PRIVACY POLICY.
Introduction
In the context of its activity, COMvergence, a company incorporated under French law and registered in the Versailles Trade and Companies Register under the number: 819 262 270, the registered office of which is located at 49 Rue de Ponthieu, 75008 Paris – (France), processes business data in the Talent Flows Database (TAF).
TAF lists the top decision-makers from the major creative, digital, media agencies and major IT & Marketing Consultancies present globally, hereinafter referred to as “decision-makers.” It is made available to COMvergence’ Clients on a subscription basis. COMvergence’ clients therefore exclusively consist of Advertising Agencies, Media Agencies, Communications Agencies, Marketing Agencies, Digital Agencies, IT & Marketing Consultancies, Media Auditors & Pitch Consultants, Media Owners, and BtoB Marketing Providers.
Three types of data processing are involved:
- The personal data of decision-makers featuring in the TAF Database, produced by COMvergence.
- The personal data of the user of www.COMvergence.net services, identified as Users later in the document.
- The personal data of the people targeted by COMvergence for the purposes of commercial prospecting and marketing purposes, identified as Prospects later in the document.
These provisions present COMvergence’s personal data protection policy, which is the COMvergence’s commitment to respecting the privacy and the protection of the personal data that are collected and processed when using COMvergence’ TAF Database and www.COMvergence.net services.
This policy may be amended in accordance with legal and regulatory changes, in particular those to the French Data Protection Act of 6 January 1978, as amended, relating to information technology, data files and civil liberties, and to the “GDPR” (General Data Protection Regulation) as they currently exist and as they may be amended, and to any other rule, law, recommendation or regulation of the French data protection authority or any competent European supervisory authority.
These Privacy Rules are intended to give you a sign of what information COMvergence collects and why, and how to update, manage, export, and delete it.
Controller – Data Protection Officer (DPO)
COMvergence controller is Olivier Gauthier.
Data produced by COMvergence relating to decision-makers (TAF)
Description of processing
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Data Collected
The personal data collected may include the following:
- Gender, first name, last name
- Present Position
- Country
- City
- Remit
- Job title
- Job description
- Company
- Previous position
Purposes of the collection of personal data
COMvergence collects and uses the personal data of decision-makers for the purposes of its business and for the following purposes:
- Monitoring the TAF Database
- Monitoring the organization chart of decision-makers in the companies studied (Agency, Group, Consultant Profiles) in www.COMvergence.net
COMvergence ensures that the personal data of decision-makers are updated throughout the processing so that they do not become obsolete.
Data retention
COMvergence only retains the personal data of decision-makers for the time needed for the operations for which they were collected and in compliance with current regulations.
Restricted access to personal data
As part of an access management policy, only duly authorized recipients may access the information required for their activity. Indeed, COMvergence defines the access and confidentiality rules applicable to the personal data processed. Access rights are granted corresponding to the position of the user and are updated in the event of a change of role.
Data collection process
The data collection process is based on the following elements PRIVACY AND PROTECTION POLICY
Source of data collected
Direct collection from decision-makers while registering in www.COMvergence.net
Direct collection from key contact while updating www.COMvergence.net Agency, Group, Consultant Profiles
Use of public data:
- Press releases issued when a management position is taken up or there is a change to the organization chart
- Information displayed on the pages of company websites
- Information displayed on business social networks (i.e.: LinkedIn)
Qualification of the data collected
- Initial qualification: All data collected are certified when decision-makers sign in on www.COMvergence.net and or when COMvergence update their Agency, Group, Consultant Profiles.
- Regular qualification: Regularly, COMvergence verifies that the personal data collected are not obsolete. This verification takes the form of a “request to update the users” sent to a key people within the company, and/or a “request to update the Agency, Group, Consultant Profile” to a key contact within the company. These updates about decision-makers’ business contact details, enabling a change in their professional situation to be identified and the data to be updated accordingly.
Right of access to and of rectification of data
COMvergence takes the necessary steps to ensure for decision-makers access to and the rectification, limitation, portability, and erasure of personal data concerning them upon request. Data may be rectified, completed, updated, locked, or erased when inaccurate, incomplete, ambiguous, obsolete or when their collection, use, communication, or retention is prohibited.
In accordance with the French Data Protection Act no. 78-17 of 6 January 1978, as amended, decision-makers have a right to access, rectify and object to information concerning them by contacting: Olivier Gauthier.
Transfers of data collected on decision-makers
The personal data collected on decision-makers are not transferred outside the European Union. All data are processed by COMvergence employees located within the European Union. COMvergence does not use the services of any subcontractors to process personal data.
Data provided by the User/COMvergence’ Client
Description of processing
In the context of the use of the www.COMvergence.net service, the User/COMvergence’ Client may have to enrich his, her or its personal database, hosted on COMvergence’ servers with non-sensitive personal data.
Non-sensitive Data Collected
The personal data enriched by the User/Client may include the following:
- Gender, first name, last name
- Business email address
- Company
- Country
Other data collected:
- Login history
- Usage history
Ownership of data provided by the User/Client
The User/Client, who holds the intellectual property rights to the data, keeps full and exclusive ownership of the data passed on to COMvergence. COMvergence undertakes not to transfer or rent data provided by Users/Clients.
Purposes of the collection of personal data
The data passed on by the User/Client are used in the legitimate interest of the client for the management of its own commercial prospecting and marketing.
Retention of the data provided by the User/Client
COMvergence only keeps personal data passed on by the User/Client only for the time needed for the operations for which they were collected and in compliance with current regulations. Thus, personal data are kept for a maximum period of 6 months from the end of the service contract with the User/Client.
Right of access to and of rectification of data provided by the User/Client
The disclosure to third parties of personal data provided by the User/Client may only occur in the following cases:
- with the authorization of the User/Client certifying that the holder of the personal data has himself/herself/itself authorized that disclosure; (with documentary proof of the identity of the originator, duly authorized by his/her/its Management where appropriate)
- at the request of the legally competent authorities, by judicial requisition, or in the context of judicial litigation
Data transfers
COMvergence refrains from transferring any data provided by the User/Client, except in the express case where the latter exercises his/her/its right to data portability and gives written instructions to COMvergence in that respect.
Liability clause for personal data provided by the User/Client
The User/Client is responsible for the processing of his/her/its personal data within the meaning of Law no. 78- 17 of 6 January 1978 on information technology, data files and civil liberties as amended by the Law of 6 August 2004 and the provisions of the GDPR in this area.
The User/Client guarantees to COMvergence that he/she/it follows legal provisions regarding the collection and processing of personal data, and particularly and non-exhaustively that:
- personal data have been collected and processed in compliance with the provisions of the above- mentioned Law.
- where appropriate, the data holder has authorized collection and processing.
- he/she/it allows the holders of processed data to exercise their individual right of access, rectification, and erasure of their personal information.
- he/she/it undertakes to ensure that information is rectified, completed, clarified, updated, or erased if it is inaccurate, incomplete, ambiguous, obsolete or if the holders wish to prohibit its collection, use, communication, or retention.
Data concerning COMvergence Service Prospects (“Take a Tour”)
Description of processing
To promote and market its COMvergence services, COMvergence may need to use data concerning potential users of its services, i.e. prospects.
Data collected
Data collected on prospects via the “Take a Tour” pop-up on www.COMvergence.net may include the following:
Non-sensitive personal data relating to the User:
- First name, last name
- Company
- Business phone
- Business email address
- Country
Other data collected:
- How did you hear about us?
- Comments
Data transfers
The data collected by COMvergence on its Prospects may be transferred to subcontracting companies that COMvergence may use in the performance of its services. COMvergence ensures that its subcontractors process your data in compliance with the applicable legislation and endeavors to obtain from its subcontractors a privacy and data protection policy that is at least equivalent to its own. The contact details of these subcontractors may be provided on request.
Ownership of data concerning the Prospect
COMvergence undertakes not to transfer or rent data concerning prospects.
Purposes of the collection of data concerning the Prospect
Data collected on prospects may be used to:
- Conduct direct prospecting actions by the sales department
- Conduct commercial prospecting campaigns (email or letter) by the marketing department
Retention of data collected on the Prospect
COMvergence only keeps the data concerning the Prospect for the time needed for the operations for which they were collected and in compliance with current regulations. Thus, the Prospect’s data are kept for a period of 36 months from the last contact between the Prospect and COMvergence.
After that period, they are kept for exclusively statistical purposes and will not be used in any way whatsoever.
Right of access to and of rectification of data
The Prospect may, for legitimate reasons, object to the processing of the data concerning him/her. These requests will be processed within a maximum period of 30 days.
In accordance with the French Data Protection Act no. 78-17 of 6 January 1978, as amended, Prospects may exercise their right to access, rectify and object to information concerning them by contacting: Olivier Gauthier.
Security of personal data
COMvergence places the utmost importance on the security of your Data and takes all proper measures to limit the risks of their loss, damage, or misuse.
To this end, COMvergence ensures the security of the personal data of decision-makers / Users/Clients / Prospects by putting in place data protection reinforced using physical and logical security tools.
COMvergence has taken all necessary precautions to preserve the security of personal data and to prevent them from being distorted or damaged, and from being accessed by unauthorized third parties.
These security measures include the following:
Organizational measures
- Opening of access to COMvergence employees when they are hired and revoking it when they leave the company. Access integrates the management of rights limiting access to data according to the employee’s profile.
- Inactivation of obsolete data over time
- Setting up of secure servers for data exchanges
Logical security measures
- Backup on a dedicated server
- Access to business applications controlled by password login with rights management based on profiles.
- Logging bulk data manipulations
- Logging all data consulted by Clients.
- Advanced authorization management
- Securing of workstations (access to workstations after authentication by login / password) and database access (authentication via dedicated login / password)
- Restriction of access to business tools limited to company premises.
- Daily updating of workstations and anti-virus software on all workstations
- Connections to application tools are TLS or SSH encrypted.
Physical security measures
- Each employee accesses the premises with a personalized badge and within defined time slots.
- Sensitive equipment is locked in a dedicated server room to which only authorized persons have access.
- Building guarded night and day
Data are stored on secure servers and are processed electronically to provide the service subscribed to by the Client and to improve the COMvergence services. The hosting servers on which COMvergence processes and stores the databases of its Clients/Users are located exclusively within the European Union.
Dissemination of the data confidentiality policy
The privacy and data protection policy are given:
- internally to employees annexed to the company’s internal regulations and on the “Public Practical Life Internal Regulations” server
- externally at www.COMvergence.net
Date of last update: September 01, 2023