Privacy Policy CONEXANCE

This section explains the rules for implementing personal data processing operations carried out by CONEXANCE as part of its business.

Concerned about the respect of rules on individual privacy, CONEXANCE undertakes to comply with the provisions of Act 78-17 of 6 January 1978 on Information Technology and Civil Liberties, and with Regulation 679/2016 of 27 April 2016 on data protection.

1 WHAT ARE PERSONAL DATA?

Personal data is defined as any information relating to an identified or identifiable data subject either in a direct or indirect manner by reference to an identifier, such as a name, an identification number, a location data, an online identifier or to one or more specific elements to their physical, physiological, genetic, mental, economic, cultural or social identity.

2WHAT IS CONEXANCE’s STATUS?

As part of the data collection directly through the "Contact" form, CONEXANCE is data controller. As data controller, CONEXANCE undertakes to take the necessary measures to ensure the security and confidentiality of the personal data collected. CONEXANCE also undertakes to collect and process data in a lawful, fair and transparent manner.

As part of its marketing activities, CONEXANCE is a data processor. As a data processor, CONEXANCE undertakes to pursue the necessary measures to ensure the security and confidentiality of the personal data gathered by its clients. CONEXANCE processes the personal data of data subjects only when instructed to do so and on behalf of its clients.

3WHO IS THE DATA PROTECTION OFFICER?


The Data Protection Officer designated by CONEXANCE is the law firm BRM Avocats, which can be contacted at the following address:

4CONEXANCE AS A DATA CONTROLLER

4.1 Postal address

  • DPO CONEXANCE
    28 Place de la Gare
    59000 Lille

4.2 How does CONEXANCE obtain the data?

CONEXANCE collects data directly from professionnals via the “Contact” form. This data is necessary to process the contact request.

4.3 What is the processing’s purpose and its legal basis?

These data are necessary for the following purpose: processing the contact request.

The legal basis for the processing is CONEXANCE's legitimate interest. Indeed, it is in CONEXANCE's interest to collect data from professionals to be able to contact them easily to answer their information requests.

4.4 For how long does CONEXANCE store the data?

In accordance with Article 5e of Regulation 2016/679 of 27 April 2016, personal data are only stored in a form which enables identification for a period not to exceed the duration necessary for the purposes for which they are collected and processed.

The data collected through the contact form will be kept for 3 years following the last contact with CONEXANCE.

4.5 What are the categories of data recipients?

The data collected through the contact form is transmitted to the customer relations teams.

5CONEXANCE AS A DATA PROCESSOR

5.1 How does CONEXANCE obtain the data?

CONEXANCE, as a data processor, does not collect data from data subjects. File owners collect the data from individuals and then submit their databases to CONEXANCE.

The personal data that CONEXANCE processes come from file owners relating to the following business sectors:

  • Personal and home goods
  • Automobile
  • Media
  • Services
  • Recreation
  • Food
  • Wellness services
  • Associations

5.2 Why does CONEXANCE use personal data?

As a data processor, CONEXANCE helps its clients to optimise their marketing campaigns by conducting statistical analyses with the goals of:
  • -Targeting the most promising prospective customers for an advertising campaign promoting a product or service
  • -Identifying those individuals in the customer database who are likely to make repeat purchases from the Client.

Marketing campaigns may, at the Client's request, be carried out by post, by email, by SMS or by advertising on Internet sites.

To execute these processing operations, CONEXANCE acts exclusively at the request of its clients and on their behalf. CONEXANCE never has any contact with the individuals. After CONEXANCE has completed its selection of individuals, their contact information is forwarded to post and/or email routers or to the online targeting platforms designated by the Client.

5.3 For how long does CONEXANCE store the data?

In accordance with Article 5e of Regulation 2016/679 of 27 April 2016, personal data are only stored in a form which enables identification for a period which cannot exceed the duration necessary for the purposes for which they are collected and processed.

As such, the data are only stored by CONEXANCE for the period indicated by its Client. In the absence of specific instructions from the Client, CONEXANCE has established strict rules to respect the rights and privacy of individuals and, consequently, any individual whose last transaction with a client dates to over 5 years ago shall not be retained by CONEXANCE for its analyses.

5.4 Who are CONEXANCE subcontractors?

LIVERAMP : 25/29, rue Anatole France, 92300 Levallois-Perret
Supplier who carry out the services related to digital platforms and online advertising.

The data processing followed this scheme:
  • 1. File transmission by CONEXANCE in plain text on the LiveRamp servers located in the European Union;
  • 2. Pseudonymisation by LiveRamp of the data in the European Union;
  • 3. Generation by LiveRamp of the « LiveRamp Key» (pseudonymised intern key) associated with “CONEXANCE segments”;
  • 4. File removal by LiveRamp initially delivered by CONEXANCE (maximum 7 days after the initial delivery);
  • 5. Use of the pseudonymised « LiveRamp Key »to enable the cookie synchronisation with the third-party platforms;
  • 6. Delivery to activation of the CONEXANCE audiences on the digital platforms;

Only the pseudonymised « LiveRamp Key » is transmitted to the parent company, LiveRamp Inc. in order to synchronize and to provide audiences to the digital platforms. LiveRamp Inc., the parent company, is located in the United States and is certified Privacy Shield.

ATE :21, avenue de la Créativité, 59650 Villeneuve d’Ascq
Hosting provider of the database located in France.

MICROSOFT AZURE : 39, quai du Président Roosevelt, 92130 Issy Les Moulineaux
Hosting provider of the database located in the European Union.

6HOW DOES CONEXANCE SECURE THE DATA?

In accordance with Article 32 of Regulation 2016/679 of 27 April 2016, CONEXANCE undertakes to maintain data security and confidentiality.

To do this, CONEXANCE has defined a strict security policy for personal data. This policy makes it possible to:

  • -implement data encryption procedures to protect any database containing personal information which enters or exists in the CONEXANCE information system.
  • -secure work stations with unique user ids and strong passwords
  • -limit the number of employees who have access to databases containing personal information
  • -ensure that its own subcontractors comply with personal data regulations
  • -regularly test the information system to check that it has a high level of security.

7HOW DOES DATA SUBJECTS EXERCISE THEIR RIGHTS?

7.1 General rules

Any person whose personal data is subject to processing have the ability to exercise their rights to access, correct, erase and object to the processing of their data in accordance with Articles 15 and seq of Regulation 2016/679 of 27 April 2016. The data subject may also exercise their right to the portability of their personal data. Any individual can also transmit post-mortem instructions.

These rights may be exercised directly by contacting the CONEXANCE Client who gathered the personal data or the entity organising the advertising campaign. A response must be issued within one month.

You may also contact CONEXANCE in writing at the following address: CONEXANCE, 28 Place de la Gare, 59000 Lille or by email at : dpo@conexancemd.com

In order to comply with the aforementioned regulation, CONEXANCE has established a push-back list which makes it possible not to contact the data subject who do not wish it.

If you do not wish to be contacted by a Client of CONEXANCE, you may contact us at the address provided and tell us which contact details you wish to register in this push-back list.

7.2 Rules pertaining to emails

When instructed by the owner of a database, CONEXANCE may be called on to send email addresses to its clients.

As a result, data subject included in the database of a database owner may be contacted by a CONEXANCE Client for commercial prospecting.

CONEXANCE's clients work in several business sectors, including:

  • Personal and home goods
  • Automobile
  • Media
  • Services
  • Recreation
  • Food
  • Wellness services
  • Associations

CONEXANCE never has direct contact with the data subjects, such that CONEXANCE neither collects the email address from the person nor sends emails to said person.

However, in order to comply with the aforementioned regulation, CONEXANCE has established a push-back list which makes it possible not to contact individuals who do not wish it.

If you do not wish to be contacted by a Client of CONEXANCE, you may contact us at the address provided in 7.1 and tell us which email addresses you wish to register in this push-back list.

8 COOKIES

When you visit the Conexance website, cookies are placed on your device:

  • -90 BAK plan
  • -90 plan

These are technical cookies placed by our host OVH, whose exclusive purpose is to allow and facilitate navigation on our site. These cookies do not collect any data about your browsing and don’t need your prior consent.

The lifetime of these cookies does not exceed 13 months following their first deposit in your terminal equipment.

Last update: February 2019