The Agency gives great importance to the protection of personal data of the users of the Website, whether they are Members, Brand Partners or not (the “Users”).
This policy is intended to define the commitments of the Agency to ensure the protection of personal data of Users when using the Website and the Services. In particular, the Agency complies with the applicable legal provisions defined by French law No. 78-17 of 6 January 1978 and the General Regulations for the Protection of Personal Data No. 2016/679 of the European Parliament and of the Council of 27 April 2016 (“Applicable Law”).
The registration on the Website and the use of the Services require full acceptance of this policy. In the absence of acceptance, the User will not be allowed to use the Services and the Website.
The data controller for the processing of personal data is the person who determines the means and the purposes of the data processing.
The data processor is a person who processes personal data on behalf of the data controller. It acts under the authority and on the instructions of the data controller.
The Agency acts as data controller for the processing of any data collected when Users visit the Website, when Members create their account on the Website and when Members and Brand Partners use the Services.
Users are free to decide if they communicate personal data or not. The Agency only collects personal data that the Users have chosen to share with the Agency.
The Agency collects personal data from Users. Personal data that might be collected is as follows:
- For Members: names, surnames, user names, email address, postal addresses, phone numbers, photos, age, nationality, professional occupation, dress style, interests, banking data, number of the legal identity document in the event of travel arrangements;
- For Partner Brands: names, surnames, email address, phone numbers, positions of contact, billing information, information related to the brand positioning;
- For any Users: technical identification data, i.e. IP addresses and connection logs.
Registration as Member is necessary to access to the Services of the Agency. Data identified by an asterisk is mandatory data, necessary for the purpose of the registration as Member. Any other data and answers to questions on the account of Members are optional and will help to improve the opportunities for Members to be chosen for Campaigns.
By voluntarily providing personal data to the Agency, Members and Partner Brands agree to supply accurate and complete information and not to be detrimental to the interests or rights of third parties.
The Agency only collects Members’ personal data from social media after having obtained the express consent of Members when synchronizing their account on the Website.
The Agency might collect the following personal data: names, surnames, year of birth, sex, number of followers, user names, published contents, number of likes and number of comments.
The legal basis for the processing of personal data by the Agency is as follows: the processing is necessary for the provision of the Services to Members and Partner Brands in accordance with the contracts between the Agency and the Members or Partner Brands.
The data processing is also carried out with the consent of the concerned Members and Partner Brands.
The Agency processes the collected personal data for the purposes of providing the Services requested by Members and Partner Brands, and for the purposes of providing any complementary services that might interest them.
In particular, personal data is processed for the following purposes:
- For the purposes of providing the Services which include:
o Communication on Campaigns offered to Members by the Partner Brands;
o Delivery of products to Members in relation with Campaigns;
o Production of statistics;
o Invoicing and follow up of invoicing in relation with the use of Services.
- For the purposes of the management of the relationships with Members and Partner Brands which include:
o Provision of advices in relation with Services;
o Newsletters to inform Members and Partner Brands of Services provided by the Agency, of changes to the Services and of any other information related to the Agency;
o Monitoring the use of the Services to suggest improvements and communications of the Agency.
- For the purposes of analysing and improving the Services, in particular to fight against computer fraud.
The Agency gives a great value to personal data of Users and shares them only with third parties that ensure appropriate protection to personal data, in accordance with Applicable Law.
Personal data of Users is transmitted to the employees of the Agency for the purposes of providing the Services and of the follow-up of the commercial relationship between the Agency and the Users.
The Agency only share the personal data to a reliable third party in the following cases:
- If Users have given their express prior consent for the data sharing (for example for a special promotional event);
- When the Agency has to share personal data with its providers (especially technical partners) in the framework of the use of the Services;
- At the request of a judicial authority or any administrative authority empowered by the law seeking the disclosure of such data in accordance with existing legislation.
No personal data is transmitted to partners for commercial prospection by these partners.
Personal data is transmitted to third parties, acting as subcontractors, for the following processes:
- Secure payment on the Website;
- Hosting of the solution to offer the Services;
- Monitoring of the use of the Services.
The Agency pays particular attention to the commitments made by subcontractors regarding the protection of personal data, including the security and the confidentiality of personal data. The Agency ensures that each subcontractor provides the necessary guarantees for the security and confidentiality of personal data. In particular, the Agency does only appoint subcontractors that are established in the European Union.
The Agency might transfer or share all or part of personal data of Members and Partner Brands in the context of a merger, an acquisition, a restructuring operation, a total or partial sale of assets of the Agency or in the event of a collective procedure.
The Agency implements appropriate technical and organizational measures to ensure the security, integrity, confidentiality and authenticity of personal data. It consists of technical security measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, disclosure, or unauthorized access.
In particular, access to Members’ account is protected by user name and password. Members shall ensure the secrecy of their password. Members are entirely responsible for any and all activities that occur in the name of their account.
In addition, employees who may access Users’ personal data in the context of their work are committed to protect its confidentiality.
In the event the Agency is aware of a data breach that concerned Users’ personal data, the Agency will do its best efforts to inform Users and to act as quickly as possible depending on circumstances and in accordance with Applicable Law.
Personal data is only kept for a reasonable and strictly necessary period of time for the fulfilment of the purposes of the processing for which it is collected or which is later authorized by Members and Partner Brands.
Personal data of Users is kept for five (5) years as from the last Campaign (A « Campaign » means any promotional operation for the product or service of a client of the Agency. For more information on Campaigns, please see the General Terms of Services) in which they took part or, in the absence of Campaign, for two (2) years as from their last connection to their personal account on the Website.
In case of inactivity on the account of a Member for more than one (1) year, or if a Member sends a written request to email@example.com, his account will be deleted. The concerned Member will be able to request its reactivation to the Agency during a period of one (1) year. After such one-year period, in the absence of reactivation of the account, any personal data of the concerned Member will be deleted.
Any data subject has the right to request from the data controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject and to object to processing as well as the right to data portability.
Each data subject can send his request to the Agency, acting as the data controller.
To contact the Agency, the data subject might send his request in writing to the following address: CTZAR - Données Personnelles, 13/15 cité Malesherbes, 75009 Paris or by email: firstname.lastname@example.org.
The data subject must then specify:
- information to allow the identification of the data subject (and in particular name, surname, email address, phone number) enclosing a copy of an identity document (identity card or passport);
- personal data that he wishes to be corrected, updated or deleted,
Requests for the deletion of personal data may be assessed by the Agency on a case-by-case basis depending on the legal obligations, particularly as regards the storage or archiving of documents.
Users can withdraw their consent to the processing of their personal data at any time without affecting the lawfulness of processing based on consent before its withdrawal. They are informed that in case of consent withdrawal, they will not be entitled to use the Services anymore.
Data subjects may also file a complaint with the supervisory authorities, in particular with the French data protection authority (“CNIL”) (https://www.cnil.fr/fr/plaintes).
When visiting the Website, User is informed that cookies necessary for the provision of the Services by the Agency are installed on its device.
The cookies are as follows:
- Session cookie related to the Services
Audience measurement cookies to improve user experience on the Website are likely to be used by the Agency if the User agrees. These cookies are:
- Matomo cookie (anonymised)
The user agrees to the installation of these cookies if he continues visiting the Website. He may withdraw his consent at any time by adjusting the cookie settings directly on his browser.
The cookies installed by the Agency on the devices of Users of the Service are kept for a maximum duration of thirteen (13) months.
For any question regarding the protection of personal data, it is possible to contact the data protection officer appointed by the Agency by email: email@example.com.