GDPR compliance and compliance – BtoB automatic growth

Our database is hosted in France on secure servers at OVH.

We have several partner websites from which we collect opt-in data.

All our contacts have a right of inspection and can request to be deleted from our database.

We do not hold sensitive data allowing the clear identification of a natural person (medical data, identity number, personal address, etc.).

A document summarizing the SNCD, the professional organization representing the Data Marketing Industry : (General Regulation on the Protection of Personal Data).

MORE GDPR INFO

• We only work on B2B data, not subject to prior consent as stipulated by the CNIL by the e-Privacy directive, transposed into French law.
• AKIDEL respects the obligation to put an unsubscribe link on each campaign of our customers, to inform the Internet user of the information that we hold, the origin of the collection as well as the deletion of his information that we hold.
• It is also possible to exclude the mail, the domain, the SIRET/SIREN? of the company so as not to prospect them any longer. This function is also accessible for each of our customers.

Over time, after having structured the prospect file, we contact the prospect and inform him of our email marketing activity by email.

Each prospect has the possibility of requesting the total deletion of his data from the database.
Thus, he will never be contacted by our platform again.

The prospect can thus unsubscribe from our list with a simple click.

The RGPD does not force us to authorize it, but just to inform it that it will be prospected.

Ditto, when a client imports his prospecting file, he must certify that he has informed his prospects of his approach.

When unsubscribing, the prospect has the choice to unsubscribe from the client's communication (your communication) or from all of the platform's clients.

UNSUBSCRIBE METHODS IMPLEMENTED

You have the option of customizing the unsubscribe link and setting the text to your liking.

If an unsubscribe link is not detected in your message, we add one automatically with a neutral text of type ??Please do not ask me again: Unsubscribe??

PERSONALIZED MESSAGE TYPE

Neutral message

In accordance with the GDPR (General Data Protection Regulation), you have the option of requesting your unsubscription from this email and exercising your right to withdraw your data by clicking on the following link: Unsubscribe

Message that releases you from the responsibility of the service

You receive this offer whose contact database is provided by the services of AKIDEL.
In accordance with the GDPR, you have the possibility to request your unsubscription from this email and to exercise your right to withdraw your data by clicking on the following link: Unsubscribe

AKIDEL allows you to take advantage of B2B offers. At any time, you can request the deletion of our B2B database by clicking on the following link: Unsubscribe

This commercial offer is sent by AKIDEL, it is possible at any time to request the deletion of our B2B database by clicking on the following link: Unsubscribe.

Further information

The personal data included in our database (surname, first name, civility, function in the company, email address, NAF code, professional telephone number) are intended for the company's customers. AKIDELas well as our services for the operation and updating of the database.

This database comes from teleprospecting or extrapolation from information collected by the company AKIDEL from specialized companies.

This processing is necessary for the legitimate interests pursued by the company AKIDEL . Indeed, the database is necessary for the commercial activity of the company since without contact data, customers could not get in touch with the prospects predicted by the AKIDEL solution. Processing is also necessary for the legitimate interests of the Company's customers AKIDELbecause it allows them to have a relevant and effective prospecting tool.

The data is kept for a period of 1 year.

You can contact the data protection officer of AKIDEL.

 

ISSUES ? ANSWERS

Question : How do you implement prior consent?

Answer  : The GDPR does not require prior consent for B2B prospecting actions as indicated in the detailed article on the CNIL website: Commercial prospecting by e-mail.
Prior consent is not an obligation for the collection of information but a good practice of uses.
Processing is only lawful if and insofar as at least one of the following conditions is met as set out in Article 6 of the GDPR: The CNIL and the European data protection regulation.

One of these conditions is the following: “the processing is necessary for the purposes of the legitimate interests pursued by the controller”. In the case of AKIDEL, this legitimate interest is justified by our activity.

We systematically inform each new contact who enters our database, telling them what data we have collected and how it will be used by our customers and partners.

Question : How is your file made up?

Answers : Our database consists of information that we collect on the web in Open-data as well as legal information data from INSEE, Infogreffe, Bodacc, Legi France, RNCS, the public part of professional directories and social networks?, which we aggregate and structure through our intelligent algorithms.

GDPR and use of data – Contractual clauses

Part 1 – Article 28 – Processor / GDPR

 

When processing must be carried out on behalf of a data controller, the latter only calls on subcontractors who offer sufficient guarantees as to the implementation of appropriate technical and organizational measures in such a way as to that the processing meets the requirements of this Regulation and guarantees the protection of the rights of the data subject.

The Processor shall not engage another Processor without the prior written permission, specific or general, of the Controller. In the case of a general written authorization, the processor informs the controller of any planned changes concerning the addition or replacement of other processors, thus giving the controller the opportunity to raise objections against these changes.

Processing by a processor is governed by a contract or other legal act under Union law or the law of a Member State, which is binding on the processor vis-à-vis the controller, defines the object and duration of the processing, the nature and purpose of the processing, the type of personal data and the categories of data subjects, and the obligations and rights of the controller. This contract or other legal act provides, in particular, that the subcontractor:

1. (a) only process personal data on documented instructions from the controller, including with regard to transfers of personal data to a third country or to an international organisation, unless required to do so under Union law or the law of the Member State to which the processor is subject; in this case, the processor shall inform the controller of this legal obligation before the processing, unless the law concerned prohibits such information for important reasons of public interest;
2. b) ensures that the persons authorized to process the personal data undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality;
3. c) take all measures required under Article 32;
4. d) complies with the conditions referred to in paragraphs 2 and 4 to recruit another processor;
5. (e) take into account the nature of the processing, help the controller, by appropriate technical and organizational measures, as far as possible, to fulfill his obligation to respond to requests made to him by data subjects in to exercise their rights under Chapter III;
6. f) assists the controller in ensuring compliance with the obligations provided for in Articles 32 to 36, taking into account the nature of the processing and the information available to the processor;
7. (g) at the choice of the controller, delete all personal data or return them to the controller at the end of the provision of services relating to the processing, and destroy the existing copies, unless Union law or the law of the Member State requires the retention of personal data; And
8. h) make available to the controller all the information necessary to demonstrate compliance with the obligations provided for in this Article and to enable audits to be carried out, including inspections, by the controller or another auditor it mandated, and contribute to these audits.

With regard to point h) of the first subparagraph, the processor shall immediately inform the controller if, in its opinion, an instruction constitutes a breach of this Regulation or of other provisions of Union law or of Member States relating to data protection.

Where a processor engages another processor to carry out specific processing activities on behalf of the controller, the same data protection obligations as set out in the contract or other legal act between the controller processing and the processor in accordance with paragraph 3, are imposed on that other processor by contract or by means of another legal act under Union law or the law of a Member State, in particular with regard to presenting sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the processing meets the requirements of this Regulation. 

Where that other processor fails to fulfill its data protection obligations, the initial processor shall remain fully liable to the controller for the performance by the other processor of its obligations.

The application, by a subcontractor, of an approved code of conduct as provided for in Article 40 or of an approved certification mechanism as provided for in Article 42 may be used as an element to demonstrate the existence of the sufficient guarantees in accordance with paragraphs 1 and 4 of this article.

Without prejudice to a particular contract between the controller and the processor, the contract or other legal act referred to in paragraphs 3 and 4 of this article may be based, in whole or in part, on the standard contractual clauses referred to in paragraphs 7 and 8 of this Article, including where they form part of a certification issued to the controller or processor pursuant to Articles 42 and 43.

The Commission may establish standard contractual clauses for the matters referred to in paragraphs 3 and 4 of this Article and in accordance with the examination procedure referred to in Article 93(2).

A supervisory authority may adopt standard contractual clauses for the matters referred to in paragraphs 3 and 4 of this Article and in accordance with the consistency control mechanism referred to in Article 63.

The contract or other legal act referred to in paragraphs 3 and 4 shall be in written form, including in electronic format.

Without prejudice to Articles 82, 83 and 84, if, in breach of this Regulation, a processor determines the purposes and means of the processing, he is considered to be a controller with regard to this processing.

Part 2 – Obligations of the Parties 

Each of the Parties shall take, as far as it is concerned, all appropriate measures to ensure compliance with the GDPR and any other applicable regulations and undertakes in particular to:

• Process Personal Data in accordance with the principles and obligations of the GDPR and any other applicable regulations. 
• Include in the processing register the activities carried out under its responsibility.
• Without prejudice to any other obligation resulting from this Contract, comply with Article 28 of the European Regulation relating to the intervention of subcontractors. Each Party remains responsible for the processing activities carried out by a processor.
• Complete the required formalities with the competent national protection authority, in particular consult the authority when the privacy impact analysis carried out reveals that the planned processing will be likely to create a high risk for rights and freedoms of the persons concerned.
• Set the necessary retention period(s) for the Personal Data processed, depending on their purpose, as well as determine the procedures for archiving or erasing them at the end of these periods.
• Ensure that the information notices intended for the persons concerned are made easily accessible and understandable to them and that these notices provide for the categories required by the European Regulation and any other applicable regulations in the matter.
• Respond to complaints from data subjects exercising their rights of access, modification, erasure, limitation, opposition or, where applicable, portability and withdrawal of their consent, in the manner and within the time limits in accordance with the law applies.
• Put in place an internal procedure to identify and manage cases of Personal Data breach and to proceed, when required by applicable law, to the notification of the competent national protection authority and/or persons concerned in the manner and time prescribed by applicable law.
• Take all useful technical and organizational precautions, in particular with regard to the personal nature of the Personal Data that each of the Parties processes respectively and the risks presented by the processing(s), in order to preserve security and maximum confidentiality of this Data and, in particular to prevent it from being distorted, damaged and above all that unauthorized third parties have access to it, in any way whatsoever. 

Obligations of AKIDEL

AKIDEL also undertakes, for the duration of the Contract, to:

• Guarantee the integration, in any communication, of an unsubscribe link allowing the recipient to exercise his right of opposition to being referenced in the AKIDEL Solution (without prejudice to any specific configuration by the client).
  
• Inform the persons referenced in the Solution of the use of their Personal Data, prior to any prospecting which will be carried out by or on behalf of the client in compliance with the conditions of article 14 of the European Regulation.
  
• Obtain the consent of the persons referenced in the Solution, within the time limits and conditions required by the applicable regulations (including the requirements, recommendations and guidelines of any supervisory authority that may rule on the conformity of the Solution and the Services).
  
• Notify the customer without delay in the event of a risk of non-compliance of all or part of the Solution and the Services covered by this Contract.
  
• Maintain the necessary documentation to demonstrate the conformity of the Services, in particular, but not limited to, the consent of the persons concerned to be referenced in the Database and to receive communications of a commercial nature from the Partners of AKIDEL, of which the client is a part.
  
• Inform the client of any request received directly by which a person opposes the use of their Personal Data by AKIDEL for commercial purposes.
  
• Submit to an audit (including an on-site audit) of the client allowing the latter to monitor AKIDEL's compliance with its obligations regarding the protection of personal data, under the conditions of the "Audit" article of this Agreement .
  
• Guarantee and indemnify the customer for any damage resulting from a violation by AKIDEL of its obligations under this Article, without prejudice to any other remedy available under the law or the provisions of this Contract (such as the termination, in whole or part, of the Contract). 

Database Ownership
The Service Provider and its supplier is and remains the sole owner of the Database. 

Database Security
In accordance with the commitments made under the terms of Article 1, the Service Provider undertakes to preserve the integrity, security and confidentiality of the Database. As part of the performance of the Services, the Service Provider will implement the appropriate technical and organizational measures to protect the Personal Data of the Database against accidental or unlawful destruction, accidental loss, alteration , dissemination or unauthorized access, in particular within the framework of the transmission of this Data in a network, as well as against any other form of illicit treatment. 

Personal data
The Parties acknowledge that they are fully aware of the obligations resulting from Regulation (EU) 206/79 of the European Parliament and of the Council of April 27, 2016, which entered into force on May 25, 2018 (hereinafter the "European Regulation") and transposed into law. French by Law No. 2018-493 of June 20, 2018 relating to the protection of personal data and any other regulations applicable in the matter which apply to them in their respective capacity as data controller for the operations they carry out, in complete independence, each in respect of their own activity.

AKIDEL, its suppliers and its subcontractors are responsible for processing the activities carried out within the framework of the management, development, maintenance and hosting of the Solution (database feeding, opposition management, information of persons referenced, functionality allowing the client to cross-reference their push list with the database, etc.).

The client is responsible for processing the commercial prospecting activities carried out from the Solution with the persons referenced in the database.

Use of data by the customer
The client can recover and directly reuse the data transmitted during the monitoring phase and the analysis of the results of the campaigns. It is up to him to contact directly - without going through the services of AKIDEL - the email lists transmitted. However, the customer cannot hold AKIDEL responsible for any practice of the customer that does not comply with the regulations in force, and in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, relating to the protection of persons. with regard to the processing of personal data and the free movement of such data, known as the "General Data Protection Regulation" or "GDPR" 

AKIDELa has the right to integrate into its mailing bases, the emails sent by the customer for later reuse in a mailing campaign unless the customer explicitly refuses it. AKIDEL must respect the GDPR.

AKIDEL puts in place a set of technical constraints, documentation and information available to the customer in the context of compliance with the GDPR. In this context, the client being in total autonomy in his prospecting and his digital communication, takes all the responsibility RGPD and must be compliant in all these actions. 

In the event of non-compliance by the customer with the provisions of the GDPR, AKIDEL cannot be held responsible. 

In the event of non-compliance by the customer with the provisions of the GDPR, the customer account may be suspended in the event of refusal to comply.