Personal data protection charter

Personal data protection charter

Purpose

As part of the execution of the services we offer, especially when using our programmatic campaign management platform, accessible at www.theprogrammaticcompany.com (hereinafter the "Platform"), we may ask you to provide us with personal data about you, referring to all data that allows the direct or indirect identification of an individual.

This policy aims to inform you about the means we implement to collect and process your personal data, in strict compliance with your rights.

We hereby inform you that we comply with the collection and management of your personal data with the Law No. 78-17 of January 6, 1978, relating to data processing, files, and freedoms, in its current version, as well as the General Data Protection Regulation No. 2016/679 of April 27, 2016 ("GDPR").

Identity of the Data Collection and Processing Controller

The data controller for the collection and processing of your personal data is The Programmatic Company, a simplified joint-stock company, registered with the Paris Trade and Companies Register under number 815 337 175, with its registered office at 26 rue Damrémont – 75018 Paris (referred to herein as "We").

Nature of the Collected and Processed Data

In the provision of our services and access to the Platform, we collect the following data:

  • Information you provide to us.

For the proper execution of the services we offer and the monitoring of relationships with our clients, we collect the following data directly from you or from your employer:

  • Information allowing your identification: name, first name, email address, phone number, professional address.
  • Professional information to manage our contractual relationship with you: position held.
  • Any information you choose to communicate to us in connection with the execution of services.
  • Information we collect automatically during your use of the Platform.

During your use of the Platform and for the proper execution of the services, we may also collect personal data about you automatically through the tools and services offered on the Platform.

In this context, we may collect the following data:

  • Usage information about the tools and features of the Platform: we collect information about your interactions with the Platform, including pages or content viewed on the Platform and links clicked.
  • Connection information and information about the devices you use to connect to the Platform: we collect device connection data when you access and use the Platform, including your IP address, connection dates and times, unique identifiers, crash data, pages viewed or displayed before or after connecting to the Platform.

Collection and Processing of Personal Data

Your personal data is collected and processed to fulfill one or more of the following purposes:

  • (I) Perform operations related to the management and monitoring of our relationships with our clients.
  • (II) Manage your access to the Platform and the services accessible through it.
  • (III) Establish a file of clients and contacts, as well as a file of Platform users.
  • (IV) Respond to any request regarding the execution of services or your use of the Platform.
  • (V) Send newsletters, solicitations, and promotional messages, as well as any informative messages regarding our news and/or any evolution of our services. In case you do not wish to receive them, we give you the opportunity to express your refusal at the time of data collection.
  • (VI) Send advertisements, including targeted advertisements. In this case, we also give you the opportunity to express your refusal during data collection.
  • (VII) Develop commercial usage and attendance statistics for our services and our Platform.
  • (VIII) Optimize the operation and efficiency of the products and services we offer.
  • (IX) Manage the handling of people's opinions on products, services, or content.
  • (X) Manage unpaid bills and possible disputes regarding the use of our products and services.
  • (XI) Comply with our possible legal and regulatory obligations.

We inform you, during the collection of your personal data directly on the collection form, whether certain data must be provided or if it is optional. We also indicate the possible consequences of a failure to respond.

Finally, we specify that no data processing carried out for the purposes detailed above allows us to make automated decisions about you.

Individuals Concerned by the Processing

For the realization of the processing referred to in this policy, we collect data only from the personnel of our clients, either with whom we are in contact in the execution of services, or who are users of our Platform.

Recipients of Collected and Processed Data

The following individuals are recipients of your data:

  • Our company's staff responsible for customer relations and staff responsible for opening accounts on the Platform, customer service, and Platform maintenance.
  • Control services (including auditors).
  • Our subcontractors (hosting provider for the Platform and our business tools).

Public authorities may also be recipients of your personal data, exclusively to comply with our legal obligations, as well as legal auxiliaries and ministerial officers.

We also inform you that your data is not transferred to third parties, subsidiaries, or partners located outside the European Union.

Transfer of Personal Data

Your personal data will not be transferred, leased, or exchanged for the benefit of third parties, for the purposes of the detailed objectives above and under the aforementioned reservations.

However, please be informed that we reserve the right to communicate to third parties your data in a fully anonymized and aggregated form, meaning in a form that does not allow your identification in any way.

Retention Period of Personal Data

Your data is only retained for the duration necessary for processing based on the purpose for which it is collected. In any case, your personal data will not be retained beyond the strictly necessary duration for the achievement of the purpose for which it was collected. In this context, your data is retained for the following durations:

  • For the monitoring and management of client relationships [Purpose (I), Purpose (III), Purpose (VIII), and Purpose (IX)]: we retain your data for the entire duration of the commercial relationship in our active databases and for a maximum period of three (3) years from the end of our commercial relationship in an intermediate archiving database, solely for prospecting purposes. After this three (3)-year period, we may contact you to inquire if you wish to continue receiving information about our services. You can exercise your right to object to prospecting at any time, as specified below.
  • For the management of access to your account on the Platform [Purpose (II)]: we retain your data for the entire duration of active use of the account in our active databases and for a maximum period of three (3) years from your last access to the Platform recorded by our operating system in an intermediate archiving database, for prospecting purposes.
  • To respond to any requests for assistance, access, or support [Purpose (IV)]: we retain your data for the sole duration necessary for processing your requests in our active databases.
  • To send newsletters, information, and advertisements [Purpose (V) and Purpose (VI)]: we retain your data for the entire duration of the newsletter subscription and/or until the withdrawal of consent for advertisements in our active databases.
  • To develop commercial usage and attendance statistics for our services [Purpose (VII)]: we retain your data for a maximum period of twenty-five (25) months from the data collection in our active databases.
  • To manage unpaid bills and possible disputes: all data establishing the proof of a right or contract will be retained for a maximum period of five (5) years from the end of our commercial relationship, on an intermediate archiving support. In case of litigation, the data will be retained until the exhaustion of all remedies.

Security

We inform you that we take all necessary precautions, as well as appropriate organizational and technical measures to preserve the security, integrity, and confidentiality of your personal data and, in particular, to prevent them from being distorted, damaged, or accessed by unauthorized third parties.

Hosting

We inform you that your data is kept and stored throughout the duration of its retention on the servers of Microsoft Azure and Amazon Web Services (AWS), located in Europe.

Cookies

Cookies are text files, often encrypted, stored in your browser. They are created when a user's browser loads a specific website: the site sends information to the browser, which then creates a text file. Each time the user returns to the same site, the browser retrieves this file and sends it to the website's server.

Three types of cookies can be distinguished, each with different purposes: technical cookies, social media cookies, and advertising cookies:

  • Technical cookies are used throughout your navigation to facilitate it and perform certain functions. For example, a technical cookie can be used to remember responses entered in a form or user preferences regarding the language or presentation of a website, when such options are available.
  • Social media cookies can be created by social platforms to allow website designers to share content from their site on these platforms. These cookies can be used by social platforms to track the browsing of users on the relevant website, whether or not they use these cookies.
  • Advertising cookies can be created not only by the website you are navigating but also by other websites displaying advertisements, announcements, widgets, or other elements on the displayed page. These cookies can be used, in particular, for targeted advertising, meaning advertising determined based on the user's browsing.

We use technical cookies. These are stored in your browser for a period of thirteen (13) months.

We do not use social media cookies. If we were to use them, these cookies will only be deposited if you give your consent. You can inquire about their nature, accept, or refuse them.

We also use advertising cookies. These cookies are only deposited if you give your consent. You have the option to disable these cookies in your web browser settings.

We use Google Analytics, which is a statistical audience analysis tool that generates cookies to measure the number of visits to the Platform, the number of pages viewed, and visitor activity. Your IP address is also collected to determine the city from which you are connecting. The retention period of this cookie is mentioned in the previous article of this charter.

We remind you that it is possible to oppose the deposit of technical cookies and cookies generated by Google Analytics by configuring your browser. However, such refusal could prevent the proper functioning of the Platform.

Legal Basis for Our Processing

When your data is collected for purposes (I), (II), (III), and (IV), these processes are necessary for the proper execution of the services we offer and/or the use of our Platform. The legal basis for the collection is the execution of pre-contractual and contractual measures taken at your request. Your express consent to this collection is therefore not required.

When your data is collected for purpose (V), the processing is subject to your prior consent, which we collect through a form at the time of collecting said data.

When your data is collected for purposes (VI), (VII), (VIII), (IX), and (X), these processes fall within the legitimate interests of our company and do not require the prior obtaining of your consent.

Finally, when your data is collected to meet our legal and regulatory obligations, your consent is also not required. The legal basis for these processes is compliance with a legal obligation.

For any use of your data not provided for in this Charter, we will seek your consent before any new processing when necessary. If your consent is not required, we will inform you in advance of the implementation of this new processing.

Access to Your Personal Data

In accordance with Law No. 78-17 of January 6, 1978, relating to information technology, files, and freedoms as amended, as well as the GDPR, you have the right to access your data (Article 15 of the GDPR) to obtain communication and, where applicable, rectification or erasure (Articles 16 and 17 of the GDPR), by sending a letter to:

  • Email address: dpo@theprogrammaticcompany.com
  • Postal address: METALAW, DPO TPC, 7 rue de Prony – 75017 Paris

It is reminded that any person may, for legitimate reasons, request the limitation of the processing of data concerning them (Article 18 of the GDPR) or object to such processing (Articles 21 and 22 of the GDPR).

We inform you that in the event of rectification or erasure of your personal data, as well as the limitation of processing, carried out following a request from you, we will notify these changes to the persons to whom we have communicated your data, unless such communication proves impossible (Article 19 of the GDPR).

Portability of Your Personal Data

You have the right to the portability of personal data that you have provided to us, understood as the data that you have actively and consciously declared in the access and use of the Platform, as well as data generated by your activity in the use of the latter (Article 20 of the GDPR). We remind you that this right does not apply to data collected and processed on a legal basis other than consent or the performance of the contract binding us, in particular, data collected in our legitimate interest or on a legal basis.

This right can be exercised free of charge, at any time, and especially when closing your account on the Platform, to retrieve and retain your personal data.

In this context, we will send you your personal data, by any means deemed useful, in a standard open format commonly used and machine-readable, in accordance with the state of the art.

Filing a Complaint with a Supervisory Authority

You are also informed that you have the right to lodge a complaint with the Commission Nationale Informatique et Libertés if you consider that the processing of your personal data under this Charter constitutes a violation of applicable laws.

This recourse can be exercised without prejudice to any other recourse before an administrative or judicial authority. Indeed, you also have the right to effective administrative or judicial recourse if you consider that the processing of your personal data under this Charter constitutes a violation of applicable laws.

Communication Regarding a Personal Data Breach

If we detect a security breach in the processing of your data that could pose a high risk to your rights and freedoms, we will inform you as soon as possible (Article 34 of the GDPR). On this occasion, we will detail the nature of the encountered violation and the measures implemented to put an end to it.

Modifications

We reserve the right, at our sole discretion, to modify this charter at any time, in whole or in part. These modifications will take effect upon the publication of the new charter, which will be notified to you by any means deemed useful. Your use of the Platform following the entry into force of these modifications will constitute recognition and acceptance of the new charter. In the absence of acceptance, if this new charter does not suit you, you should no longer access the Platform.

Effective Date

This charter came into effect on January 1, 2021.