Privacy Policy
Privacy Policy Update: 21 August 2018
Aware of the importance of ensuring data confidentiality, ROCKET MARKETING is making strong commitments regarding the protection of personal data.
The purpose of this privacy policy is to inform any natural person of the commitments and measures taken to ensure the protection of personal data.
This approach is part of the personal data protection scheme:
- the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016,
- the French Loi Informatique et Libertés law No. 78-17 of 6 January 1978 amended by the law No. 2018-493 of 20 June 2018.
This privacy policy may change depending on the legal and regulatory context and the doctrine of the Commission nationale de l’informatique et des libertés - CNIL (French Data Protection Authority).
Scope
This privacy policy applies to prospective customers, Advertisers and/or Influencers of ROCKET MARKETING.
Data Controller
The controller of personal data is the company ROCKET MARKETING.
ROCKET MARKETING
46 place Jules FERRY 92120 MONTROUGE FRANCE
RCS NANTERRE 791 012 131
Intra-Community VAT No.: FR81791012131
+33 (0)1 84 20 24 89
hello@reech.com
Information pertaining to ROCKET MARKETING is available in its Legal Notices.
Data Protection Officer
ROCKET MARKETING has appointed a Data Protection Officer (DPO), who can be reached at the following email address: dpo@reech.com.
His or her role is to ensure compliance with the provisions of the regulation on the protection of personal data.
He or she is consulted by ROCKET MARKETING before any data processing. He or she draws up a list of any processing of personal data by ROCKET MARKETING as and when it is done.
The Data Protection Officer ensure that individuals’ rights are respected (right to access, rectification, object, deletion, restriction of processing and portability).
If difficulties exercising these rights are encountered, the data subjects may contact the Data Protection Officer by email at dpo@reech.com.
Data collected - purposes - legal basis for this processing
What is personal data?
“Personal data” refers to any information that can identify either directly (e.g. a first or last name) or indirectly (e.g. through pseudonymous data such as a unique identifier) any natural person.
Personal data includes information such as postal or email addresses, mobile phone numbers, usernames, professional information or financial data. Personal data may also include numeric identifiers such as a computer’s IP address or the MAC address of a mobile device, as well as cookies.
How is personal data collected?
ROCKET MARKETING undertakes only to collect data strictly necessary for the purpose of the processing done.
Data collected by ROCKET MARKETING may be obtained, depending on the situation:
- directly from the prospective customer or customer:
- during professional encounters (events, trade shows, conferences),
- during telephone or electronic (email) communication,
- via its website or SaaS platform through collection forms completed by the data subject (creating an account, subscribing to services, satisfaction questionnaires, reviews, surveys, etc.);
- when agreeing to the terms of services and/or a sale;
- via the pages devoted to the services of ROCKET MARKETING on social media platforms;
- via other commercial documents (quotations, purchase orders, etc.);
- indirectly:
- via the data subject’s blog;
- via the use of cookies to better understand how the site and platform are used by the natural person;
- on social media platforms via publisher APIs (YouTube, Twitter, Facebook, etc.);
- via third parties (partners, Advertisers or customers of ROCKET MARKETING).
ROCKET MARKETING informs the data subject on the collection form that the data requested are mandatory to provide its service. Where appropriate, the term “optional” is stated. Failure to complete the mandatory fields may affect the ability of ROCKET MARKETING to offer its products and services to its customers or prospective customers.
What is the legal basis for processing personal data?
Based on the purpose for which the data is used, the legal basis for processing personal data may be:
- consent;
- the legitimate interest of ROCKET MARKETING which may consist in:
- the improvement of its products or services, including understanding its customers’ needs and tailoring its products or services to these needs,
- the prevention of fraud,
- securing tools (ensuring data protection and security, ensuring that they function properly and are constantly improved),
- the performance of the contract concluded with the customer (e.g. in order to create an Influencer account or assist an Advertiser during a specific communication operation);
- the compliance of a legal obligation when the legislation in force requires the processing of data.
In cases where the processing of data is based on consent, the natural person, and in particular the minor, may withdraw his or her consent at any time provided it is not information that governs the application of a contract.
Connecting Influencers and Advertisers:
| Purpose | Data Collected | Legal basis for the processing |
|---|---|---|
| Creating and managing an Influencer account on the platform |
Identification data:
Personal life:
Professional life:
Economic and financial information:
|
Performance of pre-contractual measures/contractual performance |
| Selection of Influencers and proposal of offers |
Identification data. Professional data (messages, conversations, proposed offers). Connection data:
|
Performance of a contract |
| Overseeing the proper performance of Deals and posting |
|
Performance of a contract |
| Generating an invoice and settlement of earnings or credits |
Economic and financial information:
|
Performance of a contract |
| Technical assistance/support |
|
Performance of a contract |
| Managing unsubscribing and account closures |
Identification data. Professional and personal life data. Financial data |
Performance of a contract |
| Building a database of influential people on social media platforms |
Identification data:
|
Legitimate interest |
Supporting Advertisers:
| Purpose | Data Collected | Legal basis for the processing |
|---|---|---|
| Request for quotation |
Identification data:
Professional data:
|
Performance of pre-contractual measures |
| Preparation of communication operations |
|
Performance of a contract |
| Performance of communication operations and connecting with influencers |
|
Performance of a contract |
| Tracking communication operations and reporting |
|
Performance of a contract |
Common purposes:
| Purpose | Data Collected | Legal basis for the processing |
|---|---|---|
| Customer invoicing |
|
Performance of a contract |
| Managing accounting, litigations, outstanding debts |
|
Legal obligation |
| Creation of commercial statistics |
|
Legitimate interest |
| Management of reviews/surveys |
|
Legitimate interest |
| Commercial communications/newsletter subscription |
|
Legitimate interest for prospective customers, natural persons, professionals |
| Commercial communication/customer acquisition and retention |
|
Legitimate interest for natural persons, customers (proposal of similar products or services) |
| Managing an opt-out list |
|
Legal obligation |
| Online browsing/securing the platform/technical cookies |
|
Legitimate interest (for cookies enabling the site’s proper functioning) Legal obligation (for cookies ensuring the security of the site) |
| Audience measurements |
|
Consent |
| Targeted advertising (retargeting) |
|
Consent |
| Managing the requests of rights of natural persons |
|
Legal obligation |
Recipients of the personal data
Internal recipients at ROCKET MARKETING
Personal data is communicated within ROCKET MARKETING, its parent company and/or its subsidiaries, where appropriate, in order to fulfil its contractual obligations, comply with its legal obligations, prevent fraud and/or secure its services, improve its services or after receiving consent from the data subject.
Internally, the recipients of the data are the persons responsible for the marketing department and/or sales department, the departments dealing with customer relationship management and prospecting, administrative departments, IT and technical departments and their hierarchical superiors.
External recipients at ROCKET MARKETING
In the context of operations related to connecting Advertisers and Influencers, the data of natural persons may be communicated to Influencers or Advertisers.
In the event of restructuring, a merger, acquisition by a third party, divestiture of a business or assets, ROCKET MARKETING may communicate personal data to the buyer or potential acquirer.
In these cases, the personal data held relating to prospective customers, Advertisers and Influencers may be one of the assets transferred. The buyer, thus the new data controller, will process the data and its privacy policy will govern the processing of personal data.
ROCKET MARKETING does not loan or sell Influencers’ personal data, including for commercial prospecting.
However, personal data may be processed in the name of and on behalf of ROCKET MARKETING by trusted service providers.
In this regards, ROCKET MARKETING ensures that all providers with which the company works, maintains data confidentiality and security.
ROCKET MARKETING may, for example, ask the following to provide services that require the processing of its customers’ personal data:
- service providers helping with customer relationship management (CRM) and web analytics (audience analysis);
- advertising networks, marketing and/or web agencies that create the website for ROCKET MARKETING, advertising, marketing and commercial campaigns;
- third parties that assist and help ROCKET MARKETING to provide IT services (platform providers, hosting services, maintenance and technical support services) for databases, as well as software and applications that may contain data on the customers or prospective customers of ROCKET MARKETING (these services may sometimes require access to the data to fulfil the required tasks);
- payment service providers in order to verify the information when this is required to conclude a contract with the customer (in the case of online payments);
- service providers that have a consulting role for ROCKET MARKETING (auditors, accountants, lawyers, IT consultants, etc.).
ROCKET MARKETING may communicate data to partners in the event that a customer has accepted to receive communications or commercial prospections from ROCKET MARKETING partners via the dedicated subscription/opt-in process. In this case, the data are processed by the partner acting as data controller under its own conditions and in compliance with its privacy policy.
ROCKET MARKETING may also communicate data to third parties:
- if it is required to disclose or share data to:
- comply with a legal obligation,
- ensure compliance with its Terms of Service,
- protect its rights, intellectual property or security, or those of its customers or employees,
- if it has the consent of the data subject,
- if the law stipulates.
Duration of data storage
ROCKET MARKETING only stores personal data for the time needed to carry out the operations for which it has been collected and in accordance with current regulation.
The natural person is also informed that ROCKET MARKETING will store the data supplied based on the criteria and recommendations of the CNIL (French Data Protection Authority) available in its benchmark standard: simplified standard no. 48.
| Purpose of processing | Storage period | Legal basis |
|---|---|---|
| Managing customer and prospective customer files |
General principle: Customers’ personal data cannot be stored beyond the storage period strictly necessary for the management of the commercial relationship, except the data needed by the establishment as proof of a right or contract that may be archived in accordance with the provisions of the French Commercial Code (Code de commerce) on the storage period of books and documents created over the course of commercial activities and the French Consumer Code (Code de la consommation) on the storage of contracts concluded electronically. |
Simplified standard no. 48 |
| The contracts concluded between professionals or between professionals and non-professionals | 5 years | Article L110-4 of the French Commercial Code (Code de commerce) Simplified standard no. 48 |
| Invoice management | 10 years | Article L123-22 subparagraph 2 of the French Commercial Code (Code de commerce) Simplified standard no. 48 |
| Accounting and in particular the management of customer accounts | 10 years | Article L123-22 subparagraph 2 of the French Commercial Code (Code de commerce) Simplified standard no. 48 |
| Management of a customer file | Customer data is stored throughout the period of the commercial relationship. It may be stored for commercial prospection purposes for a maximum duration of 3 years from the date of the end of this commercial relationship | Simplified standard no. 48 |
| Establishment and management of a prospective customer file | 3 years from the date it is collected by the data controller or the date of the last contact with the prospective customer | Simplified standard no. 48 |
| Audience measurements | The information stored in the users’ terminals (e.g. cookies) or any other element used to identify the users and enabling them to be tracked must not be kept longer than 13 months | Simplified standard no. 48 |
| Managing a newsletter | Until the data subject unsubscribes | Article 6-5° of the amended law no. 78-17 |
| Sending solicitations (emails, telephone calls, faxes, SMS, etc.) | 3 years from the date it is collected by the data controller or the date of the last contact with the prospective customer | Simplified standard no. 48 |
| Managing an opt-out list | 3 years from the date added to the list | Simplified standard no. 48 |
Physical and logical security of personal data
ROCKET MARKETING determines and implements the necessary means for the protection of personal data processing systems to prevent any malicious intrusion and any loss, alteration or disclosure of data to any unauthorized persons.
ROCKET MARKETING has therefore created and regularly updates its personal data processing registers which list the technical and operational security measures taken.
ROCKET MARKETING determines and implements measures guaranteeing data confidentiality such as through awareness campaigns for its employees and recommendations of good practices as regards the use of their computer workstations.
ROCKET MARKETING requires its IT service providers to present adequate guarantees to ensure the security and confidentiality of personal data.
It ensures that IT service providers take all necessary action to prevents the disclosure or alteration of data, ensures no maintenance work is carried out without their supervision and return the data at the end of the contract.
Data transfer - data storage location
Wherever possible, ROCKET MARKETING commits not to transfer the data of natural persons outside the European Union.
However, in certain cases, data may be transferred or accessible and/or stored in countries outside the European Union.
It may also be processed by employees of ROCKET MARKETING or by technical service providers working outside the European Union.
ROCKET MARKETING will only transfer data outside the European Union securely and in accordance with current legislation.
In accordance with the provisions of Articles 44 et seq. of the GDPR, ROCKET MARKETING chooses to work with service providers based outside the European Union that, depending on the situation:
- comply with the conditions laid down in this policy;
- have regulation ensuring an adequate level of protection;
- are already on the register maintained by the United States administration and comply with the obligations and guarantees laid down by the “Privacy Shield”;
- include in their contracts or agree to sign the standard contractual clauses adopted by the European Commission.
To find out more, the natural person can contact ROCKET MARKETING at dpo@reech.com or by post at: 46 place Jules FERRY 92120 MONTROUGE FRANCE.
Rights of the data subject
Right of access, rectification, restriction and deletion
In accordance with the amended French law “Informatique et Libertés” of 6 January 1978 and the General Data Protection Regulation, any natural person has a right:
- to access his or her data (limited to two access requests per year and subject to proving his or her identity),
- to rectify data,
- to delete information concerning him or her under the conditions laid down in Article 17 of the General Data Protection Regulation,
- to restrict processing,
- to give general and specific instructions defining what happens to these rights post mortem.
Right to object
The natural person also has the right to object at any time to the processing of his or her personal data or the use of this data for commercial prospecting or profiling purposes.
Right to the portability of data
When processing is based on the consent of the natural person or a contract and it is done by automated processes, the data subject has a right to the portability of this data. In accordance with Article 20 of the GDPR, the data subject has the right to obtain the personal data concerning him or her that he or she supplied to ROCKET MARKETING with a clear structure, easily useable and legible by a machine, and has the right to transmit this data to another data controller without any obstacles created by ROCKET MARKETING, to which the data was supplied.
Right to lodge a complaint with the CNIL (French Data Protection Authority)
Lastly, the data subject may, where appropriate, lodge a complaint with the CNIL (French Data Protection Authority) (https://www.cnil.fr/fr/plaintes). To do so, he or she may contact the CNIL by post or telephone (details are provided in French here: https://www.cnil.fr/fr/vous-souhaitez-contacter-la-cnil).
He or she can exercise these rights by proving his or her identity and contacting ROCKET MARKETING at dpo@reech.com or by post at: 46 place Jules FERRY 92120 MONTROUGE FRANCE.
Processing social media data
ROCKET MARKETING uses YouTube API Services and agrees to Google’s privacy policy.
Customers of ROCKET MARKETING may grant the company access to their private statistical data through social media platforms’ APIs like YouTube and Facebook. This data enables ROCKET MARKETING to supply its customers with in-depth audience analyses and content performance.
Customers agree to be bound by YouTube’s Terms of Service should they grant ROCKET MARKETING access to their private statistical data through YouTube API Services.
Customers of ROCKET MARKETING may request the deletion of authorized data via dpo@reech.com and may also revoke access to this data via the Google Security Page for authorized data for YouTube and Google Analytics.
Some of our customers
