mediarithmics SAS is a marketing and analytics software editor. mediarithmics solutions may collect and process personal data.
In the current context of Big Data and continuous technological evolution, we are aware that personal data processing requires software market players to take more and more responsibility. As a consequence, we take privacy and personal data protection very seriously and commit to:
Regarding personal data management and processing, we take on two roles:
1. Provider of a marketing software
2. Provider of a service to match device identifiers from third-party providers
The hereunder policy details our commitments towards these two roles.
We provide our Clients with software solutions through SaaS (Software as a Service) cloud services. Every Client is given a dedicated instance and access. mediarithmics acts as a Data Processor under the General Data Protection Regulation (GDPR).
Applying « Privacy by design » principles requires to strictly isolate the personal data collected by each Client using mediarithmics solutions. Collected data is the exclusive property of our Clients.
mediarithmics makes no usage of its Client data, nor process any cross-Clients enrichments.
mediarithmics solutions gather a package of services and features that enables regulation compliance and allows users to exercise their rights, including:
We require our Clients to strictly comply with the current regulations on personal data protection when they use our software solutions.
In order to support them, we offer our expertise and advice on how to implement and configure our solutions.
As a Data Processor, we also have a duty to alert whenever we notice a usage that seems noncompliant, either on data collection or data processing.
mediarithmics software solutions are part of a complete and integrated marketing platform. Acting as a Data Controller under the GDPR, our Clients are responsible for their usage of our solutions, regarding the data they collect, or the features they use.
This usage must be defined and detailed in a Record of processing activities, which should include:
To ensure transparency and provide web users with information on our solutions, we detail below the possible usages our Clients may operate.
Those descriptions may not reflect our Clients reality: to get the most accurate information, please refer to the privacy policies of their respective supports.
We recommend our Clients to use our software solutions to serve two purposes:
Clients can collect various natures of data using our solutions:
Each nature can be used to collect standard information (e.g. « URL » for browsing activity, « Gender » for a given profile, etc.) or specific information (« Product universe » for an e-commerce company, « article category » for a news website, etc.).
The collected data may be pseudonymized (e.g. cookie identifier) or fully identifiable (e.g. email address).
When setting-up our software solutions, each of our Clients configures the data they wish to collect (with the legal obligation to inform end-users and obtain their consent before capturing).
We strictly forbid the use of our solution to collect and process "sensitive" data as defined in the GDPR.
The features available within our software solutions can be related to the following categories:
As for collected data, our Clients are legally obliged to inform the users about features they use to process their personal data.
Each of our Clients, acting as a Data Controller under the GDPR, must:
mediarithmics provides its clients with the necessary tools to fulfil their obligations, including a consent management and traceability system, and automated services to access, edit and delete data.
Each Client defines the way these services are exposed to end-users and is legally obliged to enable them to comply with the regulation.
Your rights of data access, edition, opposition and deletion must be exercised directly against our Clients, as well as the consultation of the consents you gave.
mediarithmics implements state of the art practices to ensure personal data security, including:
Personal data is hosted on dedicated servers within OVH datacentres in France.
Besides its software solutions, mediarithmics provides its clients with a service to reconcile, for a given device, the identifiers coming from multiple providers. In this role, mediarithmics acts as a Data Processor under the GDPR.
Reconciling device identifiers from multiple providers is a prerequisite to:
Assuming that the necessary consents have been given by the end-user, there are two ways to identify a device:
In the first case, the advertising identifier can be accessed within any application on the device, with a unique value: it is therefore possible to reconcile a given device from an application to another and exchange information between providers (e.g. between an application selling advertisement inventory and advertisers buying this inventory).
In the second case, the advertising identifier is embedded in a cookie, stored in a web browser. This cookie may only be read by the website that wrote it: this website can be the one you are browsing (in this case it will be a « first-party » cookie) or a third-party website (in this case, a « third-party » cookie).
Therefore, in order to reconcile a device browsing two different websites or in order to exchange information between providers, third-party cookies with third-party identifiers must be used.
mediarithmics ensures a matching of third-party identifiers for a given device and offers it as a service, allowing to reconcile a device browsing websites on different domains and expose it to targeted ads.
This service is offered to each of our Clients. Through the use of our generic scripts to collect website browsing activity, our Clients can enrich the service database and use it to identify a known web browser from one site to another.
To remain consistent with our software editor role, we do not sell this data. The access to this service is included in our contracts for the marketing software solutions.
Match third-party cookie identifiers for a given web browser to reconcile its browsing activity on various websites and retarget it afterwards.
When our tracking scripts are loaded on web pages, they call the websites of our partners to get the identifiers they gave to the web browser.
If the identifiers are known, the device browsing activity will be linked to an existing device. If not, the identifiers will be stored by the service for future use.
When our Clients share audiences (lists of users) with third-party providers, they may use this service to send identifiers that are already known by the provider.
In the scope of this service, we only process cookie identifiers, considered as pseudonymous personal data.
The third-party providers for which we operate this matching service include: Google DoubleClick, AppNexus, SmartAdServer, BidSwitch.
The collection and processing of your personal data in the scope of this service can only be operated under your consent.
We ask our Clients to obtain the consent of their users, on the web sites on which they collect data, and in compliance with the regulation.
At any time, you can give or remove your consent:
Because the access to the device identifiers matching service is currently included in mediarithmics software solutions, removing your consent will also disable the collection of your personal data by any of our Clients
If you want to exercise your rights to access, rectify, oppose or delete personal data we collected about you in the scope of the device identifier matching service, we invite you to contact us by email or by mail to the address below.
If you want to get more information on personal data processing by mediarithmics or if you consider the information we wrote above does not allow you to exercise your rights, please contact us:
mediarithmics reserves the right to edit the present policy at any time to follow the evolutions of our software solutions and of the regulation in effect.