1/ PURPOSE OF POLICY

This Policy is important for Users who want a positive browsing experience they can trust. It is also important for us, since we want to prove that we act transparently in the way we collect Data and protect their confidentiality. We aim to answer Users’ questions accurately and appropriately, and meet their expectations by respecting their choices and rights. We invite all Users to take a moment to understand how we operate and contact us whenever the need arises (see article 10).

In the event of any divergence or inconsistency between the French version and any other language version of this policy or supporting document, the French version will prevail, be deemed authoritative and take precedence.

2/ DEFINITIONS

The definitions of key terms provided below are intended to explain our activities to Users as clearly as possible.

IP address(es): means an identification number composed of four series of figures (e.g. 000.000.000.000), which is generally assigned on a temporary basis to a User’s Device by an Internet Service Provider when they connect to the internet, and which we may process when the Device concerned views a Partner Site, in response to statutory obligations or to determine the country in which the connection originated, for example.

Customer(s): means any company other than those that make up Moxielinks, with which we have entered into an agreement relating to the provision of Moxielinks products and/or services, which allows them to publish an advertisement or personalised message.

Cookie(s): means a text file that is saved temporarily, subject to the User’s agreement in accordance with the applicable French and/or European legislation, when viewing the Site of one of our Partners. A cookie file allows the issuer to identify the internet browser of the Device it is saved on, while the Cookie remains valid or during the period it is saved for.

Personal Data or Data: means, in accordance with the General Data Protection Regulation 2016/679 of 26 April 2017 (“GDPR”), all information that allows a data subject to be identified either directly or indirectly, regardless of the device used by the User. Personal data include sociodemographic, browsing or interaction data relating to a Device’s connection to the internet or a Site at a given moment (IP address, date and time of a Device’s connection to a Site, the identity of the Device or its browsing software, the browser’s user languages, the type and version of the browser used by a Device, the operating system used by the Device, etc.).

Sensitive Data: means those Personal Data that reveal a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic status or state of health, or sexual orientation. It is important to note that Moxielinks does not collect any Sensitive Data.

Partner(s): means any company other than those that make up Moxielinks, with which we have entered into an agreement relating to the provision of Moxielinks services, which allows Moxielinks to gather Data.

Site: means, in accordance with the French Act on Confidence in the Digital Economy no. 2004/575 of 21 June 2004 (LCEN), the transmission of digital data of any kind, which do not represent private correspondence, by an electronic communications process, of signs, signals, texts, images, sounds or images of any kind, implemented by our Partners, to offer Users their products and services.

Moxielinks, we, our: means Group companies and our service providers who may, under certain conditions, gather, use, save or share Personal Data that has been created or modified when the User accesses, receives an offer from or visits the Site of one of our Partners.

Subcontractor(s): means any company that may process Personal Data on behalf of a principal, which is responsible for processing Data. Where Moxielinks acts on behalf of a Customer, Moxielinks may be a subcontractor. Where a Moxielinks service provider acts on behalf of Moxielinks and on its instructions, Moxielinks is responsible for the Data processed by said service provider subcontractor.

Device(s): means the hardware (computer, smartphone, tablet and/or all connected devices, etc.) and their software components (operating system, browser, etc.) that allow the User to access a Partner’s site.

Processing of Personal Data: means any operation(s) applied to Personal Data, in particular collection, saving, organisation, viewing, use, storage, transfer or any means of providing access, limiting, erasure or destruction, comparison or interconnection.

Users(s): means any physical person who accesses, uses, views via a given web browser or is a member of a Partner’s department, whose Personal Data we may process in order to serve our Customers.

3/ PURPOSE OF POLICY

Moxielinks is a company that specialises in data marketing, whose activities consist primarily of collecting and Processing sociodemographic, browsing and interaction data, which are used to qualify, enhance and segment its Partners’ audiences.

The Data we collect through our Partners are pseudonymised, i.e. converted or manipulated via identifiers in the form c52c40bb75bc6b3209cffac354d81b7a or 20171120_XXXX6b25e5164555f79bbb95865XXXX, which means that the User cannot be identified directly. We do not, under any circumstances, collect Data such as their name, postal address or phone number, which would allow the User to be identified directly.

Our activity does not, at any time, involve collecting Data that would directly identify the User or allow us to identify them directly. We use various technologies, including placing Cookies and other similar technologies, to collect and store non-personal data only, when a User views the Site of one of our Partners, or uses one of its services.

Using these Cookies and other similar technologies, we are able to analyse Users’ areas of interest through their browsing habits and in particular:

• their activity on Sites run by our Partners (number of pages viewed, products viewed, searches run, etc.); • geographical information based on their IP addresses and connections, in particular the country where Users where located when they connected. Find out more.

It is important to remember that Moxielinks does not collect any Sensitive Data and that no Data category or segment is created specifically for targeting minors.

Our aim is essentially to make it possible, using a small amount of apparently insignificant information, such as searching for a product or reading an article, to determine the User’s areas of interest or probable intentions, and personalise advertising and commercial messages accordingly. In brief, we allow our Customers to interact with the User where this is relevant, and not to do so where it is not; this is less frustrating for the User and avoids our Customers investing their marketing budget in advertisements that are not effective.

Find out more, via a dedicated page that outlines the technologies we use to collect our Data.

4/ USE OF DATA

Moxielinks seeks to understand and respond to Users’ expectations by collecting browsing and interaction data. Moxielinks’s ambition is to allow its Customers to target Users with relevant offers that match their areas of interest. As a result, the data we collect then allow our Customers to provide and improve the products and services they offer to consumers. The process allows our Customers to post content and offers in line with Users’ interests. For example, if a User views and browses a (merchant or other) site, their browsing and interaction data will be collected and can then be used by our Customers so that the next time a User browses, they will see content and advertisements that match their areas of interest as closely as possible. All the Data collected are retained for a limited time, based on the purpose for which they were processed and in accordance with the regulations in effect. Our Cookies are valid for a maximum of 365 days.

5/ TRANSFER OF DATA

The Data we collect many be processed on servers located within or outside the European Union. In the event of a transfer of Data, we provide guarantees that are compliant with European Union law and require and ensure that a high level of Data protection is implemented by our Subcontractors, Partners or Customers around the world. Find out more

6/ DATA SECURITY

We undertake to process the Data we collect in strict confidence. Moxielinks places particular importance on the security of Users’ Data by using technologies that provide security in line with the most demanding standards, using SSL, hashing/encryption and firewall technologies. We do everything we can to ensure the confidentiality of the Data we collect and to prevent unauthorised third parties from viewing, using, disclosing, modifying, damaging or destroying said Data. Find out more

7/ DATA SHARING AND DISCLOSURE

Moxielinks does not share Users’ Data with businesses, organisation or non-Customer third parties unless we believe that there is a reasonable justification for accessing, using or disclosing said Data:

7.1 To our subsidiaries and service providers

It is possible that we may, in the context of our activities, transfer Data to our subsidiaries or Subcontractors that process the Data collected on our behalf, and in accordance with our instructions and this Policy. Under no circumstances may our Subcontractors appoint another Subcontractor without our prior authorisation in writing or use the Data for any purpose other than those described in this Policy.

7.2 In response to a request from an authorised public body

In response to court summons or orders, judicial or administrative procedures or any other request issued by the competent authorities to which Moxielinks must submit, or to establish or exercise its rights, or to defend itself against legal proceedings; To protect itself from any infringement of Moxielinks’s or Users’ rights, property or security pursuant to and in accordance with the law; To avoid, reveal or deal with fraudulent activities, security breaches or any technical problem that might affect Moxielinks’s servers.

8/ FREEDOM OF CHOICE AND CONTROL OF DATA

It is also essential to inform Users about how we collect their Data, to allow them to make informed choices and exercise their rights in full knowledge of the facts.

In accordance with the applicable regulations, collecting Data using Cookies and other similar technologies is subject to obtaining the User’s agreement, which can be expressed and modified at any time, using any of the methods offered to them to exercise their choices. Our Partners are responsible for obtaining their agreement to save Cookies to their Device when they browse to their Sites or use their services, in accordance with the applicable regulations. Moxielinks cannot be held liable in this respect.

In accordance with the GDPR, we allow Users the right to access and erase their Data. In order to fulfil requests for access and erasure, we ask Users to provide us with:

• The User’s relevant credentials: name or identifier of the Moxielinks Cookie. Without these technical details, we are unable to compare the Data we hold with a User who wishes to exercise a right of access or erasure. Users can click here to find the identifier associated with the internet browser of the Device they are currently using. • A statement on their honour that the User is the only user of their Device or has exclusive control over the use of the Device whose Data may have been collected by Moxielinks. If it is likely that said Device may have been used by a third party with the User’s agreement or without any objection by them, the latter must also undertake to obtain the agreement of said third parties in writing, so that we can satisfy the request for access or erasure, insofar as said access request is likely to reveal information about the browsing history of said third parties. • A valid identity document. Une pièce d’identité valide.

If the User no longer wishes any or all of their Data to be gathered and saved by Moxielinks, they may exercise their right to object by clicking here and deactivating the gathering of their Data by Moxielinks. If the User expresses an objection to the gathering of their Data, they can be asked again for their consent through our Partners’ services.

We ask Users to note that exercising their right of objection implies destroying the Cookie that contains the Moxielinks identifier and that Moxielinks may therefore no longer be able to fulfil subsequent access or erasure requests on technical grounds. If the User wishes to exercise a prior right to access or erase Data, it must be expressed in accordance with the terms set out in the previous paragraph. If the User wishes to retain the possibility of exercising a right to access or erase Data, they must record and archive their Moxielinks identifier (viewable here) prior to exercising their right to object.

However, it is important to note that deleting Cookies will remove the information needed to process the User’s objection. The same may apply when browsers are changed or updated. The User will therefore have to reconfirm their decision to exercise their right to object.

Users may also exercise their choices directly in their internet browser. The procedure for managing Cookies and Cookie preferences varies slightly between browsers. Users can view the steps for managing cookies in their browser’s help menu.

• for Internet Explorer™ • for Safari™ • for Chrome™ • for Firefox™ • for Opera™

Note: exercising your right to object will not prevent advertisements being displayed. Only advertisements that use Moxielinks’s personalisation services will cease. In other words, the User will no longer be shown advertising that reflects their areas of interest through the use of Moxielinks Cookies, but will continue to be shown advertisements whose content will no longer necessarily match their areas of interest, and may be dubious.

9/ CHANGES TO THIS POLICY

This Policy may be subject to change. Any change to the rules of our Confidentiality Policy will be accessible as soon as it comes into effect on this page.