criteo S.A.

Update to Preliminary Prospectus

Issued March 20, 2014

This free writing prospectus relates only to the public offering of American Depositary Shares representing ordinary shares of Criteo S.A. This free writing prospectus should be read together with (a) Amendment No. 3 to the Registration Statement on Form F-1 (File No. 333-194347) relating to these securities (“Amendment No. 3”) which was filed today and (b) the preliminary prospectus issued on March 17, 2014 related to this offering (“Preliminary Prospectus”), included in Amendment No. 1 to the Registration Statement relating to these securities, and specifically in conjunction with the Risk Factors and Business – Government Regulation disclosures included therein and with the discussion of forward-looking statements included therein under the caption “Special Note Regarding Forward-Looking Statements.”

References to “Criteo,” “we” and “our” are used in the manner described in the Preliminary Prospectus. The following information is set forth in Amendment No. 3 and supplements and updates the information contained in the Preliminary Prospectus.

Regulatory, legislative or self-regulatory developments regarding internet privacy matters could adversely affect our ability to conduct our business.

Compliance

In May 2012, the CNIL commenced an inquiry into our compliance with the French data protection laws. The CNIL has visited our site, and requested and received various documents and information about our services and platform. The inquiry has focused on how we operate technically, the data we collect, how we use data, how long data is stored, and the placement and reading of cookies for advertising purposes (including whether informed consent is collected in a manner which complies with French data protection law).

On March 20, 2014, we became aware of a letter from CNIL to Criteo in which the CNIL provided its feedback and observations based on the inquiry and recommended actions in order for us to be in compliance with French data protection laws. In that letter, the CNIL takes the view that Criteo collects personal data as a data controller and is therefore subject to French data protection laws. The CNIL has requested that we take certain additional steps or amend certain current processes and procedures to ensure compliance with its interpretation of how the law is to be implemented.

Among the additional steps requested by the CNIL are amendments to our contractual arrangements with our clients to clarify the obligations under the applicable laws, including the obligation to provide appropriate information and obtain the user’s consent prior to dropping a cookie or other tracking technologies.

Further, the additional steps may require our clients to change their privacy policies in order for our clients (and us) to be in compliance. In addition, the CNIL has requested that we modify our procedures when we partner with a website that may permit the collection of sensitive data or allow us to infer sensitive information about individual users based on the context or theme of a particular website, to obtain prior and express consent to the collection of such data.

Finally, consistent with the CNIL’s December 2013 clarification of its guidance, the CNIL has advised that, once granted, consents may remain valid for a maximum period of 13 months. However, the CNIL has also indicated that we cannot extend the duration of cookies or other personal identifiers beyond the 13 month consent period. In France, this will result in our being required to establish a new personal identifier for the particular user and therefore potentially limiting our future ability to leverage that user’s historical data to determine which advertisements to deliver and when.

We are in the early stages of analyzing the impact of the CNIL’s observations and requests and anticipate that there will be further discussions with the CNIL regarding certain of its requests. Compliance with the CNIL’s requests might be disruptive to our business and could have a material and adverse impact on our business.

Business – Government Regulation

We are subject to numerous domestic and foreign laws and regulations covering a wide variety of subject matters. New laws and regulations (or new interpretations of existing laws and regulations) may also impact our business. The costs of compliance with these laws and regulations are high and are likely to increase in the future and any failure on our part to comply with these laws may subject us to significant liabilities and other penalties.

In May 2012, the CNIL commenced an inquiry into our compliance with the French data protection laws. The CNIL has visited our site, and requested and received various documents and information about our services and platform. The inquiry has focused on how we operate technically, the data we collect, how we use data, how long data is stored, and the placement and reading of cookies for advertising purposes (including whether informed consent is collected in a manner which complies with French data protection law).

On March 20, 2014, we became aware of a letter from CNIL to Criteo in which the CNIL provided its feedback and observations based on the inquiry and recommended actions in order for us to be in compliance with French data protection laws. In that letter, the CNIL takes the view that Criteo collects personal data as a data controller and is therefore subject to French data protection laws. The CNIL has requested that we take certain additional steps or amend certain current processes and procedures to ensure compliance with its interpretation of how the law is to be implemented.

Among the additional steps requested by the CNIL are amendments to our contractual arrangements with our clients to clarify the obligations under the applicable laws, including the obligation to provide appropriate information and obtain the user’s consent prior to dropping a cookie or other tracking technologies.

Further, the additional steps may require our clients to change their privacy policies in order for our clients (and us) to be in compliance. In addition, the CNIL has requested that we modify our procedures when we partner with a website that may permit the collection of sensitive data or allow us to infer sensitive information about individual users based on the context or theme of a particular website, to obtain prior and express consent to the collection of such data.

Finally, consistent with the CNIL’s December 2013 clarification of its guidance, the CNIL has advised that, once granted, consents may remain valid for a maximum period of 13 months. However, the CNIL has also indicated that we cannot extend the duration of cookies or other personal identifiers beyond the 13 month consent period. In France, this will result in our being required to establish a new personal identifier for the particular user and therefore potentially limiting our future ability to leverage that user’s historical data to determine which advertisements to deliver and when.

We are in the early stages of analyzing the impact of the CNIL’s observations and requests and anticipate that there will be further discussions with the CNIL regarding certain of its requests. Compliance with the CNIL’s requests might be disruptive to our business and could have a material and adverse impact on our business.

We have filed a registration statement (including the Preliminary Prospectus) with the Securities and Exchange Commission (the “SEC”) for the offering to which this communication relates. Before you invest, you should read the prospectus in that registration statement and other documents we have filed with the SEC for more complete information about us and this offering. You may get these documents for free by visiting EDGAR on the SEC web site at www.sec.gov. Alternatively, a copy of the Preliminary Prospectus may be obtained from J.P. Morgan Securities LLC, Attention: Broadridge Financial Solutions, 1155 Long Island Avenue, Edgewood, NY 11717, or by telephone at (866) 803-9204; or from Deutsche Bank Securities Inc., attn: Prospectus Group, 60 Wall Street, New York, NY 10005-2836, by email at prospectus.CPDG@db.com, or by telephone at (800) 503-4611; Morgan Stanley & Co. LLC Attention: Prospectus Department, 180 Varick Street, 2nd Floor, New York, NY 10014, Telephone: (866) 718-1649, Email: prospectus@morganstanley.com; or Jefferies LLC, Equity Syndicate Prospectus Department, at 520 Madison Avenue, 2nd Floor, New York, NY, 10022, by email at Prospectus_Department@Jefferies.com or by telephone at (877) 547-6340.