SIRDATA PERSONAL DATA PROTECTION AND PRIVACY POLICY
- Latest version date : 2020, December, the 10
Prerequisite
This Privacy Policy details the measures Sirdata undertakes and is committed to respect to ensure protection for the User’s Personal Data with regards to its core activities and for the purposes of audience research and analysis, optimisation and improvement of sites, products and services, targeted and personalised marketing campaigns and fight against fraud.
By browsing this page, the User can access information on:
- The way Sirdata collects Personal Data
- The types of Personal Data collected
- The use and purposes of the Data
- The rights and methods of control available to the User
- The security and confidentiality measures undertaken by Sirdata
This personal data protection and privacy policy (hereinafter the “Policy”) expresses Sirdata’s will and commitment to maintaining the trust of the User. Therefore, Sirdata wishes to draw the User's attention to two essential principles which Sirdata is committed to ensure protection for the Data it processes: transparency and control by the User of their Personal Data.
Purpose of policy
This Policy is important for the User who wishes to have a positive and serene browsing experience. It is also important for Sirdata, anxious to be transparent in the way it collects Data and preserves its confidentiality.
Sirdata wishes to answer in a precise and adapted way the questions and expectations of each one while respecting their choices and their rights. Here, it invites all Users to take the time to discover its practices and the purposes pursued as a Data Controller and more rarely as a Processor, within the meaning of the European Regulation on the Protection of Personal Data (RGPD) and the California Consumer Privacy Act. (CCPA).
In this objective, Sirdata makes a lexicon of terms and a themes section available to the User at the end of the Policy.
In the event of any divergence or inconsistency between the French version and any other language version of this policy or supporting document, the French version will prevail, be deemed authoritative and take precedence.
How Sirdata collects data
Sirdata uses various technologies, including placing Cookies and other similar technologies, to collect and store exclusively not direct Personal Identifiable Information, when a User views the Site of one of our Sites Operators, or uses on of its services. Find out more
When a User views the Site of one of our Sites Operators, or uses one of its services, Sirdata may use Cookies and other similar technologies to manage and store information about privacy notices they have received and their privacy choices and its choices in terms of Tracers and processing of Personal Data. Sirdata does this pursuant to the policies and technical specifications of the IAB Europe Transparency & Consent Framework.
Types of personal data collected
Sirdata collects exclusively non-direct Personal Identifiable Information. It means the Data collected by Sirdata does not enable a User to be identified directly such as the unencrypted collection of their surname, first name, email or even telephone number could allow.
Sirdata does not process any Sensitive Personal Data nor combines any Data to create it. In addition, no category or segment of Data is created to specifically target minors under the age of 18.
User’s Personal Data collected through the Sites of the Sites Operators by Sirdata are mainly browsing, interaction and some demographics Data:
Data Type |
Exemples |
Browsing and interaction Personal Data |
Number of accessed webpages, viewed products, |
Non-nominative demographics Personal Data non directly Identifiable Information. |
The age range, the age or birth date of the User |
Through Sites Operators, Sirdata also collects :
- A hash of the User’s pseudonymized email address forming a technical key associated with cookies. This non-reversible form of encryption does not allow Sirdata to know the email address. Find out more
- The estimation of the User’s geographical information based on the IP address and connections (for example, enabling the detection of the country but no more accurate than the city of connection or the district code). Find out more
The data collected through Sites Operators are pseudonymised, i.e. converted or manipulated via identifiers in the form “c52c40bb75bc6b3209cffac354d81b7a” or “20171120_XXXX6b25e5164555f79bbb95865XXXX” which means that the User cannot be identified directly.
Use and purposes of the data
• By Sirdata
Sirdata is a company specializing in data marketing, whose activity consists primarily of
- Collecting and
- Processing of sociodemographic, browsing and interaction data.
With some information that might seem innocuous, such as product research or the reading of an article on the Site of a Site Operators, Sirdata:
- Analyses, assesses and qualifies the areas of interest or probable intentions of the User.
This enables Sirdata to
- Segment Users according to demographics, interest or intent criteria
- Distribute or make available or allow the use of this information for advertising purposes through Audience Segments to its Customers and Partners, whose purposes are described hereunder. Find out more about Audience Segments
It seems important to specify that Sirdata does not operate any direct marketing operation and does not hold any file containing Directly Identifying Personal Information in its systems on behalf of its Customers or Partners. Sirdata does not send any advertisement and/or marketing offers by email, mail or phone to the Users.
• By Sirdata, its Clients, Partners and Partner’s clients
Sirdata allows its Customers, Partners or the customers of its Partners to enrich their marketing experience and target Users with relevant offers and ads that match their areas of interest.
As a result, the data Sirdata collects then allow its Customers, Partners and their customers to:
- Serve consumers adapted and personalised contents and/or offers through marketing campaigns managed by them or Sirdata and :
- Using Audience Segments Find out more about Audience Segments
- Using audience based on modelling Find out more about Modelled Audiences
- Improve their consumer knowledge and relationship
- Carry out audience analysis and statistical measurements
- Optimise and improve their products and services
- Fight against fraud
For example, when the User browses on a Site, his navigation and interaction data (such as the consultation of a product) may be collected. This data can then be used by Sirdata, its Partners and their clients in subsequent User’s web surfing session to display content and advertisements that match their areas of interest as closely as possible (for example related to the viewed product).
Find out more and consult other examples for data uses
Find out more about our Partners
Across Europe, in accordance with the the General Data Protection Regulation (GDPR) and the ePrivacy Directive, as well as any equivalent European laws or by imposing higher standards of protection, Sirdata relies on User’s consent for the following activities and data processing :
- Store and/or access information on a device (e.g : use of cookies)
- Apply market research to generate audience insights (e.g.: to verify that Sirdata is not mistaken in determining that a User likes “fashion”)
The User’s consent can be expressed and modified at any time through all the methods available to him to exercise his choices… The Site Operators are responsible for obtaining the informed consent of the User prior to the registration and access of Sirdata's Cookies in their Device when they browse their Sites or use their services.
Furthermore, still according to the regulations applicable in Europe, data processing by Sirdata data is sometime based on the legal basis of the legitimate interests, as follows:
- Select and serve basic ads
- Create a personalised ads profile (e.g.: determine from a web navigation that a User enjoys “fashion” to later on serving him a relevant ad)
- Select personalised ads (e.g.: displaying an ad or allowing a partner to send a discount coupon by text for a “fashion” brand to a User who likes “fashion”)
- Select personalised content (e.g.: allowing a merchant site to suggest an item of clothing rather than a refrigerator to a User who has previously allowed Sirdata to determine he likes “fashion”)
- Create a personalised content profile (e.g.: determine from a web navigation that a User enjoys “fashion” to later on suggesting him a relevant content)
- Select personalised content (e.g.: allowing a merchant site to suggest an item of clothing rather than a refrigerator to a User who likes “fashion”)
- Measure campaigns performance (e.g. in order to stop the campaigns if they do not seem relevant to the User)
- Develop and improve products (e.g. so as not to annoy the User with an ad format that unintentionally disrupts his navigation)
The User may oppose it at any time through all the methods available to him to exercise his rights. The Site Operators are responsible for duly and clearly notifying the User of these purposes and such processing and of the use of the legal basis of the legitimate interest, including, where applicable, beforehand and independently of the consent to the storage of the Sirdata Cookies in its Terminal and for the collection of Data when he browses their Sites or uses their services.
In specific countries or under specific agreements with Partners, Clients or Site Operators data processing these purposes can be performed based on the prior consent of the User instead of relying on Sirdata’s legitimate interest.
Finally, for this final category of processing, Sirdata relies on the legal basis of legitimate interest without the possibility of opposition because it is necessary and essential for the proper functioning of its services:
- Provide security, prevent fraud and debug
- Technically deliver the advertisements or content
Rights and methods of control available to users
It is essential for Sirdata to enable the User to make informed choices and exercise their rights in full knowledge of the facts.
RIGHT TO OBJECT
In Europe, Sirdata does not collect nor proceed to any Users Personal Data treatment for its own ends without the User giving its consent prior to it through any mechanisms available on websites of Sites Operators.
This being clarified, if the European User no longer wishes any or all of their Data to be gathered and processed by Sirdata, they can withdraw their consent and exercise their right to object and deactivate the use of tracers and the processing of their Personal Data by Sirdata..
Everywhere else in the world, the User, and even when local regulations do not comply, Sirdata guarantees that the User can also exercise their right to object to deactivate the collection of his personal data by Sirdata.
Sirdata wishes to draw the User’s attention to the following elements:
• Exercising the right to object will not prevent the advertisement at the broad sense. Only advertisement and/or marketing operations using Sirdata’s personalisation services will cease.
In other words, the User will no longer be shown offers that reflects their areas of interest through the use of Sirdata Cookies, but will continue to be shown advertisement and/or marketing offers whose content will no longer necessarily match their areas of interest, and may be dubious.
• The memorization of your choices or the exercising of the right to object proceeds through the placing of an objection cookie saved on the Internet Browser of the User. The exercising of the right to object must be operated on each Device and each Browser the User employs if the latter had previously given his consent to Sirdata on several Browsers and / or several Terminals.
• Deleting Cookies will remove the information needed by Sirdata to memorize the choices and to process the User’s objection. The same may apply when Browsers are changed or updated. If the Cookies are deleted or if the Browsers are changed/updated with deletion of Cookies, the User will therefore have to reconfirm their decision to exercise their right to object.
• By withdrawing their consent or by objecting to the collect of their Data by Sirdata using Cookies, the User is informed that Sirdata’s Partners and Customers will no longer save Cookies on their Device by means of Sirdata. The latter will nevertheless be able to place Cookie without the use of Sirdata. The User can access more information related to personal data protection by Sirdata’s Partners by clicking hereunder.
Sirdata integrates User objection management in California via the IAB Tech Lab CCPA compliance framework.
The User may also exercise their choices directly in their Internet Browser. The procedure for managing Cookies and Cookie preferences varies slightly between Browsers. The User can view the steps for managing cookies in their Browser’s help menu.
For more information with regards to targeted advertising in Europe and how to unsubscribe with their browser or another terminal, the User can access the YourOnlineChoices.com site.
For more information with regards to targeted advertising in the United States and how to unsubscribe with their browser or other terminal, the User can access the DAA verification module and the desactivation of interest-based advertising NAI.
RIGHTS TO ACCESS AND ERASURE
In accordance with the GDPR and the CCPA, Sirdata allows the User the right to access and erase their Data.
Sirdata wishes to draw User’s attention to the fact that it processes exclusively non-direct identifiable Personal Information. It means Sirdata does not process any unencrypted information on the User in its systems such as the first name, last name, postal address nor the email address.
The gathering of Data by Sirdata relies indeed on the placing of Cookie in the User’s Devices.
Therefore, in order to fulfill requests for access and erasure, Sirdata asks the User to provide the relevant credentials listed below using the dedicated form :
1) The Identifier of the Sirdata Cookie.
• The Cookie is not associated with any first name, last name or unencrypted email address but with an identifier that does not allow the User to be directly identified.
• Without this technical information, Sirdata is unable to compare the Data it hold with a User who wishes to exercise a right of access or erasure.
• The User can click here, to find the identifier associated with the Internet Browser of the Device they are currently using.
Identifier of the Sirdata Cookie
2) A statement on their honor that the User is the only one utilising the Device or has the exclusive control over the use of the Device whose Data may have been collected by Sirdata.
• The Device (computer, smartphone, tablet or any connected media) can be of collective use (by the User, their partner, family, friends etc.). Therefore, the Data collected by Sirdata is not necessarily limited to the User’s.
• If it is likely that said Device may have been used by a third party with the User’s agreement or without any objection, the latter must also undertake to obtain the agreement of said third parties in writing for Sirdata to satisfy the request, insofar as said request is likely to reveal information about the browsing history of said third parties.
3) A valid identity credential.
• Without all these information, Sirdata can not ensure of the authenticity of the identity communicated by the User and can not satisfy the request. This is a legal obligation.
Why does the User need to provide Sirdata with all credentials ?
Indeed, Sirdata ensures that User’s Personal Data is processed in strict confidence and implements the necessary or mandatory measures to prevent unauthorised third parties from viewing, using, disclosing, modifying, damaging or destroying said Data.
Erasing by mistake the Personal Data of a User at the request of another User would be a serious breach of the GDPR for example. Thus, in order to protect Privacy everywhere in the world, Sirdata guarantees a right of access, rectification and deletion in accordance with the highest standards in the world such as the GDPR and the CCPA to all users, with the same level of security.
While Sirdata is not able to identify directly the User to satisfy their requests for access and erasure, and in accordance with the regulation, Sirdata makes sure the User prove their identity and that they act within their own rights.
As to illustrate how this procedure is paramount, the User will find hereunder a practical example that Sirdata would like to avoid :
Paul wishes to access the sites viewed by his 23 years old son James, that Sirdata stores and protects and is linked to the cookie on the family computer. He completes and sends over a request to Sirdata using his son’s name James and indicates the identifier of the Cookie saved in the Browser of the family computer. His specific requirement is to be informed about all information related to any browsing behavior Sirdata would have gathered thanks to this Cookie. Sirdata will refuse this request.
Indeed, if Sirdata was to satisfy his request without verifying the identity and statement of honor, James’ Personal Data would be disclosed to his father without his authorisation. Sirdata, on the other hand, will not notify James of his father's move or pass this information on to James if he later requests access himself.
Security and confidentiality measures
• Data Conservation
All the Data collected are retained for a limited time, based on the purposes they were processed for and in accordance with the regulations in effect. Sirdata’s Cookies are valid for a maximum of 365 days.
Sirdata then permanently deletes all Data in its database and storage servers.
• Data Transfer
The Data Sirdata collects may be processed on servers located within or outside the European Union. In the event of a transfer of Data, Sirdata provides guarantees that they are compliant with European Union law and require and ensure that a high level of Data protection is implemented by its Subcontractors, Sites Operators, Partners or Customers around the world. Although no regulations impose it, Sirdata guarantees this level of security for all the Data it stores, transfers and processes around the world. Find out more
• Data Security
Sirdata undertakes to process the Data it collects in strict confidence.
Sirdata places particular importance on the security of the User’s Data by using technologies that provide security in line with the most demanding standards, using SSL, hashing/encryption and firewall technologies.
Sirdata does everything possible to ensure the confidentiality of the Data it collects and to prevent unauthorised third parties from viewing, using, disclosing, modifying, damaging or destroying said Data. Find out more
• Data Sharing and Disclosure
Sirdata does not share the User’s Data with businesses, organisations non-Partner or non-Customer third parties unless it believes that there is a reasonable justification for accessing, using or disclosing said Data:
- To its subsidiaries and service providers
Sirdata may, in the context of its activities, transfer Data to its subsidiaries or Subcontractors that process the Data collected on its behalf, and in accordance with its instructions and this Policy. Under no circumstances may its Subcontractors appoint another Subcontractor without its prior authorisation in writing or use the Data for any purpose other than those described in this Policy.
- In response to a request from an authorised public body
In response to court summons or orders, judicial or administrative procedures or any other request issued by the competent authorities to which Sirdata must submit, or to establish or exercise its rights, or to defend itself against legal proceedings;
To protect itself from any infringement of Sirdata’s or Users’ rights, property or security pursuant to and in accordance with the law;
To avoid, reveal or deal with fraudulent activities, security breaches or any technical problem that might affect Sirdata’s servers.
Other informations
This Policy may be subject to change. Any change to the rules of this Confidentiality Policy will be accessible as soon as it comes into effect on this page.
If, despite the educational efforts deployed in this Personal Data Protection Policy, there are still questions, Sirdata invites Users to take a look at the sections “Lexicon” and “Themes” hereunder for more detailed information about some practical terms or topics.
Otherwise, please contact Sirdata using the following form , and a dedicated team will do its best to answer within a maximum of one month.
Glossary
Lexicon
IP address(es)
means an identification number composed of four series of figures (e.g. 000.000.000.000), which is generally assigned on a temporary basis to a User’s Device by an Internet Service Provider when they connect to the internet, and which Sirdata may store and process when the Device concerned views a Site, in response to statutory obligations or to determine the country in which the connection originated, for example.
Customer(s)
means any one or any company, other than those that make up Sirdata, which uses the provision of Sirdata products and/or services, which allows them to publish an advertisement, an offer, or a personalised message.
Cookie(s)
means a text file that is saved temporarily, subject to the User’s agreement in accordance with the applicable French and/or European legislation, when viewing the Site of one of our Sites Operators. A cookie file allows the issuer to identify the Internet Browser of the Device it is saved on, while the Cookie remains valid or during the period it is saved for.
Personal Data
means, in accordance with the General Data Protection Regulation 2016/679 of 26 April 2017 (“GDPR”), all information that allows a data subject to be identified either directly or indirectly, regardless of the device used by the User. Personal data include sociodemographic, browsing or interaction data relating to a Device’s connection to the internet or a Site at a given moment (IP address, date and time of a Device’s connection to a Site, the identity of the Device or its browsing software, the Browser’s user languages, the type and version of the Browser used by a Device, the operating system used by the Device, etc.).
Sensitive Data
means those Personal Data that reveal a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic status or state of health, or sexual orientation. It is important to specify that Sirdata never processes Personal Data with the aim of deducing Sensitive Data or allowing targeting on Sensitive Data.
Europe
Region of residence of Users to whom two European regulations on privacy apply, the General Data Protection Regulation (GDPR) and the ePrivacy Directive, as well as any equivalent UK laws, namely the United Kingdom and the European Economic Area (EEA), which includes the EU Member States and Iceland, Liechtenstein, and Norway.
Site(s) Operator(s)
means any one or any company other than those that make up Sirdata, with which we have entered into an agreement relating to the provision of Sirdata services, which allows Sirdata to gather Data.
Browser(s) or Internet Browser(s) or Mobile Application (APP)
means a software application for displaying websites, or digital content, download files and carry out searches. There are many different Browsers, for any kind of Device (computer, tablet, phones, etc.) and for any kind of operating system (GNU/Linux, Windows, Mac OS, iOS, Android, etc.). The most popular Browsers are Google Chrome, Mozilla Firefox, Internet Explorer, Safari and Opera.
Partner(s)
means any one or any company other than those that make up Sirdata, with which we have entered an agreement relating to the provision of Sirdata services, which allow Sirdata to distribute Data to its Customer(s) and/or to the Partner’s customers.
Site
means, in accordance with the French Act on Confidence in the Digital Economy no. 2004/575 of 21 June 2004 (LCEN), the transmission of digital data of any kind, which do not represent private correspondence, by an electronic communications process, of signs, signals, texts, images, sounds or images of any kind, implemented by our Sites Operators, to offer Users their products and services.
Sirdata / we / our
means Group companies and the service providers who may, under certain conditions, gather, use, save or share Personal Data that has been created or modified when the User accesses, receives an offer from or visits the Site of one of our Sites Operators.
Subcontractor(s)
means any company that may process Personal Data on behalf of a principal, which is responsible for processing Data. Where Sirdata acts on behalf of a Customer, Sirdata may be a subcontractor. Where a Sirdata service provider acts on behalf of Sirdata and on its instructions, Sirdata is responsible for the Data processed by said service provider subcontractor.
Device(s)
means the hardware (computer, smartphone, tablet and/or all connected devices, etc.) and their software components (operating system, Browser, etc.) that allow the User to access the Site of a Site Operator.
Processing of Personal Data
means any operation(s) applied to Personal Data, in particular collection, saving, organisation, viewing, use, storage, transfer or any means of providing access, limiting, erasure or destruction, comparison or interconnection.
User(s)
means any physical person who accesses, uses, views via a given Internet Browser or is a member of a Site Operator’s department, whose Personal Data of which Sirdata may be required to process Personal Data for its own advertising activities or for the service of its Partners or Customers.
Themes
Cookies and other similar technologies
Cookies and other similar technologies used by Sirdata are text files placed on the User’s Browser which enable to store an identifier in the form 20171120_XXXX6b25e5164555f79bbb95865XXXX, which means the User cannot be identified directly.
The Cookies and other similar technologies enable Sirdata identifying the Internet Browser of the Device in which they are saved (without identifying the individual using the cookie or the tracker), during their period of validity, to save and collect mainly the User’s browsing and interaction Data.
These Cookies and other similar technologies integrate broad categories of information on the User such as the age range and/or the interests.
They are used to improve Users’ browsing experience, for example by offering advertisements that are more appealing because they are based on their preferences.
In short, Sirdata's cookies are a reliable, non-intrusive and privacy-friendly way of "recognizing" the User from one site to another without needing to know who he is or what his name is.
IP adress
To "recognize" the User on different pages or sites, without knowing or identifying him directly, Sirdata may collect and process his IP address.
In such a case, the IP address will not be stored in a clear way, but following a "salting" and "hashing" technique preventing any re-identification by third parties. This pseudonymization technique consists of adding secret characters to an IP address and then transforming the whole into a character string of the form c21c40ff75bc6b3209cfdac354d81b8b.
This process is deemed irreversible: once the IP address has been salted and turned into a hash, it is no longer possible to find the source IP address from the character string.
Direct identification of the User is therefore made impossible.
Hash of email
Sirdata never collects the User’s email address in plain text (i.e. in the form john.doe@sirdata.com; and in absolute terms Sirdata does not manage an email database allowing the sending of advertising by email) but collects only the transformed email address using hash functions.
For technical needs related to the logic of cookies ("recognize" the User without knowing him or directly identifying him) Sirdata asks certain Partners to send it a hashed version of the Users' email address (transformed by means of hash functions).
This technique converts an email address in a character string in the form c52c40bb75bc6b3209cffac354d81b7a, enabling the pseudonymization of the information and creating simply a technical key associated with the User’s Cookie.
This mechanism is deemed one-sided. Once the email address is converted in hash, it is no longer possible to retrieve the source email address based on the character string.
Direct identification of the User is therefore made impossible.
To avoid any doubt, Sirdata does not process any email address that hasn’t been converted in hash in its systems.
Audience segment
An audience segment means a set of Users, segmented by Sirdata in a pseudonymous manner and according to geographic (ie, audiences living in the WC2) demographic (ie, female or male), interest and/or intent criteria.
This segmentation is based on the analysis of Users’ Data, and more particularly their browsing behaviours on the Sites they visit.
By distributing or making these audience segments available to its Customers and Partners, Sirdata allows its Customers and/or Partners’ customers to reach Users with personalised contents and offers.
Modelled Audiences
A modelled audience means a set of Users, created by Sirdata or its Partner(s) in a pseudonymous manner and according to demographic, interest and/or intent criteria.
Based on the behaviour pattern of Users whose demographic criteria, areas of interest or probable intentions have been determined, Sirdata or its Partner(s) can define browsing models to uncover other Users with similar demographic criteria, areas of interest or probable intentions.
This results in Modelled Audiences that allow Customers and/or Partners’ customers to reach Users with personalised contents and offers on a large scale.
Examples of Data uses and purposes
Targeted advertisement
Sirdata uncovers the User’s intent to change, based on their browsing behaviors. Thanks to their Cookie Identifier, the User, when browsing later on, will be shown advertisement for subscription packages, in line with their needs.
The advantage of this personalized advertisment is that the advertiser will be able to propose an offer with high added value to the User, such as a discount voucher or in this case a cheaper unlimited plan or a free smartphone.
Site personalisation
Sirdata uncovers User’s interest for football practice, based on their browsing behavior. Thanks to their Cookie Identifier, Sirdata’s Customer, a web merchant, can offer the User suitable sports articles and ideally on promotion when visiting its website without need for the User to carry out a search..
Customer database enrichment
Thanks to the reconciliation of their hash of email, Sirdata’s Customer, a retail banking business, can offer the User – only if the latter is already in its database and has provided their email address – a personalised insurance package for travelling abroad at the right time.
Sirdata detects about the User, on the basis of his online browsing, an intention to move. Thanks to the reconciliation of Sirdata's information and those held by its Telephone Operator Client, enabled by its hashed email address, the Sirdata Telephone Operator Client can offer the User, if the latter is already present in its customer base, - a loyalty discount and dedicated assistance for installing Internet access in his new apartment.
Sirdata’s Partners
Within the framework of its activities, Sirdata connects to partner technological platforms (Demand Side Platforms, Data Management Platforms, personalisation platforms…)
Sirdata transfers to them Users’ Data for it to be utilised by its Customers or by its Partners’ customers (advertisers, media agencies…). The latter are therefore able to pursue personalised marketing operations.
The User can find some of Sirdata Partners and links to their privacy policy on this page.
Transfer of Data
The Data Sirdata collects may be transferred to countries that are not part of the European Union, in accordance with its Confidentiality Policy. These Data may be transferred to companies within the Sirdata Group but also to its Sites Operators, Partners, Customers and Subcontractors.
Sirdata is aware that personal data protection and privacy standards in countries that are not members of the European Union are different. Since it is likely, in relation to our business, to transfer Data from European residents outside the European Union, Sirdata requires all its Sites Operators, Partners, Customers and Subcontractors to provide an adequate level of protection, in line with that required within the European Union, failing which, no data will be transferred to them.
As Sirdata is committed to providing protection for Users’ Data and compliance with European regulations, an adequate level of protection for Data means that its Sites Operators, Partners, Customers and Subcontractors formally undertake to comply with data protection standards such as compliance with:
– the standard contractual clauses adopted by the European Commission;
– Binding Corporate Rules (BCR).
Data Security
Sirdata implements all the necessary security measures to protect Sirdata and Users from any unauthorised access, damage, disclosure or destruction of the Data it has gathered. Sirdata therefore uses:
– effective technologies, such as encryption, using SSL technology and hashing/encryption; finally, Sirdata has installed firewalls on all its networks to prevent any intrusion from malicious third parties;
– internal and external audits on data collection, storage and processing are carried out regularly in order to check access to its databases and prevent any unauthorised system from accessing Sirdata systems;
– restricted access to the Data collected, so that only Sirdata Group employees and sub -processors employees whose role requires them to view the Data are authorised to access them, in accordance with strict confidentiality obligations to which they are subject, on penalty of proportionate and appropriate disciplinary sanctions.
Location
Sirdata may collect Data relating to the imprecise User’s location through Cookies and other similar technologies.
Sirdata does not perform real-time or delayed geolocation of the user's movements, via the GPS position (s) of the User for example.
Sirdata may be able to deduce the User’s approximate location such as the country, district code or city based on their IP address, although depending on their method of connecting to the internet and Internet Service Provider (ISP), the IP address assigned to their Device may change each time they connect.
This can be used, for example, to determine whether a promotion offered by advertising is formulated in the language of the User and in a country which allows him to benefit from the offer.
This geographic location of the Internet user via the IP address is not more precise than the country of connection, or even the city or district code. For example, it is not possible to know the User's address with this privacy-friendly method.
It is also possible for Sirdata to obtain the zip code of the User based on the information communicated by the latter, when browsing the Site of one of our Sites Operators and in particular, if they have an account where this information has been completed.
Sirdata can know the User's postal code if the latter has provided the information on the Site of one of the Site Operators who shares this information with Sirdata. Sirdata does not collect or process any additional location-related information, such as the exact address of the User.
This Data can be shared to our Customers, Partners and Partners’ customers for the purposes of presenting the User with relevant marketing operation (for example to offer the User situated in the United Kingdom advertisement in English language, or to communicate the User living in the south of London an offer for a local shop) or not to display an advertisement for a gas offer to Users who live in an unserved area.