Regata is a service provider in the field of advertising to professionals and the general public worldwide. As such, it collects and processes a large amount of personal data on behalf of itself and its clients and business partners. Regata is strongly committed to ensuring that its systems and practices comply with the European Data Protection Regulation.
It also specifies the general framework of the processing of personal data carried out within Regata and, in this sense, aims to provide the persons concerned with the information necessary for full compliance with the regulations in force.
How is the data collected? Regata collects, through its activities, data, some of which allow to identify or make identifiable natural persons.
1.1. The legal basis for the collection The legislation lists the legal bases for the collection of personal data, in other words the legitimate justifications for collecting data. These legal bases are explained and/or recalled in the context of the collections made by Regata. In this respect, Regata is likely to collect personal data on the basis of
♦ the consent of the person concerned ; N.B.: in France, the CNIL recognizes two exceptions to prior consent in electronic prospecting detailed in a sheet on electronic prospecting dated October 2016:
In relationships between professionals, the prior consent of the data subject is not required for commercial solicitations sent to the professional email address as soon as these solicitations are related to the profession of the person in question. This tolerance is called "BtoB exception". The Regata activities are mainly implemented between professionals, the collections are often carried out following a prior information. Prior consent is also not required for any solicitation sent to a data subject for services/products similar to those that this person would have already acquired from the same organization. ♦ performance of obligations under a contract; N.B.: The collection of personal data of our customers and users is necessary in order to execute the terms of the contract (e.g. subscription, subscription to an online service - free or paid,....) and to ensure the provision of the subscribed service or the product acquired by the natural person concerned. Thus, in this context, the consent of the individual is not necessary since the processing carried out is linked to the execution of the contract.
♦ the legitimate interest¹ of the data controller ; N.B.: In certain circumstances, the very nature of the service provided by Regata involves the collection of personal data from its clients and users and the transmission of this information to designated third parties (e.g. matchmaking services). These processing operations related to the legitimate interest of the controller in this hypothesis are considered a reasonable expectation on the part of the data subject with regard to the description of the service provided. Of course, Regata constantly assesses whether its legitimate interest is not outweighed by the interest of the data subject or by the respect of his or her fundamental rights and freedoms.
♦ a legal obligation making the processing mandatory. N.B.: The regulatory context of an activity may make certain processing and transfer of data mandatory: e.g. for the billing of products or services, training activities (attendance sheet), etc...
1.2. Methods of collection : 1.2.1. Collection through forms Accessing, using, downloading, purchasing or subscribing to certain services or products implies the collection of personal data concerning the prospective client or user. In these cases, when filling out paper or electronic forms, people transmit information about themselves. These forms systematically specify:
the name of the person in charge of processing, the purposes associated with the collection made, if the collection is made necessary by the subscription of the service concerned or by the purchase of the product envisaged, the possible other uses envisaged and the legal basis of the collection carried out; a reference to the relevant pages of this charter on the methods of exercising rights by individuals, the contact details of the DPO, the rules concerning the duration of data retention, the methods of complaint to the supervisory authority, etc... 1.2.2. Collection through cookies The term "cookies" is to be understood in the broadest sense: all traces deposited and/or read, for example, when consulting a website, reading an e-mail, installing or using a software or a mobile application. Cookies are based on a file that can be stored on the user's computer during browsing and are used to simplify browsing on the sites (automatic authentication, personalization of certain information, etc.) or to personalize the advertising that appears when users browse.
Instructions on how to set your browser are given in Appendix 2 of this charter. In addition, other cookies are deposited by external Regata companies in order to collect users' browsing data during their navigation on different sites.
To help users detect which cookies may be installed on their computers, some sites, such as YourOnlineChoices, offer tools to list and set your cookies.
Regata primarily uses the following cookies: Audience measurement cookies:
Google Analytics Facebook MailChimp Advertising cookies :
Bing ads Google ads Facebook ads Criteo Appnexus Oath Smart Adserver Outbrain Ligatus Social network cookies :
For Facebook For Twitter For Google + For Linkedin For Yahoo For Youtube In accordance with the legal provisions in force, before depositing or reading a cookie on a user's computer, Regata :
informs the users of the purpose of the cookies obtains their consent when it is required; indicates to users the means to refuse them. Cookies and tracking devices that are strictly necessary for the provision of a service expressly requested by the user do not require the prior consent of users. Thus, for example, the following trackers do not require user consent:
"shopping cart" cookies for a merchant site; session ID cookies, for the duration of a session, or persistent cookies limited to a few hours in certain cases authentication cookies; session cookies created by a multimedia player; load balancing session cookies; certain audience measurement solutions (analytics); persistent cookies used to personalize the user interface (choice of language or presentation). All other cookies require prior information and a request for consent, for example:
cookies related to advertising-related operations; social network cookies generated by social network sharing buttons when they collect personal data without the consent of the persons concerned; certain audience measurement cookies. In accordance with the recommendations of the CNIL, the collection of consent is done by the appearance of a visible banner on the website which must contain the following information:
the precise purpose of the cookies used; the possibility of opposing these cookies and changing the parameters by clicking on a link "to know more and to parameterize the cookies" present in the banner (with a reference to the present paragraph and to appendix 1 below); the fact that the continuation of his navigation implies his agreement to the deposit of Cookies on his terminal. In general, if the user shares his computer with other people, he must ensure that he deletes the cookies installed on his computer via the settings of his browser.
1.2.3. Collection by telephone Regata performs certain services over the telephone and may collect Personal Data in the process. Whenever possible, telephone contact is confirmed by sending an e-mail, thus enabling the person concerned to keep a written record of the conversation and to exercise his or her rights at any time.
1.2.4. Indirect collection Regata may obtain personal data from third parties (see chapter 5). In such a case, Regata :
establishes a contract with that third party in accordance with the provisions of the Regulation; notifies individuals of the transfer of their data to Regata under the conditions defined by the Regulation; indicates in its files the source of the data in order to ensure traceability; inform the persons concerned of the modalities for exercising their rights. 1.2.5. Collection via the Regata application Regata also collects data when subscribing to a new service via the Regata app. This data is necessary for identification, management of the listed establishments, as well as other information shared when contacting customer service for example.
What types of information are collected? Some of the information collected constitutes "Personal Information", i.e., information about individuals that allows them to be identified. In accordance with the legislation in force, Regata has adopted the principle of minimization in the collection and only collects data that is strictly necessary for the objective pursued and explained to the natural persons concerned, leaving them full capacity to exercise their rights. The personal data that may be requested, depending on the nature of the services or products provided, are the following: Mainly:
Your name and contact details, including e-mail and postal addresses, your job title, your telephone and fax numbers, where applicable for certain products and services:
the computer equipment used during browsing, information about your professional background (CV, professional training, awards, etc.), your location data, your connection and navigation data (IP addresses, logs) etc... What is the purpose of the data collected? 3.1. Use of the collected data Regata may use the personal data in its possession in order to
send commercial information about its products, promotions, offers and other information about its products or services tailored to the interests of the persons concerned; to transmit information on products and offers of third parties - clients or commercial partners of Regata in relation to the function and/or with regard to an identified interest in relation to the activity of the person concerned or that of the organization to which he or she belongs; to publish paid directories of professionals and decision-makers in order to propose products and offers in relation to their functions and/or with regard to an identified interest in relation to the activity of the person concerned or that of the organization to which he or she belongs. This personal data will be used by Regata in the context of its activities relating to the promotion of its own products and services as well as for prospecting on behalf of third parties. It is used only within the strict limits defined by the legislation in force.
3.2 Methods of sending information Depending on the contact details collected, Regata and its partners may send information by the following means
Text message sent to a person (SMS or MMS, notification, email, and/or any other form of electronic message); Message via social networks; Telephone; Postal mail; Web promotional banner; Internet search engine. 3.3 Purpose of the collection The purpose of the collection is systematically indicated when it is directly carried out by Regata and recalled at the time of the transfer of the data when the collection was carried out by a third party. Regata is likely to use the personal data of a person in particular for the following purposes:
In order to register him/her on its websites and/or information systems and to manage the delivery and billing of services/products provided by any Regata company (including the processing of any searches or requests for information about us or our products or services) e.g., processing orders or registration In order to be able to perform its obligations under any contract with the data subject and in the course of administering such contract: E.g.: management of user access identifiers for a software program, access badges for a trade show, etc. For the purpose of complying with legal obligations; E.g.: management of participation in a training session: keeping an attendance sheet For the purpose of monitoring, critically examining and improving its product and service offering; For the purpose of analyzing connection and browsing data in order to deduce browsing behavior and/or to adapt the content offered according to the affinities observed; To keep files for internal administrative use (customer complaints, loyalty, etc.); For commercial prospecting purposes on its behalf or those of its commercial partners and advertisers, under the conditions defined below in the section "Use of collected data"; For the purpose of participation in contests, sweepstakes or promotions. How and for how long is the data stored? Processing actions are carried out on the data contained in the Regata databases, applying strict control rules, in accordance with the state of the art technology and the recommendations of the competent control authority.
4.1. Storage of personal data Regata takes all necessary precautions to preserve the security and confidentiality of Personal Data and in particular to prevent them from being distorted, damaged or accessed by unauthorized third parties. The recommendations of the National Commission for Information Technology and Freedom are taken into account in the management of security.
4.2. Data retention and archiving The retention period depends on the activity concerned, the nature of the contact (customer or prospect) and industry practice. ♦ Regata keeps certain mandatory documents (invoices etc...) for the legal retention period. ♦ The retention period of personal data is set by default for the whole Regata for a period of 6 years. ♦ Some data are kept for a shorter retention period:
Cookies expire thirteen months after their last update. Prospect data is deleted after 3 years without response to any solicitation. Candidate resumes are retained for 2 years. ♦ The duration is sometimes linked to the relevance or necessity of its processing: customer data is kept for the duration of the commercial relationship or data present in directories is kept for the duration of the mandates of the persons concerned.
Who are the third parties with access to the personal data collected? 5.1. Within Regata Regata is composed of companies located in the European Union or not and likely to be communicated personal data coming from another subsidiary of the group, within the framework of its functional organization².
5.2. Outside Regata Regata may transfer the personal data it collects to various third parties such as
customers/partners who have subscribed to a service that may involve the collection of personal data of users, in particular in the context of a request for contact or in the context of the constitution of a prospecting file; service providers, subcontractors and suppliers in order to carry out services on its behalf (for example: technical services, payment services, identity verification, providers of analytical solutions, chat, services); other companies, financial organizations or law enforcement agencies/departments for the purpose of fraud prevention or detection, where such disclosure is necessary to preserve Regata's rights in cases where the law so provides or at the formal request of an authority (in particular in the context of legal proceedings), public, semi-public or private bodies in the context of a public service mission; in the event of a merger, acquisition, dissolution or sale of all or part of its assets. Data subjects will be informed by email and/or by a prominent message on the Group's website(s) of any changes in ownership or uses of personal data and of the choices available to them. 5.3. Working with third parties In the event that Personal Data is transferred to a third party for any reason (e.g. a subcontracting service, services performed for a client), Regata applies the conditions defined by the applicable legislation, including informing the persons concerned of the transfer. Regata ensures that appropriate contractual arrangements between Regata and the third party concerned guarantee that the latter :
Will only use the personal data for the purpose specified by it and in accordance with the purposes set out in this Charter, And will have taken appropriate security measures to prevent unauthorized or unlawful processing of personal data, accidental loss or destruction of, or damage to, personal data. Who can I contact for information? Regata has adapted its organization in order to meet the requirements of the European Data Protection Regulation and to provide all persons with all information on the personal data collected and on the processing carried out on such data. 6.1 exercising the rights of access, opposition, rectification and deletion Any request related to the exercise of your rights must be sent to the address contact@Regata.io. This request must include as much information as possible so that it can be processed upon receipt within a maximum of two months: for example, people must specify the e-mail address requested and for which they are sending the request in order to facilitate research.
6.2 exercising the right to be forgotten Any request concerning a personal data appearing in an article from a magazine published by Regata must be sent to the following address: contact@Regata.io This request must indicate the reasons for the request. Once the deletion of data has been processed, any request to remove an article from a search engine must be made directly to the search engine by the person concerned. Any person may contact the Commission Nationale Informatique et Liberté (CNIL) directly.
Microsoft Internet Explorer Microsoft Edge Apple Safari Google Chrome Mozilla Firefox Opera Recital (47) of Regulation 2016/679: The legitimate interests of a controller (...) may constitute a legal basis for processing, unless the interests or fundamental rights and freedoms of the data subject prevail, taking into account the reasonable expectations of data subjects based on their relationship with the controller. Such a legitimate interest could, for example, exist where there is a relevant and appropriate relationship between the data subject and the controller (...). (...) The processing of personal data for canvassing purposes can be considered as being carried out in order to fulfil a legitimate interest. Recital (48) of Regulation 2016/679: Controllers who are part of a group of undertakings or establishments affiliated to a central body may have a legitimate interest in transmitting personal data within the group of undertakings for internal administrative purposes, including the processing of personal data relating to customers or employees.