Conexance is now branded choreograph France. All references below to Conexance should be taken to mean choreograph France.

This section explains the rules for implementing personal data processing operations carried out by Conexance in the course of its business.

In the interest of adhering to rules on individual privacy, CONEXANCE undertakes to comply with Regulation 679/2016 of 27 April 2016 on data protection.

1WHAT IS PERSONAL DATA?

Personal data is defined as any information relating to a directly or indirectly identified or identifiable data subject by reference to an identifier, such as a name, an identification number, location data, an online identifier or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural or social identity.

2WHAT IS CONEXANCE’s STATUS?

As part of the data collection directly through the "Contact" form, CONEXANCE is data controller. As controller, CONEXANCE undertakes to take the necessary measures to ensure the security and confidentiality of the personal data collected. CONEXANCE also undertakes to collect and process data in a lawful, fair and transparent manner.

As part of its marketing activities, CONEXANCE is a data processor. As a data processor, CONEXANCE undertakes to pursue the necessary measures to ensure the security and confidentiality of the personal data gathered by its clients. CONEXANCE processes the personal data of individuals only when instructed to do so and on behalf of its clients.

3WHO IS THE DATA PROTECTION OFFICER?

The Data Protection Officer designated by CONEXANCE is the law firm TGS Avocats, which can be contacted at the following address:

• -Postal address:
  DPO CONEXANCE
  27bis, rue du Vieux Faubourg
  59000 Lille


• -E-mail address : data-privacy@choreograph.com

4CONEXANCE AS A DATA CONTROLLER : B TO B CONTACT FORM

4.1 Postal address

• DPO CONEXANCE
  27bis, rue du Vieux Faubourg
  59000 Lille

4.2 How does CONEXANCE obtain the data?

CONEXANCE collects data directly from professionnals via the “Contact” form. This data is necessary to process the contact request.

4.3 What is the processing’s purpose and its legal basis?

These data are necessary for the following purpose: processing the contact request.

The legal basis for the processing is CONEXANCE's legitimate interest. Indeed, it is in CONEXANCE's interest to collect data from professionals to be able to contact them easily to answer their information requests.

4.4 For how long does CONEXANCE store the data?

Pursuant to Article 5e of Regulation 2016/679 of 27 April 2016, personal data are only stored in a form which enables identification for a period not to exceed the duration necessary for the purposes for which they are collected and processed. The data collected through the contact form will be kept for 3 years following the last contact with CONEXANCE.

4.5 What are the categories of data recipients?

The data collected through the contact form is transmitted to the customer relations teams.

5CONEXANCE AS A DATA PROCESSOR

5.1 How does CONEXANCE obtain the data?

CONEXANCE, as a data processor, does not collect data from the data subjects. Database owners collect the data from individuals and then submit their databases to CONEXANCE.

The personal data that Conexance processes come from the owners of databases relating to the following business sectors:

• Apparel
• home and garden
• collectables
• food and wine
• gadgets and gifts
• entertainment
• health and beauty
• travel and leisure

5.2 Why does CONEXANCE use personal data?

As a data processor, CONEXANCE helps its clients optimise their marketing campaigns by conducting statistical analyses with the goals of:

• -Targeting the most promising prospective customers for an advertising campaign promoting a product or service
• -Identifying those individuals in the customer database who are likely to make repeat purchases from the Client.

Marketing campaigns may, at the client's request, be carried out by post, by email, by SMS or by advertising on Internet sites.

To execute these processing operations, CONEXANCE acts exclusively at the request of its clients and on their behalf. CONEXANCE never has any contact with the individuals.

After CONEXANCE has completed its selection of individuals, their contact information is forwarded to post or/and email routers or to the online targeting platforms designated by the client.

5.3 For how long does CONEXANCE store the data?

Pursuant to Article 5e of Regulation 2016/679 of 27 April 2016, personal data are only stored in a form which enables identification for a period not to exceed the duration necessary for the purposes for which they are collected and processed.

As such, the data are only stored by CONEXANCE for the period indicated by its client. In the absence of specific instructions from the client, CONEXANCE has established strict rules to respect the rights and privacy of the data subjects and, consequently, any data subject whose last transaction with a client dates to over 5 years ago shall not be retained by CONEXANCE for its analyses.

5.4 Who are CONEXANCE subcontractors?

ATE 21, avenue de la Créativité, 59650 Villeneuve d’Ascq
Hosting provider of the database located in France.

MICROSOFT AZURE : 39, quai du Président Roosevelt, 92130 Issy Les Moulineaux
Hosting provider of the database located in the European Union.

LIVERAMP: 25 rue anatole France, 92300 Levallois-Perret.

6HOW DOES CONEXANCE SECURE THE DATA?

Pursuant to Article 32 of Regulation 2016/679 of 27 April 2016, CONEXANCE undertakes to maintain data security and confidentiality.

To do this, CONEXANCE has defined a strict security policy for personal data. In particular, this policy makes it possible to:

• -implement data encryption procedures to protect any database containing personal information which enters or exists in the CONEXANCE information system.
• -secure work stations with unique user ids and strong passwords
• -limit the number of employees who have access to databases containing personal information
• -ensure that its own subcontractors comply with personal data regulations
• -regularly test the information system to check that it has a high level of security.

7HOW DOES DATA SUBJECTS EXERCISE THEIR RIGHTS?

7.1 General rules

All data subjects whose personal data is subject to processing have the ability to exercise their rights to access, correct, erase and object to the processing of their data in accordance with Articles 15 and seq of Regulation 2016/679 of 27 April 2016. Data subjects may also exercise their right to the portability of their personal data. Any data subject can also transmit post-mortem instructions. Data subjects can also lodge a complaint with a supervisory authority (ICO).

These rights may be exercised directly by contacting the CONEXANCE client which gathered the personal data or the entity organising the advertising campaign. A response must be issued within 1month.

You may also contact CONEXANCE in writing at the following address: Conexance, 27bis, rue du Vieux Faubourg, 59000 Lille or by email at : data-privacy@choreograph.com

In order to comply with the aforementioned regulation, CONEXANCE has established a no-call database which makes it possible not to contact data subjects who do not wish it.

If you do not wish to be contacted by a Client of CONEXANCE, you may contact us at the address provided and tell us which contact details you wish to register in this no-call database.

7.2 Rules pertaining to emails

When instructed by the owner of a database, CONEXANCE may be called on to send email addresses to its clients.

As a result, data subject included in the database of a database owner may be contacted by a CONEXANCE Client for commercial prospecting.

CONEXANCE's clients work in several business sectors, including:

• Apparel
• home and garden
• collectables
• food and wine
• gadgets and gifts
• entertainment
• health and beauty-
• travel and leisure

CONEXANCE never has direct contact with the data subjects, such that CONEXANCE neither collects the email address from the person nor sends emails to said person.

However, in order to comply with the aforementioned regulation, CONEXANCE has established a no-call database which makes it possible not to contact natural persons who do not wish it.

If you do not wish to be contacted by a Client of CONEXANCE, you may contact us at the address provided in 7.1 and tell us which email addresses you wish to register in this no-call database.

Last update: June 2020