Latest version date: August 8th 2018.
By browsing this page, the User can access information on:
• The way Sirdata collects Personal Data
• The types of Personal Data collected
• The use and purposes of the Data
• The rights and methods of control available to the User
• The security and confidentiality measures undertaken by Sirdata
This Policy is important for the User who wants a positive browsing experience they can trust. It is also important for us, since we aim to prove we demonstrate our transparency in the way we collect Data and protect the User’s confidentiality.
We aim to answer the User’s questions accurately and appropriately, and meet their expectations by respecting their choices and rights. We invite all Users to take a moment to understand how we operate.
In the event of any divergence or inconsistency between the French version and any other language version of this policy or supporting document, the French version will prevail, be deemed authoritative and take precedence.
Sirdata uses various technologies, including placing Cookies and other similar technologies, to collect and store non-nominative Personal Data only, when a User views the Site of one of our Sites Operators, or uses one of its services. Find out more
Sirdata collects exclusively non-nominative Personal Data. It means the Data collected by Sirdata does not enable a User to be identified directly. Nominative data can be the name, the postal address or the phone number.
Sirdata does not collect any Sensitive Data and no Data category or segment is created specifically for targeting minors.
User’s Personal Data collected through the Sites of the Sites Operators by Sirdata are mainly browsing, interaction and some demographics Data:
Browsing and interaction
Number of accessed webpages, viewed products, researches done by the User
Non-nominative demographic Personal Data
The age range, the age or birth date of the User communicated by way of declaration via a form or when creating an account
Through Sites Operators, Sirdata also collects:
• The User’s hashed email address (forming a technical key associated with cookie. Find out more)
• The User’s geographical information based on the IP address and connections (enabling the geographic location of the User on a country level but no more accurate than the city of connection. Find out more)
The data collected through Sites Operators are pseudonymised, i.e. converted or manipulated via identifiers in the form c52c40bb75bc6b3209cffac354d81b7a or 20171120_XXXX6b25e5164555f79bbb95865XXXX, which means that the User cannot be identified directly.
• By Sirdata
- collecting and
- Processing sociodemographic, browsing and interaction data.
- Analyses, assesses and determines the areas of interest or probable intentions of the User.
- segment the Users of the Sites Operators according to demographics, interest or intent criteria and to
- distribute this information through Audience Segments to its Customers and Partners, whose purposes are described hereunder. Find out more about Audience Segments
Sirdata does not proceed to any direct marketing operation and does not exploit in its systems any nominative file on behalf of its Customers or Partners. Sirdata does not provide Users with any advertisement and/or marketing offers by email, mail or phone.
• By Sirdata, our Customers, Partners and Partner’s customers
Sirdata allows its Customers, Partners and Partners’ customers to enrich their marketing experience and target Users with relevant offers that match their areas of interest.
- Provide consumers with adapted and personalised contents and/or offers
- Improve their consumer knowledge and relationship
- Perform audience research and statistical analysis
- Optimise and improve their products and services
For example, when the User views and browses several Sites (such as the view of a specific product on a merchant website), their browsing and interaction data can be collected. The data will then be used by our Customers, Partners and Partners’ customers so that next time the User browses, they will see content and advertisements that match their areas of interest as closely as possible (for example related to the viewed product).
Find out more and consult other examples for data uses
In accordance with the applicable regulation, Sirdata’s lawful basis for processing Data is the User’s consent.
User’s consent can be expressed and modified at any time using any methods offered to them to exercise their choices. Our Sites Operators are responsible for obtaining the informed consent of the User to save Cookies to their Device when they browse their Sites or use their services.
It is essential for Sirdata to enable the User to make informed choices and exercise their rights in full knowledge of the facts.
Right to object
If the User no longer wishes any or all of their Data to be gathered and processed by Sirdata, they may exercise their right to object and deactivate the gathering of their Data by Sirdata.
We wish to draw the User’s attention to the following elements:
• Exercising the right to object will not prevent advertisement being displayed or promotional emails being received. Only advertisement and/or marketing operations using Sirdata’s personalisation services will cease.
In other words, the User will no longer be shown offers that reflects their areas of interest through the use of Sirdata Cookies, but will continue to be shown advertisement and/or marketing offers whose content will no longer necessarily match their areas of interest, and may be dubious.
• The exercising of the right to object proceeds through the placing of an objection cookie (Opt-Out Cookie), saved on the Internet Browser of the User. The Opt-Out Cookie must be reinstalled on each Device and each Browser the User employs.
• Deleting Cookies will remove the information needed to process the User’s objection.
The same may apply when Browsers are changed or updated. If the Cookies are deleted or if the Browsers are changed/updated with deletion of Cookies, the User will therefore have to reconfirm their decision to exercise their right to object.
• Subsequently to the exercise of their right to object, Sirdata can no longer technically fulfil requests for access or erasure. If the User wishes to retain the possibility of exercising a right to access or erase Data, they must record and archive their Sirdata identifier (viewable here) prior to exercising their right to object.
• By objecting to the collect of their Data by Sirdata using Cookies, the User is informed that Sirdata’s Partners and Customers will no longer save Cookies on their Device by means of Sirdata.
The latter will nevertheless be able to place Cookie without the use of Sirdata. The User can access more information related to personal data protection by Sirdata’s Partners by clicking hereunder.
Users may also exercise their choices directly in their internet browser. The procedure for managing Cookies and Cookie preferences varies slightly between browsers. Users can view the steps for managing cookies in their browser’s help menu.
Rights to access and erasure
In accordance with the GDPR, we allow the User the right to access and erase their Data.
Sirdata can fulfil the User's request for rectification subsequently to their exercice of their right to access.
We wish to draw User’s attention to the fact that Sirdata processes exclusively non-nominative Personal Data. It means Sirdata does not process any nominative information on the User in its systems such as the first name, last name, postal address nor the email address.
The gathering of Data by Sirdata relies indeed on the placing of Cookie in the User’s Devices.
Therefore, in order to fulfill requests for access and erasure, we ask the User to provide us the relevant credentials listed below using the dedicated form.
1) The Identifier of the Sirdata Cookie.
• The Cookie isn’t associated with any first name, last name or email address but with an identifier in the form 20171120_XXXX6b25e5164555f79bbb95865XXXXthat does not allow the User to be directly identified.
• Without this technical information, we are unable to compare the Data we hold with a User who wishes to exercise a right of access or erasure.
• The User can click here to find the identifier associated with the Internet Browser of the Device they are currently using.
2) A statement on their honor that the User is the only one utilising the Device or has the exclusive control over the use of the Device whose Data may have been collected by Sirdata.
• The Device (computer, smartphone, tablet or any connected media) can be of collective use (by the User, their partner, family, friends etc.). Therefore, the Data collected by Sirdata is not necessarily limited to the User’s.
• If it is likely that said Device may have been used by a third party with the User’s agreement or without any objection, the latter must also undertake to obtain the agreement of said third parties in writing for us to satisfy the request, insofar as said request is likely to reveal information about the browsing history of said third parties.
3) A valid identity credential.
• Without identity credential, Sirdata can not ensure of the authenticity of the identity communicated by the User and can not satisfy the request.
Why does the User need to provide Sirdata with all credentials?
Sirdata ensures that User’s Personal Data is processed in strict confidence and implements the necessary measures to prevent unauthorised third parties from viewing, using, disclosing, modifying, damaging or destroying said Data.
While Sirdata is not able to identify directly the User to satisfy their requests for access and erasure, and in accordance with the regulation, we ask the User to prove their identity and that they act within their own rights.
As to illustrate our procedure, the User will find hereunder a practical example that could be encountered by Sirdata:
Paul wishes to access the sites viewed by his 23 years old son James on the family computer. He completes and sends over a request to Sirdata using his son’s name James and indicates the identifier of the Cookie saved in the Browser of the family computer. His specific requirement is to be informed about all information related to any browsing behavior Sirdata would have gathered thanks to this Cookie.
If Sirdata was to satisfy his request without verifying the identity and statement of honor, James’ Personal Data would be disclosed to his father without his authorisation.
All the Data collected are retained for a limited time, based on the purposes they were processed for and in accordance with the regulations in effect. Our Cookies are valid for a maximum of 365 days.
The IP address is furthermore truncated on the fly when collected to retain what is necessary to deduce the User’s approximate location (country, city) at the time of connection.
Sirdata then permanently deletes all Data in its database and storage servers.
The Data we collect many be processed on servers located within or outside the European Union. In the event of a transfer of Data, we provide guarantees that we are compliant with European Union law and require and ensure that a high level of Data protection is implemented by our Subcontractors, Sites Operators, Partners or Customers around the world. Find out more
We undertake to process the Data we collect in strict confidence.
Sirdata places particular importance on the security of the User’s Data by using technologies that provide security in line with the most demanding standards, using SSL, hashing/encryption and firewall technologies. We do everything we can to ensure the confidentiality of the Data we collect and to prevent unauthorised third parties from viewing, using, disclosing, modifying, damaging or destroying said Data. Find out more
Data Sharing and Disclosure
Sirdata does not share the User’s Data with businesses, organisations non-Partner or non-Customer third parties unless we believe that there is a reasonable justification for accessing, using or disclosing said Data:
• To our subsidiaries and service providers
We may, in the context of our activities, transfer Data to our subsidiaries or Subcontractors that process the Data collected on our behalf, and in accordance with our instructions and this Policy. Under no circumstances may our Subcontractors appoint another Subcontractor without our prior authorisation in writing or use the Data for any purpose other than those described in this Policy.
• In response to a request from an authorised public body
In response to court summons or orders, judicial or administrative procedures or any other request issued by the competent authorities to which Sirdata must submit, or to establish or exercise its rights, or to defend itself against legal proceedings;
To protect itself from any infringement of Sirdata’s or Users’ rights, property or security pursuant to and in accordance with the law;
To avoid, reveal or deal with fraudulent activities, security breaches or any technical problem that might affect Sirdata’s servers.
This Policy may be subject to change. Any change to the rules of our Confidentiality Policy will be accessible as soon as it comes into effect on this page.
Otherwise, please contact us using the following form and we will do our best to answer within a maximum of one month.
IP address(es): means an identification number composed of four series of figures (e.g. 000.000.000.000), which is generally assigned on a temporary basis to a User’s Device by an Internet Service Provider when they connect to the internet, and which we may process when the Device concerned views a Site, in response to statutory obligations or to determine the country in which the connection originated, for example.
Browser(s) or Internet Browser(s): means a software application for displaying websites, download files and carry out searches. There are many different Browsers, for any kind of Device (computer, tablet, phones, etc.) and for any kind of operating system (GNU/Linux, Windows, Mac OS, iOS, Android, etc.). The most popular Browsers are Google Chrome, Mozilla Firefox, Internet Explorer, Safari and Opera.
Customer(s): means any company other than those that make up Sirdata, with which we have entered into an agreement relating to the provision of Sirdata products and/or services, which allows them to publish an advertisement or personalised message.
Cookie(s): means a text file that is saved temporarily, subject to the User’s agreement in accordance with the applicable French and/or European legislation, when viewing the Site of one of our Sites Operators. A cookie file allows the issuer to identify the Internet Browser of the Device it is saved on, while the Cookie remains valid or during the period it is saved for.
Device(s): means the hardware (computer, smartphone, tablet and/or all connected devices, etc.) and their software components (operating system, Browser, etc.) that allow the User to access the Site of a Site Operator.
Partner(s): means any company other than those that make up Sirdata, with which we have entered an agreement relating to the provision of Sirdata services, which allow Sirdata to distribute Data to its Customer(s) and/or to the Partner’s customers.
Personal Data: means, in accordance with the General Data Protection Regulation 2016/679 of 26 April 2017 (“GDPR”), all information that allows a data subject to be identified either directly or indirectly, regardless of the device used by the User. Personal data include sociodemographic, browsing or interaction data relating to a Device’s connection to the internet or a Site at a given moment (IP address, date and time of a Device’s connection to a Site, the identity of the Device or its browsing software, the Browser’s user languages, the type and version of the Browser used by a Device, the operating system used by the Device, etc.).
Processing of Personal Data: means any operation(s) applied to Personal Data, in particular collection, saving, organisation, viewing, use, storage, transfer or any means of providing access, limiting, erasure or destruction, comparison or interconnection.
Sensitive Data: means those Personal Data that reveal a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic status or state of health, or sexual orientation. It is important to note that Sirdata does not collect any Sensitive Data.
Site(s) Operator(s): means any company other than those that make up Sirdata, with which we have entered into an agreement relating to the provision of Sirdata services, which allows Sirdata to gather Data.
Site(s): means, in accordance with the French Act on Confidence in the Digital Economy no. 2004/575 of 21 June 2004 (LCEN), the transmission of digital data of any kind, which do not represent private correspondence, by an electronic communications process, of signs, signals, texts, images, sounds or images of any kind, implemented by our Sites Operators, to offer Users their products and services.
Sirdata, we, our: means Group companies and our service providers who may, under certain conditions, gather, use, save or share Personal Data that has been created or modified when the User accesses, receives an offer from or visits the Site of one of our Sites Operators.
Subcontractor(s): means any company that may process Personal Data on behalf of a principal, which is responsible for processing Data. Where Sirdata acts on behalf of a Customer, Sirdata may be a subcontractor. Where a Sirdata service provider acts on behalf of Sirdata and on its instructions, Sirdata is responsible for the Data processed by said service provider subcontractor. User(s): means any physical person who accesses, uses, views via a given Internet Browser or is a member of a Site Operator’s department, whose Personal Data we may process in order to serve our Partners and Customers.
1) Cookies and other similar technologies
Cookies and other similar technologies used by Sirdata are text files placed on the User’s Browser and manipulated via an identifier in the form 20171120_XXXX6b25e5164555f79bbb95865XXXX, which means the User cannot be identified directly.
The Cookies and other similar technologies enable Sirdata identifying the Internet Browser of the Device in which they are saved, during their period of validity, to save and collect mainly the User’s browsing and interaction Data.
These Cookies and other similar technologies integrate broad categories of information on the User such as the age range and/or the interests.
They are used to improve Users’ browsing experience, for example by offering advertisements that are more appealing because they are based on their preferences.
2) Hash of email
Sirdata never collects the User’s email address in plain text (i.e. in the form firstname.lastname@example.org) but collects only the transformed email address using hash functions.
This technique converts an email address in a character string in the form c52c40bb75bc6b3209cffac354d81b7a, enabling the pseudonymization of the information and creating simply a technical key associated with the User’s Cookie.
This mechanism is deemed one-sided. Once the email address is converted in hash, it is no longer possible to retrieve the source email address based on the character string.
The User’s direct identification is therefore impossible..
Sirdata does not process any email address that hasn’t been converted in hash in its systems..
3) Audience segments
An audience segment means a set of Users, segmented by Sirdata in a pseudonymous manner and according to demographic, interest and/or intent criteria.
This segmentation is based on the analysis of Users’ Data, and more particularly their browsing behaviours on the Sites they visit.
Distributing these audience segments to Customers and Partners, Sirdata allows its Customers and/or Partners’ customers to reach Users with personalised contents and offers.
4) Modelled Audiences
A modelled audience means a set of Users, created by Sirdata or its Partner(s) in a pseudonymous manner and according to demographic, interest and/or intent criteria.
Based on the behaviour pattern of Users whose demographic criteria, areas of interest or probable intentions have been determined, Sirdata or its Partner(s) can define browsing models to uncover other Users with similar demographic criteria, areas of interest or probable intentions.
This results in Modelled Audiences that allow Customers and/or Partners’ customers to reach Users with personalised contents and offers.
5) Examples of Data uses and purposes
Sirdata uncovers the User’s intent to change, based on their browsing behaviors. Thanks to their Cookie Identifier, the User, when browsing later on, will be shown advertisement for subscription packages, in line with their needs.
Sirdata uncovers User’s interest for football practice, based on their browsing behavior. Thanks to their Cookie Identifier, Sirdata’s Customer, a web merchant, can offer the User suitable sports articles when visiting its website without need for the User to carry out a search.
Customer database enrichment
Sirdata uncovers User’s intent for travelling to Hawaï. Thanks to the reconciliation of their hash of email, Sirdata’s Customer, a retail banking business, can offer the User – only if the latter is already in its database and has provided their email address – a personalised insurance package for travelling abroad at the right time.
6) Sirdata’s Partners
Within the framework of its activities, Sirdata connects to partner technological platforms (Demand Side Platforms, Data Management Platforms, personalisation platforms…)
Sirdata transfers to them Users’ Data for it to be utilised by its Customers or by its Partners’ customers (advertisers, media agencies…). The latter are therefore able to pursue personalised marketing operations. The User can find out more about Transfer of Data hereunder.
7) Transfer of Data
The Data we collect may be transferred to countries that are not part of the European Union, in accordance with our Confidentiality Policy. These Data may be transferred to companies within the Sirdata Group but also to our Sites Operators, Partners, Customers and Subcontractors.
We are aware that personal data protection and privacy standards in countries that are not members of the European Union are different. Since we are likely, in relation to our business, to transfer Data from European residents outside the European Union, we require all our Sites Operators, Partners, Customers and Subcontractors to provide an adequate level of protection, in line with that required within the European Union, failing which, no data will be transferred to them.
As we are committed to providing protection for Users’ Data and compliance with European regulations, an adequate level of protection for Data means that our Sites Operators, Partners, Customers and Subcontractors formally undertake to comply with data protection standards such as compliance with:
– the EU-US Privacy Shield;
– the standard contractual clauses adopted by the European Commission;
– Binding Corporate Rules (BCR).
8) Data Security
We implement all the necessary security measures to protect Sirdata and Users from any unauthorised access, damage, disclosure or destruction of the Data we have gathered. We therefore use:
– effective technologies, such as encryption, using SSL technology and hashing/encryption; finally, we have installed firewalls on all our networks to prevent any intrusion from malicious third parties;
– internal audits on data collection, storage and processing are carried out regularly in order to check access to our databases and prevent any unauthorised system from accessing Sirdata systems;
– restricted access to the Data collected, so that only Sirdata Group employees whose role requires them to view the Data are authorised to access them, in accordance with strict confidentiality obligations to which they are subject, on penalty of proportionate and appropriate disciplinary sanctions.
Sirdata may collect Data relating to the User’s location through Cookies and other similar technologies.
Sirdata may be able to deduce the User’s approximate location such as the country or city based on their IP address, although depending on their method of connecting to the internet and Internet Service Provider (ISP), the IP address assigned to their Device may change each time they connect.
The collection of IP addresses is only used to locate the User geographically and is nomore precise than the country from which they are connecting. We do not perform any geolocation and do not collect the GPS position of the User.
It is also possible for Sirdata to obtain the zip code of the User based on the information communicated by the latter, when browsing the Site of one of our Sites Operators and in particular, if they have an account where this information has been completed.
This Data can be shared to our Customers, Partners and Partners’ customers for the purposes of presenting the User with relevant marketing operation (for example to offer the User situated in the United Kingdom advertisement in English language, or to communicate the User living in the south of London an offer for a local shop).