SFBX

Privacy Policy

Protecting the personal data and privacy of its users is of great importance to SFBX SAS ("SFBX", "we", "us" or "our"). This includes protecting your privacy by ensuring that you have the access and control necessary to decide how your data is used.

To this end, SFBX undertakes to process personal data in compliance with the applicable data protection laws and regulations in the countries from which its users access and use the AppConsent® solutions ("Solution"), in particular the European General Data Protection Regulation (known as "GDPR " ).

This privacy policy clarifies how we collect and process your personal data in the context of your use of this website:

- of the SFBX.io website

- AppConsent® Enterprise, Standard, Essential and Free offers

- AppConsent® Xchange offer

Please read it carefully, as it applies every time you use them.

What is personal data?

Personal data means any information relating to an identified or identifiable natural person (the "data subject").

In connection with your use of our solution, you are considered a data subject. The personal data covered by this Privacy Policy is therefore any information about you or your users, to the extent that you or your users are identified or identifiable, for example by reference to the IP address and or IMEI of the device or account identifiers.

The processing of personal data is subject to specific legal and regulatory provisions, in particular GDPR.

2. Why do we collect your personal data?

We only collect personal data that is necessary for purposes such as ensuring that you have the best possible experience with the solution, communicating easily with you, and in the context of the purpose of the solutions and based on your consent and that of the users of your websites or application, sharing your users' personal data with partners that you have chosen through the validation of contracts that will be offered to you.

3. under what conditions and what personal data is collected.

We collect personal data from you and your users in the following situations and for the purposes detailed below. For each case, we detail the information that is stored by our services. Our solutions have been built with Privacy by Design and Privacy by Default in mind, ensuring the highest possible level of data protection.

So very little information is stored by our services, none of it is nominative and all of it is encrypted and anonymized.

3.1 When connecting to the website as a visitor

When you log on to the website, we will automatically collect the following personal data for technical purposes so that the website you use is tailored to provide you with the best possible user experience:

  • The truncated IP address of your device,
  • The URL of the site you are currently viewing,
  • The user agent,
  • The timestamp,
  • Technical session cookies,
  • Retargeting cookies,
  • Audience measurement cookies,

The data is kept for 12 months.

3.2 When registering, subscribing to an offer and using your account on the website.

When you register/use your account on the website, we will collect the following data through the registration form:

  • Your complete IP
  • Your login : Hash email
  • The secure version of your password

We also retain your account information in the interests of the contract between us so that you can use our products:

  • Company name,
  • Siret number,
  • Address of the head office,
  • Name of the legal representative,
  • Account managers' names and functions,
  • URLs of websites and applications.

This data will be collected and processed for the purpose of managing your user account and providing you with the Solutions services. This processing is based on its necessity for the performance of a contract to which you are a party, namely the Terms of Use of the products.

These data are kept for the duration of the contract plus the 5-year commercial prescription.

Bank and billing information is not stored or managed by SFBX but by its partner Stripe: https: //stripe.com/fr whose privacy policy and TOS are as follows: https: //stripe.com/fr/privacy.

SFBX shall not be liable for any breach or improper handling of the Client Data by the Stripe Partner.

The Client is obliged to inform SFBX in the event of non-compliance or breach by the Stripe Partner of its obligations to manage its Data.

3.3 When using the solutions.

3.3.1 AppConsent® Enterprise, Standard, Essential and Free

AppConsent® is a consent management platform (CMP), a solution for collecting user consent for our customers' websites and applications. It is available in 4 packages: Enterprise, Standard, Essential and Free. The rules are the same for all 4 offers.

The following data is kept for the purpose of product operation and transmission of evidence:

  • User IDs of your websites or applications,
  • Transaction history, i.e., date, time, version of consent notice, consent status, source, and the Global Vendor List (GVL).
  • Positive, negative or mixed consents.

These data are kept for the duration of the contract plus the 5-year commercial prescription.

The Customer's bank and billing details are administered and stored by Stripe's partner: https: //stripe.com/fr, whose privacy policy and T&Cs are as follows: https: //stripe.com/fr/privacy, and not by SFBX.

3.3.2 AppConsent® Xchange

With AppConsent® Xchange, in return for the free provision of the CMP, SFBX collects organic data from the user's device. This data is basic and non-intrusive. It allows SFBX and its partners to create high value-added products based on the traceability and security of data exchanges. The goal is to build a strong data governance ecosystem in order to predict the post-cookie world.

This product allows our Xchange customers to share the data they hold with Partners and provide traceability and ensure that the user's choice is respected in the use of their data.

No data is shared without its legal basis attached.

The following data is kept for the purpose of product operation and transmission of evidence:

  • User IDs of your websites or applications,
  • Transaction history, i.e., date, time, version of the consent notice, consent status, source, and the Global Vendor List (GVL),
  • Positive or negative consents,
  • CMP XChange customer references,
  • References for buyers,
  • Contracts,
  • Shared data types.

The data passes through our platform between the seller and the buyer, we only store them temporarily between 6 hours and 1 month, the time they are used by the buyer.   

These data are kept for the duration of the contract plus the 5-year commercial prescription.

The data of the Internet users/mobility collected within the framework of the Xchange service :

The Xchange offer has been designed to only deliver data to advertisers, brands or other actors who are clients of our platform, if we have a positive consent signal beforehand. Under no circumstances will data be delivered without this consent being present.

The legal basis for the delivery of this data is consent. In order to be delivered, the purposes for processing this data must match. If, for example, a brand is pursuing Personalization and Measurement processing purposes and you have objected to both via the Consent Management Platform (CMP) notice, then the data will not be delivered. If you object to the Measurement processing, the data will be delivered but our platform will indicate that you objected to this purpose via the IAB consentString, or specific meta-data for processing not covered by the IAB or specific purposes.

Here is the list of data concerned, this list may be updated regularly. This is organic data, not intrusive for the users.

Type of data

Example

MAID (Mobile Advertiser ID)

22F02CE6-12DB-4E69-B0A3-95CE2B1E4BA3

MaidType

IDFA(Apple) or AAID(Android)

AppConsentID (cookie)

524f957-8126-4bbb-9cb6-f4d59341a50b

TimestampCollect

1572006875

deviceManufacturer

Xiaomi

DeviceModel

E A2

DeviceCarrier

Orange

IP (Truncated)

90.50.183.XX

AppNameBundle

com.SFBX.appconsenttest.xchange

DeviceOS

ANDROID

DeviceOSVersion

28

ConsentString

BOpdxkUOpdxkUACABAFRCo-AAAAq57__f__3_8_v3_9_NuzvOv_j_ef93VW8fvYvcEvzhY9d_u_Uzxc4m_0vRc9ycgx85eprGsoxQ7KSsG-VOgd_7t__3ziX9ohP6wkcprxz3bEw-jo2o8Jg

extraConsentSignal

{

    "GEOLOC_AD" = {

        id = 359fFyR;

        state = 1;

        vendors = {

            124 = 1;

            368 = 1;

            435 = 1;

            Ironsource = 1;

        };

    };

    "GEOLOC_MARKET" = {

        id = JU7iLdm;

        state = 1;

        vendors = {

            124 = 1;

            368 = 1;

            435 = 1;

            Ironsource = 1;

        };

    };

}

Purpose xO7AjTTJ

(

        {

        xO7AjTTJ = 1;

    },

        {

        124 = 1;

    },

        {

        368 = 1;

    },

        {

        435 = 1;

    },

        {

        Ironsource = 1;

    }

)

deviceCountryCode

EN

ExternalId

ABCDA24321

SignalStrenght

99

NetworkType

UNKNOWN

URL (Web)

https://www.awebsite.com

Content

Text content of the page or application

ID Sync(web)

True/False

3.4 When using the contact form.

By using the contact form on the website, we will collect, through this form, the following data:

  • Subject of your message;
  • E-mail address
  • The message you write in the "Description" field;
  • Any screenshots you can attach to your message;
  • Data related to your account and technical data related to the context of use to help us understand the problem you may be experiencing.

This data will be collected and processed for the purpose of receiving and processing your message, to be able to respond to it and to resolve any problems you may encounter described in your message. This processing is based on your consent, expressed by clicking on the "Send" button on the "Contact Us" form.

In the event that your message contains personal data classified as "sensitive data" under applicable data protection laws and regulations, for example data relating to your state of health, you explicitly consent to SFBX, by clicking on the send button on the contact form, receiving and processing such data in order to respond to your message.

It is understood that SFBX does not require or encourage its users to provide sensitive data through the "Contact Us" form.

This information is destroyed after processing your request made in this contact form.

We do not keep a history of these exchanges.

How is your personal data protected?

We apply the necessary internal and technological security measures to ensure that your data is not lost, misappropriated, accessed or disclosed to third parties except :

  • Within the framework of the contracts and uses of the products,
  • At the request of a judicial or police authority or any authority empowered by law.

Your information is encrypted and stored on servers based in Belgium. Access to your user account is protected by your user password. You are responsible for the confidentiality of the password you chose when you registered on our platform, and you undertake not to communicate it to anyone.

If you request deletion of your account, deletion will take effect immediately, unless your account has been suspended or blocked. In this case, we will keep your data for a period of 2 years in order to prevent you from circumventing the rules in force on our platform.

The deletion of your account does not mean the deletion of the data stored and listed in Article 3. To delete your information, you must complete the procedure to exercise your erasure rights as set forth in Article 7.

Who is the data controller and can I contact them?

The controller is SFBX, which provides the solutions.

If you have any questions or concerns about this privacy policy, SFBX's processing of personal data on the Solutions, or SFBX's data protection and privacy commitments more generally, you can contact the privacy policy administrator by sending an email via dataprotection@SFBX.io or by writing to

SFBX SAS, Attention: Privacy Policy Administrator, 15 Place Canteloup, 33800 Bordeaux.

6. With whom is my personal data shared?

The data will only be shared with third parties/partners in the context of the contracts that you have validated in the solutions.

These partners may use subcontractors within the framework of GDPR for the use of this personal data. In this case, the data controller will always remain the third party/partner with whom you have validated the contract and with whom you can exercise your rights (see article 7).

Apart from this case, the personal data collected and processed in accordance with Article 3 above will be shared with SFBX people and departments, in particular our staff dedicated to technical issues and user experience studies.

Only in specific cases, your personal data may be shared to respond to requests from the relevant authorities and in legal proceedings if necessary.

7. what are your rights in relation to your personal data?

The data will only be shared with third parties/partners in the context of the contracts that you have validated in the solutions.

These partners may use subcontractors within the framework of GDPR for the use of this personal data. In this case, the data controller will always remain the third party/partner with whom you have validated the contract and with whom you can exercise your rights (see article 7).

Apart from this case, the personal data collected and processed in accordance with Article 3 above will be shared with SFBX people and departments, in particular our staff dedicated to technical issues and user experience studies.

Only in specific cases, your personal data may be shared to respond to requests from the relevant authorities and in legal proceedings if necessary.

  • What are your rights with respect to your personal data?

In accordance with the applicable data protection laws and regulations, you have the following rights regarding the processing of your personal data: right of access, right of data portability, right of rectification, right of erasure, right to object to processing and right to restrict processing.

  • Right of access: you can access your data to modify it, or request a copy of your personal information.
  • Right of rectification: you can ask SFBX to correct inaccurate information on its database.
  • Right of deletion: you can request the deletion of your Personal Data.
  • Right of objection: you may object at any time to the processing of your personal data on AppConsent Xchange by clicking on this this link.
  • Right to limit processing: you can request the suspension of processing concerning you for the time of an audit.
  • Right to portability: you can have the personal data you have provided transmitted in a structured, commonly used and computer-readable format to us or to another data controller, where technically possible.

You may exercise these rights by contacting the Privacy Policy Administrator at dataprotection@SFBX.io or by writing to SFBX.com SAS, Attention: Privacy Policy Administrator, 15 Place Canteloup 33800 Bordeaux, France.

These rights are purely personal and can only be exercised by the individual concerned. Therefore, you may be asked to provide a copy of a valid form of identification; we will only keep this copy for the time necessary to verify your identity.

In this case, SFBX will cease processing the personal data concerned and will retain it for the appropriate period of time.

For those processing activities described in sections 2 and 3 above that are based on your consent, you have the right to withdraw that consent at any time, without justification.

Finally, you have the right to lodge a complaint about the processing of your personal data by SFBX with the competent supervisory authority in your country.

SFBX has appointed a DPO in charge of personal data protection whose contact details are as follows

  • juridique@dipeeo.com
  • Tel: 09.50.39.07.50
  • Postal address: Dipeeo, 95 avenue du Président Wilson, 93100 Montreuil, France

8. Changes to this privacy policy

This privacy policy was last updated on September 13, 2023. Please note that we may revise it from time to time and reserve the right to update or amend it.

We will post the revised Privacy Policy on the app, so users can always know what personal data we collect and how we collect it. In addition, if you have registered under the registration form, you will also receive an email notifying you of changes or updates to the Privacy Policy on the email address associated with your user account.

What is Ad4good?

Ad4good is the first solidarity advertising network. If you accept personalised advertising on our site, you will be helping to finance some forty associations in need.

See the full list of associations on the Ad4good website

The Ad4good network is implementing 3 actions to ensure its mission:

  • Partnership between publishers and Ad4Good: part of the publisher's inventory is reserved for the distribution of solidarity ads. These ads are monetised by Ad4good, which then donates 50% of its margin to associations.
  • Partnership between advertisers and associations: each advertisement broadcast by the advertiser during an " Ad4Good" labelled campaign campaign generates a donation for the partner association of the campaign.
  • Partnership between publishers and associations: Ad4good offers publishers the opportunity to provide visibility to partner associations by reserving unused advertising space.

To allow the associations to continue their actions, you can accept in general or set the detail by allowing Store and/or access information on a terminal and Personalised advertising.

Ad4good, partner of the CMP AppConsent® for responsible and ethical advertising

We are partners with the Ad4good network, the first solidarity-based advertising network that brings together some forty associations.

See the full list of associations on the Ad4good website

The Ad4good network is implementing 3 actions to ensure its mission:

  • Partnership between publishers and Ad4Good: part of the publisher's inventory is reserved for the distribution of solidarity ads. These ads are monetised by Ad4good, which then donates 50% of its margin to associations.
  • Partnership between advertisers and associations: each advertisement broadcast by the advertiser during a campaign labelled "Ad4Good generates a donation for the partner association of the campaign.
  • Partnership between publishers and associations: Ad4good offers publishers the opportunity to provide visibility to partner associations by reserving unused advertising space.

What does this mean for your audience?

By opting in to the AppConsent® Xchange Solidaire offer, your participation will be mentioned on the first screen of your consent form.
If a user refuses collection for advertising purposes, a reminder screen will be displayed so that they can change their choices if they wish to be an actor of change towards more ethical advertising.

What are the eligibility criteria?

As a pre-requisite, your website must carry advertising. Once you have registered with AppConsent® Xchange Solidaire, you must have a significant amount of responsible advertising on your website (at least 20%).

The AppConsent® Xchange Solidaire offer allows you to take part in a more responsible advertising ecosystem focused on solidarity and environmental preservation.