Sirdata personal data protection and privacy policy

Vie Privée

Latest version date: March 27th 2018.

By clicking on this page, Users can access information on:

• How and for what purposes the Sirdata Group collects mainly their browsing and interaction data, particularly any personal data;
• The conditions under which Sirdata uses the data it processes;
• The confidentiality and security measures implemented by Sirdata;
• Their rights and the monitoring options available to them in respect of Sirdata’s processing of data related to the devices they use.

This personal data protection and privacy policy (hereinafter the “Policy”) expresses our desire and commitment to gaining the trust of the User. We therefore wish to draw attention to two essential principles to which Sirdata is committed, to ensure protection for the Data it processes: transparency and control by the User of their Personal Data.

In accordance with these two principles, we undertake to guarantee the confidentiality of the Data we process by:

i. acting transparently in relation to the User, so that they can exercise their choices in a clear and informed manner;
ii. allowing them to maintain control over the processing of their Data through a right to object, which we enable them to exercise in practice (see article 8).
iii. working in a way that places significant importance on the security of the Data we collect, for which we use our best endeavours;
iv. considering the protection of Personal Data as a fundamental right.

1. PURPOSE OF POLICY

This Policy is important for Users who want a positive browsing experience they can trust. It is also important for us, since we want to prove that we act transparently in the way we collect Data and protect their confidentiality. We aim to answer Users’ questions accurately and appropriately, and meet their expectations by respecting their choices and rights. We invite all Users to take a moment to understand how we operate and contact us whenever the need arises (see article 10).

In the event of any divergence or inconsistency between the French version and any other language version of this policy or supporting document, the French version will prevail, be deemed authoritative and take precedence.

2. DEFINITIONS

The definitions of key terms provided below are intended to explain our activities to Users as clearly as possible.

IP address(es): means an identification number composed of four series of figures (e.g. 000.000.000.000), which is generally assigned on a temporary basis to a User’s Device by an Internet Service Provider when they connect to the internet, and which we may process when the Device concerned views a Partner Site, in response to statutory obligations or to determine the country in which the connection originated, for example.

Customer(s): means any company other than those that make up Sirdata, with which we have entered into an agreement relating to the provision of Sirdata products and/or services, which allows them to publish an advertisement or personalised message.

Cookie(s): means a text file that is saved temporarily, subject to the User’s agreement in accordance with the applicable French and/or European legislation, when viewing the Site of one of our Partners. A cookie file allows the issuer to identify the internet browser of the Device it is saved on, while the Cookie remains valid or during the period it is saved for.

Personal Data or Data: means, in accordance with the General Data Protection Regulation 2016/679 of 26 April 2016 (“GDPR”), all information that allows a data subject to be identified either directly or indirectly, regardless of the device used by the User. Personal data include sociodemographic, browsing or interaction data relating to a Device’s connection to the internet or a Site at a given moment (IP address, date and time of a Device’s connection to a Site, the identity of the Device or its browsing software, the browser’s user languages, the type and version of the browser used by a Device, the operating system used by the Device, etc.).

Sensitive Data: means those Personal Data that reveal a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic status or state of health, or sexual orientation. It is important to note that Sirdata does not collect any Sensitive Data.

Partner(s): means any company other than those that make up Sirdata, with which we have entered into an agreement relating to the provision of Sirdata services, which allows Sirdata to gather Data.

Site: means, in accordance with the French Act on Confidence in the Digital Economy no. 2004/575 of 21 June 2004 (LCEN), the transmission of digital data of any kind, which do not represent private correspondence, by an electronic communications process, of signs, signals, texts, images, sounds or images of any kind, implemented by our Partners, to offer Users their products and services.

Sirdata, we, our: means Group companies and our service providers who may, under certain conditions, gather, use, save or share Personal Data that has been created or modified when the User accesses, receives an offer from or visits the Site of one of our Partners.

Subcontractor(s): means any company that may process Personal Data on behalf of a principal, which is responsible for processing Data. Where Sirdata acts on behalf of a Customer, Sirdata may be a subcontractor. Where a Sirdata service provider acts on behalf of Sirdata and on its instructions, Sirdata is responsible for the Data processed by said service provider subcontractor.

Device(s): means the hardware (computer, smartphone, tablet and/or all connected devices, etc.) and their software components (operating system, browser, etc.) that allow the User to access a Partner’s site.

Processing of Personal Data: means any operation(s) applied to Personal Data, in particular collection, saving, organisation, viewing, use, storage, transfer or any means of providing access, limiting, erasure or destruction, comparison or interconnection.

Users(s): means any physical person who accesses, uses, views via a given web browser or is a member of a Partner’s department, whose Personal Data we may process in order to serve our Customers.

3. DATA COLLECTION

Sirdata is a company that specialises in data marketing, whose activities consist primarily of collecting and Processing sociodemographic, browsing and interaction data, which are used to qualify, enhance and segment its Partners’ audiences.

The Data we collect through our Partners are pseudonymised, i.e. converted or manipulated via identifiers in the form c52c40bb75bc6b3209cffac354d81b7a or 20171120_XXXX6b25e5164555f79bbb95865XXXX, which means that the User cannot be identified directly. We do not, under any circumstances, collect Data such as their name, postal address or phone number, which would allow the User to be identified directly.

Our activity does not, at any time, involve collecting Data that would directly identify the User or allow us to identify them directly. We use various technologies, including placing Cookies and other similar technologies, to collect and store non-personal data only, when a User views the Site of one of our Partners, or uses one of its services.

Using these Cookies and other similar technologies, we are able to analyse Users’ areas of interest through their browsing habits and in particular:

• their activity on Sites run by our Partners (number of pages viewed, products viewed, searches run, etc.);
• geographical information based on their IP addresses and connections, in particular the country where Users where located when they connected. Find out more.

It is important to remember that Sirdata does not collect any Sensitive Data and that no Data category or segment is created specifically for targeting minors.

Our aim is essentially to make it possible, using a small amount of apparently insignificant information, such as searching for a product or reading an article, to determine the User’s areas of interest or probable intentions, and personalise advertising and commercial messages accordingly. In brief, we allow our Customers to interact with the User where this is relevant, and not to do so where it is not; this is less frustrating for the User and avoids our Customers investing their marketing budget in advertisements that are not effective.

Find out more, via a dedicated page that outlines the technologies we use to collect our Data.

4. USE OF DATA

Sirdata seeks to understand and respond to Users’ expectations by collecting browsing and interaction data. Sirdata’s ambition is to allow its Customers to target Users with relevant offers that match their areas of interest.

As a result, the data we collect then allow our Customers to provide and improve the products and services they offer to consumers. The process allows our Customers to post content and offers in line with Users’ interests.

For example, if a User views and browses a (merchant or other) site, their browsing and interaction data will be collected and can then be used by our Customers so that the next time a User browses, they will see content and advertisements that match their areas of interest as closely as possible.

All the Data collected are retained for a limited time, based on the purpose for which they were processed and in accordance with the regulations in effect. Our Cookies are valid for a maximum of 365 days.

5. TRANSFER OF DATA

The Data we collect many be processed on servers located within or outside the European Union. In the event of a transfer of Data, we provide guarantees that are compliant with European Union law and require and ensure that a high level of Data protection is implemented by our Subcontractors, Partners or Customers around the world.
Find out more

6. DATA SECURITY

We undertake to process the Data we collect in strict confidence.
Sirdata places particular importance on the security of Users’ Data by using technologies that provide security in line with the most demanding standards, using SSL, hashing/encryption and firewall technologies.
We do everything we can to ensure the confidentiality of the Data we collect and to prevent unauthorised third parties from viewing, using, disclosing, modifying, damaging or destroying said Data.
Find out more

7. DATA SHARING AND DISCLOSURE

Sirdata does not share Users’ Data with businesses, organisation or non-Customer third parties unless we believe that there is a reasonable justification for accessing, using or disclosing said Data:

7.1 To our subsidiaries and service providers

It is possible that we may, in the context of our activities, transfer Data to our subsidiaries or Subcontractors that process the Data collected on our behalf, and in accordance with our instructions and this Policy. Under no circumstances may our Subcontractors appoint another Subcontractor without our prior authorisation in writing or use the Data for any purpose other than those described in this Policy.

7.2 In response to a request from an authorised public body

In response to court summons or orders, judicial or administrative procedures or any other request issued by the competent authorities to which Sirdata must submit, or to establish or exercise its rights, or to defend itself against legal proceedings;
To protect itself from any infringement of Sirdata’s or Users’ rights, property or security pursuant to and in accordance with the law;
To avoid, reveal or deal with fraudulent activities, security breaches or any technical problem that might affect Sirdata’s servers.

8. FREEDOM OF CHOICE AND CONTROL OF DATA

It is also essential to inform Users about how we collect their Data, to allow them to make informed choices and exercise their rights in full knowledge of the facts.

In accordance with the applicable regulations, collecting Data using Cookies and other similar technologies is subject to obtaining the User’s agreement, which can be expressed and modified at any time, using any of the methods offered to them to exercise their choices. Our Partners are responsible for obtaining their agreement to save Cookies to their Device when they browse to their Sites or use their services, in accordance with the applicable regulations. Sirdata cannot be held liable in this respect.

In accordance with the GDPR, we allow Users the right to access and erase their Data. In order to fulfil requests for access and erasure, we ask Users to provide us with the relevant credentials below using the form provided here.

• The Identifier of the Sirdata Cookie. Without these technical details, we are unable to compare the Data we hold with a User who wishes to exercise a right of access or erasure. Users can click here to find the identifier associated with the internet browser of the Device they are currently using.

• A statement on their honour that the User is the only user of their Device or has exclusive control over the use of the Device whose Data may have been collected by Sirdata.
      – If it is likely that said Device may have been used by a third party (example: spouse, adult child, family, friend…) with the User’s agreement or without any objection, the latter must also undertake to obtain the agreement of said third parties in writing.
        – This statement providing the consent of third parties having used that said Device will enable us to satisfy the request for access or erasure, insofar as said access request is likely to reveal information about the browsing history of said third parties.

• A valid identity document.

If the User no longer wishes any or all of their Data to be gathered and saved by Sirdata, they may exercise their right to object by clicking here and deactivating the gathering of their Data by Sirdata. If the User expresses an objection to the gathering of their Data, they can be asked again for their consent through our Partners’ services.

We ask Users to note that exercising their right of objection implies destroying the Cookie that contains the Sirdata identifier and that Sirdata may therefore no longer be able to fulfil subsequent access or erasure requests on technical grounds. If the User wishes to exercise a prior right to access or erase Data, it must be expressed in accordance with the terms set out in the previous paragraph. If the User wishes to retain the possibility of exercising a right to access or erase Data, they must record and archive their Sirdata identifier (viewable here) prior to exercising their right to object.

However, it is important to note that deleting Cookies will remove the information needed to process the User’s objection. The same may apply when browsers are changed or updated. The User will therefore have to reconfirm their decision to exercise their right to object.

Users may also exercise their choices directly in their internet browser. The procedure for managing Cookies and Cookie preferences varies slightly between browsers. Users can view the steps for managing cookies in their browser’s help menu.

for Internet Explorer™
for Safari™
for Chrome™
for Firefox™
for Opera™



Note: exercising your right to object will not prevent advertisements being displayed. Only advertisements that use Sirdata’s personalisation services will cease. In other words, the User will no longer be shown advertising that reflects their areas of interest through the use of Sirdata Cookies, but will continue to be shown advertisements whose content will no longer necessarily match their areas of interest, and may be dubious.

9. CHANGES TO THIS POLICY

This Policy may be subject to change. Any change to the rules of our Confidentiality Policy will be accessible as soon as it comes into effect on this page.

10. CONTACT US

Do you still have questions about this Policy? Are you looking for answers to your queries about confidentiality and the Data we gather? Take a look at the “Themes” section, which has a list of subject categories that we hope will meet your expectations. Otherwise, please contact us at the following address and we will do our best to answer within a maximum of one month:

Sirdata
For the attention of the Data Protection Officer
User Access and Erasure Rights Service
20, rue Saint-Fiacre
75002 Paris
France


11. FIND OUT MORE

Users who are looking for more detailed information on subjects such as Cookies and the other similar technologies we use, security measures, data transfers, location, etc., are invited to click on the “Themes” section below.


THEMES

Cookies and other similar technologies

Sirdata uses Cookies and other similar technologies, placed on the User’s browser, to analyse their online behaviour and identify their areas of interest as accurately as possible.
These Cookies help to improve the User’s browsing experience, for example by offering advertisements that are more appealing because they are based on their preferences.
Cookies are also used to select content and advertising based on their relevance for the User and to avoid showing them advertisements that would not interest them.

Transfer of Data

The Data we collect may be transferred to countries that are not part of the European Union, in accordance with our Confidentiality Policy. These Data may be transferred to companies within the Sirdata Group but also to our Partners, Customers and Subcontractors.

We are aware that personal data protection and privacy standards in countries that are not members of the European Union are different. Since we are likely, in relation to our business, to transfer Data from European residents outside the European Union, we require all our Partners, Customers and Subcontractors to provide an adequate level of protection, in line with that required within the European Union, failing which, no data will be transferred to them.

As we are committed to providing protection for Users’ Data and compliance with European regulations, an adequate level of protection for Data means that our Partners, Customers and Subcontractors formally undertake to comply with data protection standards such as compliance with:

– the EU-US Privacy Shield;
– the standard contractual clauses adopted by the European Commission;
– Binding Corporate Rules (BCR).

Data security

We implement all the necessary security measures to protect Sirdata and Users from any unauthorised access, damage, disclosure or destruction of the Data we have gathered. We therefore use:

– effective technologies, such as encryption, using SSL technology and hashing/encryption; finally, we have installed firewalls on all our networks to prevent any intrusion from malicious third parties;
– internal audits on data collection, storage and processing are carried out regularly in order to check access to our databases and prevent any unauthorised system from accessing Sirdata systems;
– restricted access to the Data collected, so that only Sirdata Group employees whose role requires them to view the Data are authorised to access them, in accordance with strict confidentiality obligations to which they are subject, on penalty of proportionate and appropriate disciplinary sanctions.

Location

Sirdata may collect Data relating to the User’s location through Cookies and other similar technologies. In particular, Sirdata may be able to deduce the User’s approximate location (country, city) at a given time, based on their IP address, although depending on their method of connecting to the internet and Internet Service Provider (ISP), the IP address assigned to their Device may change each time they connect.

We do not engage in geolocation but may be able to deduce the User’s connection access point based on their IP address. The collection of IP addresses is only used to locate the user geographically and is no more precise than the country from which they are connecting.

It is also possible for Sirdata, with the User’s consent, to obtain location Data based on the information communicated by the latter when browsing the Site of one of our Partners and in particular, if they have an account where information such as the city where they live has been completed.



Get in touch

SirData

Talk to us

follow us

 

Personal Data

Sirdata takes consumer’s privacy very seriously and complies with all applicable laws and regulations. Our particular model is privacy friendly, and does not collect or store any sensitive data in its process.