PoP Service Privacy Policy
Introduction
In the context of its PoP (Point Of Purchase) service, and solely within this service context, and only for the purposes of the PoP service, Swaven collects data during End-User PoPs’ visits. Swaven collects Data only for security reasons or for anonymous analytics purposes in order to measure the PoP efficiency with no cross-domain processing.
Swaven does not collect any personal data that could directly identify an individual person. Swaven has no intention and is not running any process to combine the collected Data with any other first or third-party data sources in order to identify an individual person.
Swaven does not share, rent or sell the collected data with third parties.
Only anonymous and /or aggregated statistics are communicated with Swaven’s customers.
Details
Within PoP on site service context only, Swaven uses one performance and analytics tracer: “swnSession”.
This performance and analytical tracer helps Swaven to measure and optimize the navigation and the performance of our PoP on the site, exclusively for the PoP visited by the End-User during the session. This tracer does not allow for cross-site tracing or follow End-User from site to site by merging various identifiers into a profile.
The life duration of this tracer is strictly limited to the browser session. This tracer is automatically destroyed by the browser when the browser is closed.
Legal basis for consent exemption
The brand, publisher, or advertiser for whom the PoP service is released, acts as Controller and Swaven acts as Processor (having the meaning set forth under article 4 of GDPR).
Swaven does not require any consent for the security and performance tracer in strict compliance with European regulations.
– Security
Swaven is not requesting any consent from the user in the context of security processes. The legal basis is: GDPR – Article 6 (1) F, CNIL and G29 recommendation.
– Perfomance
In accordance with Article 82 of the French Data Protection Act, which justifies the exemption of user consent for so-called performance cookies or tracers, Swaven’s tracer has a purpose strictly limited to measuring the PoP audience (measuring performance, detecting browsing problems, optimizing technical performance or its ergonomics, estimating the power of the servers needed, analyzing the content consulted), for the exclusive account of Swaven’s customers and is used to produce anonymous statistical data only.
This tracer does not:
– lead to the cross-referencing of data with other processing or to the transmission of data to third-parties.
– the global tracking of the navigation of the person using different applications or navigating on different websites or other PoPs.
– use a single identifier across multiple sites (e.g. via cookies deposited on a third-party domain loaded by multiple sites) to cross-reference, duplicate or measure a coverage rate
Geolocation
For a better user experience and to show local stores, Swaven can use the geolocation of the visitor to personalize the service. We operate a city scale geolocation “on the fly” thanks to geolocation HTTP headers provided by our network subprocessors (AWS CloudFront), which are strictly limited to the city and provide us with an approximated latitude and longitude.
On PoP on site only, Swaven can use more precise geolocation by requesting the End-User’s consent through his browser. This geolocation is used only during the session and is automatically destroyed when the user closes his browser.
For anonymous analytics purposes only, Swaven will use the geolocation of the session, at a city scale only, based on the partial analysis of the End-User IP address after anonymization. The IP anonymization process sets the last octet of IPv4 addresses, and the last 80 bits of IPv6 addresses, to zeros as soon as the tracking logs are processed for analytics before being destroyed.
List of the committed subprocessors
| Subprocessor (Name, legal status, place of business) | Location of the processing | Type of service | Description of safeguards in place for transfers to a Third Country (Art. 44) |
| Mapbox Inc.* (only for not media PoP) | USA | Map | https://www.mapbox.com (APIs and SDKs) |
| Amazon Web Services EMEA SARL (CloudFront) | EU | Content distribution | https://aws.amazon.com/privacy/ |
| Cloudimage (only for not media PoP) | EU | Content distribution | https://privacy.scaleflex.com/ |
| Cloudflare | EU | Content distribution | https://www.cloudflare.com/privacypolicy |
* Data Protection Agreement (DPA) available on demand
Personal Data: your rights
Regarding our usage of your Personal Data, you can request, at any time, for access, a rectification, an erasure, a data portability or a right to object.
To do so please send an email to [email protected]
Contact us