top of page

Privacy policy

This section explains the rules for implementing personal data processing carried out by choreograph as a part of its business in France and in the United Kingdom.

Concerned about the respect of data protection rules, choreograph undertakes to comply with the provisions of the General Data Protection Regulation EU n°679/2016 of 27 April 2016, entered into force on 25 May 2018, and :

  • For its French business, the French Act n°78-17 of 6 January 1978 on Information Technology and Civil Liberties, and

  • For its UK Business, the Data Protection Act 2018.

1 WHAT IS PERSONAL DATA?

Personal data is defined as any information relating to an identified or identifiable data subject either in a direct or indirect manner by reference to an identifier, such as a name, an identification number, a location data, an online identifier or to one or more specific elements to his physical, physiological, genetic, mental, economic, cultural or social identity.

2 WHAT IS DATA PROCESSING?

Data Processing is defined as any operation or set of operations performed on personal data, including by manual or automated means. It includes the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

3. WHAT ARE CHOREOGRAPH’S STATUS?

  • As part of the management of the requests for contact from prospects or professional clients (in particular through the "Contact" form on its website), and more broadly, as a part of its business relationships (initial contact, quoting, contract negotiation and provision of services…) choreograph collects and process personal data as data controller. As such, choreograph undertakes to collect and process data in a lawful, fair and transparent manner. choreograph also undertakes to take the necessary measures to ensure the security and confidentiality of the personal data collected.

  • As part of its provider activities in the field of marketing, choreograph processes personal data as a data processor. As such, choreograph processes personal data of data subjects only when instructed to do so and on behalf of its clients, and undertakes to take the necessary measures to ensure the security and confidentiality of the personal data entrusted to it by its clients.

4. CHOREOGRAPH AS A DATA CONTROLLER

4.1 How Does choreograph obtains personal data?

choreograph directly collects personal data:

  • When people use the “Contact” form on choreograph’s website (which is dedicated to professional clients),

  • During professional exchanges through a business framework (fair, exhibition…)

  • By receiving emails from business contacts sent to the following address : choreograph - 27bis, rue du Vieux Faubourg - 59000 Lille - France

This data is necessary to achieve the following purpose: processing the contact request.

4.2 What is the processing purpose and its legal basis?

The legal basis for the processing is choreograph’s legitimate interest. Indeed, it is in choreograph’s interests to collect data from professionals to be able to contact them easily to answer their information requests.

4.3 For How long does choreograph store data?

In accordance with Article 5 of Regulation 2016/679 of 27 April 2016, personal data are only stored in a form which enables identification for a period not to exceed the duration necessary for the purposes for which they are collected and processed.

The data collected through the business contact will be kept for a reasonable period following the last contact with choreograph.

4.4 What are the categories of data recipients?

The personal data collected through the contact form or a mail is transmitted to the choreograph France customer relation teams.

5. CHOREOGRAPH AS A DATA PROCESSOR

5.1 How does choreograph obtain personal data?

choreograph, as a service provider, is involved in sectoral marketing programmes gathering professionals.

These programmes (“The Programme”) have a marketing purpose (Alliance/IBehavior Programme, Conex + /IBehavior + Programme…) which is more precisely defined in section 5.3.

As such, each member of the Programme (“Member”), as data controller, collects personal data from individuals and submits its database to choreograph in accordance with the applicable regulation governing personal data protection.

choreograph does not collect personal data directly from data subjects but processes, as data processor, incoming data submitted by data controllers, following their instructions and in accordance with the processing purpose that they have defined.

The Members of the Programme, as data controllers, relate to the following business sectors:

In France :

  • Personal Goods

  • Home Goods

  • Automobile

  • Press / Publishing

  • Services

  • Food

  • Wellness-services

  • Fundraiser

In the UK :

  • Apparel

  • Home and Garden

  • Collectables

  • Food and wine

  • Gadgets and gifts

  • Entertainment

  • Health and beauty

  • Travel and leisure

  • Fundraiser

5.2 Which category of personal data is concerned?

choreograph receives from any Member of the Programme the following data, gathered in the Member’s client/prospect database:

  • Nominative and contact data

  • Data relating to personal life

  • Hobbies/interests

  • Order/purchase history

choreograph completes this data with:

  • Unique identification of an individual and the household to which they belong, such data being specific to each Member of the Programme ;

  • Socio Demographic segments proper to any individual using algorithms on the submitted data correlated with public data produced by the French National Institute for Statistics and Economical Studies (“INSEE”) for French Programmes, and other relevant available public data for UK Programmes.

5.3 What is the purpose of personal data Controllers?

choreograph, as a Data Processor, centralizes data transmitted by Members of the Programme, as Data Controllers, in a secure database to which the Members of the Programme do not have access.

This allows choreograph to carry out on these consolidated data a certain number of technical operations (data standardisation, deletion of duplicates, correlation with non-personal and public data and/or using algorithm to carry out segmentation...) in order to assist the Members of the Programme to:

(i) Optimise their marketing campaigns :

  • Targeting the prospects or customers of the Members of the Programme who are most likely to be interested in a product or service advertising campaign,

  • Identifying people in their customer database who are likely to make repeated purchases or donations,

  • Enriching a Member’s database with additional data.

Marketing campaigns may be carried out by post, by email, by SMS at client’s choice.

Any Member of the French Programme may also access to specific services on a SaaS platform provided by choreograph.

(ii) Allow others business clients which are not part of the Programme to use such data for identical marketing purposes (commercial prospection/solicitation, database enrichment)

To operate these processing, choreograph acts exclusively on the request of Programme Members’ and on their behalf, the said Members being responsible for informing the persons concerned and obtaining their consent or allowing them to oppose this use of their personal data according to the legal basis chosen and according to the use that will be made of these data..

choreograph may be required to contribute as a processor for one business client acting as a Data Controller, in the following situations:

  • Processing data provided by the client for targeting purpose ;

  • Processing data provided by its client for analyses and improvement of customer knowledge purpose ;

  • Performing a prospection or communication operation on behalf of its client.

choreograph never has any contact with the individuals except, if necessary, if an individual requests to exercise one of its rights (for example, if choreograph is recipient of such demand).

choreograph may commercialize data or turn to external service providers for this task.

Once choreograph, or the external service provider acting on behalf of choreograph, has made a selection of individuals, their contact information is forwarded to intermediaries specialised in technical operations required for the marketing operations (prospection, solicitation or enrichment of the database) appointed by the client or the client itself particularly in operations of enrichment.

Lastly, choreograph may use data in the database in order to improve its services, test new features or new services in relation to services already provided. This operation is made in accordance with rules contractually fixed by the Members of the Programme, in accordance with the quality of service level they have defined, ensuring that these processes has no impact on individual’s privacy.

5.4 How long does choreograph retain the data?

In accordance with Article 5e of Regulation 2016/679 of 27 April 2016, personal data are only stored in a form which enables identification for a period which cannot exceed the duration necessary for the purposes for which they are collected and processed.

As a data processor, the data are only stored by choreograph for the period indicated by the Members of the Programme acting as data controller. In the absence of specific instructions from the client, choreograph has established strict rules to respect the rights and privacy of individuals and, consequently, any individual whose last transaction with a client dates to over 36 months shall not be retained by choreograph for its analyses.

5.5 Who are choreograph subprocessors?

The subprocessors are:

For French Programmes:

ATE : 21, avenue de la Créativité, 59650 Villeneuve d’Ascq – Hosting provider of the database located in France

MICROSOFT AZURE : Microsoft Amsterdam Data Center, Agriport 601, Middenmeer, Netherlands Hosting provider of the database located in the European Union.

EQUISIGN : 77 Esplanade du Général de Gaulle Tour Opus 12, 92081 Paris la Défense Cedex – Secure data file transfer service called « MFT Online » - Service located in France.

SNOWFLAKE COMPUTING NETHERLANDS B.V. : FOZ Building, Gustav Mahlerlaan 300-314 1082 ME Amsterdam – Hosting of databases  located in the European Union.

MINDBAZ : 59 rue Nationale, 59000 LILLE – Service provider used to carry out e-mail routing campaigns, located in France.

SINCH Sweden AN : Lindhagensgatan 112, 112 51 Stockholm – Service provider used to carry out SMS routing campaigns, located in the European Union.

MEDIAPOST : 19, rue de la Villette, 69425 Lyon Cedex 03 – Service provider located in France and choreograph marketing partner.

ARSENAL : 7c rue du Houblon, ZI Pilaterie, 59700 Marcq-en-Baroeul - Service provider located in France, and partner in the marketing of choreograph offers to its customers.

DQE SOFTWARE : 102-116 rue Victor Hugo 92300 Levallois-Perret - Partner marketing choreograph offers to its customers, located in France.

For UK Programmes:

ATE : 21, avenue de la Créativité, 59650 Villeneuve d’Ascq – Hosting provider of the database located in France.

MICROSOFT AZURE : Microsoft Amsterdam Data Center, Agriport 601, Middenmeer, Netherlands Hosting provider of the database located in the European Union.

EQUISIGN : 77 Esplanade du Général de Gaulle Tour Opus 12, 92081 Paris la Défense Cedex – Secure data file transfer service called « MFT Online » - Service located in France.

SNOWFLAKE COMPUTING NETHERLANDS B.V. : FOZ Building, Gustav Mahlerlaan 300-314 1082 ME Amsterdam – Hosting of databases  located in the European Union.

choreograph’s subprocessor or any company of its group may transfer data or make it available for one of the purposes previously mentioned to a company located outside the European Union. In such situations choreograph takes all the guarantees necessary to ensure a secure transfer of the data.

5.6 Who are the data recipients?

choreograph transfers data to the subprocessors referenced in section 5.5 and to its business partners.

choreograph’s clients work in several business sectors, including:

Clients of French Programmes :

  • Publishing and Media

  • Automobile

  • Wellness services

  • Associations

  • Energy

  • Mail order

  • Polls and surveys

  • Personal goods

  • Home goods

  • Recreation

  • Clothing

  • Services

  • Banking, Insurances

  • Food

  • Telephony

  • Internet

Clients of UK Programmes :

  • Apparel

  • Home and Garden

  • Collectables

  • Food and Wine

  • Gadgets and Gifts

  • Entertainment

  • Health and Beauty

  • Travel and leisure

6. HOW DOES CHOREOGRAPH SECURE THE DATA?

In accordance with Article 32 of Regulation 2016/679 of 27 April 2016, choreograph undertakes to maintain data security and confidentiality.

To do this, choreograph has defined a strict security policy for personal data. This policy makes it possible to:

  • Implement data encryption procedures to protect any database containing personal data which enters or exists in the choreograph information system.

  • Secure work stations with unique user ids and strong passwords

  • Limit the number of employees who have access to databases containing personal data

  • Ensure that its own subcontractors comply with personal data regulations

  • Regularly test the information system to check that it has a high level of security.

7. HOW DOES DATA SUBJECTS MAY EXERCISE THEIR RIGHTS?

7.1 General rules

Any person whose personal data is subject to processing has the ability to exercise his/her rights to access, correct, operate portability of, erase his/her personal data, and object to the processing of his/her data or limit the processing of his/her data, in accordance with Articles 15 and seq of Regulation 2016/679 of 27 April 2016. Any individual can also transmit post-mortem instructions.

These rights may be exercised directly by contacting:

  • The Member of the Programme which collected data

  • The Programme’s Client, Member or not, who uses the personal data for an advertising campaign or enrichment of its client database.

Such request can also be addressed to choreograph, it being specified that choreograph shall forward this request to the Data Controller:

Such request will be answered within one (1) month, except in the conditions of Article 12.3 of Regulation 2016/679 of 27 April 2016.

In order to comply with the aforementioned regulation, choreograph has established a pushback list which makes it possible not to contact the data subject who do not wish it.

If you do not wish to be contacted by a client of choreograph, you may contact us at the address provided and tell us which contact details you wish to register in this pushback list.

7.2 choreograph’s Data Protection Officer’s contact info

The Data Protection Officer designated by choreograph is the law firm TGS France Avocats and is reachable:

  • By writing at the following address: DPO choreograph - 27bis, rue du Vieux Faubourg - 59000 Lille

  • By email at : data-privacy@choreograph.com

Last update: 04/16/2024

bottom of page