The address of our site: https://afrikaleaks.com.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, otherwise known as the General Data Protection Regulation (hereinafter referred to as the GDPR) sets the legal framework applicable to the processing of personal data.
The DPMR reinforces the rights and obligations of data controllers, processors, data subjects and data recipients.
In the case of our activity, we are required to process personal data.
For a good understanding of this policy it is specified that :
the “data controller”: Afrikaleaks
Subcontractor” means any natural or legal person who processes personal data on behalf of Afrikaleaks.
Persons concerned”: refers to Afrikaleaks’ clients and/or contacts.
Recipients”: refers to natural or legal persons who receive personal data from Afrikaleaks. Recipients of the data can therefore be employees of Afrikaleaks as well as external organizations (partners, exhibitors, banks, speakers, etc.).
Article 12 of the GDMP requires that data subjects are informed of their rights in a concise, transparent, comprehensible and easily accessible manner.
The purpose of this policy is to satisfy the obligation of information to which Afrikaleaks is bound under the RGPD (article 12) and to formalize the rights and obligations of its customers and contacts with regard to the processing of their personal data.
The present policy is intended to apply within the framework of the implementation of all personal data processing relating to customers and contacts of Afrikaleaks.
Afrikaleaks makes every effort to ensure that data is processed within the framework of clear internal governance. However, this policy only covers processing for which Afrikaleaks is responsible for processing and does not cover processing that is not created or operated outside of Afrikaleaks’ governance rules (so-called “shadow IT” processing).
The processing of personal data may be managed directly by Afrikaleaks or through a processor specifically designated by Afrikaleaks.
This policy is independent of any other document that may apply within the contractual relationship between Afrikaleaks and customers or contacts.
GENERAL PRINCIPLES & DATA COLLECTION
No processing is carried out within Afrikaleaks regarding customer and contact data if it does not involve personal data collected by or for our services or processed in connection with our services and if it does not comply with the general principles of the DPMR.
For a proper understanding of this policy it is specified that :
Games & contests
Any playful step intended or not to make gain to the customers or contacts of Afrikaleaks. They can be realized on line or off line, directly by Afrikaleaks or indirectly by its partners. Generally, the data collected are those necessary to identify participants and to award prizes.
All steps of a commercial nature and commercial follow-up.
Prospecting, generally by e-mail, SMS, telephone, etc.
The data is collected according to the cases of use in opt-in or opt-out.
Physical events organized by Afrikaleaks or in which Afrikaleaks participates or sponsors.
The data is usually collected when registering for the event (directly or via a partner) or during the event itself (newsletter, questionnaire, business card, dedicated mobile applications, …).
All social selling operations. These include the collection of data related to registrations, posts, likes, replies and forwards, comments, notices, etc.
This list is intended to be as exhaustive as possible, any new case of use, modification or deletion of an existing treatment will be brought to the attention of customers and contacts by a modification of this policy.
TYPES OF DATA COLLECTED
Non-technical data (depending on use)
Identity and identification (last name, first name, date of birth, nickname, customer number)
Contact details (e-mail, postal address, telephone number): in particular for sending newsletters
Personal / professional life when necessary
Technical data (depending on use)
Identification data (IP address)
Connection data (logs and token in particular)
Acceptance data (click)
ORIGINS OF THE DATA
Data relating to our customers and contacts are generally collected directly from them (direct collection).
The collection can also be indirect via specialized companies or via Afrikaleaks’ partners and suppliers. In this case, Afrikaleaks takes great care to ensure the quality of the data it receives.
PURPOSES AND LEGAL BASIS
Depending on the case, Afrikaleaks processes your data for the following purposes:
customer relationship management (CRM)
management of the contact / prospect relationship (GRP)
user account management
organization of events
management of unsubscription and re-registration requests
management of reports of behaviour contrary to this agreement
Management of the loyalty program of Afrikaleaks, namely: organization of exclusive events, organization of contests, privileged exchanges with Afrikaleaks’ teams, loyalty advantages.
conservation of data relating to legal security obligations
service improvement and satisfaction survey
behavioural analysis and targeting
advertising targeting and segmentation
moderation of comments on social networks
management of the mobile application
the transfer, rental or exchange of customer or prospect files with partners in order to allow you to benefit from diversified commercial offers and to develop your customer base
commercial prospecting (including selection, standardization, deduplication, enrichment, especially with partner companies)
These purposes are based on the legitimate interest of Afrikaleaks to have data about its users and contacts.
Afrikaleaks’ relationship with its customers will be based on the general terms and conditions of sale accepted at the time of subscription.
When necessary, Afrikaleaks collects the consent of individuals (e.g. newsletter).
DATA RECIPIENTS – AUTHORIZATION & TRACEABILITY
Afrikaleaks ensures that the data is only accessible to authorized internal or external recipients.
the authorised personnel of the marketing department, the advertising sales department, the distribution department, the departments in charge of customer relations and prospecting, the administrative departments, the logistics and IT departments and their line managers
partners, external companies
agencies, court officers and judicial officers, in the context of their mission of debt collection
the organization in charge of the management of the opposition list to telephone canvassing
the authorized personnel of subcontractors.
Recipients of personal data of customers and contacts within Afrikaleaks are subject to an obligation of confidentiality.
Afrikaleaks decides which recipient may have access to which data according to an authorization policy.
Afrikaleaks is in no way liable for damages of any kind that may result from unauthorized access to personal data.
All accesses concerning the processing of personal data of customers and prospects are subject to a traceability measure.
Moreover, personal data may be communicated to any authority legally entitled to know them. In this case, Afrikaleaks is not responsible for the conditions under which the personnel of these authorities have access to and use the data.
The duration of conservation of the data is defined by Afrikaleaks with regard to the legal and contractual constraints which weigh on it and failing that according to its needs and in particular according to the following principles:
For the duration of the contractual relations with Afrikaleaks, increased by 3 years for animation and prospecting purposes, without prejudice to conservation obligations or limitation periods.
Member and user data
For the time necessary to carry out the services provided by Afrikaleaks and 1 year after the last intervention.
Cookies: 13 months
Data related to contacts and prospects
3 years from the date of collection by Afrikaleaks or from the last contact from the prospect / contact.
1 year from collection
Advertising targeting data
6 months to 1 year from the date of collection according to schedule
Deleted as soon as the transaction is completed, unless the client’s express agreement is obtained.
If the transaction is disputed: retention 13 months in the archive following the debit date
Fight against bleaching
5 years from collection
After the set deadlines have passed, the data is either deleted or retained after having been anonymized, in particular for statistical purposes. They may be kept in case of pre-litigation and litigation.
Customers and contacts are reminded that deletion or anonymization are irreversible operations and that Afrikaleaks is no longer able to restore them.
RIGHT OF CONFIRMATION AND RIGHT OF ACCESS
Customers and contacts have the right to ask the Point for confirmation as to whether or not data concerning them is being processed.
Customers and contacts also have a right of access, which is subject to compliance with the following rules:
the request is made by the person himself/herself and is accompanied by a copy of an up-to-date identity document
be made in writing to the following address: Afrikaleaks / Service Subscriptions, Immeuble Le Barjac 1 boulevard Victor – 75015 Paris, France or at the following e-mail address firstname.lastname@example.org.
Customers and contacts have the right to request a copy of their personal data being processed from Afrikaleaks. However, in the event of a request for an additional copy, Afrikaleaks may require that the cost of this be borne by the customers and contacts.
If customers and contacts submit their request for a copy of the data electronically, the requested information will be provided in a commonly used electronic form, unless otherwise requested.
Clients and contacts are informed that this right of access may not relate to information or data that is confidential or for which the law does not authorize communication.
The right of access must not be exercised in an abusive manner, i.e. carried out in a regular manner with the sole aim of destabilizing the service concerned.
UPDATING – UPDATING AND CORRECTION
Afrikaleaks meets requests for updates :
automatically for online modifications on fields that technically or legally can be updated
upon written request from the person himself who must prove his identity.
RIGHT OF DELETION
The right to erase customers and contacts will not be applicable in cases where the processing is carried out to meet a legal obligation.
Apart from this situation, customers and contacts may request the deletion of their data in the following limited cases:
the personal data are no longer necessary for the purposes for which they were collected or otherwise processed
where the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing operation
the data subject objects to processing that is necessary for the legitimate interests pursued by Afrikaleaks and there is no overriding legitimate reason for the processing
the data subject objects to the processing of his/her personal data for canvassing purposes, including profiling
personal data have been processed unlawfully
In accordance with the legislation on the protection of personal data, customers and contacts are informed that this is an individual right that can only be exercised by the person concerned in relation to his or her own information: for security reasons, the service concerned will therefore have to verify your identity in order to avoid any communication of confidential information concerning you to anyone other than you.
RIGHT TO LIMITATION
Customers and contacts are informed that this right is not intended to apply insofar as the processing carried out by Afrikaleaks is lawful and that all personal data collected is necessary for the performance of its services.
RIGHT TO PORTABILITY
Afrikaleaks is entitled to data portability in the particular case of data provided by customers and contacts themselves, on online services offered by Afrikaleaks itself and for purposes based on the sole consent of the individuals. In this case the data will be communicated in a structured, commonly used and machine-readable format.
AUTOMATED INDIVIDUAL DECISION MAKING
Afrikaleaks does not make automated individual decisions.
OPTIONAL OR COMPULSORY NATURE OF THE ANSWERS
Customers and contacts are informed on each personal data collection form of the mandatory or optional nature of the answers by the presence of an asterisk.
In the case where answers are mandatory, Afrikaleaks explains to customers and contacts the consequences of a lack of response.
RIGHT OF USE
Afrikaleaks is granted by customers and contacts a right to use and process their personal data for the purposes set out above.
However, the enriched data that are the result of Afrikaleaks’ processing and analysis work, otherwise known as enriched data, remain the exclusive property of Afrikaleaks (usage analysis, statistics, etc.).
Afrikaleaks informs its customers and contacts that it may involve any subcontractor of its choice in the processing of their personal data.
In this case, Afrikaleaks will ensure that the subcontractor complies with its obligations under the GDR.
Afrikaleaks undertakes to sign a written contract with all its subcontractors and imposes the same data protection obligations on the subcontractors as it does on itself. In addition, Afrikaleaks reserves the right to audit its subcontractors to ensure compliance with the provisions of the GDMP.
It is the responsibility of the Point to define and implement the technical security measures, physical or logical, that it deems appropriate to combat the accidental or unlawful destruction, loss, alteration or unauthorized disclosure of data.
These measures mainly include :
management of access authorizations for data access
conducting safety audits
the adoption of an information systems security policy
the adoption of business continuity / disaster recovery plans
the use of a protocol or security solutions
In case of violation of personal data, Afrikaleaks undertakes to notify the CNIL under the conditions prescribed by the RGPD.
If the said violation poses a high risk to customers and contacts and the data have not been protected, Afrikaleaks :
will notify the customers and contacts concerned
will communicate to the customers and contacts concerned the necessary information and recommendations.
RIGHT TO FILE A COMPLAINT WITH THE NCL
Customers and contacts concerned by the processing of their personal data are informed of their right to lodge a complaint with a supervisory authority, namely the CNIL in France, if the latter considers that the processing of personal data concerning them does not comply with European data protection regulations, at the following address :
CNIL – Complaints Department
3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07
Tel: 01 53 73 22 22
The present policy may be modified or amended at any time in the event of legal or jurisprudential developments, decisions and recommendations of the CNIL or changes in usage.
Any new version of this policy will be brought to the knowledge of customers and contacts by any means defined by Afrikaleaks, including electronic means (dissemination by email or online for example).
For any other information on the protection of personal data, you can consult the site of the CNIL www.cnil.fr.