The Infopro Digital Group is one of the leaders in data for professionals in France and in Europe. As such, it collects and processes a large amount of personal data for its account, and for those of its clients and trading partners.
The Infopro Digital Group is strongly committed to conforming to European Data Protection Regulations, and ensures that its practices and services are in compliance.
It also defines the general framework of the personal data processing carried out by Infopro Digital Group and, in this sense, its purpose is to provide the persons concerned with the necessary information, completely respecting the current regulation.
1. How is the data collected?
The Infopro Digital Group collects, across all its activities, the data of natural persons that they have identified or that has been permitted to be identified.
1.1. The legal basis for collection
Legislation lists the legal bases for collecting personal data, in other words, the legitimate justification for collecting data. These legal bases are explained and/or recalled in the context of the collections carried out by the Infopro Digital Group.
As such, the Infopro Digital Group is liable to collect personal data based on:
♦ the consent of the person concerned;
♦ the execution of contractual obligations;
N.B.: The collection of the personal data of our customers and users is necessary to execute the terms of the contract (e.g. subscription to an online service – free or paid, etc.) and to assure the provision of the subscribed service or of the product acquired by the concerned natural person. So, in this context, the person’s consent is not necessary since the processing that has been performed is bound by the execution of the contract.
♦ legitimate interest¹ from the person responsible for the processing;
N.B.: In certain circumstances, the essential nature of the service provided by the Infopro Digital Group implies the collection of its customers’ personal data and the transmission of this data to designated third parties (for example, linking services). The processing associated with the legitimate interest of the person responsible for the processing in this scenario is considered a reasonable expectation on the part of the person concerned in view of the description of the service provided. Of course, the Infopro Digital Group constantly evaluates whether its legitimate interest is offset by the interest of the person concerned or by respecting its rights and fundamental liberties.
♦ a legal obligation deems the processing compulsory.
N.B.: The regulatory context of an activity can render certain data processings and transfers compulsory: for example, to invoice products or services, training events (attendance lists), etc.
1.2. Collection methods:
1.2.1. Collecting through forms
The access to, use of, download of, purchase of or subscription to certain services or products implies the collection of personal data concerning the prospective customer or user. In these scenarios, while completing paper or electronic forms, the person provides the related information. These forms systematically specify:
- the name of the person responsible for processing,
- the aim of the collection carried out,
- if the collection is deemed necessary by subscription to the associated service or purchase of the product,
- any other possible uses and the legal basis of the collection carried out;
- a reference to the relevant pages of the current policy, regarding the methods of exercising rights by the natural persons, the details of the DPO, the rules concerning the duration of data conservation, the methods of filing a complaint through the supervisory authority, etc.
1.2.2. Collecting through cookies
The term “cookies” is to be taken in the broader sense: the group of markers left and/or read, for example, when visiting a website, reading an email, installing or using software or a mobile application.
The main goal of the cookies, which based on files stored on the user’s computer while browsing, is to simplify navigation of their websites (automatic authentication, personalisation of certain information, etc.) or to personalise the adverts that appear while the user is browsing.
Indications for configuring your browser can be found in Annex of the current policy.
Moreover, other cookies are left by companies outside the Infopro Digital Group in order to collect user browsing data while they browse different websites. The Infopro Digital Group works with a number of these companies. For more information, users can consult the confidentiality policies of these companies, including:
- Google Analytics
- Google AdWords
In compliance with current legal provisions, before leaving or reading a cookie stored on the user’s computer, the Infopro Digital Group:
- informs the user of the purpose of these cookies;
- obtains their consent when required;
- informs the user of the methods of refusal.
Cookies and trackers that are strictly necessary in order to provide a service expressly requested by the user do not need the user’s prior consent. So, for example, the following trackers do not need the user’s consent:
- “shopping basket” cookies for a retail website;
- “session ID” cookies, for the duration of a session, or persistent cookies that are limited to several hours in certain cases;
- authentication cookies;
- session cookies created by a media player;
- load-balancing session cookies;
- certain audience analysis solutions (analytics);
- persistent cookies for personalising user interface (choice of language or presentation).
All other cookies require advance notification and consent request, for example:
- cookies linked to operations related to advertising;
- social network cookies generated by the social network’s sharing button, when they collect personal data without the consent of the person concerned;
- certain audience analysis cookies.
In compliance with the recommendations of the CNIL, consent is received via a banner that appears on the website which must contain the following information:
- the precise purpose of the cookies used;
- the possibility of opposing these cookies and changing the settings by clicking on a “find out more and configure cookies” link found on the banner (with a reference to the current paragraph);
- the fact that, by continuing to use the site, the user agrees to Cookies being saved on their device.
Broadly speaking, if the user shares their computer with other people, they should ensure to delete the cookies installed on their computer in the browser settings.
1.2.3. Collecting by telephone
The Infopro Digital Group performs certain services by telephone and in this instance can collect personal data. When possible, the telephone contact is confirmed by sending a message allowing the person concerned to keep a written record of the conversation and to be able to exercise their rights at any moment.
1.2.4. Indirect collection
The Infopro Digital Group can obtain this personal data from third parties (see chapter 5). In such instances, the Infopro Digital Group:
- establishes a contract with this third party in compliance with the provisions of the Regulation;
- informs the persons concerned of the transfer of their data to the Infopro Digital Group in the conditions defined by the Regulation;
- indicates in these files the source of the data to ensure its traceability;
- informs the persons concerned of the methods of exercising their rights.
2. What type of information is collected?
Some of the information collected is “Personal Data”, namely data concerning the persons that allows them to be identified.
In compliance with current legislation, the Infopro Digital Group has adopted the minimisation principle when collecting data, and only collects the data from the natural persons concerned that is strictly necessary for the desired and explicit objective, allowing them to exercise their rights in all capacities.
In terms of the nature of the services or products provided, the following personal data is likely to be requested:
- Your name and contact details, including your email and postal address,
- your job,
- your telephone and fax numbers,
When necessary for certain products and services:
- the computer equipment used while browsing,
- information regarding your professional career (CV, professional training, awards, etc.), your location data,
- your connection and browsing data (IP addresses, logs, etc.).
3. What is the purpose of the collected data?
3.1. Use of the collected data
The Infopro Digital Group can use the personal data it possesses to:
- send commercial information related to its products, promotions and offers, as well as other information connected to its products or services adapted to the concerned persons’ areas of interest;
- transmit information about the third party products and offers – Infopro Digital Group’s clients or commercial partners – relating to the function and/or interest identified in relation to the concerned person’s activity or that of the organisation to which they belong;
- edit paid professional and decision-maker directories in order to offer products and offers relating to their functions and/or interest identified in relation to the concerned person’s activity or that of the organisation to which they belong.
This personal data will be used by the Infopro Digital Group as part of its activities in the promotion of its own products and services as well as prospecting third-party accounts. It is only used within the strict limits defined by current legislation.
3.2. Methods of sending information
According to the contact details which will have been collected, the Infopro Digital Group and its partners will be able to transmit information in the following ways:
- Text messages sent to a person (SMS or MMS, notifications, mail and/or all other types of electronic messages);
- Messages via social networks;
- Postal mail;
- Promotional web banner;
- Internet search engine.
3.3. Aims of the collection
The aim of the collection is systematically indicated when carried out by the Infopro Digital Group and recalled when the data is being transferred, if the collection has been undertaken by a third party.
The Infopro Digital Group is liable to use a person’s personal data for the following objectives, in particular to:
- Record the data on its sites and/or information systems and to manage the delivery and invoicing of the services/products provided by Infopro Digital Group (including the processing of all searches or requests for information concerning us or our products or services)
E.g.: processing orders or registration
- Be in a position to fulfill our obligations for all contracts associated with the person concerned, as part of managing this type of contract:
E.g.: managing a user’s software log-in information, entry passes for exhibitions, etc.
- Fulfill its legal obligations;
E.g.: managing the participation of a training session: keeping an attendance list
- Monitor, critically review and improve its offer of products and services;
- Analyse connection and browsing data in order to deduce a browsing behaviour and/or adapt the proposed content by noting interests;
- Keep internal administrative usage files (customer complaints, loyalty, etc.);
- Find potential business customers for its account or those of its business partners and advertisers, in the conditions defined hereafter in the section “Use of the collected data”;
- Participate in competitions, lotteries or promotions.
4. How is the data stored and for how long?
The data found in the Infopro Digital Group’s bases is processed, applying rules and strict checks, complying with the competent supervisory authority’s recommendations and state-of-the-art technology.
4.1. The storage of personal data
The Infopro Digital Group takes all necessary precautions to preserve the security and confidentiality of personal data, and in particular to prevent it from being misrepresented, damaged or accessed by unauthorised third parties.
The recommendations of the National Commission on Informatics and Liberty are taken into account in the Group’s security management.
4.2. Storage period of the data and archiving
The storage period depends on the activity concerned, the nature of the contact (customer or potential customer) and the sector’s use.
♦ The Infopro Digital Group keeps certain compulsory documents (invoices, etc.) for the duration of the legal storage period.
♦ The storage period of personal data is fixed for a default period of 6 years across the entire Infopro Digital Group.
♦ Certain data is kept for a shorter period:
- Cookies expire thirteen months after their last update.
- Prospective customer data is deleted after 3 years if no response to any solicitation has been received.
- Candidate CVs are kept for a period of 2 years.
♦ The duration is sometimes related to the relevance or necessity of the information: customer data is kept for the duration of the commercial relationship, or the data found in directories is kept for the duration of the concerned persons’ mandate.
5. Who are the third parties that have access to the personal data collected?
5.1. Within the Infopro Digital Group
The Infopro Digital Group is comprised of several companies based both inside and outside the European Union, and are liable to convey the personal data from an affiliate of the group, within the framework of its functional organisation².
By way of example, certain processes are carried out by employees of an affiliate of the group in order to perform business support services, market studies or customer services, as well as in terms of account management, both current and future products or services supplied, or to participate in competitions, lotteries or promotions.
Marketing and producing certain of the Infopro Digital Group’s products and services is, in some cases, carried out in a transverse way between several of the group’s entities, with several entities sharing resources to make it possible to outsource or share responsibility of the processing. All intra-group transfers made outside of the European Union are covered by a contract using standard contractual clauses (see chapter 7 below).
5.2. Outside the Infopro Digital Group
The Infopro Digital Group is liable to transfer the personal data it collects to a third party, for example:
- clients/partners who have subscribed to a service that can include the collection of its users’ personal data, in particular as part of a contact request or creating a prospection file;
- providers, subcontractors and suppliers, in order to carry out their services (for example: technical services, payment services, identity check, analytics solutions providers, chat rooms);
- other companies, financial bodies or bodies/services responsible for enforcing the law, preventing and detecting fraud, when this disclosure is necessary to preserve the rights of the Infopro Digital Group;
- in the event that it is required by law, or upon formal demand of an authority (in particular in the context of a legal proceeding), public, quasi-public or private body for the purpose of a public service mandate;
- in the event of a merger, acquisition, dissolution or sale of all or part of its assets. The persons concerned will be informed by email and/or by a prominent message on the Group’s website(s) informing of any changes of ownership or use of personal data, and the choices available to them.
5.3. The methods of working with third parties
In the event of personal data being transmitted for any reason to a third party (for example: outsourcing, services carried out by a client), the Infopro Digital Group applies the conditions defined by current legislation, notably informing the persons concerned of this transfer.
The Infopro Digital Group ensures that the appropriate contractual stipulations between the Infopro Digital Group and the third party concerned guarantee that the latter:
- Will only use the personal data for its specified purpose and will comply with the objectives defined in the context of this current policy,
- And will take all necessary security measure to prevent any unauthorised or illicit processing of the personal data, or its loss, accidental destruction or damage.
6. Who is this information for?
The Infopro Digital Group has adapted its organisation in order to meet the demands of the European Data Protection Regulation and provide the concerned persons with all the information regarding their collected personal data and the processes carried out on it.
6.1. Exercising rights of access, refusal, rectification and removal
All requests related to exercising rights must be sent by email to firstname.lastname@example.org. This request must include as much information as possible so that it can be handled within a maximum of two months of reception: for example, you must specify the email address requested and to which address the requested information will be sent, in order to make the search easier.
6.2. Exercising the right to be forgotten
All requests concerning personal data that appears in magazine articles published by the Infopro Digital Group must be sent by email to email@example.com.
The reasons for the request must be included in the email. Once the data has been removed, any request to remove an article from a search engine must be directly addressed to the stated search engine by the person concerned.
6.3. Data portability
All requests related to data portability must be sent to the Infopro Digital Group’s DPO, who will respond regarding the feasibility of the request.
6.4. Appointing a Data Protection Officer (DPO) and the recourse to supervisory authority
In order to complete this measure, the Infopro Digital Group has appointed a Data Protection Office who can be reached by email at firstname.lastname@example.org for any questions or problems relating to the processing of personal data.
Anyone can directly contact the National Commission on Informatics and Liberty (CNIL).
7. Is the data transferred outside of the EU?
If the Infopro Digital Group passes personal data on to an Infopro Digital Group company or third party based outside of the European Union, measures are taken to assure that the stated data will receive the same level of protection as is imposed by the European Union regarding data protection.
As such, the Infopro Digital Group assures that the process carried out will comply with the current policy and that it will be covered by the European Commission’s standard contractual clauses which guarantee a level of protection sufficient for the person’s private life and fundamental rights.
8. Are there any special processing methods?
The Infopro Digital Group is liable to combine information concerning businesses with information entrusted by natural persons in the conditions and for the purposes defined in the current policy.
The profiling methods used by the Infopro Digital Group include undertaking manual or automatic cross-validation between company files and the Infopro Digital Group’s contact databases (name, job, email address, etc.), as well as objective tests (size, sector, computer equipment, etc.).
In terms of its recruitment policy, the Infopro Digital Group collects and stores personal data concerning potential candidates.
The Infopro Digital Group collects the information necessary to search for the most appropriate profiles for the vacancies, while respecting both the law and the person’s rights and liberties. The Group refrains from sending CVs with personal details to third parties without the person’s consent.
Candidates who wish to modify or delete their personal data from our bases can email email@example.com at any time, indicating “personal data” in the subject line.
The candidate must have the referees’ consent to be contacted by the Infopro Digital Group.
10. How will you be informed of any updates to this policy?
The Infopro Digital Group can be brought to make changes to or update the current Personal Data Policy. All updates will be displayed in an appropriate place so that all users will be informed of the date of the last update.
The most important updates will be the subject of a notice on the Infopro Digital Group’s corporate website (www.infopro-digital.com), at latest when the stated changes come into force.
ANNEX: Browser settings
If the browser is configured to disable cookies, access to all or part of the site could be blocked.
In order to manage cookies in the way that user would like to, the browser should be configured with the aims of the cookies in mind.
In Internet Explorer, click on the Tools button, then on Internet Options.
In the General tab, under Browser History, press Settings.
Click on the View Files button.
In the browser’s Tools menu, select Options.
In the displayed window, click Privacy and then View Cookies.
In the Safari menu, select Preferences.
Click on Show Cookies.
Click on the Chrome menu.
Click Show advanced settings and then choose Privacy.
- 1.Recital (47) of Regulation 2016/679: Legitimate interests of the person responsible for the processing (…) can form a legal basis for processing, unless the interests or liberties and fundamental rights of the person concerned do not prevail, taking into account the reasonable expectations of the persons concerned regarding their relationship with the person responsible for the processing. Such legitimate interest could, for example, exist while a pertinent and appropriate relationship between the person concerned and the person responsible for the processing exists (…). (…) Processing personal data for prospection reasons can be considered as a response to legitimate interest.
- 2.Recital (48) of Regulation 2016/679: The people responsible for processing that are members of a group of companies or establishments affiliated to a central body can have a legitimate interest in transmitting personal data within the group of companies for internal administrative purposes, including the processing of personal data related to the customers or employees.