Conexance is now branded choreograph France. All references below to Conexance should be taken to mean choreograph France.

This section explains the rules for implementing personal data processing operations carried out by CONEXANCE as part of its business.

Concerned about the respect of rules on individual privacy, CONEXANCE undertakes to comply with the provisions of Act 78-17 of 6 January 1978 on Information Technology and Civil Liberties, and with Regulation 679/2016 of 27 April 2016 on data protection.

1 WHAT ARE PERSONAL DATA?

Personal data is defined as any information relating to an identified or identifiable data subject either in a direct or indirect manner by reference to an identifier, such as a name, an identification number, a location data, an online identifier or to one or more specific elements to their physical, physiological, genetic, mental, economic, cultural or social identity.

2WHAT IS CONEXANCE’s STATUS?

As part of the data collection directly through the "Contact" form, CONEXANCE is data controller. As data controller, CONEXANCE undertakes to take the necessary measures to ensure the security and confidentiality of the personal data collected. CONEXANCE also undertakes to collect and process data in a lawful, fair and transparent manner.

As part of its marketing activities, CONEXANCE is a data processor. As a data processor, CONEXANCE undertakes to pursue the necessary measures to ensure the security and confidentiality of the personal data gathered by its clients. CONEXANCE processes the personal data of data subjects only when instructed to do so and on behalf of its clients.

3WHO IS THE DATA PROTECTION OFFICER?

The Data Protection Officer designated by CONEXANCE is the law firm TGS Avocats, which can be contacted at the following address:

• -Postal address:
  DPO CONEXANCE
  27bis, rue du Vieux Faubourg
  59000 Lille


• -E-mail address : data-privacy@choreograph.com

4CONEXANCE AS A DATA CONTROLLER

4.1 Postal address

• choreograph
  27bis, rue du Vieux Faubourg
  59000 Lille

4.2 How does Conexance obtain the data?

Conexance collects data directly from professionals via the “Contact” form. This data is necessary to process the contact request.

4.3 What is the processing’s purpose and its legal basis?

These data are necessary for the following purpose: processing the contact request.

The legal basis for the processing is CONEXANCE's legitimate interest. Indeed, it is in CONEXANCE's interest to collect data from professionals to be able to contact them easily to answer their information requests.

4.4 For how long does Conexance store the data?

In accordance with Article 5e of Regulation 2016/679 of 27 April 2016, personal data are only stored in a form which enables identification for a period not to exceed the duration necessary for the purposes for which they are collected and processed.

The data collected through the contact form will be kept for 3 years following the last contact with CONEXANCE.

4.5 What are the categories of data recipients?

The data collected through the contact form is transmitted to the customer relation teams.

5CONEXANCE AS A DATA PROCESSOR

5.1 How does Conexance obtain the data?

CONEXANCE, as a data processor, does not collect data from data subjects. File owners collect the data from individuals and then submit their databases to CONEXANCE.

The personal data that CONEXANCE processes come from file owners relating to the following business sectors:

• Personal and home goods
• Automobile
• Media
• Services
• Recreation
• Food
• Wellness services
• Associations

5.2 Why does Conexance use personal data?

As a data processor, Conexance helps its clients to optimise their marketing campaigns by conducting statistical analyses with the goals of:

• -Targeting the most promising prospective customers for an advertising campaign promoting a product or service
• -Identifying those individuals in the customer database who are likely to make repeat purchases from the Client.

Marketing campaigns may, at the Client's request, be carried out by post, by email, by SMS or by advertising on Internet sites.

To execute these processing operations, Conexance acts exclusively at the request of its clients and on their behalf. Conexance never has any contact with the individuals. After Conexance has completed its selection of individuals, their contact information is forwarded to post and/or email routers or to the online targeting platforms designated by the Client.

5.3 For how long does Conexance store the data?

In accordance with Article 5e of Regulation 2016/679 of 27 April 2016, personal data are only stored in a form which enables identification for a period which cannot exceed the duration necessary for the purposes for which they are collected and processed.

As such, the data are only stored by Conexance for the period indicated by its Client. In the absence of specific instructions from the Client, Conexance has established strict rules to respect the rights and privacy of individuals and, consequently, any individual whose last transaction with a client dates to over 5 years ago shall not be retained by Conexance for its analyses.

5.4 Who are Conexance subcontractors?

ATE:21, avenue de la Créativité, 59650 Villeneuve d’Ascq
Hosting provider of the database located in France.

MICROSOFT AZURE: Microsoft Amsterdam Data Center, Agriport 601, Middenmeer, Netherlands
Hosting provider of the database located in the European Union.

LIVEDATA SOLUTIONS: Calle Equador 75, 08029 Barcelona, Spain
Email supplier located in the European Union used to carry out email routing services.

MEDIAPOST: 19 rue de la Villette, 69425 Lyon Cedex 03
Conexance Marketing partner located in France.

Conexance provides Mediapost with a pseudonymized counting base (data: name, first name, email address and mobile phone number, are hashed) allowing it to select, on behalf of its customers, the identifiers corresponding to the desired target.

The pseudonymized Conexance counting base is hosted on a Mediapost SFTP server with a Conexance-specific login and password.

ARSENAL: 7c rue du Houblon, ZI Pilaterie, 59700 Marcq en Baroeul
Service provider located in France, a partner in the marketing of Conexance offers to its customers

LIVERAMP : 25 rue anatole France, 92300 Levallois-Perret

5.5 Who are the data recipients ?

In accordance with its clients instructions, Data controllers, Conexance transfers data to the subcontractors referenced above (5.4) and to its business partners. Conexance 's clients work in several business sectors, including:

• Publishing and Media
• Automobile
• Wellness services
• Associations
• Energy
• Mail order
• Polls and surveys
• Personal goods
• Home goods
• Recreation
• Clothing
• Services
• Banking, insurances
• food
• telephony, internet

6HOW DOES CONEXANCE SECURE THE DATA?

In accordance with Article 32 of Regulation 2016/679 of 27 April 2016, Conexance undertakes to maintain data security and confidentiality.

To do this, Conexance has defined a strict security policy for personal data. This policy makes it possible to:

• -implement data encryption procedures to protect any database containing personal information which enters or exists in the Conexance information system.
• -secure work stations with unique user ids and strong passwords
• -limit the number of employees who have access to databases containing personal information
• -ensure that its own subcontractors comply with personal data regulations
• -regularly test the information system to check that it has a high level of security.

7HOW DOES DATA SUBJECTS EXERCISE THEIR RIGHTS?

7.1 General rules

Any person whose personal data is subject to processing have the ability to exercise their rights to access, correct, erase and object to the processing of their data in accordance with Articles 15 and seq of Regulation 2016/679 of 27 April 2016. The data subject may also exercise their right to the portability of their personal data. Any individual can also transmit post-mortem instructions.

These rights may be exercised directly by contacting the Conexance Client who gathered the personal data or the entity organising the advertising campaign. A response must be issued within one month.

You may also contact Conexance in writing at the following address: Conexance, 27bis, rue du Vieux Faubourg 59000 Lille or by email at : data-privacy@choreograph.com

In order to comply with the aforementioned regulation, Conexance has established a push-back list which makes it possible not to contact the data subject who do not wish it.

If you do not wish to be contacted by a Client of Conexance, you may contact us at the address provided and tell us which contact details you wish to register in this push-back list.

7.2 Rules pertaining to emails

When instructed by the owner of a database, CONEXANCE may be called on to send email addresses to its clients.

As a result, data subject included in the database of a database owner may be contacted by a CONEXANCE Client for commercial prospecting.

CONEXANCE's clients work in several business sectors, including:

• Personal and home goods
• Automobile
• Media
• Services
• Recreation
• Food
• Wellness services
• Associations

CONEXANCE never has direct contact with the data subjects, such that CONEXANCE neither collects the email address from the person nor sends emails to said person.

However, in order to comply with the aforementioned regulation, CONEXANCE has established a push-back list which makes it possible not to contact individuals who do not wish it.

If you do not wish to be contacted by a Client of CONEXANCE, you may contact us at the address provided in 7.1 and tell us which email addresses you wish to register in this push-back list.

Last update: June 2020