Cleanfox user protection policy
Foxintelligence publishes Cleanfox, a free service which makes it easier for you to manage your email accounts by offering you a tool that cleans your mailbox and automatically deletes your newsletters.
In return for this free service, with your consent, we will extract transactional data from user mailboxes that allows us to establish statistical studies marketed with various economic operators (companies, associations, schools, and universities) to improve their products and services to refine their knowledge of the markets. We guarantee you in this respect that we do not communicate any data for advertising targeting purposes, profiling or reidentification.
To clean your mailbox and to perform statistical analyzes and the production of our reports, we must carry out some processing of its users' personal data. We therefore act as a data controller, in that we determine the means and purposes of the processing of your data.
As such, we undertake to comply with the provisions of the General Data Protection Regulation (GDPR). GDPR Article 12 requires us to inform you of the characteristics of the processing that we carry out with your data and the rights that you have in relation to it.
3. RESPECT FOR YOUR PRIVACY
We access your email account for the sole purposes of identifying newsletters so that you can delete them and identifying your transactional emails in order to quantify and extract information about your online transactions. The extracted data obtained enables us to offer market research studies for statistical, research, investment, or educational purposes.
Under no circumstances do we access the contents of your personal communications. With regard to transactional emails, we extract data automatically from them without leveraging human intervention, unless we update our filtering and data extraction tools, in which case only a limited part of our teams may have limited access to these emails.
When we prepare studies and share insights with our clients, we use tools and methods that are designed to ensure that there is no reasonable possibility of identifying you. For example, we will combine data obtained from you with data obtained from other participants in order to produce reports with aggregated data from which you cannot be reasonably identified; or studies based upon modeled data with projections based on demographic and behavioral characteristics that look at a sample group of people and then predict what people with similar characteristics or preferences would want to buy.
4. DATA PROCESSED
The data concerning you that we may process is as follows:
- identity and identification (surname, first name, date of birth, automatically generated ID, referral code associated with each user),
- contact details (email address(es) provided in order to create the Cleanfox account and to be cleaned)
- technical data (identification data, connection data, acceptance data and, where applicable, location data).
- Device data: We may collect standard technical data about your device when you use the Cleanfox Mobile Application (Cleanfox App), including your unique device identifier, device manufacturer and model, operating system name and version, and Media Access Control (MAC) address. We use this data for the purpose of determining and/or improving compatibility between your mobile device and the Cleanfox App as well as system administration.
- Log and usage data: In order to help us improve our service, when you download and use the Cleanfox App, we automatically record and store certain usage data, such as your device’s Internet Protocol (IP) address, browser type and version, and browser language as well as the pages that you visit, the dates and times of your visits, and the information and files that have been downloaded to the Cleanfox App.
- Location-based data: If you give us permission, when you use the Cleanfox App we may receive data about the imprecise geolocation (latitude and longitude) of your mobile device through various means depending on the device you are using, including Global Positioning System (“GPS”), Bluetooth, or Wi-Fi signals/connections. We collect this data in order to be able to know the country you belong to for audience measurements purposes. We do not store your IP address and do not share it with third-parties.
This section explains how we collect, use, and disclose personal data about California residents under the California Consumer Privacy Act (“CCPA”). The table below summarizes the categories of personal data that we may collect or obtain from or about you together with the source(s) of the information. Note that the categories and sources in the table represent the categories and sources of personal information that we have collected within the last twelve (12) months.
|Identifiers||First and last name, alias, home postal address, online identifiers (such as a cookie ID or mobile
device ID), internet protocol (or IP) address, email address, account name to login
to our Website,
As a quality control measure and to maintain the integrity of our digital research, we use a digital fingerprinting technology, also known as "machine identification" technology, to gather certain information about the device you use to participate in our research. This information is sent to a trusted third-party service provider that converts it into a unique serial number for your computer – the digital fingerprint – through the use of a proprietary algorithm and determines if it matches any previous digital fingerprint.
|Directly from you (or another member of your household),
Indirectly from you, such as when you use and/or interact with our Website and/or our App,
|Identifiers Demographic Information (including Protected Classification information)||Information about your unique demographic profile, including your age, state of residence, marital status or sex (such as gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions). Please note, these categories of information are dependent on the type of research in which you are invited to participate.||Directly from you
|Commercial Information||Records or information about products or services that you have purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. This includes “behavior information,” such as when, why, or how you do things, such as how frequently you shop for groceries or use your computer, TV, or the Internet. It also includes “preference information,” which refers to the choices you make, such as which breakfast cereals you buy, which stations you listen to or watch, or the websites that you visit.||Directly from you
|Internet or Other Similar Network Activity Information||When you use and/or interact with our Website and/or our App, we collect certain information, including:
(i) standard technical information from and about your device (e.g., your
device ID, device manufacturer and model, operating system, and version, IP address); and (ii) log and
usage information (e.g., our webpages that you visit, the dates and timestamps
associated with your visits and certain transactions.
For more information, please see the “Cookies and Similar Technologies” section below.
|Indirectly from you (i.e., passively when you visit and/or interact with our Website and/or our App|
|Sensory Information||This refers to audio, electronic, visual, or similar information. This information is dependent on which survey in which you are asked to participate. Not all surveys will require this information.||Directly from you (video and sound recordings)|
|Professional / Employment Information||This refers to information, such as your job title, industry, and income range.||Directly from you
|Extracted Information||Data collected via access your email account(s) and retail account(s), including subscriptions, commercial transactions, registration confirmations, and the promotions that you receive by email||Directly from you
Passively when you authorize us to collect these types of information
|Other Personal Information||This refers to any physical characteristics or descriptions, such as your height and weight. This is
dependent on the survey in which you are asked to participate.
This also refers to any information that you provide to us, enable us to collect, or voluntarily post or upload to our Website or our App (e.g., comments and requests).
|Directly from you (video and sound recordings, photographs)|
Special (Sensitive) Personal Data:
The extracted personal data may include data for which certain jurisdictions require higher protection. This data is referred to as Special Category Personal Data and may include personal data revealing racial or ethnic origin, data concerning health, or data concerning your sex life or sexual orientation. Like other data we collect, we will only extract Special Category Personal Data contained in transactional data (such as electronic receipts) from user mailboxes for the purpose of establishing statistical studies marketed with various economic operators (companies, associations, schools, and universities) to improve their products and services to refine their knowledge of the markets. We we do not communicate Special Category Personal Data for advertising targeting purposes, profiling or reidentification. By downloading the Cleanfox App and participating in Cleanfox, you explicitly consent to us processing this Special Category Personal Data.
5. ORIGIN OF DATA
We collect your data from:
- data that you provide to us directly when you create your Cleanfox account,
- data generated automatically from our services in order to identify you and make your access to Cleanfox secure (application password, user ID)
- enriched data generated from our services by means of machine learning, data science and crawling tools in order to obtain additional information about your buyer profile (gender, town) and transactions carried out, not all enriched data is personal as not all of it can identify you or make you identifiable.
6. LEGAL BASIS
- Consent: We collect and use your personal information with your consent. We will rely on your consent as a legal basis in relation to processing extracted transactional data.
- Necessary for the performance of a contract to which user is a party. In this case, as necessary to provide you with the Cleanfox service to allow you to manage your email accounts by offering you a tool that cleans your mailbox and automatically deletes your newsletters.
- Legitimate interests: We rely on our legitimate interests, provided that such interests shall not be overridden by your interests, fundamental rights, or freedoms. In particular, we may process your personal data in reliance on a legitimate interest in: (i) communicating relevant information to you; (ii) managing, maintaining, and operating our IT and security systems; (iii) adequately protecting, defending, and safeguarding our networks; (iv) managing and enhancing protection against fraud, spam, harassment, intellectual property infringement, and risks to which we are exposed (e.g., crime and security risks); (v) complying with laws and regulations to which we are subject, including, where applicable, laws and regulations of countries other than your country of residence; and (vi) meeting our obligations and enforcing our legal rights.
- Compliance with legal obligations: We may process your personal data if necessary for us to comply with a legal obligation arising under applicable law to which we are subject.
If you have any questions or concerns about the legal basis upon which we collect and use your personal data, please email us at firstname.lastname@example.org.
We process your personal data for the following purposes:
- managing your registration with Cleanfox,
- providing the cleaning service for your email accounts and ecommerce transaction measurement,
- managing the relationship and interactions with you,
- dealing with requests to add or delete an email account associated with Cleanfox,
- dealing with your requests to delete your Cleanfox account,
- improving our services and audience measurements and, where applicable, satisfaction surveys,
- Realization of statistical reports marketed to various economic operators for statistical purposes, research, education and investment. We access information from transaction-related email account(s) and retail account(s) to develop and prepare statistical reports with the assistance of, and in combination with, data that is available to our parent company, our affiliate companies, and other trusted business partners. We undertake a process that is designed to obfuscate or replace directly identifiable information with a unique identifier. We may further combine or aggregate this extracted information with other information available to us or our trusted business partners; and once the information is processed, and we use this extracted information as part of our statistical reports.
The statistical reports that we prepare are for purposes such as:
- understanding industry and business trends;
- improving the goods, services or offers provided to customers;
- improving business operations;
- understanding the competitive landscape;
- understanding where to make investments; or
- gaining other business insights.
The GDPR defines data recipients as individuals or corporations to whom/which personal data is communicated, regardless of whether they are a data controller or processor.
In this regard, recipients of your data, who have our permission or legal authority to access it, can be internal or external:
- members of our staff who are authorised to process your data according to their respective skills.
- our processors (e.g. data host), or authorised services responsible for auditing (auditors).
- relevant third parties as part of a corporate transaction, such as a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceeding).
- our parent company, which helps us develop measurement products and datasets;
- our affiliated companies, which enhance our measurement capabilities by combining the information that we collect with other information available to them.
- competent governmental and public authorities, in each case to comply with legal or regulatory obligations or requests or for the purposes of reporting any actual or suspected breach of applicable law.
-other third parties as we believe necessary (e.g., in order to protect the rights, property, operations, health, or safety of you, us, or others) or appropriate for legal purposes (e.g., in connection with claims, disputes, or litigation or in order to enforce our legal rights).
- We may share pseudonymized (de-identified) personal data with our clients in such a manner that the personal data can no longer be attributed to you without the use of additional information, as the information that could identify you is replaced by “pseudonyms” or “identifiers”. The tools and methods we use to pseudonymize your personal data are proven and are designed to ensure that there is no reasonable possibility of identifying you.
9. STORAGE PERIOD
Your data is processed for a limited period which we decide in the light of the legal and contractual restrictions on us and, failing this, according to our needs.
We apply the following storage periods:
- if your account is deleted: immediate deletion of your data.
- if you are inactive without deleting your account: 3 years from the most recent activity in your account or the most recent contact with you.
10. YOUR RIGHTS
You have the following rights with regard to your personal data:
- a right to ask us to confirm that data which concerns you is being processed, to access this data and to request a copy of it (right to access and copy).
- a right to have any data concerning you which is inaccurate or obsolete corrected (right of rectification).
- a right to ask for your data to be erased when you no longer wish to use Cleanfox (right to erasure).
- a right to receive data concerning you which you have communicated to us in a structured, widely used and machine-readable format (right to portability).
- a right to give instructions in relation to the processing of your data if you die (post-mortem right).
The right to erasure is exercised automatically when you delete your Cleanfox account, as this results in immediate and automatic deletion of your personal data, unless you instruct otherwise.
With regard to the right to data portability, you have a functionality in Cleanfox which enables you to exercise it and recover all of the data that you provided to us when you signed up for Cleanfox.
Lastly, in the « Settings » section of your Cleanfox account, we give you a right to opt out of being among the group of users whose transactional data we use to produce data for statistical, research, investment, or educational purposes for our clients.
The other aforementioned rights must be exercised exclusively by you in writing, either by email to email@example.com or by mail to the address Foxintelligence 1 rue de Metz 75010 Paris.
If we have any doubts about your identity, we reserve the right to ask you to provide proof of your identity, which will be deleted immediately after your identity has been verified.
The GDPR defines a processor as any individual or corporation who/which processes personal data on a data controller's behalf.
If we decide to enlist any processor of our choice to process your data, we will ensure that the latter honours his/her/its obligations under the GDPR and will undertake to sign a written contract with him/her/it which will require him/her/it to perform obligations with at least the same level of data protection that we fulfil ourselves in relation to data protection. We also reserve the right to carry out an audit of our processors in order to ensure that they are fulfilling their obligations.
We take the technical and organizational measures that we deem appropriate to combat unauthorized destruction, loss, alteration or disclosure of personal data in an accidental or unlawful manner.
These measures include:
- managing permissions and restrictions of data access rights,
- using secure identification processes such as the application password to synchronise the user's email account and Cleanfox,
- using tested and proven data pseudonymisation and anonymisation techniques
- implementing back-up measures,
- implementing encryption measures (private keys),
- implementing traceability measures for each database.
If a processor is used, we undertake to make him/her/it contractually subject to security guarantees through appropriate technical and organisational measures .
13. DATA BREACH
In the event of a data breach, we undertake to report it to EDPB in the manner stipulated by the GDPR.
If the breach poses a high risk to you, we undertake to warn you about it if you are affected and to give you the necessary information and recommendations.
14. DATA PROTECTION OFFICER
We have appointed a responsible for data protection, Mr Louis BALLADUR, whom you may contact at the following address for any queries concerning your data: firstname.lastname@example.org.
We also have hired a lawyer, Mr Eric BARBRY, to act as an independent DPO for Foxintelligence. He can be contacted at email@example.com.
15. CROSS-BORDER FLOWS
Due to the international nature of our business, the disclosures described above may result in the transfer of your personal data to countries or regions with data protection laws that differ from those in your country of residence, and in some instances provide a lesser level of data privacy protection. By providing us with or access to your personal data and/or using the Cleanfox service, you are acknowledging that your personal data may be transferred to countries outside of your country of residence. In cases where your personal data is transferred outside of your country of residence, we will ensure that there are adequate safeguards in place to protect your personal data.
We reserve the right to implement cross-border flows outside the EU for data that we process, and you will be informed of them. In this event, we will ensure that your rights are respected and will sign, if necessary, one or more contract(s) to manage these flows with the receiving country/countries in accordance with the requirements of the applicable regulations.
16. PROCESSING REGISTER
We keep an up-to-date register, which is available to EDPB, of processing operations in which processing of the data of users of the Cleanfox application is recorded.
17. CONTACT DETAILS
For any queries that you may have about the processing of your data, you may contact us at the address firstname.lastname@example.org.
You may also contact our Data Protection Officer, Mr Eric BARBRY. He can be contacted at email@example.com.As permitted by law, you may also contact EDPB at the following address: Rue Wiertz 60, B-1047 Brussels or by email: firstname.lastname@example.org on +33 1 5373 22 22.
If changes are made to the applicable regulations or if new functionalities in Cleanfox which affect the processing of your data are implemented, we reserve the right to amend this policy. Notice of any new policy will be given before it enters into force.