Preamble

 

This Privacy Policy details SOCIALSHAKER’s (“SOCIALSHAKER”) policy regarding personal data and cookies on the www.socialshaker.com website (the “Site”). This Policy applies to all information provided by you, or collected by us during your browsing on our Site, in accordance with the regulations in force in France regarding personal data as set out in Act No. 78-17 of 6 January 1978 on data processing, files and freedoms, known as the “Data Protection Act” and EU Regulation 2016/679 of 25 May 2018 on data protection called the “DGPS”.

The purpose of this Privacy Policy is:

  • to inform persons accessing the services offered on our Site (hereinafter referred to as “Users”) of the manner in which we collect, use and share their personal data (I);
  • to inform people participating in digital campaigns (hereinafter referred to as “Participants”) about how SOCIALSHAKER collects and processes their personal data on behalf of Users (II);
  • to inform any Internet user browsing the site of the information we collect through “cookies” (III).

Any changes or updates to this Privacy Policy will be brought to your attention. Your active consent to the new Privacy Policy will be required to continue to use the services offered by SOCIALSHAKER.

 

 

SOMMAIRE

I. Processing of users’personal data by Socialshaker as controller
II. Processing of participants’personal data by Socialshaker as a subcontractor
III. Processing of personal data collected through cookies

 

 

I. Processing of users’personal data by Socialshaker as controller

 

1. Who is responsible for processing your personal data?

The controller is SOCIALSHAKER, a company with a share capital of €25,530 registered in the Paris Trade and Companies Register under number 497 805 275, whose registered office is located at 48 rue de Provence, 75009 Paris.

The representative of the SOCIALSHAKER controller is Mrs Alexandra ESCRIBE in her capacity as Director General. His contact details are as follows:

Mrs Alexandra ESCRIBE
48 rue de Provence
75009 Paris
E-mail : [email protected]

 

2. What personal data is collected?

Any information relating to an identified natural person or which can be identified, directly or indirectly, by reference to an identification number or to one or more elements specific to that person shall constitute personal data.
For the provision of its various services SOCIALSHAKER is required to collect your personal data.

By browsing the Site and using the various services offered by SOCIALSHAKER, you consent to SOCIALSHAKER collecting the following categories of data:

  • Marital status: Name, First name, Postal address, Email address, Phone number, language ;
  • Professional life: Sector of activity, Name of your company, Intracommunity VAT number, Email address of the financial service..;
  • Bank data: Credit card number, Expiry date, Cryptogram; This data is not saved on the SOCIALSHAKER platform. They are encrypted and stored on STRIPE (CB number not accessible by SOCIALSHAKER) and are deleted once the transaction is completed, i. e:
    For a single payment: until the provision of the service, increased by the withdrawal period provided for the sale of goods and supplies of services at a distance.
    For a subscription with tacit renewal: until the last payment due date if the subscription is not renewed.
  • Login Data: IP Address, Password, Social Account IDs (Facebook, Google, Linkedin).

(Hereinafter “Personal Data”).

You agree to provide current and valid Personally Identifiable Data as part of the information required on the Site, and warrant that you will not make any false statements or provide any misleading information.

 

3. How is your Personal Information collected?

You consent to SOCIALSHAKER collecting your Personal Information when you provide the following information:

  • Online platform registration form ;
  • Your user profile form ;
  • Subscription form ;
  • Payment form ;
  • Contact form ;
  • Webinar Registration Form ;
  • Registration form for one or more newsletters

You may also provide us with Personal Data about you when communicating with our customer service representatives via live chat on the site (Intercom) or during telephone or email exchanges as part of our customer care.

 

4. For what purposes is your Personal Information collected?

4.1. The mandatory or optional nature of the information requested is indicated by an asterisk at the time of collection. Compulsory Personal Data is data strictly necessary for the processing or your requests; optional Personal Data collected by SOCIALSHAKER is intended to get to know you better and to improve the suitability of our offers to your needs and your browsing experience on the Site.

4.2. Your Personal Data is collected and processed for the following purposes:

  • Creating your User account

In this context, your Personal Data is collected and processed in particular to create authenticated access to SOCIALSHAKER services, to enable you to edit new information about yourself and to create a digital campaign.

  • Subscription to SOCIALSHAKER services

In this context, your Personal Data is collected and processed in order to enable you to subscribe to SOCIALSHAKER’s premium services, create digital campaigns, manage and monitor business relationships, manage and monitor payments, and file contest rules.

  • Contact and assistance

In this context, your Personal Data is collected and processed to guide you in your navigation on the Site, answer your questions concerning the services and products offered by SOCIALSHAKER, and provide you with technical assistance.

  • Registration for a SOCIALSHAKER webinar

In this context, your Personal Data is collected and processed to enable you to participate in training organised by SOCIALSHAKER, to communicate with us about training, and to send you offers on SOCIALSHAKER services and offers.

  • Subscribe to a SOCIALSHAKER newsletter

In this context your Data is collected to enable us to send you information about the services and offers offered by SOCIALSHAKER.
You can withdraw your consent at any time by using the unsubscribe link in the newsletter.

4.3. Your Personal Data is collected and processed on the basis of the following legal grounds:
the execution of the contract concluded between the User and SOCIAL SHAKER (General Conditions of Use; General Conditions of Sale);
the User’s consent (Newsletter registration; Webinar training registration).

 

5. Who has access to your personal data?

5.1. SOCIALSHAKER staff

The Personal Data collected by SOCIALSHAKER are intended for persons duly authorised to process Personal Data within SOCIALSHAKER, in particular, and depending on the nature of the processing and the type of data, the persons in charge of commercial service, customer service, marketing service, administrative service, logistics and IT service.

5.2. SOCIALSHAKER subcontractors

In the exercise of its activities and the provision of its services, SOCIALSHAKER uses subcontractors who process Personal Data on behalf of, on instructions and under the authority of SOCIALSHAKER.

In accordance with the RGPD, SOCIALSHAKER requires its subcontractors to provide sufficient guarantees regarding the implementation of appropriate technical and organizational measures to ensure the security and confidentiality of your Personal Data.

SOCIALSHAKER uses subcontractors located in countries offering an adequate level of protection either because they are subject to the provisions of the GDPR or, in accordance with Article 45 of the GDPR because they benefit from an adequacy decision by the European Commission (i.e. they have been recognised as offering sufficient guarantees by the European Union). This is particularly the case for subcontractors located in the United States who have joined the Privacy Shield.

In cases where SOCIALSHAKER uses subcontractors located in countries offering levels of protection not equivalent to the level of protection of personal data in the European Union, SOCIALSHAKER undertakes to regulate this transfer by signing standard contractual clauses established by the European Commission.

 

6. How long is your personal data kept?

SOCIALSHAKER keeps your Personal Data, in an active database, in a form allowing you to be identified, for the time necessary to fulfil the purposes for which they are collected and processed, such as managing business relations, managing payment or sending newsletters.

Users who have placed an order with SOCIALSHAKER may also keep their data at the end of the commercial relationship for three years for the exclusive purpose of prospecting and reactivating their account at their request. For users who have not placed an order, their data are kept for three years at the end of their collection or the last contact from these users.

Your personal data may also be archived for the time necessary (i) to comply with SOCIALSHAKER’s legal and regulatory obligations, and/or (ii) to enable SOCIALSHAKER to assert a legal claim, and this before being definitively deleted.

You can delete at any time, on the platform, your account or one or more campaigns conducted via SOCIALSHAKER.

 

7. How SOCIALSHAKER ensures the security and confidentiality of your personal data?

SOCIALSHAKER is committed to processing your Personal Data in a:

  • lawful,
  • loyal,
  • transparent,
  • proportionate,
  • relevant,
  • within the strict framework of the aims pursued and announced,
  • for the duration necessary for the treatments put in place,
  • in a secure manner.

SOCIALSHAKER implements and updates appropriate technical and organisational measures to ensure the security and confidentiality of your Personal Data by preventing it from being distorted, damaged or communicated to unauthorised third parties.

In the event of a violation of your Personal Data, SOCIALSHAKER shall notify the CNIL of the violation in question as soon as possible and, if possible, no later than 72 hours after becoming aware of it, unless the violation in question is not likely to create a risk for the rights and freedoms of Users.

When a violation of your Personal Data is likely to create a high risk for the rights and freedoms of a User, SOCIALSHAKER shall inform the User as soon as possible, subject to the exceptions provided for in Article 34 of the DGCP.

 

8. What are your rights on your personal data?

You may, upon written request, access your Personal Data, request its modification or correction, or request to be removed from SOCIALSHAKER’s database.

As regards the right of access, you are authorised, in accordance with Article 15 of the Data Protection Regulation, to ask SOCIALSHAKER to obtain communication of your Personal Data in an accessible form, confirmation that your Personal Data are or are no longer being processed, communication of the purposes of processing, the categories of Personal Data processed and the recipients to whom the Personal Data are communicated and the period for which the Data are to be kept or the criteria used to determine this period.

In accordance with article 16 of the GDPR, the right of rectification gives you the right to require SOCIALSHAKER to rectify, complete or update your Personal Data if they are inaccurate, incomplete, ambiguous or out of date.
Under the conditions laid down in Article 17 of the GDPR, you may also request that your data be deleted.

You may also request that the processing of your personal data be limited under the conditions of Article 18 of the GDPR.

In the circumstances provided for in Article 20 of the GDPR, you may retrieve from SOCIALSHAKER the Personal Data provided by you, in a structured, commonly used and machine-readable format, for the purpose of transmitting them to another controller.

In accordance with article 21 of the GDPR, you have the possibility to object, at any time, to the processing of your Personal Data for commercial prospecting purposes.

To exercise your rights of access, rectification, deletion, limitation, portability and opposition mentioned above, simply send your request by e-mail to the following address:
[email protected]

SOCIALSHAKER shall provide the person exercising one of these rights with information on the measures taken as soon as possible and in any event within one (1) month of receipt of the request. This time limit may be extended by two (2) months, given the complexity and number of requests.

If SOCIALSHAKER does not comply with the request, it will inform the person as soon as possible, and at the latest within one (1) month from receipt of the request, of the reasons for its inaction and of the possibility of lodging a complaint with a supervisory authority and filing a judicial appeal.

The exercise of these rights is free of charge. However, in the event of a manifestly unfounded or excessive request, SOCIALSHAKER reserves the right (i) to require the payment of fees taking into account administrative costs, or (ii) to refuse to comply with such requests.

 

9. What recourse in the event of a breach of your data?

In the event of a violation of Personal Data likely to create a high risk for the User’s rights and freedoms, SOCIALSHAKER will inform the User in clear and precise terms, as soon as possible.

Without prejudice to any other administrative or legal recourse, the User who considers that the processing of his Personal Data constitutes a violation of the provisions of the legislation in force may lodge a complaint with a competent supervisory authority such as the Commission Nationale de l’Informatique et des Libertés (CNIL).

 

10. What data does SOCIALSHAKER not collect?

10.1. SOCIALSHAKER does not collect data from children under the age of 15.

SOCIAL SHAKER is a BtoB platform and is not intended to collect information concerning minors under 15 years of age as long as the Site is not addressed to them. Given the technological means available, SOCIALSHAKER will make reasonable efforts to verify that such data are not collected.

10.2. SOCIALSHAKER does not collect sensitive data

SOCIALSHAKER does not collect sensitive information such as racial or ethnic origin, sexual orientation, state of health, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data.

 

II. Processing of participants’personal data by Socialshaker as a subcontractor

 

NB: We refer to “User” companies that use SOCIALSHAKER to create marketing campaigns of the type in which you have participated.

SOCIALSHAKER allows its Users to create digital campaigns (hereinafter “the Campaign”). These interactive marketing campaigns allow Users (i) to collect personal data from participants (you) in operations launched and disseminated via the platform, and (ii) to track the results of their campaigns and export participation data.

Within the framework of the creation and organisation of the Campaign, the User is responsible for processing the personal data of the Participants in these Campaigns since the User alone determines the purposes and means of this processing. SOCIALSHAKER, which collects and processes the personal data of the Participants on behalf of and on the instructions of the User, acts as a subcontractor.

 

1. Rights and obligations of the User

1.1 In accordance with article 13 of the DSR, the User who collects a Participant’s personal data undertakes to provide the following information:

  • the identity and contact details of the controller and his representative;
  • the contact details of the Data Protection Officer (DPO) if he/she exists;
  • the purposes of the processing for which the data are intended;
  • where appropriate, legitimate interests pursued by the controller or by a third party;
  • the recipients of the data;
  • any data transfers outside the EU;
  • the retention period of the data or at least the criteria for determining it;
  • the existence of the right to ask the controller for access to the data, their rectification or erasure, the limitation of the processing, the right to object to the processing of
  • personal data and the right to object to the processing of personal data.
  • processing and the right to portability of their data;
  • where collection and processing is based on consent, the existence of the right to withdraw consent at any time;
  • the right to lodge a complaint with a supervisory authority;
  • information on the mandatory nature of the information and the possible consequences of failure to provide its data;
  • where appropriate, the existence of an automated decision, including profiling, and useful information about the underlying logic.

All such information shall be made accessible to Participants in a concise, transparent, understandable and easily accessible manner, in clear and simple terms.

1.2. The User declares and guarantees to meet the obligations incumbent upon him with regard to the protection of the personal data of the Participants, and in particular (i) to ensure the lawfulness of the personal data processing which he carries out, (ii) to have put in place all appropriate technical and organisational measures to guarantee the security and confidentiality of these personal data and (iii) to allow the effective and rapid exercise of the Participants’ rights.

1.3. The User undertakes, within the framework of the creation and configuration of the Campaigns, to respect the principles of Privacy by design and Privacy by default laid down by the RGPD, and thus, in particular, to process only the data strictly necessary for the announced and freely consented processing purposes, and to retain personal data only for the time necessary to achieve these purposes.

1.4. When creating a campaign form, the User must ensure that :

  • collect only the personal data strictly necessary for the processing for which they are collected;
  • limit as much as possible the free text areas and customizable fields ;
  • not to collect so-called sensitive information such as racial or ethnic origin, sexual orientation, state of health, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data.

If the User collects personal data from persons under 15 years of age, in accordance with the Data Protection Act No. 78-17 as amended, he undertakes to obtain the joint consent of the minor under 15 years of age and the holder of parental authority (by providing two check boxes).

1.5. The User must provide a statement under his campaign form containing, at a minimum, the following information:

  • The identity of the User as the data controller of the Participants ;
  • The purposes of processing Participants’ data;
  • The rights of Participants over their personal data (access, rectification, deletion, limitation, opposition and portability), as well as the person to contact for any request to exercise these rights ;
  • As well as, if applicable:

The existence of automated decision making (including profiling);
The provision of personal data to business partners.

1.6. The User will be exclusively responsible for any breach of the regulations regarding personal data committed in connection with the creation and configuration of his Campaign via the Site, SOCIALSHAKER incurring no liability in this regard. Similarly, SOCIALSHAKER having neither knowledge nor control over the use made by Users of the personal data of Participants collected via the Site, shall not be held liable for any breach of respect for such personal data committed by the User.

 

2. Rights and obligations of SOCIALSHAKER

2.1. SOCIALSHAKER only collects and processes the personal data of Participants within the framework of the creation, organisation and management of the Campaign created and configured by the User and only for this purpose.

Within this framework, SOCIALSHAKER will carry out the following operations:

  • Hosting and storage of participation data and visualisation of personal data in the SOCIALSHAKER platform;
  • Export data in CSV format to allow customers to retrieve participation data ;
  • Statistical analysis (not individual) to monitor campaign performance;
  • Necessary blocking of the participations according to the geolocation of the IP address and the email of the Participant ;
  • Sending an email to verify the identity of the Participant (optional, active only if the User has subscribed);
  • Audit of the collected data and verification of their conformity (on request of the user).

2.2. SOCIALSHAKER undertakes to process the personal data of Participants only in accordance with the instructions provided by the User in this Privacy Policy.

Taking into account the service proposed by SOCIALSHAKER and the technical specificities of the Site, the User has an important latitude to create and configure his Campaign, without any control or moderation being possible by SOCIALSHAKER. The User must therefore ensure compliance with the regulations applicable to the processing of Personal data.

2.3. SOCIALSHAKER guarantees the security and confidentiality of the personal data of the Participants that it processes on behalf of the User, and undertakes to make available to the User, on request, information concerning the technical and organisational security measures implemented for such processing.

SOCIALSHAKER undertakes to notify the User as the person responsible for processing any violation of the Participants’ personal data as soon as possible after becoming aware of it. This notification is accompanied by any useful documentation likely to enable the User, if necessary, to notify this violation to the CNIL.

It is the User’s responsibility to ensure that the Participants’ rights to their personal data are respected. Nevertheless, SOCIALSHAKER will, as far as possible, assist the User in fulfilling his obligation to comply with requests to exercise the rights of data subjects: right of access, rectification, deletion, opposition, limitation, portability, not to be the subject of an automated individual decision (including profiling).

2.4. In the exercise of its activities and the provision of its services, SOCIALSHAKER has recourse to subcontractors, who process the personal data of the Participants on behalf, on instruction and under the authority of SOCIALSHAKER.

SOCIALSHAKER requires its subcontractors to provide sufficient guarantees regarding the implementation of appropriate technical and organisational measures to ensure the security and confidentiality of the Participants’ personal data.

SOCIALSHAKER uses subcontractors located in countries offering an adequate level of protection either because they are subject to the provisions of the GDPR or, in accordance with Article 45 of the GDPR because they benefit from an adequacy decision by the European Commission (i.e. they have been recognised as offering sufficient guarantees by the European Union).

In cases where SOCIALSHAKER uses subcontractors located in countries offering levels of protection not equivalent to the level of protection of personal data in the European Union, SOCIALSHAKER undertakes to regulate this transfer by signing standard contractual clauses established by the European Commission.
SOCIALSHAKER makes available to Users who so request the list of its subcontractors.

2.5. SOCIALSHAKER will delete all personal data of Participants processed on behalf of the User, at the end of a period of 2 (two) years from their collection (date of creation of the Campaign being proof), unless the User sends him, before the end of this period, a request tending to :

  • retrieve all such personal data; or
  • have all of this personal data transferred to the subcontractor designated by the User.

In any case, the transfer of personal data will be accompanied by the destruction of all existing copies in SOCIALSHAKER’s information systems. The destruction will concern the Campaign created 24 months earlier, as well as all related data.

2.6. SOCIALSHAKER keeps a written record of all categories of processing activities performed on behalf of its Users, including the following information:

  • Name and contact details of the User on whose behalf SOCIALSHAKER acts, its subcontractors and its DPO ;
  • The categories of processing carried out on behalf of the User;
  • Data transfers outside the EU ;
  • The technical and organisational security measures put in place to guarantee the protection of the Participants’ personal data.

SOCIALSHAKER provides the User, upon request, with the necessary documentation to demonstrate compliance with its obligations and to enable audits to be carried out.

 

III/ Processing of personal data collected through cookies

 

Cookies are text files, often encrypted, stored in your browser. They are created when a User’s browser loads a given website: the site sends information to the browser, which then creates a text file.

Each time the User returns to the same site, the browser retrieves this file and sends it to the website server.

Two types of cookies can be distinguished, which do not have the same purposes: technical cookies and advertising cookies.

Technical cookies are used throughout your navigation to make it easier and to perform certain functions. For example, a technical cookie can be used to store the answers given in a form or the user’s preferences regarding the language or presentation of a website, when such options are available.

Advertising cookies can be created not only by the website on which the user navigates, but also by other websites displaying advertisements, ads, widgets or other elements on the page displayed. In particular, these cookies can be used to carry out targeted advertising, i.e. advertising determined according to the user’s navigation.

  • SOCIALSHAKER uses the following technical cookies:
    • Socialshaker newsletter: We use cookies for the controlled display of our newsletter subscription popin to avoid an intrusive display for a user who has already seen it. The closure is stored and the pop in is not displayed for 30 days.
    • Socialshaker Back office user: We use cookies to remember users who have seen and closed the pop ins guide for using our platform.
  • SOCIAL SHAKER does not use advertising cookies or audience measurement cookies.
  • SOCIALSHAKER’s subcontractors use the following cookies:
    • CloudFlare uses cookies to manage the web browser cache of visitors to the Site. This makes it possible to optimize the loading of the pages of our Site at the time of the subsequent visits.
    • WordPress uses cookies to track Site performance, such as loading speeds or page views.
    • Google analytics uses cookies to track visitors and users and to measure audiences on our Site, on our platform and on our apps (launched by our users). The objective is to allow the analysis of visitors’ and users’ navigation in order to allow us to optimize our online tools for our audiences. These cookies are essential for the creation of campaigns on our platform to guarantee the quality of service, as well as participation in campaigns launched by our users.
    • Matomo uses cookies to track the visitor experience and have audience measurements on our apps (launched by our users). The objective is to allow the analysis of visitor navigation in order to allow us to optimize our online tools for our audiences. These cookies are essential for creating campaigns on our platform to ensure quality of service, as well as for participating in campaigns launched by our users.
    • Amplitude uses cookies to track the user experience and the usage rate of our modules and mechanics. These cookies apply only to our Users, not to visitors to the Site, since they only concern activities on the platform and not our Site.
    • Intercom uses cookies to track the progress of Site visitors and Platform Users in order to provide a support service to our Users via a live chat, for a question of traceability and quality of our support service.
    • Segment uses cookies to track visitor and user paths and the usage rate of our modules and mechanics, and to track the use and performance of our tools.
    • Facebook uses cookies to manage the session opened via the Facebook connector, for our Users on the platform or participants in campaigns launched by our Users.
    • LinkedIn uses cookies to manage the session opened via the Linkedin connector, for our Users on the platform or Participants in campaigns launched by our Users.
    • Google+ connect uses cookies to manage the session opened via the Google+ connector, for our Users on the platform or Participants in campaigns launched by our Users.

For more information about third-party cookies placed by our subcontractors, we invite you to refer to their respective cookie policies.

We inform you that the use of cookies may be limited to the duration of your browsing on the Site with automatic deletion when you leave the Site and may not, in any event, exceed a period of use of thirteen (13) months.

We remind you for all useful purposes that it is possible for you to oppose the deposit of cookies by configuring your browser. Indeed, your browser can be configured to automatically accept cookies or refuse them. You also have the ability to disable cookie storage, be alerted when a cookie is issued and view its content and validity period.

Instructions on cookies on the most commonly used browsers are available at the following links :

Windows Internet Explorer®

Mozilla Firefox

Google Chrome

Apple

We remind you that uninstalling a cookie or opposing the installation of cookies on your devices may modify your browsing experience and prevent you from using certain services on the Site.

If you would like more information about Cookies control tools, we invite you to consult the following link.

As a reminder, to exercise your rights of access, rectification, deletion, limitation, portability and opposition mentioned above, simply send your request by e-mail to the following address: [email protected]