PRIVACY AND PERSONAL DATA PROTECTION POLICY

At VECTAURY, the protection of personal data* is central to our mission for both strategic and ethical reasons. It has been the subject of two years’ work by our R&D team in collaboration with our legal advisors and with support from the French Data Protection Authority. 

 

VECTAURY GUARANTEES FAIR AND LAWFUL COLLECTION OF PERSONAL DATA 

A/ OUR OBLIGATIONS 

 

VECTAURY complies with Article 5 of the European Data Protection Regulation (GDPR), specially:

- the mobile user's right to information;

- the obligation to obtain independent, specific, informed and unequivocal consent from mobile users prior to any data processing, with consent given via clear declaration or intentional act;

- the mobile user’s right to access, right to rectification, right to object, right to data portability, right to restriction of processing, right to make a complaint to the French Data Protection Authority, and right to be forgotten;

- confidentiality and integrity of data collected;

- compliance of processing operations throughout the data life cycle.

 

 B/ OUR COMMITMENTS 

 

Obtaining mobile user consent:

 

In order to protect the privacy of mobile users, we have designed consent management tools that meet the requirements of the GDPR. The publishers with whom we work may choose to use our tools, their own consent management tools, or a tool provided by a third party as long as the tool meets GDPR requirements. VECTAURY consent management tools include:

- The VECTAURY Consent Management Platform (CMP): this free solution allows publishers to collect the consent of mobile users in a fair manner and according to the standards established by the IAB and approved by the advertising community. In compliance with the GDPR, our CMP enables mobile users to give or withdraw consent per marketing purpose and per vendor.  

 

The mobile user can exercise rights through the publisher: 

 

Our partner data providers guarantee VECTAURY that before obtaining consent they will inform mobile users about the purposes of data processing and all user rights including the right to withdraw consent at any time. Mobile users can exercise their rights through the publisher, who will pass requests to VECTAURY for implementation. 

When the publisher uses a CMP, mobile users can exercise their rights in-app.

 

The mobile user can exercise rights using Apple and Android operating systems: 

 

Android and Apple platforms enable mobile users to control privacy by blocking targeting ads and by resetting their advertising IDs. This disables the link between advertising history and future navigation. 

 

 The mobile user can exercise his rights directly through VECTAURY:

 

Our primary data collection method is the VECTAURY proprietary SDK, the mobile equivalent of a cookie. Publishers integrating the VECTAURY SDK designate VECTAURY as the data controller in their Terms and Conditions. This gives mobile users the identity of the controller and the e-mail address legal@vectaury.io, providing a means to exercise all privacy rights through VECTAURY.

VECTAURY’s SDK also allows mobile users to withdraw consent at any time, easily and free of charge, using their smartphone settings.

Our secondary data collection method is AdRequest, which serves a consent request when a mobile application is viewed. When data are collected by AdRequest, consent is collected by the publisher, and a clickable information button visible in the advertisement sends the user to the VECTAURY privacy center. This web interface enables mobile users targeted by VECTAURY ads to exercise all their rights and withdraw consent if desired

Mobile users can also access information, request its correction or deletion, and exercise other rights concerning personal data by contacting us at: legal@vectaury.io

 

VECTAURY GUARANTEES FAIR, LAWFUL AND TRANSPARENT PROCESSING OF PERSONAL DATA 


A/ OUR OBLIGATIONS

 

VECTAURY respects the principle of data minimization set out in Article 5 of the GDPR, according to which: 

- Data collected must be adequate, relevant and limited to what is necessary for the purposes for which they are processed.
- Data collected must be processed in a manner that is relevant, adequate and not excessive in relation to the purposes for which they were collected.


B/ OUR COMMITMENTS


VECTAURY collects personal mobile user data, including geolocation data, for the purposes of selling targeted ads and insights to advertisers. 

VECTAURY ensures that personal data are processed exclusively for the purposes for which mobile users have given consent and according to the principale of porportionality. Vectaury ensures that the use of this data by subcontractors is contractually supervised.

As a result, our campaigns do not rely on ultra-geolocation technologies or excessive collection frequency. Our intelligent data collection algorithm and filtering mechanism processes only data needed for user-approved purposes.

Our approach to collecting geolocation data gives us a better understanding of our mobile users withoutidentifying them or knowing excessive information about their movements.

 

 

VECTAURY GUARANTEES A CONTROLLED TRANSFER OF PERSONAL DATA 


A/ OUR OBLIGATIONS



VECTAURY complies with Articles 45 and 46 of the GDPR, according to which: 

The controller of a processing operation may transfer personal data to a State outside the European Union only if that State ensures a sufficient level of protection of privacy with regard to an adequacy decision by the European Commission or by means of appropriate safeguards.


B/ OUR COMMITMENTS


Vectaury does not transfer personal data outside of France. Our data are collected, processed and stored on servers in France. 

Deliverables sent to our customers and partners include only anonymized statistics void of any personal characteristics, thus they are not subject to national or European laws related to the transfer of personal data. 

When personal data are sent to a customer or partner in France, VECTAURY: 

- Oversees its use. It cannot be used in a manner other than that for which the mobile user gave consent or reconciled with other data
- Ensures data confidentiality and integrity.

 

VECTAURY ENSURES THE SECURITY OF ITS SYSTEMS 


A/ OUR OBLIGATIONS


VECTAURY compolies with Articles 25 and 32 of the GDPR: 

- The controller is required to implement technical and organizational measures to guarantee a level of security appropriate to the risks presented by processing; to preserve the security of the data; and, in particular, to prevent data from being distorted, damaged or accessed by unauthorized third parties.

- The controller must respect the principles of:

    - Privacy by design: The data controller ensures that the objective of protecting personal data is integrated into new projects from the design stage by implementing appropriate technical and organizational measures both when determining the means of processing and at the time of processing itself.
     - Privacy by default: The controller guarantees that, by default, only personal data necessary for each specific purpose are processed.


B/ OUR COMMITMENTS 


All of the obligations required by the French Data Protection Authority are clearly stated in our Information System Protection Policy and are carried out by our technical and administrative teams. 

 

VECTAURY ENSURES LIMITED RETENTION OF PERSONAL DATA 


A/ OUR OBLIGATIONS

VECTAURY respects article 36 of the Data Protection Act, and article 5 of the European regulation on the protection of personal data, according to which: 

Data shall be kept in a form of identifiable data for no longer than is necessary for the purposes for which the data are collected and processed.


B/ OUR COMMITMENTS


VECTAURY permanently deletes any identifiable data as soon as it is no longer useful for the purpose for which it was collected. More specifically, all information that could be used directly or indirectly for personal identification is deleted or modified, making re-identification impossible.. 

Given the similarities between mobile SDKs and desktop cookies, we apply the same rules to both platforms, deleting all data within 12 months of its collection.

VECTAURY also apply European Regulation standards with respect to the right to be forgotten by allowing mobile users to request deletion of personal data at any time and for any reason by emailing: legal@vectaury.io. 

 

AWARENESS


A/ OUR OBLIGATIONS



Raising staff awareness of personal data protection is an essential step toward compliance, particularly for securing information systems that are used daily by employees.
Our Data Protection Officer is responsible for raising awareness and training employees internally on personal data protection issues.

 

B/ OUR COMMITMENTS



VECTAURY strives to make all staff aware of the ethical issues related to data protection and privacy. Initiatives include weekly committees for all managers and regular workshops open to the entire team.

 

 

GENERAL DATA PROTECTION REGULATION (GDPR) APPLICABLE MAY 25, 2018 

 

VECTAURY has been compliant with the new European Regulations since the end of 2017. 

Paris, August 21, 2018. 

*In accordance with law no. 78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties and the new European Regulation on the protection of personal data and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.


Legal notices on personal data protection 

 

Identity of the processing entity 

 

VECTAURY, SAS company, with a mutual fund, registered under the number 799 256 730 at the Registre de commerce et des sociétés (Corporation and Trade Registry) of Paris, headquartered at 33 Rue La Fayette 75009 Paris and represented by its President, Matthieu Daguenet (TVA no. FR 42799256730). 

 

Processing purposes 

 

We collect and process the personal data of mobile users, including geolocation data, for the purpose of targeting mobile advertising, profiling and analytics. Data are collected by means of third-party partners and on behalf of advertisers and media agencies. 

 

Mandatory or optional collection 


Collection of personal data by VECTAURY is not mandatory. There is no direct consequence to the mobile user for refusing to consent to data collection. 

However, the purpose of collecting of personal data is to monetize mobile applications provided free of charge to users.


Data recipient or category of recipients  


VECTAURY does not transfer personal data to recipients outside of the European Union. 

VECTAURY reserves the right to transfer personal data when all of the following conditions are met:

- To its customers and partners

- In keeping with the purposes for which data was collected (for example, to prove the effectiveness of an advertising campaign)

- Data is non-nominative and encrypted

- Recipients respect the user’s scope of consent

- Retention period for personal data

 

Retention period for personal data 

 

Data collected directly via VECTAURY technologies are deleted within 12 months of collection as required by our cookies policy.

In case of contradiction between the English and French versions of this policy, the French version shall prevail.