PRIVACY AND PERSONAL DATA PROTECTION POLICY

At VECTAURY, the protection of personal data* is central to our mission for both strategic and ethical reasons. It has been the subject of three years’ work by our R&D team in collaboration with our legal advisors and with support from the French Data Protection Authority. 

 

VECTAURY GUARANTEES FAIR AND LAWFUL COLLECTION OF PERSONAL DATA 

A/ OUR OBLIGATIONS 

 

VECTAURY complies with Article 5 of the European Data Protection Regulation (GDPR), specially:

- the mobile user's right to information;

- the obligation to obtain independent, specific, informed and unequivocal consent from mobile users prior to any data processing, with consent given via clear declaration or intentional act;

- the mobile user’s right to access, right to rectification, right to object, right to data portability, right to restriction of processing, right to make a complaint to the French Data Protection Authority, and right to be forgotten;

- confidentiality and integrity of data collected;

- compliance of processing operations throughout the data life cycle.

 

 B/ OUR COMMITMENTS 

 

Obtaining mobile user consent:


In order to comply with the requirement to obtain consent from a clear positive act of the mobile users, we have designed a consent management tool that meets the requirements of the General Data Protection Regulation. This consent management tool is a Consent Management Platform IAB (CMP) and allows data to be collected legally within applications integrating the VECTAURY SDK.


The CMP VECTAURY allows publishers to obtain the consent of mobile users in a fair manner. Thanks to this CMP, the mobile user is informed, as soon as the application is opened, of the personal data collected, the purposes of processing and can also access the partners who receive his data as well as their processing purposes and their privacy policy. The CMP VECTAURY allows mobile users to consent or not to the collection of their personal data for each of the purposes displayed on the first page. They also can configure their choice by purpose or accept or refuse all the purposes.
In addition, the CMP VECTAURY is accessible at any time in the settings of the application. The mobile user can therefore change his or her consent choices at any time.

If the publishers with whom we work do not wish to integrate this tool, they can use their own CMP or a third party CMP as soon as VECTAURY has audited and considered as compliant the consent management tool used.
This consent collection tool allows VECTAURY to keep a technical record of mobile users' consent called "Chain of Consent".

VECTAURY also collects data when it buys advertising space to display campaigns ordered by its customers, as part of a real-time auction system.
In this context, VECTAURY will only bid to acquire advertising space within mobile applications when it is technically possible to retrieve a "consent chain" to ensure that it is possible to collect and process mobile users' data.

The information of the mobile user:

As mentioned above, the mobile user is informed by means of the CMP used by our partner publishers and publishers monetizing the advertising space available in their applications via the real-time auction system. VECTAURY ensures that mobile users are properly informed so that they can give specific and informed free consent to the processing of their personal data.

Mobile users can also access VECTAURY's privacy policy via the CMP used in the application in question in order to obtain further information on the processing activities carried out. They can also access via the list of partners receiving the data, their processing purposes and their privacy policy.

 

The mobile user can exercise rights through the publisher: 

 

Our partner data providers guarantee VECTAURY that before obtaining consent they will inform mobile users about the purposes of data processing and all user rights including the right to withdraw consent at any time. Mobile users can exercise their rights through the publisher, who will pass requests to VECTAURY for implementation. 

When the publisher uses a CMP, mobile users can exercise their rights in-app.

 

The mobile user can exercise rights using Apple and Android operating systems: 

 

Android and Apple platforms enable mobile users to control privacy by blocking targeting ads and by resetting their advertising IDs. This disables the link between advertising history and future navigation. 

 

 The mobile user can exercise his rights directly through VECTAURY:

 

Our primary data collection method is the VECTAURY proprietary SDK, the mobile equivalent of a cookie. Publishers integrating the VECTAURY SDK designate VECTAURY as the data controller in their Terms and Conditions. This gives mobile users the identity of the controller and the e-mail address legal@vectaury.io, providing a means to exercise all privacy rights through VECTAURY.

VECTAURY’s SDK also allows mobile users to withdraw consent at any time, easily and free of charge, using their smartphone settings.

Our secondary data collection method is AdRequest, which serves a consent request when a mobile application is viewed. When data are collected by AdRequest, consent is collected by the publisher, and a clickable information button visible in the advertisement sends the user to the VECTAURY privacy center. This web interface enables mobile users targeted by VECTAURY ads to exercise all their rights and withdraw consent if desired

Mobile users can also access information, request its correction or deletion, and exercise other rights concerning personal data by contacting us at: legal@vectaury.io

 

VECTAURY GUARANTEES FAIR, LAWFUL AND TRANSPARENT PROCESSING OF PERSONAL DATA 


A/ OUR OBLIGATIONS

 

VECTAURY respects the principle of data minimization set out in Article 5 of the GDPR, according to which: 

- Data collected must be adequate, relevant and limited to what is necessary for the purposes for which they are processed.
- Data collected must be processed in a manner that is relevant, adequate and not excessive in relation to the purposes for which they were collected.


B/ OUR COMMITMENTS


VECTAURY collects personal mobile user data, including geolocation data, for the purposes of selling targeted ads and insights to advertisers. 

VECTAURY ensures that personal data are processed exclusively for the purposes for which mobile users have given consent and according to the principal of proportionality. Vectaury ensures that the use of this data by subcontractors is contractually supervised.

As a result, our campaigns do not rely on ultra-geolocation technologies or excessive collection frequency. Our intelligent data collection algorithm and filtering mechanism processes only data needed for user-approved purposes.

Our approach to collecting geolocation data gives us a better understanding of our mobile users without identifying them or knowing excessive information about their movements.

 

 

VECTAURY GUARANTEES A CONTROLLED TRANSFER OF PERSONAL DATA 


A/ OUR OBLIGATIONS



VECTAURY complies with Articles 45 and 46 of the GDPR, according to which: 

The controller of a processing operation may transfer personal data to a State outside the European Union only if that State ensures a sufficient level of protection of privacy with regard to an adequacy decision by the European Commission or by means of appropriate safeguards.


B/ OUR COMMITMENTS


Vectaury does not transfer personal data outside of France. Our data are collected, processed and stored on servers in France. 

Deliverables sent to our customers and partners include only anonymized statistics void of any personal characteristics, thus they are not subject to national or European laws related to the transfer of personal data. 

When personal data are sent to a customer or partner in France, VECTAURY: 

- Oversees its use. It cannot be used in a manner other than that for which the mobile user gave consent or reconciled with other data
- Ensures data confidentiality and integrity.

 

VECTAURY ENSURES THE SECURITY OF ITS SYSTEMS 


A/ OUR OBLIGATIONS


VECTAURY compolies with Articles 25 and 32 of the GDPR: 

- The controller is required to implement technical and organizational measures to guarantee a level of security appropriate to the risks presented by processing; to preserve the security of the data; and, in particular, to prevent data from being distorted, damaged or accessed by unauthorized third parties.

- The controller must respect the principles of:

    - Privacy by design: The data controller ensures that the objective of protecting personal data is integrated into new projects from the design stage by implementing appropriate technical and organizational measures both when determining the means of processing and at the time of processing itself.
     - Privacy by default: The controller guarantees that, by default, only personal data necessary for each specific purpose are processed.


B/ OUR COMMITMENTS 


All of the obligations required by the French Data Protection Authority are clearly stated in our Information System Protection Policy and are carried out by our technical and administrative teams. 

 

VECTAURY ENSURES LIMITED RETENTION OF PERSONAL DATA 


A/ OUR OBLIGATIONS

VECTAURY respects article 5 of the European regulation on the protection of personal data, according to which: 

Data shall be kept in a form of identifiable data for no longer than is necessary for the purposes for which the data are collected and processed.


B/ OUR COMMITMENTS


VECTAURY permanently deletes any identifiable data as soon as it is no longer useful for the purpose for which it was collected. More specifically, all information that could be used directly or indirectly for personal identification is deleted or modified, making re-identification impossible.. 

Given the similarities between mobile SDKs and desktop cookies, we apply the same rules to both platforms, deleting all data within 12 months of its collection.

As a result, all data collected on the basis of mobile users' consent is deleted within 12 months of collection to comply with this logic.


VECTAURY allows mobile users to easily implement their right to forget and to request the deletion of their personal data without legitimate reason by sending an email to  legal@vectaury.io. 

 

AWARENESS


A/ OUR OBLIGATIONS



Raising staff awareness of personal data protection is an essential step toward compliance, particularly for securing information systems that are used daily by employees.
Our Data Protection Officer is responsible for raising awareness and training employees internally on personal data protection issues.

 

B/ OUR COMMITMENTS



VECTAURY strives to make all staff aware of the ethical issues related to data protection and privacy. Initiatives include weekly committees for all managers and regular workshops open to the entire team.

 

 

GENERAL DATA PROTECTION REGULATION (GDPR) APPLICABLE MAY 25, 2018 

 

VECTAURY has been compliant with the new European Regulations since the end of 2017. 

Paris, August 1st, 2019. 

*In accordance with law no. 78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties and the new European Regulation on the protection of personal data and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.


Legal notices on personal data protection 

 

Identity of the processing entity 

 

VECTAURY, simplified joined stock company with a capital of 115 500€ registered under the number 799 256 730 at the Registre de commerce et des sociétés (Corporation and Trade Registry) of Paris, headquartered at 33 Rue La Fayette 75009 Paris and represented by its President, Matthieu Daguenet (TVA no. FR 42799256730). 

 

Information contact of the DPO

Mrs Mathilde Ferriol, mathilde.ferriol@vectaury.io

 

Processing purposes 

 

We collect and process the personal data of mobile users, including geolocation data, for the purposes of targeted advertising, to propose commercial offers adapted to the mobile user's location, profiling, measuring advertising campaigns and traffic at points of sale and marketing research on behalf of advertisers and media agencies.

 

To be able to display targeted advertising campaigns or personalized targeted commercial offers to mobile users according to their location, Vectaury uses a real time bidding system allowing it to buy advertising inventory within mobile applications in which the campaigns are displayed.

The personal data of mobile users are therefore likely to be processed within the framework of this real-time bidding system.

 

Mandatory or optional collection 


Collection of personal data by VECTAURY is not mandatory. There is no direct consequence to the mobile user for refusing to consent to data collection. 

However, the purpose of collecting of personal data is to monetize mobile applications provided free of charge to users.


Data recipient or category of recipients  


VECTAURY does not transfer personal data to recipients outside of the European Union. 

VECTAURY reserves the right to transfer personal data when all of the following conditions are met:

- To its customers and partners

- To trusted third parties such as :

  • E-Retail Development SAS (Smart Traffik), whose registered office is located at 6 Cour Andre Philipp, 69100 Villeurbanne and registered to the Registre du Commerce et des Sociétés of Lyon under number 751 652 934. This trusted third party may process personal data to measure the performance of mobile advertising campaigns. 

For more information on the processing carried out by this actor, you can consult his privacy policy accessible via this URL: https://www.smart-traffik.io/politique-de-confidentialite. In case of any questions or if you wish to exercise your rights with this actor, you can write to their DPO : Tanguy Bourlier to tbourlier@smart-traffik.io.

  • Adsquare GmbH, whose registered office is located at Saarbücker St.36 Berlin, 10405 and registered in Germany at the Local Court of Charlottenburg (Berlin), under number HBR 171194B.  This trusted third party may process personal data to measure the performance of mobile advertising campaigns and their impact on point-of-sale traffic. 

For more information on the processing carried out by this actor, you can consult his privacy policy accessible via this URL: www.adsquare.com/privacy. If you have any questions or wish to exercise your rights with this actor you can write to their DPO at: privacy@adsquare.com

- In keeping with the purposes for which data was collected (for example, to prove the effectiveness of an advertising campaign)

- Data is non-nominative and encrypted

- Recipients respect the user’s scope of consent

- Retention period for personal data

 

Retention period for personal data 

 

Data collected directly via VECTAURY technologies are deleted within a maximum period of 12 months of collection as required by our cookies policy.

In case of contradiction between the English and French versions of this policy, the French version shall prevail. 

 

Mobile user's rights

Mobile users have a right of access, a right of rectification, a right of opposition, a right to be forgotten, a right to limit processing, a right to portability and a right of appeal to the competent supervisory authority.


Mobile users can exercise their various rights by going to the Vectaury privacy center by clicking on the (i) information contained in the advertisements displayed to them in the applications, or directly on the VECTAURY website via the following link: https://cdn.vectaury.io/vectaury/201704/campaign1/www/page/index2.html


Mobile users can also exercise their rights by writing to the following e-mail address: legal@vectaury.io.