Privacy Policy Update: 21 August 2018

Aware of the importance of ensuring data confidentiality, ROCKET MARKETING is making strong commitments regarding the protection of personal data.

The purpose of this privacy policy is to inform any natural person of the commitments and measures taken to ensure the protection of personal data.

This approach is part of the personal data protection scheme:

  • the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016,
  • the French Loi Informatique et Libertés law No. 78-17 of 6 January 1978 amended by the law No. 2018-493 of 20 June 2018.

This privacy policy may change depending on the legal and regulatory context and the doctrine of the Commission nationale de l’informatique et des libertés - CNIL (French Data Protection Authority).

Scope

This privacy policy applies to prospective customers, Advertisers and/or Influencers of ROCKET MARKETING.

Data Controller

The controller of personal data is the company ROCKET MARKETING.

ROCKET MARKETING
46 place Jules FERRY 92120 MONTROUGE FRANCE
RCS NANTERRE 791 012 131
Intra-Community VAT No.: FR81791012131
+33 (0)1 84 20 24 89
contact@reech.com

Information pertaining to ROCKET MARKETING is available in its Legal Notices.

Data Protection Officer

ROCKET MARKETING has appointed a Data Protection Officer (DPO), who can be reached at the following email address: dpo@reech.com.

His or her role is to ensure compliance with the provisions of the regulation on the protection of personal data.

He or she is consulted by ROCKET MARKETING before any data processing. He or she draws up a list of any processing of personal data by ROCKET MARKETING as and when it is done.

The Data Protection Officer ensure that individuals’ rights are respected (right to access, rectification, object, deletion, restriction of processing and portability).

If difficulties exercising these rights are encountered, the data subjects may contact the Data Protection Officer by email at dpo@reech.com.

Data collected - purposes - legal basis for this processing


What is personal data?

“Personal data” refers to any information that can identify either directly (e.g. a first or last name) or indirectly (e.g. through pseudonymous data such as a unique identifier) any natural person.

Personal data includes information such as postal or email addresses, mobile phone numbers, usernames, professional information or financial data. Personal data may also include numeric identifiers such as a computer’s IP address or the MAC address of a mobile device, as well as cookies.


How is personal data collected?

ROCKET MARKETING undertakes only to collect data strictly necessary for the purpose of the processing done.

Data collected by ROCKET MARKETING may be obtained, depending on the situation:

  • directly from the prospective customer or customer:
    • during professional encounters (events, trade shows, conferences),
    • during telephone or electronic (email) communication,
    • via its website or SaaS platform through collection forms completed by the data subject (creating an account, subscribing to services, satisfaction questionnaires, reviews, surveys, etc.);
    • when agreeing to the terms of services and/or a sale;
    • via the pages devoted to the services of ROCKET MARKETING on social media platforms;
    • via other commercial documents (quotations, purchase orders, etc.);
  • indirectly:
    • via the data subject’s blog;
    • via the use of cookies to better understand how the site and platform are used by the natural person;
    • on social media platforms via publisher APIs (YouTube, Twitter, Facebook, etc.);
    • via third parties (partners, Advertisers or customers of ROCKET MARKETING).

ROCKET MARKETING informs the data subject on the collection form that the data requested are mandatory to provide its service. Where appropriate, the term “optional” is stated. Failure to complete the mandatory fields may affect the ability of ROCKET MARKETING to offer its products and services to its customers or prospective customers.


What is the legal basis for processing personal data?

Based on the purpose for which the data is used, the legal basis for processing personal data may be:

  • consent;
  • the legitimate interest of ROCKET MARKETING which may consist in:
    • the improvement of its products or services, including understanding its customers’ needs and tailoring its products or services to these needs,
    • the prevention of fraud,
    • securing tools (ensuring data protection and security, ensuring that they function properly and are constantly improved),
  • the performance of the contract concluded with the customer (e.g. in order to create an Influencer account or assist an Advertiser during a specific communication operation);
  • the compliance of a legal obligation when the legislation in force requires the processing of data.

In cases where the processing of data is based on consent, the natural person, and in particular the minor, may withdraw his or her consent at any time provided it is not information that governs the application of a contract.

Purpose Data Collected Legal basis for the processing
Connecting Influencers and Advertisers
Creating and managing an Influencer account on the platform

Identification data:

  • Email address,
  • Pseudonym/character’s name,
  • Gender,
  • Photos,
  • First and last names,
  • Postal address, country,
  • Age,
  • Parental consent (ID and contact details of the parents of the Influencer under the age of 16 years),
  • Email address,
  • Telephone, fax or mobile number,
  • Copy of identity document.

Personal life:

  • Personal history,
  • Unique identifiers of each social media platform or blog URL,
  • Posts on social media platforms and blogs (photographs, videos, texts, various descriptions, links, articles, etc.),
  • Post metadata (location, date, entities identified in the posts, content of the comments, etc.),
  • Performance indicators of posts and social media profiles and blogs (number of followers, likes, shares, views, etc.),
  • Social media profile and blog data (pseudonyms, bio, avatar, links, etc.).

Professional life:

  • Name of the company,
  • Company contact details,
  • SIREN code (French company ID no.), intra-Community VAT no.,
  • Kbis (trade register) extract,
  • Role of the data subject (agent).

Economic and financial information:

  • Bank details,
  • PayPal details,
Performance of pre-contractual measures/contractual performance
Selection of Influencers and proposal of offers

Identification data.

Professional data (messages, conversations, proposed offers).

Connection data:

  • IP address,
  • Logs,
  • Terminal and connection identifiers,
  • Time/date information.
Performance of a contract
Overseeing the proper performance of Deals and posting
  • First name, last name, pseudonym,
  • Email address,
  • Posts on social media platforms and blogs (photographs, videos, texts, various descriptions, links, articles, etc.),
  • Post metadata (location, date, entities identified in the posts, content of the comments, etc.),
  • Performance indicators of posts and social media profiles and blogs (number of followers, likes, shares, views, etc.),
  • Social media profile and blog data (pseudonyms, bio, avatar, links, etc.).
Performance of a contract
Generating an invoice and settlement of earnings or credits
  • First name, last name,
  • Postal address,
  • Name of the company,
  • SIREN code (French company ID no.), intra-Community VAT no.,
  • Company contact details,
  • Kbis (trade register) extract,

Economic and financial information:

  • Bank details,
  • PayPal details,
Performance of a contract
Technical assistance/support
  • First name, last name,
  • Email address,
  • Phone number,
  • Conversations (tickets and exchanges on the platform),
  • Logs and page views by the natural person.
Performance of a contract
Managing unsubscribing and account closures

Identification data.

Professional and personal life data.

Financial data

Performance of a contract
Building a database of influential people on social media platforms

Identification data:

  • Unique identifiers of each social media platform or blog URL,
  • Gender,
  • First and last names,
  • Age,
  • Posts on social media platforms and blogs (photographs, videos, texts, various descriptions, links, articles, etc.),
  • Post metadata (location, date, entities identified in the posts, content of the comments, etc.),
  • Performance indicators of posts and social media profiles and blogs (number of followers, likes, shares, views, etc.),
  • Social media profile and blog data (pseudonyms, bio, avatar, links, etc.).
Legitimate interest
Supporting Advertisers
Request for quotation

Identification data:

  • Gender,
  • First and last names,
  • Postal address,
  • Email address,
  • Email exchanges,
  • Telephone, fax and/or mobile number.

Professional data:

  • Name of the company,
  • SIREN code (French company ID no.), intra-Community VAT no.,
  • Company contact details,
  • Function, position at the company, status at the company,
  • Business sector.
Performance of pre-contractual measures
Preparation of communication operations
  • First name, last name,
  • Email address,
  • Email exchanges,
  • Phone number.
Performance of a contract
Performance of communication operations and connecting with influencers
  • First name, last name,
  • Email address,
  • Email exchanges,
  • Phone number.
Performance of a contract
Tracking communication operations and reporting
  • First name, last name,
  • Email address,
  • Email exchanges,
  • Phone number.
Performance of a contract
Common purposes
Customer invoicing
  • Identification data:
  • Email exchanges,
  • Invoice,
  • Data pertaining to settling invoices: payment methods, approved discounts, receipts, balances and outstanding debt.
Performance of a contract
Managing accounting, litigations, outstanding debts
  • Identification data:
  • Email exchanges,
  • Invoices,
  • Purchasing history,
  • Data pertaining to settling invoices: payment methods, approved discounts, receipts, balances and outstanding debt.
Legal obligation
Creation of commercial statistics
  • First and last names,
  • Phone number,
  • Email address,
  • Postal address,
  • Information on the product or service provided.
Legitimate interest
Management of reviews/surveys Legitimate interest
Commercial communications/newsletter subscription
  • First and last names,
  • Email address,
  • Opening emails and clicking links in the emails.
Legitimate interest for prospective customers, natural persons, professionals
Commercial communication/customer acquisition and retention
  • First and last names,
  • Email address,
  • Opening emails and clicking links in the emails.
Legitimate interest for natural persons, customers (proposal of similar products or services)
Managing an opt-out list
  • Email address.
Legal obligation
Online browsing/securing the platform/technical cookies
  • IP address,
  • Cookies, trackers.
Legitimate interest (for cookies enabling the site’s proper functioning)

Legal obligation (for cookies ensuring the security of the site)
Audience measurements
  • Page views,
  • Unique browser identifier,
  • Type of user,
  • Source of visits,
  • Location (granularity: town),
  • IP (first three octets),
  • Information on the device (OS, browser, resolution),
  • Cookies, trackers.
Consent
Targeted advertising (retargeting)
  • IP address,
  • Cookies, trackers.
Consent
Managing the requests of rights of natural persons
  • First and last names,
  • Postal address,
  • Email address,
  • Copy of identity document.
Legal obligation

Recipients of the personal data


Internal recipients at ROCKET MARKETING

Personal data is communicated within ROCKET MARKETING, its parent company and/or its subsidiaries, where appropriate, in order to fulfil its contractual obligations, comply with its legal obligations, prevent fraud and/or secure its services, improve its services or after receiving consent from the data subject.

Internally, the recipients of the data are the persons responsible for the marketing department and/or sales department, the departments dealing with customer relationship management and prospecting, administrative departments, IT and technical departments and their hierarchical superiors.


External recipients at ROCKET MARKETING

In the context of operations related to connecting Advertisers and Influencers, the data of natural persons may be communicated to Influencers or Advertisers.

In the event of restructuring, a merger, acquisition by a third party, divestiture of a business or assets, ROCKET MARKETING may communicate personal data to the buyer or potential acquirer.

In these cases, the personal data held relating to prospective customers, Advertisers and Influencers may be one of the assets transferred. The buyer, thus the new data controller, will process the data and its privacy policy will govern the processing of personal data.

ROCKET MARKETING does not loan or sell Influencers’ personal data, including for commercial prospecting.

However, personal data may be processed in the name of and on behalf of ROCKET MARKETING by trusted service providers.

In this regards, ROCKET MARKETING ensures that all providers with which the company works, maintains data confidentiality and security.

ROCKET MARKETING may, for example, ask the following to provide services that require the processing of its customers’ personal data:

  • service providers helping with customer relationship management (CRM) and web analytics (audience analysis);
  • advertising networks, marketing and/or web agencies that create the website for ROCKET MARKETING, advertising, marketing and commercial campaigns;
  • third parties that assist and help ROCKET MARKETING to provide IT services (platform providers, hosting services, maintenance and technical support services) for databases, as well as software and applications that may contain data on the customers or prospective customers of ROCKET MARKETING (these services may sometimes require access to the data to fulfil the required tasks);
  • payment service providers in order to verify the information when this is required to conclude a contract with the customer (in the case of online payments);
  • service providers that have a consulting role for ROCKET MARKETING (auditors, accountants, lawyers, IT consultants, etc.).

ROCKET MARKETING may communicate data to partners in the event that a customer has accepted to receive communications or commercial prospections from ROCKET MARKETING partners via the dedicated subscription/opt-in process. In this case, the data are processed by the partner acting as data controller under its own conditions and in compliance with its privacy policy.

ROCKET MARKETING may also communicate data to third parties:

  • if it is required to disclose or share data to:
    • comply with a legal obligation,
    • ensure compliance with its Terms of Service,
    • protect its rights, intellectual property or security, or those of its customers or employees,
  • if it has the consent of the data subject,
  • if the law stipulates.

Duration of data storage

ROCKET MARKETING only stores personal data for the time needed to carry out the operations for which it has been collected and in accordance with current regulation.

The natural person is also informed that ROCKET MARKETING will store the data supplied based on the criteria and recommendations of the CNIL (French Data Protection Authority) available in its benchmark standard: simplified standard no. 48.

Purpose of processing Storage period Legal basis
Managing customer and prospective customer files

General principle:

Customers’ personal data cannot be stored beyond the storage period strictly necessary for the management of the commercial relationship, except the data needed by the establishment as proof of a right or contract that may be archived in accordance with the provisions of the French Commercial Code (Code de commerce) on the storage period of books and documents created over the course of commercial activities and the French Consumer Code (Code de la consommation) on the storage of contracts concluded electronically.
Simplified standard no. 48
The contracts concluded between professionals or between professionals and non-professionals

5 years

Article L110-4 of the French Commercial Code (Code de commerce)
Simplified standard no. 48
Invoice management

10 years

Article L123-22 subparagraph 2 of the French Commercial Code (Code de commerce)
Simplified standard no. 48
Accounting and in particular the management of customer accounts

10 years

Article L123-22 subparagraph 2 of the French Commercial Code (Code de commerce)
Simplified standard no. 48
Management of a customer file

Customer data is stored throughout the period of the commercial relationship. It may be stored for commercial prospection purposes for a maximum duration of 3 years from the date of the end of this commercial relationship

Simplified standard no. 48
Establishment and management of a prospective customer file

3 years from the date it is collected by the data controller or the date of the last contact with the prospective customer

Simplified standard no. 48
Audience measurements

The information stored in the users’ terminals (e.g. cookies) or any other element used to identify the users and enabling them to be tracked must not be kept longer than 13 months

Simplified standard no. 48
Managing a newsletter

Until the data subject unsubscribes

Article 6-5° of the amended law no. 78-17
Sending solicitations (emails, telephone calls, faxes, SMS, etc.)

3 years from the date it is collected by the data controller or the date of the last contact with the prospective customer

Simplified standard no. 48
Managing an opt-out list

3 years from the date added to the list

Simplified standard no. 48

Physical and logical security of personal data

ROCKET MARKETING determines and implements the necessary means for the protection of personal data processing systems to prevent any malicious intrusion and any loss, alteration or disclosure of data to any unauthorized persons.

ROCKET MARKETING has therefore created and regularly updates its personal data processing registers which list the technical and operational security measures taken.

ROCKET MARKETING determines and implements measures guaranteeing data confidentiality such as through awareness campaigns for its employees and recommendations of good practices as regards the use of their computer workstations.

ROCKET MARKETING requires its IT service providers to present adequate guarantees to ensure the security and confidentiality of personal data.

It ensures that IT service providers take all necessary action to prevents the disclosure or alteration of data, ensures no maintenance work is carried out without their supervision and return the data at the end of the contract.

Data transfer - data storage location

Wherever possible, ROCKET MARKETING commits not to transfer the data of natural persons outside the European Union.

However, in certain cases, data may be transferred or accessible and/or stored in countries outside the European Union.

It may also be processed by employees of ROCKET MARKETING or by technical service providers working outside the European Union.

ROCKET MARKETING will only transfer data outside the European Union securely and in accordance with current legislation.

In accordance with the provisions of Articles 44 et seq. of the GDPR, ROCKET MARKETING chooses to work with service providers based outside the European Union that, depending on the situation:

  • comply with the conditions laid down in this policy;
  • have regulation ensuring an adequate level of protection;
  • are already on the register maintained by the United States administration and comply with the obligations and guarantees laid down by the “Privacy Shield”;
  • include in their contracts or agree to sign the standard contractual clauses adopted by the European Commission.

To find out more, the natural person can contact ROCKET MARKETING at dpo@reech.com or by post at: 46 place Jules FERRY 92120 MONTROUGE FRANCE.

Rights of the data subject


Right of access, rectification, restriction and deletion

In accordance with the amended French law “Informatique et Libertés” of 6 January 1978 and the General Data Protection Regulation, any natural person has a right:

  • to access his or her data (limited to two access requests per year and subject to proving his or her identity),
  • to rectify data,
  • to delete information concerning him or her under the conditions laid down in Article 17 of the General Data Protection Regulation,
  • to restrict processing,
  • to give general and specific instructions defining what happens to these rights post mortem.

Right to object

The natural person also has the right to object at any time to the processing of his or her personal data or the use of this data for commercial prospecting or profiling purposes.


Right to the portability of data

When processing is based on the consent of the natural person or a contract and it is done by automated processes, the data subject has a right to the portability of this data. In accordance with Article 20 of the GDPR, the data subject has the right to obtain the personal data concerning him or her that he or she supplied to ROCKET MARKETING with a clear structure, easily useable and legible by a machine, and has the right to transmit this data to another data controller without any obstacles created by ROCKET MARKETING, to which the data was supplied.


Right to lodge a complaint with the CNIL (French Data Protection Authority)

Lastly, the data subject may, where appropriate, lodge a complaint with the CNIL (French Data Protection Authority) (https://www.cnil.fr/fr/plaintes). To do so, he or she may contact the CNIL by post or telephone (details are provided in French here: https://www.cnil.fr/fr/vous-souhaitez-contacter-la-cnil).

He or she can exercise these rights by proving his or her identity and contacting ROCKET MARKETING at dpo@reech.com or by post at: 46 place Jules FERRY 92120 MONTROUGE FRANCE.

Processing social media data

ROCKET MARKETING uses YouTube API Services and agrees to Google’s privacy policy.

Customers of ROCKET MARKETING may grant the company access to their private statistical data through social media platforms’ APIs like YouTube and Facebook. This data enables ROCKET MARKETING to supply its customers with in-depth audience analyses and content performance.

Customers agree to be bound by YouTube’s Terms of Service should they grant ROCKET MARKETING access to their private statistical data through YouTube API Services.

Customers of ROCKET MARKETING may request the deletion of authorized data via dpo@reech.com and may also revoke access to this data via the Google Security Page for authorized data for YouTube and Google Analytics.

Some of our customers

  • LG
  • Unilever
  • Heineken
  • Warner Bros
  • Coty
  • Kellogs