Charter of Protection of Personal Data

EMB is one of the leading information providers for professionals in France and Europe. As such, he collects and processes many personal data on his behalf and that of his customers and business partners.

EMB is strongly committed to the conformity of its systems and practices to the provisions of the European Data Protection Regulation.

The purpose of this personal data charter is to describe the principles implemented by EMB in order to comply with the regulations and to protect the privacy of the individuals whose data is processed.

It also specifies the general framework for the processing of personal data carried out within EMB and, in this sense, aims to provide data subjects with the necessary information to fully comply with the regulations in force.

 

1. HOW ARE THE DATA COLLECTED?

EMB collects data through its activities, some of which identify or make identifiable individuals.

1.1. The legal basis of collection

Legislation lists the legal bases for the collection of personal data, otherwise the legitimate justifications for data collection. These legal bases are explained and / or recalled within the framework of the collections carried out by EMB.

As such, EMB is likely to collect personal data based on:

• the consent of the person concerned;
  NB: In France, the CNIL recognizes two exceptions to prior electronic prospecting consent detailed in an electronic prospecting file dating from October 2016:
  • • in business-to-business relationships, the prior consent of the data subject is not required for commercial solicitations sent to the professional e-mail address as soon as these solicitations relate to the profession of the person in question. This tolerance is called "BtoB exception". The activities of the company EMB being mainly implemented between professionals, the collections are often carried out following prior information.
  • • prior consent is also not required for any solicitation sent to a data subject for services / products similar to those that that person would have already acquired from the same organization.
• the performance of obligations under a contract;
  NB: The collection of personal data of our customers and users is necessary in order to fulfill the terms of the contract (eg subscription, subscription to an online service - free or paid, ...) and ensure the provision of the service subscribed or product acquired by the natural person concerned. Thus, in this context, the consent of the person is not necessary since the processing is related to the performance of the contract.
• the legitimate interest1 of the controller;
  NB: Under certain circumstances, the very nature of the service provided by EMB involves the collection of personal data of its customers and users and the transmission of this information to designated third parties (eg connection services). Such processing related to the legitimate interest of the data controller in this case is considered a reasonable expectation on the part of the data subject with regard to the description of the service provided. Of course, the company EMB constantly assesses whether its legitimate interest is not offset by the interest of the person concerned or the respect of his fundamental rights and freedoms.
• a legal obligation making the treatment compulsory.
  N.B .: The regulatory context of an activity may make certain processing and data transfer mandatory: eg for invoicing products or services, training activities (attendance sheet), etc ...

1.2. Collection methods:

1.2.1. Collection through forms

Access, use, download, purchase or subscription to certain services or certain products involves the collection of personal data concerning the customer prospect or user. In these cases, when filling paper forms, electronic, people transmit information about them. These forms always specify:

• the name of the controller,
• the purposes associated with the collection carried out,
• if the collection is made necessary by the subscription of the service concerned or by the purchase of the contemplated product,
• any other proposed holdings and the legal basis for the collection carried out;
• a reference to the relevant pages of this charter on the procedures for the exercise of rights by natural persons, the contact details of the DPO, the rules concerning the retention period of the data, the terms of complaint to the supervisory authority, etc ...

1.2.2. Collection by means of cookies

The term "cookies" is to be taken in the broad sense: all the tracers deposited and / or read, for example, when consulting a website, reading an email, installing or using a software or mobile application.

The cookies based on a file that can be stored on the user's computer when browsing are intended to simplify browsing sites (automatic authentication, personalization of certain information ...) or customize the advertising appearing when browsing users.

Some cookies are deposited by the company EMB directly during the navigation on one of its sites. The user of the site may at any time oppose the use of these cookies by setting his browser, it being specified that such settings may change the conditions of access to products, content and services that require the use of cookies.

The instructions for setting your browser are given in Appendix 1 of this charter.
In addition, other cookies are deposited by companies outside the company EMB to collect browsing data of users when browsing different sites. EMB works with some of these companies. For more information, users should review the privacy policies of these companies, for example:

• Google Analytics
• Google AdWords
• Criteo
• Facebook
• LinkedIn
• Bing
• ...

In accordance with the legal provisions in force, before depositing or reading a cookie on a user's computer, the company EMB:

• informs Internet users of the purpose of the cookies;
• obtain their consent when it is required;
• tells users how to refuse them.

The cookies and tracers strictly necessary for the provision of a service expressly requested by the user do not require the prior consent of users. For example, the following tracers do not require user consent:

• shopping cart cookies for a merchant site;
• session ID cookies, for the duration of a session, or persistent cookies limited to a few hours in some cases;
• authentication cookies;
• session cookies created by a media player;
• load balancing session cookies;
• certain solutions for analyzing audience measurement (analytics);
• Persistent cookies for customizing the user interface (choice of language or presentation).

Any other cookie requires prior information and a request for consent, for example:

• cookies related to advertising operations;
• social network cookies generated by social network sharing buttons when they collect personal data without the consent of the persons concerned;
• some audience measurement cookies.

In accordance with the recommendations of the CNIL, the collection of consent is done by the appearance of a visible banner on the website which must contain the following information:

• precise purposes of the cookies used;
• the possibility of opposing these cookies and changing the parameters by clicking on a link "learn more and set cookies" present in the banner (with a reference to this paragraph and appendix 1 below);
• the fact that the continuation of its navigation is in agreement with the deposit of Cookies on its terminal.
  In general, if the user shares his computer with other people, he must take care to delete the cookies installed on his computer via the setting of his browser.

1.2.3. Telephone collection

The company EMB performs certain services by telephone and on this occasion can collect personal data. Whenever possible, the telephone contact is confirmed by sending an e-mail allowing the person concerned to keep a written record of the conversation and to exercise his rights at any time.

1.2.4. Indirect collection

EMB can obtain personal data from third parties (see Chapter 5). In such a case, the company EMB:

• establishes a contract with this third party in accordance with the provisions of the Regulation;
• notify the persons of the transfer of their data to EMB under the conditions defined by the regulations;
• indicates in its files the source of the data in order to ensure traceability;
• inform the persons concerned of the procedures for exercising their rights.

 

2. WHAT TYPES OF INFORMATION ARE COLLECTED?

Some of the information collected is "Personal Data", which is data about people who can identify them.
In accordance with the legislation in force, the company EMB has adopted the principle of minimization in the collection and only collects the data strictly necessary for the objective pursued and explained to the natural persons concerned, leaving them any capacity to exercise their rights.
The personal data that may be requested, depending on the nature of the services or products provided, are as follows:

Mainly:

• Your name and contact information, including your email and postal addresses,
• your function,
• your telephone and fax numbers,

where applicable for certain products and services:

• the computer equipment used during navigation,
• information related to your professional background (CV, professional training, distinctions, etc.), your location data,
• your connection and navigation data (IP addresses, logs) etc...

 

3. WHAT ARE THE DATA GIVEN?

3.1. Use of collected data

EMB may use the personal data it holds in order to:

• send commercial information relating to its products, promotions, offers, and other information relating to its products or services tailored to the interests of the persons concerned;
• provide information on the products and offers of third parties - customers or business partners of the company EMB - in relation to the function and / or with regard to an interest identified in relation to the activity of the person concerned or that of the organization to which it belongs;
• Publish paid directories of professionals and decision-makers in order to offer them products and offers related to their functions and / or with regard to an interest identified in relation to the activity of the person concerned or that of the organization to which it belongs.

These personal data will be used by EMB as part of its activities related to the promotion of its own products and services as well as prospecting for third parties. They are used only within the strict limits defined by the legislation in force.

3.2. Terms of sending information

Depending on the contact details that have been collected, EMB and its partners can transmit information by the following means:

• Text message sent to a person (SMS or MMS, notification, e-mail, and / or any other form of e-mail);
• Message via social networks;
• Phone;
• Postal mail;
• Promotional web banner;
• Internet search engine.

3.3. Objectives of the collection

The purpose of the collection is systematically indicated when it is directly carried out by the EMB company and recalled during the data transfer when the collection was carried out by a third party.
The company EMB is likely to use the personal data of a person for the following purposes:

• To register it on its websites and / or information systems and to manage the delivery and billing of services / products provided by EMB;
  Eg: order processing or registration;
• In order to be able to fulfill the obligations incumbent on him under the terms of any contract binding him to the person concerned and in the context of the management of this type of contract;
  Eg: management of user access credentials to software, badges for access to a trade show, etc;
• In order to comply with the legal obligations incumbent upon it;
  Eg: management of participation in a training session: keeping an attendance sheet;
• To monitor, critically review and improve its product and service offering;
• For the purpose of analyzing connection and navigation data in order to deduce a navigation behavior and / or to adapt the proposed content according to the affinities observed;
• To keep records for internal administrative use (customer complaints, loyalty etc...);
• For commercial prospecting purposes on behalf of itself or those of its commercial partners and advertisers, under the conditions defined below in the "Use of collected data" section above;
• For participation in contests, sweepstakes or promotions.

 

4. HOW AND HOW LONG IS THE DATA STORED?

Processing actions are carried out on the data contained in the databases of the company EMB, applying strict control rules, consistent with the state of the art technology and the recommendations of the competent supervisory authority.

4.1. Storage of personal data

EMB takes all necessary precautions to safeguard the security and confidentiality of Personal Data and in particular to prevent it from being distorted, damaged or unauthorized third parties having access to it.
The recommendations of the National Commission Informatique et Liberté are taken into account in the management of security for the entire Group.

4.2. The shelf life of the data and archiving

The shelf life depends on the activity concerned, the nature of the contact (customer or prospect) and the uses of the sector.

• The company EMB keeps some obligatory documents (invoices etc ...) for the legal period of conservation.
• The retention period of personal data is set by default for the entire company EMB for a period of 6 years.
• Some data is kept for a shorter shelf life:
  • • Cookies expire thirteen months after their last update.
  • • Prospect data are deleted beyond 3 years without response to any solicitation.
  • • The CVs of the candidates are kept for a period of 2 years.
• The duration is sometimes linked to the relevance or necessity of its processing: the customer data are kept for the duration of the commercial relationship or the data contained in the directories are kept for the duration of the mandates of the persons concerned.

 

5. WHO ARE THIRD PARTIES WITH ACCESS TO PERSONAL DATA COLLECTED?

The EMB company is likely to transfer the personal data that it collects to various third parties, for example²:

• customers / partners who have subscribed to a service that may involve the collection of users' personal data, in particular as part of a linking request or as part of the creation of a prospecting file;
• service providers, subcontractors and suppliers to perform services on their behalf (eg technical services, payment services, identity verification, suppliers of analytical solutions, chat, services);
• other companies, financial institutions or law enforcement agencies / departments for the purpose of preventing or detecting fraud, where such disclosure is necessary to safeguard the rights of EMB;
• in cases where the law provides for it or at the formal request of an authority (particularly in the context of legal proceedings), public, parapublic or private bodies as part of a public service mission;
• in the event of a merger, acquisition, dissolution or sale of all or part of its assets. The persons concerned will be informed by email and / or by a message prominently displayed on the Group's website (s) of any change of ownership or concerning the uses of personal data and the choices they will have;
• partners in the following uses:
  • • Commercial prospection and marketing analysis;
  • • Enrichment, multi-channel rental;
  • • Recognition, matching and profiling;
  • • Statistical analyzes.

Here is the list of partners with access to the data:

Customer	B2B	B2C
Actiplay		X
Liveramp	X	X
Adl performance		X
Affinicia	X	X
AgenceMD	X
Altares - Managéo	X
Arkeero		X
Base&Co		X
ByPath	X
Cap Adresse		X
Companeo	X
CreditSafe	X
Data Company		X
Digitaleo	X
Editus	X
Edgewhere		X
Idaia Group (Cartegie)	X	X
Inboxed		X
InfoLégale	X
Kompass	X	X
LoudingAds		X
Market Espace		X
Nomination	X
Note Bleue	X
OptinData	X	X
PrismaMedia		X
Publicis ETO		X
Remail Me - CloudMedia	X	X
The Data Factory		X
VerticalMail	X
Vertigo	X	X
W Note	X	X

5.1. Working arrangements with third parties

In the event that personal data are transmitted to a third party for any reason (for example: a subcontracting service, services performed for a client), the company EMB applies the conditions defined by the legislation in force, particularly the information of the persons concerned of this transfer.

EMB ensures that appropriate contractual stipulations between EMB and the third party guarantee that the latter:

• Use personal data only for the purpose specified by it and in accordance with the objectives set out in this charter.
• And has taken appropriate security measures to prevent unauthorized or unlawful processing of personal data, accidental loss or destruction of personal data, or damage to personal data.

 

6. WHO SHOULD CONTACT FOR INFORMATION?

EMB has adapted its organization to meet the requirements of the European Data Protection Regulation and to provide any person with any information on the personal data concerning them collected and on the processing carried out on these data.

6.1 The exercise of the rights of access, opposition, rectification and deletion

Any request related to the exercise of your rights must be sent to the address dpo@emb-europe.com. This request must include a maximum of information so that it can be processed upon receipt within a maximum of two months: for example, individuals must specify the e-mail address requested and for which they send the request to facilitate searches.

6.2 The exercise of the right to be forgotten

Any request for personal data must be sent to the following address: dpo@emb-europe.com.
This request must indicate the reasons for the request. Once the deletion of data has been processed, any request to dereference an article in a search engine must be sent directly to said search engine by the person concerned.

6.3 Data portability

Any request related to the portability of the data must be sent to the DPO of the company EMB which will answer you on the feasibility of such a request.

6.4 Automated processing and profiling

You can request via the following address dpo@emb-europe.com not to be subject to an automated decision, including profiling, the limitation of the processing of data concerning you or to oppose this processing.

6.5 The designation of a Data Protection Officer (DPO) and the use of the supervisory authority

In order to complete this system, EMB has appointed a Data Protection Officer who can be reached at the following address: dpo@emb-europe.com for any question or difficulty concerning the processing of personal data.
Anyone has the possibility to directly contact the National Commission Informatique et Liberté (CNIL).

 

7. IS THE DATA TRANSFERRED OUTSIDE THE EU?

If the EMB company communicates Personal Data to a third party outside the European Union, measures are taken to ensure that the said data will benefit from the same level of protection as that imposed by the European Union on data protection.

As such, the EMB company will ensure that the processing is carried out in accordance with this charter and that it is framed by the standard contractual clauses of the European Commission which allow to guarantee a sufficient level of protection of the private life and the fundamental rights of persons.

 

8. ARE THERE SPECIFIC TREATMENT PROCEDURES?

The company EMB is likely to combine information concerning companies with information entrusted by natural persons under the conditions and for the purposes defined in this charter.

The profiling methods used within the company EMB consist in carrying out manual or automated cross-checks between company files and our contact databases of EMB company (name, function, email address ...), from objective criteria (size, sector, computer equipment ... etc).

 

9. RECRUITMENT

As part of its recruitment policy, EMB collects and stores personal data on potential candidates.

EMB collects the information needed to find the most suitable profiles for positions to be filled in accordance with the law and the rights and freedoms of individuals. The company EMB is prohibited from transmitting to a third party, the CV with the coordinates of a person, without its agreement.
Candidates wishing to modify or delete their personal data from our databases may at any time send an e-mail to dpo@emb-europe.com in the subject line "personal data".

The candidate must ensure the agreement of the persons given by reference to be contacted by the company EMB.

 

10. HOW WILL YOU BE INFORMED OF THE UPDATES OF THIS CHARTER?

EMB may have to modify or update this Personal Data Charter. Any update will be posted where deemed appropriate, so that any user will be notified of the date of the last update.

The most important updates can be the subject of an opinion on the website of the company EMB (www.emb-europe.com) at the latest at the time of entry into force of the said amendments.

 

APPENDIX 1: PARAMETERS OF BROWSERS

The settings may change your access conditions to content and services that require the use of cookies.

If the browser is configured to refuse all cookies, access to all or part of the site may be blocked.

In order to manage cookies as close as possible to the users' expectations, the browser must be set according to the purpose of the cookies.

Internet Explorer
In Internet Explorer, click the Tools button, and then click Internet Options. On the General tab, under Browsing History, click Settings. Click the Show Files button.

Firefox
Go to the Tools tab of the browser and select the Options menu In the window that appears, choose Privacy and click on Show cookies.

Safari
In your browser, choose Edit menu > Preferences. Click Security. Click Show Cookies.

Google Chrome
Click the Tools menu icon. Select Options. Click the Advanced Options tab and navigate to the Privacy section.

1. Recital (47) of Regulation 2016/679: The legitimate interests of a controller (...) may constitute a legal basis for the processing, unless the interests or fundamental rights and freedoms of the data subject prevail, taking into account the reasonable expectations of the data subjects based on their relationship with the controller. Such a legitimate interest could, for example, exist when there is a relevant and appropriate relationship between the data subject and the controller (...). (...) The processing of personal data for the purpose of prospecting can be considered as being done to fulfill a legitimate interest.

2. Recital (48) of Regulation 2016/679: Data controllers who belong to a group of undertakings or institutions affiliated to a central body may have a legitimate interest in transmitting personal data within the organization. group of companies for internal administrative purposes, including the processing of personal data relating to customers or employees.