Personal data protection policy

 

Update to the personal data protection policy: 29 November 2018

Recognising the importance of ensuring data privacy, the company ROCKET MARKETING is strongly committed to protecting personal data.

The purpose of this personal data protection policy is to inform the natural person concerned about the commitments and measures taken to adequately protect personal data.

This approach is in line with the framework of personal data protection legislation:

  • General Data Protection Regulation No. 2016/679 of the Parliament and of the Council of 27 April 2016

  • French Data Protection Law no. 78-17 of 6 January 1978, amended by Law no. 2018-493 of 20 June 2018.

This personal data protection policy is subject to change in accordance with legal and regulatory developments and with the doctrine of the French Data Protection Authority (CNIL).

 

Scope

 

This personal data protection policy applies to prospects, to Advertisers and/or Publishers of the company ROCKET MARKETING.

 

Controller

 

The personal data controller is the company ROCKET MARKETING.

ROCKET MARKETING
46 PLACE JULES FERRY, 92120 MONTROUGE
RCS NANTERRE 791 012 131
Intra-Community VAT no. FR81791012131
01 84 20 06 68
contact@rocketlinks.net

Information on the company ROCKET MARKETING is available in its Legal notice.

 

Data protection officer

 

The company ROCKET MARKETING has appointed a data protection officer (DPO), who can be contacted at the following email address: dpo@rocketlinks.net.

The DPO is responsible for ensuring compliance with the provisions of personal data protection regulations.

He or she must be consulted by ROCKET MARKETING prior to implementation of any data processing operation. He or she shall maintain a record of all personal data processing operations conducted by ROCKET MARKETING as and when these are implemented.

The Data Protection Officer ensures that personal rights are respected (rights of access, rectification, objection, erasure, limitation of processing, and portability).

Should any difficulties be encountered in exercising these rights, data subjects may contact the Data Protection Officer by email at dpo@rocketlinks.net.

 

Data collected – Purposes – Legal basis for processing

 

What is personal data?

 

“Personal data” refers to any information that may identify a natural person, whether directly (e.g. a surname or first name) or indirectly (e.g. pseudonymised information such as a unique identifier) .

Personal data includes information such as postal or electronic addresses, mobile phone numbers, usernames, professional information, and financial details. Personal data may also include unique numerical identifiers such as the IP address of a computer or the MAC address of a mobile device, as well as cookies. 

 

What procedures are used to collect personal data?

 

The company ROCKET MARKETING undertakes only to collect data which is strictly necessary for the purpose of the processing carried out.

Data collected by ROCKET MARKETING is collected, as the case may be:

  • directly from the prospect, the user, or the customer:

    • during professional meetings (events, trade shows, conferences)

    • during telephone or electronic (email) communications

    • via its website or its SaaS platform via data collection forms completed by the data subject (account set-up, subscription to services, satisfaction questionnaires, reviews, surveys, etc.);

    • when agreeing to the general terms of service;

    • via pages devoted to the services of ROCKET MARKETING on social media platforms;

    • via other commercial documents (quotes, purchases orders, etc.) ;

  • indirectly:

    • via the blog of the data subject;

    • by the use of cookies to understand how the site and the platform are used by the natural person;

    • by third parties (partners, Advertisers or customers of the company ROCKET MARKETING).

 

The company ROCKET MARKETING informs the data subject on the data collection form that the requested information is required for provision of its service. Where applicable, the wording “optional” shall be specified. Not completing required fields may affect the ability of the company ROCKET MARKETING to offer its customers or prospects its products and services.

 

What is the legal basis for the processing of personal data?

 

Depending on the purpose for which the data is used, the legal basis for data processing may be as follows:

 

  • consent;

  • the legitimate interest of the company ROCKET MARKETING, which may relate to:


    • improvement of its products or services, i.e. understanding the needs of its customers and adapting products or services to these needs,

    • fraud prevention,

    • safeguarding tools (maintaining data protection and security, ensuring that they operate correctly and undergo continuous improvement),

    • performance of the contract concluded with the customer (e.g. In order to enable set-up of a Publisher account or help an Advertiser with a specific communication campaign);

    • compliance with a legal obligation where applicable legislation requires data processing.

 

Where the processing operation carried out is based on consent, the natural person may withdraw this consent at any time, unless it concerns information required for application of a contract.

Connecting Publishers with Advertisers

Purpose Data collected Legal basis for processing
Creation and management of a Publisher account on the platform Identifying information
  • Surname and first name,
  • Email address,
  • Landline, fax or mobile number,
  • Postal address and country,
  • Copy of identify document.
Professional data
  • Operating status (individual or company),
  • Company name and contact details,
  • SIRET intra-Community VAT no.,
  • K-bis extract,
  • MMessages, conversations, offer history, offers pending, offers accepted and deals concluded..
Financial data: transaction history, funds pending, funds received, banking information, bank and PayPal details.
Performance of precontractual measures and a contract
Provisions of offers from Advertisers to Publishers
    Identifying information.
    Professional data: offers.
Performance of a contract.
Monitoring of good relations with Advertisers
  • Surname, first name
  • Email address,
  • Posts on blogs (images, content, links, performance indicators, metadata: location, date, entities identified in posts, content of comments),
  • Messages sent to Advertisers (conversations)
  • Contracts (offers),
  • Rating of Publishers by Advertisers and ROCKET MARKETING,
Performance of a contract.
Management of a site on the platform by a Publisher
  • Identifying information
  • Personal history,
  • Blog URL,
  • Blog posts (photos, videos, texts, various descriptions, links, articles, etc.),
  • Post metadata (location, date, entities identified in posts, content of comments, etc.),
  • Blog performance indicators (number of visitors, inbound links, etc.).
Performance of a contract
Invoice creation and payment of deals accepted by the Publisher
  • Surname, first name,
  • Postal address,
  • Company name,
  • SIREN no., intra-Community VAT no.,
  • Identity card,
  • Company contact details,
  • K-bis extract,
Economic and financial information:
  • Banking information
  • Bank and PayPal details.
Performance of a contract

Support for Advertisers

Purpose Data collected Legal basis for processing
Creation of an Advertiser account on the platform
  • Surname, first name,
  • Email address,
  • Telephone number,
  • Desired site catalogue,
  • Proposed budget.
Performance of precontractual measures
Management of the Advertiser’s account and search for media on the platform Identifying information
  • Surname and first name,
  • Email address,
  • Landline, fax or mobile number,
  • Postal address and country,
  • Operating status (individual or company)
  • Company name,
  • VAT no. and SIRET no.
Professional data:
  • Concluded offers and contracts (offers in progress, offers archived, offers pending, contracts in progress),
  • Statistics..
Performance of a contract
Monitoring connections between Advertiser and Publisher (initial contact, support and monitoring of business relations)
  • Surname
  • First name
  • Telephone no.
  • Conversations with Publishers.
Performance of a contract
Preparation of communication campaigns
  • Surname, first name,
  • Email address,
  • E-mail correspondence,
  • Telephone number
Performance of a contract
Performance of communication campaigns and connecting with Publishers
  • Surname, first name,
  • Email address,
  • E-mail correspondence,
  • Telephone number
Performance of a contract
Monitoring of communication campaigns and reporting
  • Surname, first name,
  • Email address,
  • E-mail correspondence,
  • Telephone number
Performance of a contract

Common purposes

Purpose Data collected Legal basis for processing
Customer Invoicing
  • Identifying information
  • E-mail correspondence,
  • Invoices,
  • Data relating to invoice payments: means of payment, discounts granted, receipts, balances and outstanding payments.
Performance of the contract
Credibility rating
  • Identifying information
  • E-mail correspondence,
  • Invoices,
  • Purchase history,
  • Data relating to invoice payments: means of payment, discounts granted, receipts, balances and outstanding payments.
Legal obligation
Credibility rating
  • Surname, first name
  • Email address,
  • Telephone no.,
  • Conversations (tickets and discussions via the platform),
  • Logs and page views by the natural person.
Performance of a contract
Management of deregistration and account closure
  • Identifying information
  • Professional and private data
  • Financial information.
Performance of a contract
Compiling commercial statistics | Managing reviews/surveys
  • Surname and first name,
  • Telephone number,
  • Postal address,
  • Information on the product or service provided.
Legitimate interest
Subscription to newsletters / commercial communications
  • Surname and first name,
  • Email address,
  • Opening emails and clicks on links in emails
Legitimate interest for professional natural-person prospects
Commercial / customer loyalty communications
  • Surname and first name,
  • Email address,
  • Opening emails and clicks on links in emails.
Legitimate interest for natural-person customers (offers for products or related services)
Management of an opt-out list
  • Email address
Legal obligation
Online browsing / platform security / technical cookies
  • IP address,
  • Cookies, trackers.
Intérêt légitime (pour les cookies permettant le bon fonctionnement du site). Obligation légale (pour les cookies assurant la sécurité du site)
Audience measurements
  • Page views,
  • Unique browser ID,
  • User type,
  • Source of visits,
  • Location (granularity: city),
  • IP (first three octets),
  • Device information (OS, browser, resolution),
  • Cookies, trackers.
Consent
Targeted advertising (retargeting)
  • IP address,
  • Cookies, trackers.
Consent
Managing rights applications from natural persons
  • Surname and first name,,
  • Postal address,
  • Email address,
  • Copy of identity document.
Legal obligation

Personal data recipients

 

Recipients within ROCKET MARKETING

 

Personal data is communicated within the company ROCKET MARKETING, its parent company and/or its subsidiaries, where applicable, in order to fulfil its contractual requirements, to comply with its legal obligations, to prevent fraud, and/or to safeguard and improve its services, or after having obtained consent from the data subject.


Internally, the recipients of the data are the authorised staff in the marketing department and/or the sales department, the departments responsible for customer relations and prospecting, the administrative departments, the IT and technical departments, as well as their line managers.

 

Recipients outside ROCKET MARKETING

 

In the context of connecting Advertisers and Publishers, data concerning natural persons may be communicated to Publishers and Advertisers.

Furthermore, in the event of restructuring, merger, acquisition by a third party, divestiture of a business or transfer of assets in particular, the company ROCKET MARKETING may communicate personal data to the potential buyer or acquirer.

In such cases, personal data held concerning prospects, Advertisers and Publishers may be one of the assets transferred. The acquirer acting as the new data controller shall then process the data and their personal data protection policy shall govern the processing of personal data.

The company ROCKET MARKETING does not lend or sell its customers’ personal data, including for the purposes of commercial prospecting.

However, personal data may be processed on behalf of the company ROCKET MARKETING by trusted service providers.

Under these circumstances, the company ROCKET MARKETING shall ensure that all service providers with whom it works maintain confidentiality and security with regard to the data.

The company ROCKET MARKETING may, for example, request the provision of services which require processing of its customers’ personal data from:

  • service providers assisting it with customer relationship management (CRM) and web analytics (audience analysis);

  • advertising companies, marketing and/or web agencies responsible for ROCKET MARKETING’s website, advertising, marketing and sales campaigns;

  • third parties assisting and helping the company ROCKET MARKETING to provide IT services (platform providers, hosting services, services providing maintenance and technical support for databases or for software and applications which may contain data concerning customers or prospects of the company ROCKET MARKETING (these services may sometimes require access to data in order to accomplish requested tasks);

  • payment service providers, for the purposes of verifying information where required to conclude a contract with the customer (in the case of online payment);

  • service providers offering an advice function to the company ROCKET MARKETING (auditors, chartered accountants, lawyers, IT consultants, etc.).

The company ROCKET MARKETING may communicate data to partners in the event that the customer has agreed to receive commercial communications or prospecting from a partner of the company ROCKET MARKETING via a dedicated registration/opt-in procedure. In this case, data is processed by the partner acting in the capacity of data controller under its own conditions, and in accordance with its personal data protection policy.

The company ROCKET MARKETING may, finally, communicate data to third parties:

  • if it is required to disclose or share the data in order to:

    • meet a legal obligation

    • comply with or apply its general terms of use and/or services,

    • protect its rights, its intellectual property or its security, or those of its customers or employees,

  • if it has the consent of the data subject,

  • if authorised to do so by law.

Data retention period

 

The company ROCKET MARKETING only retains personal data during the period required by the operations for which they have been collected and in compliance with the regulations in force.

The natural person is also informed that the company ROCKET MARKETING will retain the data transmitted according to the criteria and recommendations of the French Data Protection Authority (CNIL) available in its reference standard: simplified standard no. 48.

Purpose of processing Retention period Legal basis
Management of customer and prospect files General principle: Personal data relating to customers may not be retained beyond the retention period strictly necessary for management of commercial relations, with the exception of data necessary to establish proof of a right or a contract, which may be archived in accordance with the provisions of the French Commercial Code relating to the retention period for books and documents created in the context of commercial activities, and the French Consumer Code relating to the retention of contracts concluded by electronic means Simplified standard no. 48
Contracts concluded between traders or between traders and non-traders 5 years Article L110-4 of the French Commercial Code Simplified standard no. 48
Managing invoicing 10 years Article L123-22, paragraph 2, of the French Commercial Code Simplified standard no. 48
Accounting, and customer account management in particular 10 years Article L123-22, paragraph 2, of the French Commercial Code Simplified standard no. 48
Managing a customer file Customer data is retained for the period of commercial relations. It may be retained for purposes of commercial prospecting for a maximum period of 3 years as of the end of these commercial relations Simplified standard no. 48
Creation and management of a prospects file 3 years as of its collection by the data controller or the last contact from the prospect Simplified standard no. 48
Audience measurement statistics Information stored in the user terminal (e.g. cookies) or any other element used to identify users and enabling user tracking must not be retained for more than 13 months Simplified standard no. 48
Management of a newsletter Until the individual concerned unsubscribes Article 6-5 of French Law no. 78-17, as amended
Sending promotional messages (email campaigns, phone calls, faxes, text messages, etc.) 3 years as of its collection by the data controller or the last contact from the prospect Simplified standard no. 48
Management of an opt-out list 3 years as of registration on the list Simplified standard no. 48
Data related to your instructions concerning the fate of your data after your death As long as the data concerned by the instructions are retained N/A
Copy of any proof of identity required in the context of an application to exercise rights 1 year as of date of receipt N/A
Data related to exercising a right of access, rectification or erasure 5 years as of the end of the procedure related to the application N/A
Data related to exercising a right of objection 5 years as of the end of the procedure related to the application N/A
Data related to exercising a right of limitation of processing 5 years as of the end of the limitation of processing N/A

Physical and logical security of personal data

The company ROCKET MARKETING determines and implements the means necessary for protection of personal data processing systems, to prevent any malicious intrusion and avoid any loss, alteration or disclosure of data to unauthorised persons.


As such, the company ROCKET MARKETING has drawn up and regularly updates its personal data processing records, which list the technical and operational security measures taken.


The company ROCKET MARKETING determines and implements measures guaranteeing data privacy, in particular via employee awareness raising initiatives and good-practice recommendations regarding the use of their computer workstations.


The company ROCKET MARKETING requires its IT service providers to provide sufficient guarantees to ensure the security and privacy of personal data.


It ensures that IT service providers take all necessary steps to prevent the disclosure or alteration of data, do not carry out any remote maintenance operations without its supervision, and return the data at the end of the contract.

 

Data transfer – Data storage location

 

As far as possible, the company ROCKET MARKETING undertakes not to transfer data on natural persons outside the European Union.


Nonetheless, in certain cases, data may be transferred or be accessible and/or stored in countries located outside the European Union.


It may also be processed by members of staff of the company ROCKET MARKETING or by technical service providers operating outside the European Union.


The company ROCKET MARKETING only transfers personal data outside the European Union in a secure manner and in compliance with the legislation in force.


In accordance with the provisions of Articles 44 et seq. of the GDPR, the company ROCKET MARKETING selects service providers based outside the European Union, who, as the case may be:

  • comply with the conditions provided for in this policy;

  • have regulations in place ensuring an adequate level of protection;

  • are already enrolled in the register kept by the US administration and meet the obligations and basic guarantees provided for under the “Privacy Shield”;

  • include in their contracts, or agree to sign, the standard contractual clauses adopted by the European Commission. 


For further information, natural persons can contact the company ROCKET MARKETING at the following address dpo@rocketlinks.net or by post to: 46 place Jules Ferry, 92120 Montrouge.

 

Rights of the data subject

 

Right of access, rectification, limitation and erasure

 

In accordance with the French Data Protection Law of 6 January 1978, as amended, and with the General Data Protection Regulation, all natural persons have a right:

  • of access to data (limited to two access applications per year and subject to provision of proof of identity),
  • of rectification of data,
  • of erasure of data concerning them, under the conditions set out in Article 17 of the General Data Protection Regulation,
  • of limitation of processing,
  • to define general and specific instructions as to how they wish these rights to be exercised after their death.

Right of objection

 

Physical persons also have the right to object at any time to the processing of their personal data, or for such data to be used for the purposes of commercial prospecting or profiling.

 

Right to data portability

 

Where processing is based on the consent of the physical person or on a contract and is conducted by automated means, the data subject has a right of portability of their data. In accordance with Article 20 of the GDPR, the data subject has the right to receive the personal data concerning them that they have provided to the company ROCKET MARKETING, in a structured, commonly used and machine-readable format, and has the right to transmit this data to another controller without hindrance from the company ROCKET MARKETING to which the personal data has been provided.

 

Right to lodge a complaint with the French Data Protection Authority (CNIL)

 

Finally, the data subject may, where applicable, lodge a complaint with the offices of the French Data Protection Authority (CNIL) (https://www.cnil.fr/fr/plaintes). To do so, they can contact CNIL by mail or by telephone (details available here: https://www.cnil.fr/fr/vous-souhaitez-contacter-la-cnil).

They can exercise their rights by providing proof of identity and contacting the company ROCKET MARKETING at dpo@rocketlinks.net or by post to the following address: 46 place Jules Ferry, 92120 Montrouge.

 

 

 

/en/privacy