PoP Service Privacy Policy

In the context of its PoP (Point Of Purchase) service, and solely within this service context, and only for the purposes of the PoP service, Swaven collects data during End-User PoPs’ visits. Swaven collects Data only for security reasons or for anonymous analytics purposes in order to measure the PoP efficiency with no cross-domain processing.

Swaven does not collect any personal data that could directly identify an individual person. Swaven has no intention and is not running any process to combine the collected Data with any other first or third-party data sources in order to identify an individual person.

Swaven does not share, rent or sell the collected data with third parties.

Only anonymous and /or aggregated statistics are communicated with Swaven’s customers.

Within PoP on site service context only, Swaven uses one performance and analytics tracer: “swnSession”.

This performance and analytical tracer helps Swaven to measure and optimize the navigation and the performance of our PoP on the site, exclusively for the PoP visited by the End-User during the session. This tracer does not allow for cross-site tracing or follow End-User from site to site by merging various identifiers into a profile.

The life duration of this tracer is strictly limited to the browser session. This tracer is automatically destroyed by the browser when the browser is closed.

Legal basis for consent exemption
The brand, publisher, or advertiser for whom the PoP service is released, acts as Controller and Swaven acts as Processor (having the meaning set forth under article 4 of GDPR).

Swaven does not require any consent for the security and performance tracer in strict compliance with European regulations.

– Security

Swaven is not requesting any consent from the user in the context of security processes. The legal basis is: GDPR – Article 6 (1) F, CNIL and G29 recommendation.

– Perfomance

In accordance with Article 82 of the French Data Protection Act, which justifies the exemption of user consent for so-called performance cookies or tracers, Swaven’s tracer has a purpose strictly limited to measuring the PoP audience (measuring performance, detecting browsing problems, optimizing technical performance or its ergonomics, estimating the power of the servers needed, analyzing the content consulted), for the exclusive account of Swaven’s customers and is used to produce anonymous statistical data only.

This tracer does not:
– lead to the cross-referencing of data with other processing or to the transmission of data to third-parties.
– the global tracking of the navigation of the person using different applications or navigating on different websites or other PoPs.
– use a single identifier across multiple sites (e.g. via cookies deposited on a third-party domain loaded by multiple sites) to cross-reference, duplicate or measure a coverage rate

For a better user experience and to show local stores, Swaven can use the geolocation of the visitor to personalize the service. We operate a city scale geolocation “on the fly” thanks to geolocation HTTP headers provided by our network subprocessors (AWS CloudFront), which are strictly limited to the city and provide us with an approximated latitude and longitude.

On PoP on site only, Swaven can use more precise geolocation by requesting the End-User’s consent through his browser. This geolocation is used only during the session and is automatically destroyed when the user closes his browser.

For anonymous analytics purposes only, Swaven will use the geolocation of the session, at a city scale only, based on the partial analysis of the End-User IP address after anonymization. The IP anonymization process sets the last octet of IPv4 addresses, and the last 80 bits of IPv6 addresses, to zeros as soon as the tracking logs are processed for analytics before being destroyed.

List of the committed subprocessors

(Name, legal status, place of business)
Location of the processingType of serviceDescription of safeguards in place for transfers to a Third Country (Art. 44)
Mapbox Inc.* (only for not media PoP)USAMaphttps://www.mapbox.com (APIs and SDKs)
Amazon Web Services EMEA SARL (CloudFront)EUContent distributionhttps://aws.amazon.com/privacy/
Cloudimage (only for not media PoP)EUContent distributionhttps://privacy.scaleflex.com/
CloudflareEUContent distributionhttps://www.cloudflare.com/privacypolicy

* Data Protection Agreement (DPA) available on demand

Personal Data: your rights
Regarding our usage of your Personal Data, you can request, at any time, for access, a rectification, an erasure, a data portability or a right to object.

To do so please send an email to [email protected]

Close form

Contact us

Close form
Close form