Update to the personal data protection policy: 29 November 2018
Recognising the importance of ensuring data privacy, the company ROCKET MARKETING is strongly committed to protecting personal data.
The purpose of this personal data protection policy is to inform the natural person concerned about the commitments and measures taken to adequately protect personal data.
This approach is in line with the framework of personal data protection legislation:
General Data Protection Regulation No. 2016/679 of the Parliament and of the Council of 27 April 2016
French Data Protection Law no. 78-17 of 6 January 1978, amended by Law no. 2018-493 of 20 June 2018.
This personal data protection policy is subject to change in accordance with legal and regulatory developments and with the doctrine of the French Data Protection Authority (CNIL).
This personal data protection policy applies to prospects, to Advertisers and/or Publishers of the company ROCKET MARKETING.
The personal data controller is the company ROCKET MARKETING.
ROCKET MARKETING
46 PLACE JULES FERRY, 92120 MONTROUGE
RCS NANTERRE 791 012 131
Intra-Community VAT no. FR81791012131
01 84 20 06 68
contact@rocketlinks.net
Information on the company ROCKET MARKETING is available in its Legal notice.
The company ROCKET MARKETING has appointed a data protection officer (DPO), who can be contacted at the following email address: dpo@rocketlinks.net.
The DPO is responsible for ensuring compliance with the provisions of personal data protection regulations.
He or she must be consulted by ROCKET MARKETING prior to implementation of any data processing operation. He or she shall maintain a record of all personal data processing operations conducted by ROCKET MARKETING as and when these are implemented.
The Data Protection Officer ensures that personal rights are respected (rights of access, rectification, objection, erasure, limitation of processing, and portability).
Should any difficulties be encountered in exercising these rights, data subjects may contact the Data Protection Officer by email at dpo@rocketlinks.net.
Data collected – Purposes – Legal basis for processing
What is personal data?
“Personal data” refers to any information that may identify a natural person, whether directly (e.g. a surname or first name) or indirectly (e.g. pseudonymised information such as a unique identifier) .
Personal data includes information such as postal or electronic addresses, mobile phone numbers, usernames, professional information, and financial details. Personal data may also include unique numerical identifiers such as the IP address of a computer or the MAC address of a mobile device, as well as cookies.
What procedures are used to collect personal data?
The company ROCKET MARKETING undertakes only to collect data which is strictly necessary for the purpose of the processing carried out.
Data collected by ROCKET MARKETING is collected, as the case may be:
directly from the prospect, the user, or the customer:
during professional meetings (events, trade shows, conferences)
during telephone or electronic (email) communications
via its website or its SaaS platform via data collection forms completed by the data subject (account set-up, subscription to services, satisfaction questionnaires, reviews, surveys, etc.);
when agreeing to the general terms of service;
via pages devoted to the services of ROCKET MARKETING on social media platforms;
via other commercial documents (quotes, purchases orders, etc.) ;
indirectly:
via the blog of the data subject;
by the use of cookies to understand how the site and the platform are used by the natural person;
by third parties (partners, Advertisers or customers of the company ROCKET MARKETING).
The company ROCKET MARKETING informs the data subject on the data collection form that the requested information is required for provision of its service. Where applicable, the wording “optional” shall be specified. Not completing required fields may affect the ability of the company ROCKET MARKETING to offer its customers or prospects its products and services.
What is the legal basis for the processing of personal data?
Depending on the purpose for which the data is used, the legal basis for data processing may be as follows:
consent;
the legitimate interest of the company ROCKET MARKETING, which may relate to:
improvement of its products or services, i.e. understanding the needs of its customers and adapting products or services to these needs,
fraud prevention,
safeguarding tools (maintaining data protection and security, ensuring that they operate correctly and undergo continuous improvement),
performance of the contract concluded with the customer (e.g. In order to enable set-up of a Publisher account or help an Advertiser with a specific communication campaign);
compliance with a legal obligation where applicable legislation requires data processing.
Where the processing operation carried out is based on consent, the natural person may withdraw this consent at any time, unless it concerns information required for application of a contract.
| Purpose | Data collected | Legal basis for processing |
|---|---|---|
| Creation and management of a Publisher account on the platform |
Identifying information
|
Performance of precontractual measures and a contract |
| Provisions of offers from Advertisers to Publishers |
|
Performance of a contract. |
| Monitoring of good relations with Advertisers |
|
Performance of a contract. |
| Management of a site on the platform by a Publisher |
|
Performance of a contract |
| Invoice creation and payment of deals accepted by the Publisher |
|
Performance of a contract |
| Purpose | Data collected | Legal basis for processing |
|---|---|---|
| Creation of an Advertiser account on the platform |
|
Performance of precontractual measures |
| Management of the Advertiser’s account and search for media on the platform |
Identifying information
|
Performance of a contract |
| Monitoring connections between Advertiser and Publisher (initial contact, support and monitoring of business relations) |
|
Performance of a contract |
| Preparation of communication campaigns |
|
Performance of a contract |
| Performance of communication campaigns and connecting with Publishers |
|
Performance of a contract |
| Monitoring of communication campaigns and reporting |
|
Performance of a contract |
| Purpose | Data collected | Legal basis for processing |
|---|---|---|
| Customer Invoicing |
|
Performance of the contract |
| Credibility rating |
|
Legal obligation |
| Credibility rating |
|
Performance of a contract |
| Management of deregistration and account closure |
|
Performance of a contract |
| Compiling commercial statistics | Managing reviews/surveys |
|
Legitimate interest |
| Subscription to newsletters / commercial communications |
|
Legitimate interest for professional natural-person prospects |
| Commercial / customer loyalty communications |
|
Legitimate interest for natural-person customers (offers for products or related services) |
| Management of an opt-out list |
|
Legal obligation |
| Online browsing / platform security / technical cookies |
|
Intérêt légitime (pour les cookies permettant le bon fonctionnement du site). Obligation légale (pour les cookies assurant la sécurité du site) |
| Audience measurements |
|
Consent |
| Targeted advertising (retargeting) |
|
Consent |
| Managing rights applications from natural persons |
|
Legal obligation |
Personal data is communicated within the company ROCKET MARKETING, its parent company and/or its subsidiaries, where applicable, in order to fulfil its contractual requirements, to comply with its legal obligations, to prevent fraud, and/or to safeguard and improve its services, or after having obtained consent from the data subject.
Internally, the recipients of the data are the authorised staff in the marketing department and/or the sales department, the departments responsible for customer relations and prospecting, the administrative departments, the IT and technical departments, as well as their line managers.
In the context of connecting Advertisers and Publishers, data concerning natural persons may be communicated to Publishers and Advertisers.
Furthermore, in the event of restructuring, merger, acquisition by a third party, divestiture of a business or transfer of assets in particular, the company ROCKET MARKETING may communicate personal data to the potential buyer or acquirer.
In such cases, personal data held concerning prospects, Advertisers and Publishers may be one of the assets transferred. The acquirer acting as the new data controller shall then process the data and their personal data protection policy shall govern the processing of personal data.
The company ROCKET MARKETING does not lend or sell its customers’ personal data, including for the purposes of commercial prospecting.
However, personal data may be processed on behalf of the company ROCKET MARKETING by trusted service providers.
Under these circumstances, the company ROCKET MARKETING shall ensure that all service providers with whom it works maintain confidentiality and security with regard to the data.
The company ROCKET MARKETING may, for example, request the provision of services which require processing of its customers’ personal data from:
service providers assisting it with customer relationship management (CRM) and web analytics (audience analysis);
advertising companies, marketing and/or web agencies responsible for ROCKET MARKETING’s website, advertising, marketing and sales campaigns;
third parties assisting and helping the company ROCKET MARKETING to provide IT services (platform providers, hosting services, services providing maintenance and technical support for databases or for software and applications which may contain data concerning customers or prospects of the company ROCKET MARKETING (these services may sometimes require access to data in order to accomplish requested tasks);
payment service providers, for the purposes of verifying information where required to conclude a contract with the customer (in the case of online payment);
service providers offering an advice function to the company ROCKET MARKETING (auditors, chartered accountants, lawyers, IT consultants, etc.).
The company ROCKET MARKETING may communicate data to partners in the event that the customer has agreed to receive commercial communications or prospecting from a partner of the company ROCKET MARKETING via a dedicated registration/opt-in procedure. In this case, data is processed by the partner acting in the capacity of data controller under its own conditions, and in accordance with its personal data protection policy.
The company ROCKET MARKETING may, finally, communicate data to third parties:
if it is required to disclose or share the data in order to:
meet a legal obligation
comply with or apply its general terms of use and/or services,
protect its rights, its intellectual property or its security, or those of its customers or employees,
if it has the consent of the data subject,
if authorised to do so by law.
The company ROCKET MARKETING only retains personal data during the period required by the operations for which they have been collected and in compliance with the regulations in force.
The natural person is also informed that the company ROCKET MARKETING will retain the data transmitted according to the criteria and recommendations of the French Data Protection Authority (CNIL) available in its reference standard: simplified standard no. 48.
| Purpose of processing | Retention period | Legal basis |
|---|---|---|
| Management of customer and prospect files | General principle: Personal data relating to customers may not be retained beyond the retention period strictly necessary for management of commercial relations, with the exception of data necessary to establish proof of a right or a contract, which may be archived in accordance with the provisions of the French Commercial Code relating to the retention period for books and documents created in the context of commercial activities, and the French Consumer Code relating to the retention of contracts concluded by electronic means | Simplified standard no. 48 |
| Contracts concluded between traders or between traders and non-traders | 5 years | Article L110-4 of the French Commercial Code Simplified standard no. 48 |
| Managing invoicing | 10 years | Article L123-22, paragraph 2, of the French Commercial Code Simplified standard no. 48 |
| Accounting, and customer account management in particular | 10 years | Article L123-22, paragraph 2, of the French Commercial Code Simplified standard no. 48 |
| Managing a customer file | Customer data is retained for the period of commercial relations. It may be retained for purposes of commercial prospecting for a maximum period of 3 years as of the end of these commercial relations | Simplified standard no. 48 |
| Creation and management of a prospects file | 3 years as of its collection by the data controller or the last contact from the prospect | Simplified standard no. 48 |
| Audience measurement statistics | Information stored in the user terminal (e.g. cookies) or any other element used to identify users and enabling user tracking must not be retained for more than 13 months | Simplified standard no. 48 |
| Management of a newsletter | Until the individual concerned unsubscribes | Article 6-5 of French Law no. 78-17, as amended |
| Sending promotional messages (email campaigns, phone calls, faxes, text messages, etc.) | 3 years as of its collection by the data controller or the last contact from the prospect | Simplified standard no. 48 |
| Management of an opt-out list | 3 years as of registration on the list | Simplified standard no. 48 |
| Data related to your instructions concerning the fate of your data after your death | As long as the data concerned by the instructions are retained | N/A |
| Copy of any proof of identity required in the context of an application to exercise rights | 1 year as of date of receipt | N/A |
| Data related to exercising a right of access, rectification or erasure | 5 years as of the end of the procedure related to the application | N/A |
| Data related to exercising a right of objection | 5 years as of the end of the procedure related to the application | N/A |
| Data related to exercising a right of limitation of processing | 5 years as of the end of the limitation of processing | N/A |
The company ROCKET MARKETING determines and implements the means necessary for protection of personal data processing systems, to prevent any malicious intrusion and avoid any loss, alteration or disclosure of data to unauthorised persons.
As such, the company ROCKET MARKETING has drawn up and regularly updates its personal data processing records, which list the technical and operational security measures taken.
The company ROCKET MARKETING determines and implements measures guaranteeing data privacy, in particular via employee awareness raising initiatives and good-practice recommendations regarding the use of their computer workstations.
The company ROCKET MARKETING requires its IT service providers to provide sufficient guarantees to ensure the security and privacy of personal data.
It ensures that IT service providers take all necessary steps to prevent the disclosure or alteration of data, do not carry out any remote maintenance operations without its supervision, and return the data at the end of the contract.
As far as possible, the company ROCKET MARKETING undertakes not to transfer data on natural persons outside the European Union.
Nonetheless, in certain cases, data may be transferred or be accessible and/or stored in countries located outside the European Union.
It may also be processed by members of staff of the company ROCKET MARKETING or by technical service providers operating outside the European Union.
The company ROCKET MARKETING only transfers personal data outside the European Union in a secure manner and in compliance with the legislation in force.
In accordance with the provisions of Articles 44 et seq. of the GDPR, the company ROCKET MARKETING selects service providers based outside the European Union, who, as the case may be:
comply with the conditions provided for in this policy;
have regulations in place ensuring an adequate level of protection;
are already enrolled in the register kept by the US administration and meet the obligations and basic guarantees provided for under the “Privacy Shield”;
include in their contracts, or agree to sign, the standard contractual clauses adopted by the European Commission.
For further information, natural persons can contact the company ROCKET MARKETING at the following address dpo@rocketlinks.net or by post to: 46 place Jules Ferry, 92120 Montrouge.
In accordance with the French Data Protection Law of 6 January 1978, as amended, and with the General Data Protection Regulation, all natural persons have a right:
Physical persons also have the right to object at any time to the processing of their personal data, or for such data to be used for the purposes of commercial prospecting or profiling.
Where processing is based on the consent of the physical person or on a contract and is conducted by automated means, the data subject has a right of portability of their data. In accordance with Article 20 of the GDPR, the data subject has the right to receive the personal data concerning them that they have provided to the company ROCKET MARKETING, in a structured, commonly used and machine-readable format, and has the right to transmit this data to another controller without hindrance from the company ROCKET MARKETING to which the personal data has been provided.
Finally, the data subject may, where applicable, lodge a complaint with the offices of the French Data Protection Authority (CNIL) (https://www.cnil.fr/fr/plaintes). To do so, they can contact CNIL by mail or by telephone (details available here: https://www.cnil.fr/fr/vous-souhaitez-contacter-la-cnil).
They can exercise their rights by providing proof of identity and contacting the company ROCKET MARKETING at dpo@rocketlinks.net or by post to the following address: 46 place Jules Ferry, 92120 Montrouge.