Privacy Policy

Date of last update: 16/02/2024

  1. General
  2. Identity of the data controller, data protection delegate and supervisory authority
  3. Why and how do we collect your personal data?
  4. What categories of personal data do we collect?
  5. What are the purposes, legal bases and retention periods for the processing of your personal data?
  6. Who are the recipients of your data?
  7. Is your personal data transferred outside the European Union?
  8. What are your rights regarding your personal data?
  1. General

1.1. Purpose of this privacy policy

The purpose of this confidentiality policy is to inform you of the purposes and methods of processing your personal data by HAWK SAS, in particular via, in accordance with the provisions of Regulation No. 2016/679/EU of the European Parliament and of the Council of April 27 2016, relating to the General Regulations relating to the protection of personal data (GDPR) , as well as your related rights.

For any request for additional information, we invite you to contact the Data Controller, or its Data Protection Officer (DPO), whose contact details are given below.

1.2. Situations in which this privacy policy applies

This privacy policy applies to the following situations:

  • You are an internet user, and you consult the site or application of a HAWK partner, for which HAWK operates, as a “ demand-side platform” (or “DSP”), and are targeted by HAWK’s targeted advertising services (see 3.4.)
  • You are a simple visitor to the site www.hawk-tech.io and you are concerned about the personal data concerning you which may be collected there, when you have completed the contact form, or subscribed to a newsletter;
  • You are a client of HAWK, or work for such a client, and, in this capacity, you have made your contact available to HAWK.
  1. Identity of the data controller, data protection delegate and supervisory authority

2.1. Data controller

The Data Controller is: HAWK SAS Simplified joint stock company (SAS)2 RUE DE CLICHY – 75009 PARIS, SIRET n°79523686800019, represented by Mr. Renaud BIET as President and Mr. Hakim METMER as Managing Director

2.2. Data Protection Officer

The Data Protection Officer or (“Data protection officer ”, DPO) is: Maître Alexis DEROUDILLE Lawyer at the Paris Bar 44 rue de la Clef75005 Paris, France Toque n°2449SIRET n° 83964295600024 (SIREN n°839 642 956) www .deroudilleavocat.com

2.3. Competent supervisory authority

The competent supervisory authority for the protection of personal data is: The National Commission for Information Technology and Liberties (CNIL) 3 place de Fontenoy, 75007 PARIS, tel: +33153732222, website: www.cnil.fr

2.4. Hawk’s participation in the IAB Transparency and Consent Framework

Hawk is registered with the Internet Advertising Bureau (IAB), and participates in the transparency and consent framework of the IAB Europe («Transparency & Consent Framework»). Hawk complies with all the obligations of the «Transparency & Consent Framework»).

Hawk’s registration number with IAB Europe is 275.

  1. Why and how do we collect your personal data?

3.1. What is a DSP ( Demand Side Platform)?

A “ demand-side platform” (or DSP), the category to which the HAWK platform belongs, is a service provider that offers its clients, media agencies or advertisers (“Advertisers”), targeted advertising services. To do this, the DSP platform buys advertising space (advertising inserts, video, audio) from partners, the “ Supply Side Platforms” ( SSPs ), which themselves purchased it from third parties, websites or mobile applications (“Editors/Publishers”), advertising space which it then selectively resells to its clients, addressing them to the most targeted target audiences. more likely to respond to their offer.

This process involves the identification of target audiences among the users of said sites or mobile applications (“segments” or “segmentation data”), and therefore, therefore, the processing of several categories of personal data of these same users. Thus HAWK is likely to identify certain of your habits, characteristics, distinctive features, deduced from the activity of your terminal (smartphone, tablet, computer).

3.2. What is personal data?

Personal data means any information relating to a natural person from which said person can be identified either directly or indirectly.

Directly identifying data is, for example, your first and last name. Other data is not directly identifying, but is nevertheless qualified as personal data , to the extent that it provides information about you, in particular, when it is crossed with identifying data. This is the case, for example, with your geolocation history.

3.3. How do we collect your personal data?

Most of the personal data concerning you that we collect and process are obtained indirectly, via our various partners: Supply Side Platforms ( SSPs ), Data Exchange Platforms and Editors/Publishers.

When you visit a partner website or mobile application (“Editor/Publisher”), and you consent, the advertising inserts on this site or application may send you targeted advertising. To do this, the site or application collects, with your consent, personal data concerning you, deduced from the use of your terminal (computer, smartphone): this is the user number of your terminal (IP address , device ID, IFA identifier, etc.) and your geolocation data. It is important to specify that this information is collected without the use of “cookies”.

The site or application then sells it , using a real time bidding procedure , to SSPs (“ Supply Side Platforms”), the advertising inserts printed on your page, to which the previously mentioned data collected is associated, which allows your terminal to be identified and located. It is from these SSPs that HAWK will in turn acquire these advertising inserts, and the information associated with them, via the same real-time auction procedure.

Hawk will then resell the advertising space acquired to its own clients, brands or merchants, who wish to use the advertising inserts printed on the page of the site or application that you are consulting, in order to display their targeted advertisements.

In order to allow its clients (“Advertisers”) to send you targeted advertising, when you view the page of the site or application previously discussed, H AWK will cross-reference this information, making it possible to identify your terminal, with segmentation data obtained from third-party partners (Data Exchange Platforms).

Indeed, when you visit pages of third-party websites (brands, e-commerce sites, etc.), these websites may collect, always with your consent, information about your preferences and your personality. Thus, it is possible to attach yourself to a segment: young, sporty, coffee lover, travel lover, etc. These segments are only constructed from information that you have consented to communicate. No data falling into particular or “sensitive” categories (e.g. health data, political or religious opinions, sexual orientation) is used.

So, for example, if you regularly visit automotive websites, our HAWK customers, your device identifier will most likely be associated with automotive-related segments. It is therefore very likely that the advertising inserts on the sites or applications you visit are resold by HAWK to its clients who wish to display targeted automobile-related advertisements. Likewise, for example, if you have shown some interest in a brand of shoes.

It is important to specify that the different steps described above take place “in real time”. This means that all bidding operations between the different players take place concurrently, so that targeted advertising can be displayed at the exact moment you view the page or application.

Hawk may use your geolocation, in addition to segment information, to refine targeting by incorporating geographic information, for example, by displaying targeted advertisements for stores that are near you.

It is also possible that you have consented to transmit information concerning your geolocation, in particular, via the use of your smartphone, when you are in a specific location. If this location corresponds to a store, it is then possible that your identifier has been attached to a “geographic” segment concerning this same store. If you went to this store after viewing a targeted advertisement regarding its offer, this information may then be used to evaluate the effectiveness of this campaign (“drive to store”).

  • When do we collect personal data directly from you?

As an exception to what has been explained previously (see 3.3.) Hawk may collect certain personal data concerning you, directly from you. This is the case, first of all, when you visit its website www.hawk-tech.io and fill out a contact form, or subscribe to a newsletter.

Hawk also collects personal data, directly from you, when you respond to a market research questionnaire. Indeed, HAWK offers its clients, advertisers (“Advertisers”), to carry out market research for them. To do this, instead of filling advertising spaces with targeted advertising, we fill them with market research questionnaires. These questionnaires are anonymous, and include general questions relating to your drinking preferences, for example: “ are you a man/woman, how often do you consume hot drinks?” , do you have a coffee machine? , what coffee brands do you think of when someone talks to you about a coffee machine? … etc. “. If you respond to one of these questionnaires, your (anonymous) response may constitute processing of personal data.

Finally, HAWK may collect your identification data, directly from you, when you are one of its partners, or the employee of one of its partners, and you create an account on the HAWK platform.

3.5. How do I express my choices about the use of my data?

HAWK invites you to express your preferences regarding the personalization of advertising content on the platforms of the sites you frequent.

If you would like more information on this subject, we invite you to contact the HAWK DPO, at the address indicated above.

  1. What categories of personal data do we collect?

4.1. Data we collect indirectly from a third party

The following categories of data are collected automatically from your device, from a third-party site or a third-party application, and then transmitted to HAWK:

  • connection identifiers for your terminals: IP addresses, Device IDs, IFA identifiers;
  • geolocation data;
  • data relating to visits to stores or “drive to store”;
  • information on interaction with advertising content, with a view to advertising retargeting ;
  • content of the segment category (e.g. man, woman, young adult, athlete, traveler, resident of this or that city, etc.)

4.2. Categories of personal data we collect directly from you

HAWK may collect certain personal data directly from you in the following circumstances:

  • when you are a simple visitor to the HAWK website ( www.hawk-tech.io ), and you have completed the contact form, we collect your identification information (last name, first name, email address);
  • When you work for a HAWK client or partner, HAWK may collect and process your identification information: first name, last name, email address, position, partner company.
  1. What are the purposes, legal bases and retention periods for the processing of your personal data?

5.1. For what purposes do we collect your personal data?

The main purposes for which HAWK collects and processes, via its Hawk platform, personal data concerning you are as follows:

  • offer targeted advertising services to HAWK clients (advertising targeting);
  • determine exposures to advertising messages that led to a user reaction ( ad retargeting ): if we note that you have clicked on an advertisement for a product or service, our clients may then send you advertisements more frequently related to this type of product.
  • determine exposure to advertising messages that generated in-store visits (“drive to store”): when the smartphone with which you viewed an advertisement relating to a product or service was observed in a store offering this product or service , HAWK can deduce anonymous information on the success of the advertising campaign;
  • evaluate the impact of an advertising campaign in real time;
  • generate detailed reports on the performance of an advertising campaign;
  • ensure fraud detection and incident recovery.

HAWK also processes certain identification data (surname, first name, email address, telephone numbers), for the following purposes:

  • allow visitors to the site www.hawk-tech.io to contact HAWK in order, in particular, to obtain a demonstration of the Hawk platform;
  • allow HAWK to correspond with its customers and partners (natural persons serving as contact for HAWK within its customers or partners).

5.2. On what legal bases do we process your personal data?

Under the GDPR, any processing of personal data must have a legal basis , that is to say a legal basis which authorizes it. Depending on their purpose, the processing we carry out may be based on the following legal bases:

  • your consent
  • the necessity with regard to the execution of a contract or pre-contractual measures
  • our legitimate interest
  • the necessity with regard to compliance with a legal obligation to which we are subject

5.3. How long do we keep your data?

Once your personal data is collected, HAWK only keeps it for a period of one year (12 months).

However, the data relating to user segments is only processed for the duration of the advertising campaigns, and is deleted after each campaign, that is to say, at the expiration of a period of two (2 ) month. Table of correspondence between categories of data collected, purposes, legal bases and retention periods

Data collectedPurposes of processingLegal basisThe duration of the conversation
A. Data obtained from Editors/Publishers
 

📱💻

§  Advertising identifier (IFA), device ID, user IP address

 

🌍🗺📍

§  Information about the location of the user viewing the ad: country, city, geolocation coordinates

🤳

§  Information on interaction with the advertising campaign: the ad was displayed, the user clicked on the ad, the video was viewed at 50%…

 

§  Contextual information of the advertising location: mobile phone, television, connected watch, digital “Out Of Home” sign, with their screen size, type of internet connection, etc.

 

§  Information related to the display context: site address, advertising network, advertising purchase price

§  Evaluate in real time the impact of an advertising campaign;

 

§  Generate detailed reports on the performance of an advertising campaign.

§  Your consent (article 6.1 a° of the GDPR)

1 year (12 months), following data collection

Beyond this 12-month period, only the imprint of the advertising identifier or IP is retained, with no duration limit.

Geolocation data can also be kept anonymized beyond the limit of 1 year (12 months)

B. Data necessary for advertising targeting operations
🏌️‍♂️🏇🚵🏽‍♂️ 🎭🎼 🎮

§  Data used by HAWK (see A.)

 

§  Information on the content of the user segment provided by the partner (Data Exchange platform): for example woman, athlete, traveler, young adult…

 

§  Advertising identifiers (IFA) corresponding to said segments, in encrypted form, not directly usable by HAWK

§  Offer targeted advertising services to HAWK clients (advertising targeting)

§  Your consent (article 6.1 a° of the GDPR)

2 months from the start of the advertising campaign (the duration of said campaign) then destruction of data
📝✏️🔍

 

§  Pseudonymized data collected via marketing questionnaires, e.g.: “Are you a man/woman, how often do you consume hot drinks?” , do you have a coffee machine? , what coffee brands do you think of when someone talks to you about a coffee machine? … etc. »

§  Carry out marketing studies on user segments

§  Our legitimate interest (article 6.1 f° of the GDPR)

The data is anonymous, and is kept for the purpose of producing aggregated and entirely anonymous statistics.

 

C. Data necessary for identification operations of store visits
📱💻

🌍🗺📍

 

§  Identifiers and geographic coordinates (see A.)

§  Determine exposures to advertising messages that generated in-store visits (“drive to store”)

§  Your consent (article 6.1 a° of the GDPR)

2 months
📱💻

🌍🗺📍

 

§  Identifiers and geographic coordinates (see A.)

§  Send HAWK clients half-yearly analyzes

§  Your consent (article 6.1 a° of the GDPR)

1 year (12 months)
D. Data necessary for advertising retargeting operations
§  Data used by HAWK (see A.)§  Determine exposures to advertising messages that resulted in a user response ( ad retargeting )

 

§  Your consent (article 6.1 a° of the GDPR)

1 year (12 months)
E. Other data
§  Contextual and personal information about events received, in real time or in delayed time;

 

§  HTTP logs

§  Ensure fraud detection and incident recovery 

⚖️

§  Legal obligation of the Data Controller (article 6.1 c° of the GDPR)

§  Legitimate interest of the Data Controller (article 6.1. f° of the GDPR).

1 year (12 months)
§  Identification data of the visitor to the website www.hawk-tech.io name, first name, email address§  Allow visitors to the website www.hawk-tech.io to contact HAWK

 

§  Legitimate interest of the Data Controller (article 6.1. f° of the GDPR).

1 year (12 months)
§  Customer or supplier contact identification data: last name, first name, email address, telephone number§  Allow HAWK to correspond with its customers🤝

§  Processing necessary for the execution of a contract between the Data Controller and its client (article 6.1 b° of the GDPR)

 

 

§  Legitimate interest of the Data Controller (article 6.1. f° of the GDPR).

1 year (12 months)
  1. Who are the recipients of your data?

6.1. Authorized personnel

Access to the previously mentioned personal data held by HAWK is strictly reserved for our duly authorized personnel bound by a confidentiality commitment.

6.2. Subcontractors

HAWK may entrust the processing of some of the personal data previously listed to its subcontractors, when this is necessary for their subcontracting missions. This applies in particular to service providers who ensure the development and maintenance of the IT tools that we use, as well as data hosting.

HAWK’s subcontractors only process the personal data entrusted to them within the strict framework of the execution of their missions, and in accordance with the documented instructions they have received from HAWK in this sense.

6.3. Customers and partners – authorized third parties

To the extent that HAWK collects and processes your personal data for the purposes of offering its duly authorized clients targeted advertising services, these same clients may be required to process the personal data previously discussed, only to the extent where necessary for them to benefit from such services.

Exceptionally, HAWK may also be required to communicate certain data sets to certain of its partners ( SSPs or Data Exchange Platforms), also authorized.

In both cases, HAWK ensures that these authorized third parties themselves offer the appropriate guarantees in terms of personal data protection.

In some cases, when you interact with personalized ads, you may consent to the transfer of your data – including your geolocation data – to Google. The data collected and processed within the framework of Google may be transmitted to Google. In this case, we invite you to refer to Google’s privacy policies.

6.4. Other exceptional cases of disclosure

Except in the cases previously listed, personal data concerning you may only be disclosed in application of legislation of the European Union or of a Member State, pursuant to a decision of a competent regulatory or judicial authority, or a supervisory authority of the European Union or a Member State, or for the necessity of defending rights in court.

  1. Is your personal data transferred outside the European Union?

7.1. Geographical location of HAWK

HAWK’s services are distributed across several sites located in France, Germany, and the United Kingdom.

The personal data previously discussed are hosted on servers located exclusively in the European Union.

Transfers of personal data from the European Union to the third countries mentioned above are exceptionally possible, access to our databases can take place from the various HAWK sites.

7.2. Guarantees in the event of transfers

In the case of a transfer of personal data to a third country, located outside the European Union, HAWK ensures that the level of guarantees regarding the protection of these is at least equivalent to that which applies in the European Union. To do this, HAWK ensures that the subcontractor or partner is either located in a State which has been the subject of an adequacy agreement from the Commission of the European Union , or has signed contractual clauses with HAWK types validated by the Commission of the European Union, or has subscribed to binding corporate regulations.

Where applicable, HAWK also ensures that additional security measures, such as encryption or pseudonymization are adopted, when the level of risk requires it, in particular in the event of risk of interference from public authorities of third States. , in accordance with the recommendations of the European Data Protection Committee.

  1. What are your rights regarding your personal data?

In accordance with the provisions of articles 15 to 22 of Regulation No. 2016/679/EU of the European Parliament and of the Council of April 27, 2016, relating to the General Regulation relating to the protection of personal data (GDPR), you have a certain number of rights regarding the personal data we hold about you.

In order to exercise these rights, we invite you to contact the Data Controller or its DPO at the above addresses .

8.1. Right of access and communication of data

You have the right to access the personal data concerning you that is being processed.

To help you in your process, the National Commission for Information Technology and Liberties (CNIL) provides you with a sample letter . .

8.2. Right to object

When the processing of your personal data by our services is based on our legitimate interest (see table above), you have the right to object, for your own reasons of legitimate interest, relating to your particular situation, to object to a such processing, unless we have legitimate and compelling grounds for doing so. To do this, simply contact us at the above address.

8.3. Right to withdraw your consent

When the processing is based on your consent (see table above), you have the right to withdraw it at any time. To do this, simply contact us at the above address.

8.4. Right of deletion or right to be forgotten

You have the right to ask us to delete personal information about you. This is the case, for example, if you have exercised your right to object, based on a legitimate reason specific to your particular situation (see 8.2), or if you have withdrawn your consent (see 8.3.).

To help you in your process, the National Commission for Information Technology and Liberties (CNIL) provides you with a sample letter .

8.5. Right of rectification

If you consider that the data we hold is inaccurate, incomplete or out of date, you have the right to obtain its rectification and/or updating.

To help you in your process, the National Commission for Information Technology and Liberties (CNIL) provides you with a sample letter .

8.6. Right to limit processing

Restricting data processing is an alternative measure to outright erasure. When the processing of your personal data is subject to limitation, we can no longer use them without your express consent, with the exception of their conservation. However, the exercise or defense of legal rights, the need to protect the rights of another natural or legal person, or for important reasons of public interest of the Union or a Member State allow us to disregard this obligation.

You have the right to obtain restriction of the processing of personal data concerning you in the following situations:

  • you contest the accuracy of your personal data for the period allowing us to verify the accuracy of the latter; and or
  • in the event of unlawful processing on our part and you demand restriction of their use rather than erasure; and or
  • we no longer need the personal data for the purposes of processing but you still need them for the establishment, exercise or defense of legal claims; and or
  • in the event of exercising your right of opposition during the verification period to determine whether the legitimate reasons we are pursuing prevail over yours.

8.7. Right to data portability

You have the right to obtain the personal data you have provided to us in a structured, commonly used and machine-readable format, so that you can reuse it for your own purposes by transmitting it yourself to another data controller.

8.8. Right to lodge a complaint with the competent supervisory authority

You have the right to lodge a complaint regarding how we handle or process your data with the relevant national supervisory authority (see above, 2.3. competent supervisory authority).

8.9. Rights processing times and notification

We undertake to respond to your requests within a reasonable time which cannot exceed 1 month from receipt of your request, and to notify you of any operation carried out by our services in accordance with your requests.