Confidentiality and data protection policy as of 28 January 2022
Sampleo builds strong and long-lasting relationships with its users, based on mutual trust: ensuring the security and confidentiality of users' personal details is an absolute priority for Sampleo.
Sampleo abides by all French and European regulatory and legislative provisions about data protection.
Sampleo applies an extremely strict policy for guaranteeing the protection of its users' personal details:
- Each Sampleo user retains full control over his or her data. Sampleo can only use it for the specified purposes.
- Data is handled in a transparent, confidential and secure way.
- Sampleo is committed to a continuous process of data protection for its users, in keeping with the amended Data Protection Act of 6 January 1978 and the EU data regulations of 27 April 2016 (known as GDPR RGPD).
- Sampleo has a team dedicated to data protection, including a DPO (Data Protection Officer listed with the CNIL) and specialist engineers.
Identity and contact details of processing managers
The entity in charge of the processing of users' personal data collected during the user's account creation and activity on the www.sampleo.com website is Sampleo, located at 2 Rue Paul Vaillant Couturier, 92300 Levallois-Perret.
If the user has any questions or claims relating to Sampleo's compliance with the present policy, or if the user wishes to make Sampleo aware of any recommendations or comments about improving this policy, the user may contact Sampleo by writing to the following address: firstname.lastname@example.org.
What personal data do we collect when you participate in the Ambassador Program?
- Information collected through questionnaires :
- At registration
We collect data when you register on our site.
When you register, you will just be asked for your personal email address.
Later, if you wish to apply to get products to test, we will ask you for the following information:
- First name,
- Landline number,
- Mobile number,
- Postal address,
- Marital status,
- Number, age and gender of children,
- Areas of interest
- Throughout your time on the site
Once you are registered on the site, you can complete additional surveys:
- Profiling questionnaires: these help us to get to know your better and thus to select you more easily to get products.
- Consumption habit questionnaires: these are asked as part of campaigns in which you wish to take part and are mandatory for approving your application. These also help to get all the information needed to select people to take part in ambassador programmes.
None of your answers are ever disclosed to a third party in a form that would make it possible to identity you personally, unless you ask otherwise or explicitly agree to it.
We only disclose the results of questionnaires to campaign partner brands and in aggregation form.
- At registration
- Data collected in photo/video form
As part of your ambassador programme you can submit photo or video content relating to your experience. When uploading such content you can select whether it should be for the exclusive internal use of Sampleo staff (in which case our teams will use the content solely for internal evaluation of the project and your activity) or whether it may be made public (in which case other visitors to the platform may see the content).
Your content will be kept by Sampleo for as long as the campaign involved appears on the Sampleo site. After this period, all content relating to the campaign will be deleted. You can delete this content yourself at any time by going to your ambassador space (or simply by sending a request by email if you have deleted your account).
Furthermore, Sampleo may show all of your content to partner brands in order to inform them about status, give an example of how the product is used or to show them results. In such an eventuality, your identity will never be linked to the content. The brand shall only be allowed to use your content with your explicit consent.
When you give permission for your content to be published, you explicitly authorise Sampleo to use it in any form (brochure, sales material, newsletters, presentation, online banner, etc.) in order to promote the Sampleo site and its community.
Why do we collect your personal data?
Sampleo undertakes to process your personal data for specific, legitimate and relevant purposes. In addition, and in accordance with the GDPR, we have defined a legal basis on which each processing operation is based: contractual performance, your consent, our legal obligations, our legitimate interest.
The purposes associated with each legal basis are listed below:
Based on the execution of the contract, Sampleo implements processing for the following purposes:
- the creation and provision of a member account;
- the management of ambassador applications and their missions;
- the management of the deliveries of the products to be tested.
Based on your consent, Sampleo implements processing for the following purposes:
- managing the sending of newsletters by email;
- the management of cookies subject to consent (sharing of data collected with our business partners in particular to broadcast targeted advertisements on the Site, broadcast targeted advertisements on Facebook and create audience segments).
Based on its legitimate interests, Sampleo implements processing for the following purposes:
- the management of cookies not subject to consent: allow your authentication, adapt the service to your terminal and language preference, store your cookie consent, measure and qualify the audience of the Site;
- identification of real registrations and filter of massive registrations generated by robots (spam) via the reCaptcha tool;
- management of complaints to the “Customer Relations” Service ;
- the evaluation of your interest in newsletters and the measurement of the effectiveness of the advertisements integrated in these newsletters;
- the establishment of any means of proof necessary to defend our rights in the event of legal or similar proceedings.
Based on compliance with its legal and regulatory obligations, ADEME implements processing for the following purposes:
- the management of your requests to exercise personal rights;
- the management of responses to official requests from public or judicial authorities empowered for this purpose.
How can I amend/delete my personal information?
We keep your personal data only for as long as necessary to fulfill the purpose for which we hold this data, to meet your needs or to fulfill our legal obligations.
To establish the retention period of your data, we apply the following criteria:
- If you create an account, we keep your personal data until you ask us to delete them or three years after a period of inactivity (no active interaction with Sampleo);
- If you have been selected to become an ambassador: all the information collected via the questionnaire and the photo / video content relating to a campaign will be kept as long as the campaign is displayed on the Site or, concerning photo and video content only, until you ask us to delete them;
- If you have consented to receive newsletters, we keep your personal data until you unsubscribe or until you ask us to delete it or three years after a period of inactivity (no active interaction with Sampleo). We also keep the data for one year to measure your interest in newsletters and for three months for data related to the distribution of advertising in emails;
- When you register and/or connect to the account, we use the reCaptcha tool. Google is responsible for this processing. As such, Google determines the retention period of the data collected. To find out more click here ;
- If you contact us in the context of a complaint, we keep your personal data for the duration necessary to process your request;
- If cookies are placed on your computer, we keep your data only as long as necessary to achieve their purpose (eg, for the duration of a session for session identification cookies)
When we no longer need to use your personal data, we erase them from our information systems or we anonymize them.
We may retain certain personal data in order to fulfill our legal and/or regulatory obligations (for example, keeping a register for managing requests relating to the rights of individuals: access, erasure, rectification, etc.), and in order to allow us to exercise our rights (for example, to file a claim in any court). In this case, we keep this data in a database that is distinct from the active database, with a limited retention period.
Your personal data is transmitted to Sampleo employees who need to process it to offer you a quality service. Depending on the processing carried out, this may be, for example, customer service, the marketing service, the data service and the IT service.
We constantly make every effort to ensure the security of your personal data against loss, misuse, unauthorized access, disclosure, modification or destruction of your personal data. Upon receipt of your data, we apply strict security measures to limit the risk of data breaches, which may include:
- the adoption of a password policy for the creation and management of accounts
- an operation to encrypt user passwords when saving to the database
- the use of the TLS protocols for forms containing personal data allowing the encryption of data on the network
- access to personal data is strictly reserved for persons authorized to become acquainted with it within the framework of their missions
- sending e-mails
- sending parcels
- the cookie consent management center
- banking institutions
We contractually commit our subcontractors to take all appropriate measures to protect your personal data.
In accordance with the regulations in force, we may also transmit your personal data to lawyers, legal assistants and ministerial officers, to the administrative or judicial authorities seized of a dispute if necessary, in the context of compliance with the legal obligations incumbent on us or for allow us to defend our rights and interests.
Where do we store your personal data?
To meet the purposes set out above, your personal data is transmitted to companies processing in countries located outside the European Union (EU) and the European Economic Area (EEA) which do not have an adequate level of data protection. personal data as provided for by the European Commission.
In this case, rigorous and appropriate physical, organizational, procedural, technical and personnel measures ensure the security and confidentiality of personal data. We also ensure that these transfers are governed by a cross-border flow agreement which guarantees the protection of your personal data (via standard contractual clauses issued by the European Commission and currently in force).
You can access these clauses by contacting our data protection officer at the following address: email@example.com.
What are your rights ?
In accordance with the applicable data protection regulations, you have the following rights related to the data concerning you:
- right of access to your data: you can request to obtain a copy, in plain language, of all your data that we hold on you
- right to the erasure of your data: you can request the erasure of all your personal data unless this data is still necessary for the performance of certain operations, for compliance with a legal obligation or for the observation, exercise or the defense of legal claims
- right of rectification of your data: you can ask to correct inaccurate or incomplete information concerning you.
- right to withdraw your consent: for processing based on your consent (for example: for the deposit of advertising cookies), you have the possibility of withdrawing your consent at any time, through a simple method equivalent to that used to collect your consent
- right to object to processing*: you have the right to object to any use of your personal data (more information below)
- right to portability of your data: you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and to transmit it to another body
- right to obtain the limitation of processing: you have the right to request that the use of some of your data be temporarily frozen in order to verify its accuracy, to oppose their erasure or to exercise or defend your legal rights
- right to formulate general directives (with a digital trusted third party certified by the CNIL) or specific (with the data controller) relating to the fate of your personal data after your death
* Specifically concerning the right of opposition:
You can ask to exercise your right to oppose the processing of personal data concerning you for reasons relating to your particular situation when the processing is based on our legitimate interest.
In the event of exercise of such a right of opposition, we will cease the processing. It may be refused to grant your request if there are legitimate and compelling reasons which prevail over your interests, rights and freedoms or if your data is necessary for the recognition, exercise or defense of legal rights.
You can object to any processing related to prospecting without it being necessary to invoke reasons relating to your particular situation.
To exercise your right to object to the deposit of cookies or to withdraw your consent, please consult our Cookies and other tracers policy, available here.
How to exercise your rights?
For practical reasons, we invite you to make your request with the email address that serves as your identifier if you have a member account. This way, we can make sure it is really you.
You can exercise these rights by contacting us by post or email:
2 rue Paul Vaillant Couturier
Adresse e-mail : [firstname.lastname@example.org]
We will send you an answer within 1 month of receiving your request.
You can also, for some of your data and when you have a member account, rectify or delete your data directly via the "My Account" section.
In addition, for this request or for any other question, general or specific, relating to the protection of personal data, you can contact the Personal Data Protection Officer who will give you an answer within a reasonable time with regard to the question asked. or information required.
The Data Protection Officer can be contacted by post or e-mail:
2 rue Paul Vaillant Couturier
E-mail address: email@example.com
Within the limits permitted by the applicable legislative provisions, when a person's requests are manifestly unfounded or excessive, in particular because of their repetitive nature, we may refuse to respond to the requests or require the payment of reasonable costs taking into account the administrative costs incurred in providing the requested information.
Finally, if you believe, after contacting us, that your rights to your data have not been respected, you can file a complaint with the Commission Nationale de l'Informatique et des Libertés (3 place de Fontenoy - TSA 80715 – 75334 Paris cedex 07 ; tél. : 01 53 73 22 22).
Can we change this policy?
We may modify this policy in the event of legal or jurisprudential developments, following decisions and recommendations of the CNIL or following the addition of a purpose other than that for which the personal data was initially collected.
Any substantial modification of this policy will be brought to your attention by any means, including electronically.
However, we encourage you to regularly consult the Personal Data Protection Policy in order to find out how your personal information is protected.