Global Privacy Policy
LAST UPDATED: SEPTEMBER 10TH, 2024
1.Purpose of this notice
This notice aims to give you information about how Mirakl collects and processes your personal data.
References in this notice to “you” or “your” are references to individuals whose Personal Data Mirakl processes in connection with the items listed above. For the avoidance of doubt, any reference in this notice to our “clients” or “suppliers” includes their employees or other staff whose personal data we process;
References in this notice to “Mirakl”, “we”, “us” or “our” are references to Mirakl SAS and the other Mirakl Affiliates (together “Mirakl’s group). Mirakl SAS is a Société par Actions Simplifiée established 12, rue de Lübeck 75016 Paris .
We recognise that the use and disclosure of personal data has important implications for us and for the individuals whose personal data we process. To ensure that we handle personal data properly, we have adopted a global approach to privacy compliance.
It is important that you read this notice together with any other notices we may provide on specific occasions when we are collecting or processing your Personal Data, so that you are fully aware of how and why we are using your Personal Data. This notice supplements the other notices and is not intended to override them.
This notice can be accessed on our website but is not our Cookie Notice. Our Cookie Notice is accessible, here.
2.Scope
This privacy notice (“notice”) applies to the processing of personal data by Mirakl in connection with any:
“client services”: provision of products and services by Mirakl to actual and prospective clients;
“supplier services”: provision of products and services to Mirakl by suppliers or service providers;
“visitor services”: provision by Mirakl of facilities, including conference rooms, local area networking (for instance, WiFi) and other relevant facilities and services to visitors to any Mirakl’ premises;
“recruitment activities”: provision of the personal data of a candidate or individual (whether by such candidate or individual or by a third party, such as a recruitment agency) for a position at Mirakl other than through Mirakl’s usual recruitment process;
“use of our Website”: the processing of personal data by Mirakl in connection with the processing of personal data on the Mirakl institutional website, including any personal data that website visitors may provide through the use of the Website when they sign up to receive newsletters, blog posts, register for events or use our contact forms (“Website”); and
"use of Mirakl’s electronic portals and platforms": the processing of personal data by Mirakl in connection with provision of services via our help portal, Mirakl Ads Website, Mirakl Connect and/or other electronic portals and platforms which we offer or which we have agreed with you to use.
3.Who is the controller for the personal data processed?
A “controller” is a person or an organisation who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed.
This notice is issued on behalf of Mirakl as controller. Unless we notify you otherwise Mirakl is the controller for your personal data.
4.How to make a complaint about the use of your personal data by us
If you have any concerns or would like to make a complaint about our processing of your personal data, please complete this form or send an email to privacy@mirakl.com.
You may raise your concerns with your local data protection authority directly. However, we would encourage you to contact us in the first instance as we aim to promptly, efficiently and satisfactorily resolve any concerns or complaints you may have in relation to Mirakl’s processing of your personal data.
5.How we collect your information
When you apply to work for us, the initial data about you that we process are likely to come from you.
Where necessary, and in accordance with this Notice, we will require references and information to carry out pre-engagement screening or background checks.
We may also receive data from third party recruiters, agents or other intermediaries as part of the recruitment process, or as a referral from one of our employees or clients.
6.What personal data are processed
”Personal Data” includes any information relating to an identified or identifiable natural person. It does not include data that cannot be linked in an individual (anonymous data).
”Special categories of Personal Data” include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. In limited circumstances, we collect special categories of personal data about you.
We collect, use, store and transfer different kinds of Personal Data about you. We have grouped together the following categories of personal data to explain how this type of information is used by us. These terms are used throughout this notice:
Category | Description and examples |
Identity Data | our first name, middle names, maiden name, last name, marital status, title, date of birth, passport number or other official identity number, photographs, likeness, image and gender, etc. |
Contact Data | your billing address, delivery address, email address and telephone number |
Financial Data | your bank account number |
Professional Information | your job title, email address, phone number and addresses |
Services Data | details about payments to and from you and other details of services you have purchased from us or we have purchased from you; |
Marketing and Communication Data | information on when you receive and read marketing communications from us, which of our events you attend and marketing and communication preferences (unless you provide such preferences in your profile on our electronic portals and platforms, in which case they constitute Profile Data). |
Profile Data | information about you, provided by you on our electronic portals and platforms including your usernames and passwords, purchases or orders made by you, your interests, biography, profile settings, marketing and communication preferences such as your preferred language of communication and content, alert and display preferences, content type and frequency of email alerts, content that interests you (including sectors, topics and jurisdictions), date of registration and current stage of registration, account status and level of access, and information from forms you fill in, including responses to surveys and feedback provided; |
Usage Data | includes information about your use of our Website, our electronic portals and platforms, as well as our local area networking facilities (including WiFi) and similar electronic services, such as interactions with our mobile applications, information collected progressively when you visit our Website, electronic portals and platforms, including your referral website, pages you visit, actions you take, information on last viewed/visited site and details of the content viewed including when and how many times the content was viewed, patterns of page visits, time details per visits (e.g. visit duration, number of visits, time spent on each page, frequency of visits), details about the path followed with special reference to the sequence of pages visited, interactions, functionalities and modules used, chat messages; |
Technical Data | includes technical information collected when you access our Website, our electronic portals and platforms which we offer or which we have agreed with you to use, including your internet protocol (IP) address or domain names of the devices that are used, your login data, browser type and version, uniform resource identifier (URI) address, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you are using; |
CCTV and physical security data | CCTV footage and other information relating to access of our facilities obtained through electronic means, such as swipe card records. |
“Special Categories of Personal Data”: includes personal data listed above, which we process in limited circumstances, for example, where required to do so for legal or regulatory purposes or where you have provided us with such information as it is necessary for a specific service we are providing to you. We will process this personal data for the following reasons:
for legal and regulatory purposes, for example, we may need to verify whether you are a politically exposed person;
we may need to know about your trade union membership to assist you with an employment law matter; or
we may ask you for your dietary requirements if we are arranging catering for you.
7.How your personal data is collected
We use different methods to collect personal data from and about you, including through the channels set out below:
Direct interactions
Website, electronic portals and platforms, and marketing
Third-party sources
Automated technologies or interactions
Direct interactions
You give us your personal data in your direct interactions with us. Such personal data includes Identity Data, Contact Data, Financial Data, Services Data, Profile Data, Usage Data, Technical Data, Marketing and Communications Data, Professional Information, which you give us from time to time (i) by filling in forms on our Website; (ii) through our electronic portals and platforms, (iii) by corresponding with us by email or post, (iv) by speaking to us in person or over the telephone, or (v) whilst visiting our facilities.
Such direct interactions include, for example, instances when you:
enquire about or apply for our client services;
market or provide your supplier services to us;
give us personal data necessary for a specific client service we are performing for you, or for the purposes of our “know your customer” processes and other background checks. In the certain limited circumstances, for example to enable us to comply with anti-money laundering and terrorism purpose we may also collect this information about suppliers;
give us your business card at an event or a meeting, or otherwise personally give us your personal data (for example, by leaving your contact details at the reception of one of our facilities or with our switchboard);
give us your personal data via electronic portals and platforms which we make available or which we have agreed with you to use, for example, in connection with our client services (for instance, any e-billing system which you require us to use), in connection with your supplier services (for example, an electronic platform that you supply to us);
subscribe to our publications or otherwise ask for our marketing;
register to or participate in our marketing, recruitment or other promotional events;
register to or participate in our client seminars and similar events; or
give us feedback (for example, by completing a survey).
Website, electronic portals and platforms, and marketing
You give us your personal data, which includes Profile Data, Usage Data, Technical Data, Professional Information and/or Marketing and Communications Data, when you use our Website, electronic portals and platforms which we offer or which we have agreed with you to use, or when you review the publications or marketing we send you. We also collect your personal data by using cookies, server logs and other similar technologies.
Please see our Cookie Notice for further details.
Third-party sources
We receive Identity Data, Contact Data, Financial Data, Professional Information and Special Categories of Personal Data about you from third parties, when:
we provide our client services or other parties send us your personal data to enable the provision of those service;
we conduct our “know your customer” and other background checks;
you provide your personal data to a third party for the purpose of sharing it with us, for instance recruitment agencies and consultants may provide your personal data to us for recruitment activities;
In relation to the use our Website, we may also receive Technical Data from analytics providers such as Google based outside the EU.
Automated technologies or interactions
We collect Technical Data and Usage Data about your equipment and behaviour (e.g. browsing actions and patterns). We collect this personal data by using cookies, server logs and other similar technologies. Please see our Cookie Notice for further details.
8.Purposes and legal basis for which we will use your personal data
We will only process (i.e. use) your personal data when the law allows us to, that is, when we have a legal basis for processing. Subject to applicable laws, we use your personal data in the following circumstances:
“performance of a contract”: where we need to perform a contract which we are about to enter into or have entered into with you as a party or to take steps at your request before entering into such a contract;
“legal or regulatory obligation”: where we need to comply with a legal or regulatory obligation that we are subject to;
“legitimate interests”: where necessary for our interests (or those of a third party), provided that your fundamental rights do not override such interests. This can mean, for instance, that it is in our interest, to monitor how you are using our Website or any other electronic portals and platforms or access to systems to ensure that the security of our Website or other electronic portals and platforms or systems is maintained. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests; and
“consent”: where you have provided your consent to processing your personal data.
In relation to our client services or visitor services
In relation to Suppliers and Service Providers
In relation to use of our Website
In relation with CCTV and physical security
In relation to our Client and Visitors
Purpose and/or activity | Type of data | Legal basis for processing |
To manage payments, fees and charges and to collect and recover money owed to us | Identity Data, Contact Data, Financial Data, Professional Information | Performance of a contract Legitimate interests: ensuring we can manage payments, fees and charges, to collect and recover money owed to us |
To deliver Client Services and Visitor Services to you | Identity Data, Contact Data, Services Data, Profile Data, Usage Data, Technical Data, Professional Information, CCTV Data | Performance of a contract Legal or regulatory obligation Legitimate interests: ensuring that you are provided with the best client services and visitor services we can offer. |
To manage and protect our business, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting, managing our offices and other facilities | Identity Data, Contact Data, Profile Data, Usage Data, Technical Data, Marketing and Communications Data, Professional Information | Legal or regulatory obligation Legitimate interests: ensuring the efficient and secure running of our business, including through office and facilities administration, maintaining information technology services, network and data security, fraud prevention and improving or reorganising our infrastructure or the Mirakl group |
To invite you to take part in marketing or other promotional events, or client seminars or similar events, and to manage your participation in them | Identity Data, Contact Data, Profile Data, Usage Data, Technical Data, Marketing and Communications Data, Professional Information, Professional History | Legitimate interests: ensuring our client records are up-to-date, promoting our client services and visitor services, receiving feedback, improving our services and identifying ways to grow our business |
To identify services or products which might interest you, and to send you marketing (including paper and electronic marketing communications) or to contact you by other means to offer you our client services or visitor services | Identity Data, Contact Data, Profile Data, Usage Data, Technical Data, Marketing and Communications Data, Professional Information, Professional History | Legitimate interests: promoting our client services and visitor services, identifying ways to grow our business |
To ask you for feedback (for instance, in a survey) about our client services or visitor services, and to manage, review and act on the feedback we are getting | Identity Data, Contact Data, Profile Data, Marketing and Communications Data, Professional Information | Legitimate interests: reviewing how clients use, and what they think of, our client services and visitor services, improving them and identifying ways to grow our business |
In relation to Suppliers and Service Providers
Purpose and/or activity | Type of data | Legal basis for processing |
To check whether we would have a conflict of interest in appointing you as a supplier | Identity Data, Contact Data | Legal or regulatory obligation Legitimate interests: ensuring we (and all other parties concerned) understand any conflict of interest which may arise for us in a matter |
To take you on as a new supplier including performing background checks | Identity Data, Contact Data, Financial Data, Services Data, Professional Information | Performance of a contract Legal or regulatory obligation Legitimate interests: ensuring we do not deal with proceeds of criminal activities or assist in any other unlawful or fraudulent activities for example terrorism Public interest |
To manage payments, fees and charges | Identity Data, Contact Data, Financial Data, Professional Information | Performance of a contract Legitimate interests: ensuring we can manage payments, fees and charges and manage to collect and recover money owed to us |
Where we provide you access to our systems or our offices, we need to manage and protect our business, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting, managing our offices and other facilities | Identity Data, Contact Data, Profile Data, Usage Data, Technical Data, Professional Information | Legal or regulatory obligation Legitimate interests: ensuring the efficient and secure running of our business, including through office and facilities administration, maintaining information technology services, network and data security |
In relation to use of our Website
Purpose and/or activity | Type of data | Legal basis for processing |
To manage and protect our business and our Website, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting and reporting | Contact Data, Identity Data, Technical Data, Usage Data | Legitimate interests: ensuring the efficient and secure running of the Website, including through maintaining information technology services, network and data security |
To deliver relevant Website content to you and measure or understand the effectiveness of the content we serve to you | Contact Data, Identity Data, Technical Data, Usage Data | Legitimate interests: providing relevant content and identifying ways to grow our business |
To use data analytics to improve our Website, our services, marketing, customer relationships and experiences | Technical Data, Usage Data | Legitimate interests: reviewing how clients use and what they think of our Website, improving our Website and identifying ways to grow our business |
In relation to use of our electronic portals and platforms
Purpose and/or activity | Type of data | Legal basis for processing |
To provide you with access to our electronic portals and platforms and enable you to use specific features or parts of our electronic portals and platforms | Identity Data, Contact Data, Profile Data, Professional Information, Usage Data, Marketing and Communications Data | Legitimate interests: providing you with an access to requested services and enabling use of all the functionalities on the platforms to ensure that you are provided with the best services we can offer |
To manage and protect our electronic portals and platforms, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting and reporting, providing user support where requested | Identity Data, Contact Data, Profile Data, Professional Information, Technical Data, Usage Data, Marketing and Communications Data | Legitimate interests: ensuring the efficient and secure running of our electronic portals and platforms, including through maintaining information technology services, network and data security |
To investigate and address violations of our terms of use and policies as well as detect, prevent and combat harmful or unlawful behaviour. | Identity Data, Contact Data, Profile Data, Professional Information, Technical Data, Usage Data | Legitimate interests: preventing and addressing unlawful use of our electronic portals and platforms, violations of our terms and policies, or other harmful or illegal activity |
To help us to identify the success of our promotion campaigns | Identity Data, Professional Information, Profile Data, Usage Data | Legitimate interest: evaluating promotion campaigns and refining our promotion tactics if necessary |
To deliver optimised and relevant content and improve the overall approach and experience (e.g. by analysing your stated preferences and tracking patterns on how you interact and engage with our electronic portals and platforms) | Identity Data, Professional Information, Profile Data, Usage Data, Marketing and Communications Data | Legitimate interest: analysing how our electronic portals and platforms are used, optimising our electronic portals and platforms, identifying areas of interest of our clients, gaining understanding of which content is most valuable to users |
To identify areas of interest, services or products which might interest you and to help us have better informed conversations with you on our services and support we can offer (e.g. by tracking and analysing how you interact with our electronic portals and platforms) | Identity Data, Contact Data, Professional Information, Profile Data, Usage Data, Marketing and Communications Data | Legitimate interest: identifying ways to grow our business by targeting our business development initiatives and marketing activities more effectively |
To ask you for feedback (for instance, in a survey) about our electronic portals and platforms as well as marketing or other events, or client seminars or similar events, and to manage, review and act on the feedback we are getting | Identity Data, Contact Data, Profile Data, Professional Information, Marketing and Communication Data | Legitimate interests: understanding what users think of our electronic portals and platforms as well as marketing or other events, or client seminars or similar events, improving them and identifying ways to grow our business and improve users experience |
In relation with CCTV and physical security
Purpose and/or activity | Type of data | Legal basis for processing |
Detection and prevention of crime; detection and prevention of safety incidents; supporting safety, security and internal investigations; supporting criminal investigations. |
| legitimate interests: ensuring the protection of individuals and goods in Mirakl’s premises |
9.How we use personal data relating to other individuals collected from you
On certain occasions, in the course of our client services, you may provide us with personal data of individuals who are not aware of our involvement or of our processing of their personal data. In such situations, we are likely to not have direct contact with individuals whose personal data we are processing, or it may for other reasons (for instance, to maintain confidentiality) not be appropriate for us to provide them with a privacy notice setting out how we process their personal data. Before you pass any such personal data to us, you must therefore ensure that the relevant individuals have received any requisite privacy notices and there is an applicable legal basis to pass us such personal data in connection with the performance of our client services.
10.Processing your personal data for preliminary recruitment activities
When your personal data is passed to us for recruitment activities, we will use this personal data in order to contact you about recruitment and other opportunities. If you apply for any role within Mirakl, your personal data will be processed in accordance with our recruitment privacy notice which can be obtained here or by contacting us at privacy@mirakl.com.
11.Events and Mirakl’s electronic portals and platforms
The types of information we receive and collect in association with your use of Mirakl’s platform depend on what features you use and what content you share:
we require certain information (your name and email address) to send you an invite for an event, manage your registration and participation in the event;
you can decide to provide additional information about you on your profile including your profile photo, position, phone number, address and biography information. Please note that providing such additional information is optional and that information provided on your profile may be visible to other participants of the event, unless you choose to be a hidden participant.
Where we run an event in collaboration with a partner organisation, we may need to share your personal information with the partner organisation and act as so-called joint controllers. If we do so, we will provide you with additional information about the personal data we process as joint controllers in the event’s related communications we send to you.
12.Third-party marketing
We do not share your personal data with any organisations outside of Mirakl for marketing purposes.
13.Use of Website
We may collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this notice.
We do not collect any special categories of personal data about you through our Website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Our Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy notice of every website you visit.
14.Disclosures of your personal data
We may have to share your personal data with the entities and persons set out below for the purposes for which we collected the personal data, as detailed in Section 8 (Purposes and legal basis for which we will use your personal data).
Your personal data will be shared within Mirakl Group between the Mirakl Group Entities (which are listed on our Website). As an international firm, we share your personal data between Mirakl offices and entities to ensure the efficient operation of our company (for instance, by sourcing our shared services in the most cost-effective way) and to provide the highest quality of client services.
Where required, we will (subject to applicable laws, our professional obligations and any terms of business which we may enter into with you) disclose your personal data to:
(i) any person or entity to whom we are required or requested to make such disclosure by any court of competent jurisdiction or by any governmental, taxation or other regulatory authority, law enforcement agency or similar body;
(ii) our professional advisers or consultants, including lawyers, bankers, auditors, accountants and insurers providing consultancy, legal, banking, audit, accounting or insurance services to us; (iii) any financial institutions providing finance to us; (iv) service providers who provide information technology and system administration services to us; and (v) any external auditors who may carry out independent checks of your file as part of our accreditations.
If you ask us to do so in relation to the client services or visitor services we are providing or the supplier services you are providing, we may disclose your personal data to other persons or entities as instructed.
We may share your personal data with persons or entities outside of Mirakl’s to whom we may sell or transfer parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, the part of our business that is (as the case may be) sold, acquired or is the merged entity may use your personal data in the same way as set out in this notice.
We require any person or entity to whom we disclose personal data to respect the confidentiality and security of your personal data and to treat it in accordance with applicable laws and regulations. We do not allow such recipients of your personal data to use it for their own purposes, and we only permit them to process your personal data for specified purposes and in accordance with our instructions.
15.International transfers
In some cases, the parties which we use to process personal data on our behalf are based outside the EEA and/or the United Kingdom, therefore their processing of your personal data will involve a transfer of such data outside the EEA and/or the United Kingdom. Similarly, in the course of advising clients based outside of the EEA and/or the United Kingdom, we may be required to share matter-relevant personal data with them. Where this is the case we will only share the minimal amount of personal data necessary for the purpose of processing and, where possible, we will share the personal data in an anonymised form.
Whenever we transfer your personal data out of the EEA and/or the United Kingdom, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission (in the case of transfers out of the EEA) or the United Kingdom Government (in the case of transfers out of the United Kingdom); and/or
where we use certain service providers, we may use specific contracts approved by the European Commission (in the case of transfers out of the EEA) and/or the United Kingdom Government (in the case of transfers out of the United Kingdom), in both cases which give personal data the same protection it has within the EEA and/or United Kingdom as applicable.
Please contact us at privacy@mirakl.com if you would like further information about the specific mechanism used by us when transferring your personal data out of the EEA and/or the United Kingdom.
16.Data security
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of individuals, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing, including:
the pseudonymisation and encryption of personal data;
the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
We ensure that those who have permanent or regular access to personal data, or that are involved in the processing of personal data, or in the development of tools used to process personal data, are trained and informed of their rights and responsibilities when processing personal data.
17.Data retention
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for. This includes for example the purposes of satisfying any legal, regulatory, accounting, reporting requirements, to carry out legal work, for the establishment or defense of legal claims.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you would like to know more about the retention periods we apply to your personal data, please contact us at privacy@mirakl.com.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
18.Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. A good explanation of them (in English) is available on the website of the Irish Data Protection Commission.
It is Mirakl’s policy to respect your rights and Mirakl will act promptly and in accordance with any applicable law, rule or regulation relating to the processing of your personal data. This Privacy Notice is intended to provide you with information about what personal data Mirakl collects about you and how it is used.
You may also request information about: the purpose of the processing; the categories of personal data concerned; who else outside Mirakl might have received the data from Mirakl; what the source of the information was (if you didn’t provide it directly to Mirakl); and how long it will be stored. You have a right to correct (rectify) the record of your personal data maintained by Mirakl if it is inaccurate. You may request that Mirakl erase that data or cease processing it, subject to certain exceptions. You may also request that Mirakl cease using your data for direct marketing purposes. In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how Mirakl processes your personal data. When technically feasible, Mirkal will—at your request—provide your personal data to you or transmit it directly to another controller.
If you wish to confirm that Mirakl is processing your personal data, or to have access to the personal data Mirakl may have about you, for questions or complaints concerning the processing of your personal data, please contact us at privacy@mirakl.com or complete this form.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one calendar month (or earlier in accordance with applicable laws). Occasionally it may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
In many jurisdictions, including but not limited to in the European Union, you have recourse with your nation’s data protection authority. In France, you can contact the CNIL, 3 place du Fontenoy.