OUR PRIVACY AND PERSONAL DATA PROTECTION POLICY

At Vectaury, personal data protection has been R&D’s task for the past 18 months for ethical and strategic reasons, and we apply the CNIL’s guidelines and those of our legal team. 

This work resulted in the writing of our personal data privacy policy. 

1/ VECTAURY GUARANTEES FAIR AND LAWFUL COLLECTION OF PERSONAL DATA 

a/ OUR OBLIGATIONS: 

VECTAURY respects article 6 of the Data Protection Act, in particular: 

  • The mobile user’s right to information
  • The obligation to obtain consent
  • The mention of rights (Right to access, Right to rectification, Right to oppose)
  • Prior declarations made by the CNIL

b/ OUR COMMITMENTS: 

The mobile user can exercise his rights via the publisher: 

All data suppliers contractually guarantee to VECTAURY, that they have respected the conditions of fair data collection for mobile users. The publishers with whom we work are obliged to inform the mobile user of the end goal of processing his data, before obtaining his consent and to allow him to change his mind at any time. 

The mobile user can exercise his rights using Apple and Android operating systems: 

Android and Apple allow mobile users, via device's Settings, to control their privacy by blocking ads and by changing their username, which makes the link between their advertising history and their future navigation impossible. 

The mobile user can also exercise his rights directly through VECTAURY: 

The first data collection method is VECTAURY's proprietary SDK, the mobile equivalent of a cookie. VECTAURY has integrated an information banner via its SDK that appears upon the opening of mobile applications. The mobile user is informed of the marketing purposes of data processing before the request for authorizing the collect his personal data is made. VECTAURY's SDK also allows the mobile user to withdraw his consent at any time, easily and free of charge, via the smartphone's Settings. 

The second data collection method is Adrequests, meaning the request from the advertising server that appears when one uses a mobile application. When data is collected by Adrequests, consent is obtained by the publisher and VECTAURY includes a clickable information button in its advertising campaigns that allows for withdrawal of consent. 

The mobile user can also have access to information and exercise his rights related to personal data by contacting us at legal@vectaury.io 

2/ VECTAURY GUARANTEES FAIR AND LAWFUL COLLECTION OF PERSONAL DATA 

a/ OUR OBLIGATIONS: 

VECTAURY respects article 6 of the Data Protection Act, according to which: 

Data must be processed in a relevant, adequate and non-excessive manner with regard to the purposes for which it were collected. 

b/ OUR COMMITMENTS: 

VECTAURY collects personal data of mobile users, in particular their geolocation data, to sell targeted campaign ads or insights to Advertisers. 

VECTAURY makes sure it process personal data exclusively in the framework for which mobile users gave their consent, respecting the principle of proportionality, and it also makes sure to take contractual provision for the use of this data by their subcontractors. 

For this reason, our campaigns do not rely on ultra-geolocation technologies or excessive data collection frequency. We have created an intelligent data collection algorithm that filters purely the processing of data that is necessary for our data collection purposes. We are convinced that by collecting geolocation data, we can better understand mobile users without knowing everything about their real world activities, and without having to identify them. 

3/ VECTAURY GUARANTEES OVERSIGHT OF THE TRANSFER OF PERSONAL DATA 

a/ OUR OBLIGATIONS: 

VECTAURY respects article 68 of the Data Protection Act, according to which: 

A data processing player cannot transfer data of a personal nature to a state that does not belong to the European Community unless that state ensures a sufficient level of privacy protection. 

b/ OUR COMMITMENTS: 

Vectaury does not transfer personal data outside of France. Our data is collected, processed and stored on servers in France. 

Deliverables sent to our customers and partners are just statistics, void of any personal characteristics and thus are not subject to national or European law related to the transfer of personal data. 

When personal data is sent to a customer or partner in France, VECTAURY is commited to: 
  • Oversee the use of this data: it cannot be used in a manner other than that for which the mobile user gave his/ her consent, nor can it be combined with other data
  • Ensure that personal data is kept confidential

4/ VECTAURY ENSURES THE SAFEGUARDING OF ITS SYSTEMS 

a/ OUR OBLIGATIONS: 

VECTAURY respects article 34 of the Data Protection Act, according to which: 

The data processing player must take every precaution with regard to the nature of the data and the risks presented by its processing, to preserve the security of the data, in particular, preventing them from being distorted, damaged, or accessed by non-authorized third parties. 

b/ OUR COMMITMENTS: 

All of the obligations required by the CNIL are clearly stated in our Information System Protection Policy and were carried out thanks to the work of our technical and administrative teams. 

5/ VECTAURY ENSURES LIMITED RETENTION OF PERSONAL DATA 

a/ OUR OBLIGATIONS: 

VECTAURY respects article 34 of the Data Protection Act, according to which: 

Data is retained in a form that allows for the identification of related persons for a period that does not exceed the time needed to accomplish the purposes for which it was collected and processed. 

b/ OUR COMMITMENTS: 

VECTAURY permanently deletes any identifying characteristic from a set of data as soon as the data is no longer useful in accomplishing the purpose for which it was collected. More specifically, this means that all information that could be used directly or indirectly for identification is deleted or modified, rendering any re-identification of persons impossible. 

Given the similarities between SDK’s and cookies on Desktop, we think the same way and apply the rules related to cookies on Desktop to data collected via our SDK. 

We even chose to delete all of our data within 12 months of its collection to respect this rationale. 

VECTAURY also outperformed the European Regulation application in terms of the right to be forgotten and allowing the mobile user to request the deletion of his personal data, without having to supply a reason, by simply sending and email to legal@vectaury.io. 

6/ AWARENESS 

a/ OUR OBLIGATIONS: 

We make sure our staff is aware that protection of personal data is not required by the Data Protection Act, but is an indispensable step towards compliance, particularly for the security of information systems that are used daily by employees. 

b/ OUR COMMITMENTS: 

VECTAURY commits to making all of their teams aware of these ethical problems. This happens through the establishment of weekly committees, in which all managers take part, and regular workshops open to the entire company to train the teams on privacy issues. 

7/ EUROPEAN REGULATIONS ON THE PROTECTION OF PERSONAL DATA (GPRD) APPLICABLE 25 MAY 2018 

VECTAURY will be in compliance with the new European Regulations by the end of 2017. 

Paris, 04 September 2017. 

*In accordance with law no. 78-17 of 6 January 1978 relative to computing, files and freedoms as well as the new European Regulation related to the protection of personal data. 

Legal notices on personal data protection 

- Identity of the processing entity 

VECTAURY, SAS company, with a mutual fund of € 86,240, registered under the number 799 256 730 at the RCS (Registre de commerce et des sociétés) [Corporate and Trade Registry] of Paris, headquartered at 33 Rue La Fayette 75009 Paris and represented by its President, Matthieu Daguenet (TVA no. FR 42799256730). 

- Processing purposes 

We collect the personal data of mobile users, particularly geolocation data for use of advertising, profiling and analytics by means of third-party intermediary partners, on behalf of Advertisers and Media Agencies. 

- Mandatory or optional character of collection 

Collection of personal data by VECTAURY is by no means mandatory. There is no direct consequence for the mobile user for refusing data collection. 

Nevertheless, the purpose of collecting of personal data is to monetize Mobile Applications by often, but not always, offering free services in return. 

- Recipient or category of recipients of data 

VECTAURY does not transfer personal data to recipients outside of the European Union. 

VECTAURY reserves the right to transfer personal data only under the following cumulative conditions: 
  • In France
  • To its Customers and Partners
  • In keeping with the purposes for which the collection was made (for example, to prove the effectiveness of an advertising campaign)
  • Data which is exclusively non-nominative and encrypted
  • By requiring the recipient to respect the framework imposed by the User
- Retention period for personal data 

The retention period for personal data depends on the collection method. 

Data collected directly via VECTAURY technologies are deleted within 12 months of collection to respect this reasoning, as dictated by Regulations concerning cookies.