2. Personal Data Processing
2.1. Description of Data Processing Activities
In compliance with applicable laws and regulations, MEDIARITHMICS, acting as data controller, collects certain personal data from Users when they visit the Site.
The types of data collected, their processing purposes, legal bases, and retention periods are specified in the table below:
Purpose
Personal Data Collected
Legal Basis
Duration of storage of personal data
First name, last name, job title, company, professional email, phone number, message
Receipt and management of contact requests
Based on the User’s consent and MEDIARITHMICS’s legitimate interest
Retained for one year from receipt of the contact request
First name, last name, job title, company, professional email, phone number
B2B commercial prospecting
Based on MEDIARITHMICS’s legitimate interest
Retained for three years from data collection or last interaction
Email and account data (client area)
Account login and access; password reset in case of loss (during client area connection)
Necessary for performance of the contract with MEDIARITHMICS and based on User’s consent
Deleted at end of license or business relationship; retained up to two years from account creation if the account remains inactive
First name, last name, resume (CV), cover letter
Job application processing; contacting the candidate; skill evaluation during recruitment interviews; verification of professional and educational history
Based on pre-contractual measures and the candidate’s consent
If not retained, the application is destroyed; otherwise retained for up to two years from last contact, with candidate’s agreement
First name, last name, email, postal address (if applicable)
Management of exercised rights (access, portability, erasure, restriction, rectification, objection)
Necessary to respond to User’s request and based on their consent
Retained up to one year from the date the right is exercised
First name, last name, email, postal address (if applicable)
Processing objections to commercial prospecting
Necessary to respond to the exercise of the right of objection
Retained up to three years from the exercise of this right
TC String (consent string)
Processing objections to commercial prospectingRecording and respecting Users’ choices regarding cookies and trackers; communicating that choice to TCF participants
Based on MEDIARITHMICS’s legitimate interest in preserving User preferences
Retained up to six months from expression of the choice
2.3. Transfer of personal data
Users' personal data is collected by the Website host in France: OVH SAS, located at 2 rue Kellermann, Roubaix (59100), and by third-party technical service providers (email services, hosting providers, IT companies, communication agencies) that MEDIARITHMICS uses in its business activities, some of which are located in the United States.
Users' personal data is hosted on servers located in France and the United States. Therefore, the data is transferred outside the European Economic Area (EEA).
MEDIARITHMICS commits to ensuring a level of data protection equivalent to that provided by the GDPR. In particular, MEDIARITHMICS has signed Standard Contractual Clauses (SCCs), revised in June 2021 by the European Commission, with companies outside the EEA and implemented additional security safeguards as required by the Court of Justice of the European Union (CJEU) judgment of July 16, 2020 (the “Schrems II” ruling).2.4. Security of personal data
2.4. Security of Personal Data
MEDIARITHMICS ensures the security of Users’ personal data by implementing appropriate technical and organizational measures to guarantee a security level suited to the risk. These measures are designed to ensure the confidentiality, integrity, availability, and resilience of processing systems and services. MEDIARITHMICS also maintains procedures for restoring access to data and regularly tests and evaluates the effectiveness of its security measures.
2.5. Retention of personal data
Users’ personal data is retained only for the duration necessary to fulfill the purpose for which it was collected (in accordance with the retention periods outlined in section 2.1 of this Privacy Policy). It may be kept for a longer period, not exceeding applicable legal limitation periods, to meet legal or regulatory obligations, assert rights, or for statistical or historical purposes.
At the end of these periods, the data will either be deleted or anonymized.
2.6. Users' rights over their personal data
Users have the following rights over their personal data
Users are encouraged to first contact MEDIARITHMICS’s Data Protection Officer to resolve the issue amicably.To exercise these rights or for any questions about data processing, Users can contact MEDIARITHMICS by:
Email:
privacy@mediarithmics.comMail: Data Protection Officer, MEDIARITHMICS, 3 rue d’Edimbourg, 75008 Paris, France.To process requests efficiently, Users are encouraged to specify the purpose and context of the data collection and may be asked to provide a copy of a valid ID if identity verification is needed.
2.7. Cookies
A "cookie" is a small file sent by a web server to the browser’s cookie file stored on your computer's hard drive.
For more information:
https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriserOur site uses the following types of cookies:
Necessary CookiesThese are essential for navigating the Website and accessing secure areas. Without them, services such as device-specific content delivery cannot function. You can disable them via your browser settings, but this may affect your experience.
Audience Measurement CookiesThese analyze website traffic.Cookies used by MEDIARITHMICS are stored for a maximum of thirteen (13) months after collection, and your choices regarding cookies are kept for six (6) months.
You may change your preferences at any time using the consent manager provided by MEDIARITHMICS.
2.8 Modification of the Privacy Policy
MEDIARITHMICS reserves the right to make changes to this Privacy Policy at any time.
It is strongly recommended that you check this page frequently, referring to the date of the last modification.
In the event of a significant change to the Privacy Policy, MEDIARITHMICS will notify Users of such changes.
II. Processing Performed by Mediarithmics Using Software Solutions
mediarithmics SAS is a provider of marketing and analytics software solutions. These solutions may collect and process personal data.In today’s context of massive data growth and constant technological evolution, we are fully aware that processing personal data requires software providers to take greater responsibility than ever. Therefore, we place paramount importance on privacy and personal data protection, as demonstrated by:
1. Full and unconditional application of current personal data protection regulations
2. A duty to raise awareness, advise, and monitor our clients in the use of our solutions
3. Full transparency with users about how their data is processed
Regarding personal data management and processing, we act in two capacities:
1. As a provider of marketing software solutions
2. As a provider of a device identifier reconciliation service
We describe below our role and commitments in these two areas.
MEDIARITHMICS – MARKETING SOFTWARE PROVIDER AND DATA PROCESSOR
Our software solutions are provided to our clients as cloud-based services (SaaS – Software as a Service), with each client receiving a dedicated instance and access.
mediarithmics acts as a
Data Processor on behalf of its clients, as defined by the General Data Protection Regulation (GDPR).
Principles Governing the Provision of Our Software Solutions
Strict Data Isolation Per ClientWe apply "Privacy by Design" principles, including strict isolation of personal data collected by each client using mediarithmics solutions. This data is the exclusive property of our clients, who retain sole usage rights.
mediarithmics does not cross-match client data or use it for its own purposes.
Provision of Tools to Ensure Regulatory Compliancemediarithmics solutions include a range of services and features to support compliance and enable user rights, such as:
Consent collection and management features
Services for accessing personal data
Services for deleting personal data
Services for deleting all data
Advisory Role and Regulatory Compliance EnforcementWe require our clients to strictly comply with current data protection regulations when using our software.
We provide our full expertise and guidance on implementation and configuration.
As a Data Processor, we are also obligated to raise alerts if we detect any non-compliant use—whether in the data collected or the processing conducted.
Description of Our Software Solutions
The mediarithmics software suite is a complete and integrated marketing platform. Each client, as a
Data Controller under the GDPR, uses the platform based on their own needs and the data they collect.
This use must be defined in a
Data Processing Register, which should include:
List of data collected and its retention periodPurpose(s) justifying the data collectionList of mediarithmics platform features used
To ensure transparency and inform internet users, we detail below the possible usage frameworks for our software.
Note: These are examples and may not reflect actual client implementations. Please consult the specific legal notices of each client for accurate information.
PurposesWe recommend the use of our processing tools for two main purposes:
To improve understanding of customers, prospects, or users by analyzing their behavior and expectations
To offer better-tailored marketing content
To cross customer data with partner data for statistical reporting or sharing with third-party platforms
Data CollectedOur solutions allow collection of various data types:
For the CDP solution:
Activity history (e.g., browsing metadata, ad exposure)
User profiles (e.g., gender, age range)
Email addresses
Device advertising IDs (cookies, mobile IDs)
Customer IDs like CRM identifiers
Hashed email identifiers
Predefined audience lists
For Audience, Attribution, and Merchandising solutions:
Activity history (e.g., web/app browsing, ad exposure)
Online and offline customer IDs
Purchase/subscription info and purchase intent
Digital behavior location data
For the Clean Room solution:
Personal characteristics
Personal life data
User agent ID
Hashed email
User profile ID
User activities (visits, interactions)
Segment ID
Professional life data
Service usage and interaction data
Customer segmentation and scoring
Location dataIndirect identifiers (hashed names, emails, cookies, mobile IDs, marketing identifiers)
Within each data type, clients may collect standard (e.g., "URL", "Gender") or custom information (e.g., "Product category", "Article type").Data may be pseudonymous (e.g., cookies) or identifiable (e.g., emails).
When configuring our software, each client determines the data to collect and is legally required to inform users and obtain prior consent.
Sensitive data collection is strictly prohibited according to the GDPR.
Features Available
Our software provides features grouped into the following categories:Data collection via:
Embedded scripts in web pages
API requests from servers or mobile apps
Flat file transfers
Segmentation:
User list creation via queries on collected data
Ad campaigns:
On websites and mobile apps (targeting cookie or mobile ID-based user lists)
Via email (targeting user lists with email addresses)
Data sharing:
Sending user lists to third-party providers (e.g., for external ad campaigns)
Data exploration and analytics
As with data collection, clients must
inform users about processing activities.
Consent Management and User Communication
Each client, as a Data Controller under the GDPR, is responsible for:
Informing users about the data collected, its retention, and use
Obtaining explicit consent for data collection and processing
Responding to user requests for data access or deletion
mediarithmics provides the necessary tools to meet these obligations, including:
A system to manage and track user consents
Automated services to access, edit, and delete personal data
Clients define access to these services and are legally obligated to implement them.
Exercising Your Rights
To exercise your rights (access, rectification, objection, deletion), you must contact our
clients directly, including for consent status inquiries.
Data Security and Hosting
mediarithmics implements industry best practices to ensure personal data security, including:
Security principles embedded from design and development stages"
Defense in depth": securing applications, infrastructure, and networks
Encrypted communications
Separate physical storage for cookie/mobile IDs and other personal data
Personal data is hosted by OVH France.
MEDIARITHMICS – PROVIDER OF A DEVICE IDENTIFIER RECONCILIATION SERVICE AND JOINT DATA CONTROLLER
In addition to its software solutions, mediarithmics offers its clients access to a device identifier reconciliation service.
In this context, mediarithmics acts as a Joint Data Controller with its clients, as defined under the General Data Protection Regulation (GDPR).
Why This Service?
The Need to Reconcile a Device Across Multiple Sites for Advertising Campaigns
Reconciling a device that browses multiple websites or applications is a prerequisite for implementing targeted marketing campaigns, especially in cases such as:
Clients who own multiple brands (websites/apps)
Campaigns that are broadcast outside of the Client’s own websites or applications
Device Identification
Subject to obtaining the necessary user consent, a device can be identified in two ways:
For mobile applications: via the device’s advertising identifier (“IDFA” for iOS systems or “AAID” for Android systems)
For websites: via an identifier stored in a cookieIn the first case, the device’s advertising ID is accessible to each app on the device and retains the same value across them. This allows for reconciliation of the same device between apps and enables data sharing between different providers (e.g., between an ad-monetized app and an advertiser buying ad space).
In the second case, the device's identifier is stored in a cookie placed in a web browser. This cookie can only be read by the site that placed it:
This could be the site you are visiting (called a first-party cookie)
Or a third-party partner site (called a third-party cookie)
Thus, reconciling a device across multiple websites requires the use of third-party cookies, which are placed and read by one or more third-party partners.
It is in this second case that mediarithmics intervenes, by correlating cookie identifiers placed by third-party partners for the same browser. Access to this identifier database makes it possible to reconcile the same browser across multiple websites and deliver targeted advertising.
Service Usage Principles
This service is available to
all our clients. The use of our
generic data collection scripts on websites allows our clients to either:
Feed this identifier database
Query it to identify a known browser
In line with our role as a software provider, we
do not commercialize this data: use of this service is
included under current contractual agreements.
Description of the Service
PurposeTo
correlate cookie identifiers assigned by multiple third-party providers for the same browser in order to
reconcile its activity across multiple sites—without placing any third-party cookies themselves.
How It Works
Collection and Reconciliation:
When our data collection scripts load on a web page, they trigger calls to our partners' sites to retrieve identifiers assigned to the browser.
If these identifiers are already known, the device’s activity is linked to an existing device profile
Otherwise, the identifiers are stored for potential future reconciliation
Transmission to Third Parties:
When our clients send audience lists (user groups) to third-party service providers, they can use this reconciliation service to
send identifiers already known to that third party.
Data UsedOnly
pseudonymous cookie identifiers are used in this service.
The third-party providers with whom we exchange identifiers include, but are not limited to:
Google DoubleClick,
AppNexus,
SmartAdServer, and
Bidswitch.
Consent
The collection and processing of your data within this service is only performed if your consent is obtained.
We require our clients to request this consent, in accordance with legal regulations, on the websites where data is collected.You may grant or withdraw your consent at any time:
Consent status: [on-off button]
Since access to the device identifier reconciliation service is integrated into mediarithmics’ software solutions, withdrawing your consent will result in suspension of personal data collection for this service.
Right of Access, Objection, Rectification, and Deletion
If you wish to exercise your
rights of access, rectification, objection, or deletion concerning personal data collected via the device identifier reconciliation service, please contact us by email or mail using the contact details below:
CONTACT
If you want more information about how personal data is processed through mediarithmics’ solutions, or if the above information does not sufficiently help you exercise your rights, you can contact us:
By email: privacy@mediarithmics.com
By mail: 3 rue d’Edimbourg, 75008 Paris, France
CHANGES TO THIS POLICY
mediarithmics reserves the right to modify this policy at any time to reflect changes in our solutions or updates in applicable regulations.
