Privacy Policy Datamia

Last changed: 2024/02/14

This privacy notice informs you how DATAMIA LLC collects and processes your personal data in connectionwith your use of the service Datamia LLC LLC. "DATAMIA LLC", "we", "us", "our" means the DATAMIALLC company identified in this privacy notice as the controller for processing your personal data.

Where we refer to personal data below, we mean any information relating to an identified or identifiable living person. Personal data that has been anonymized in such a way that the data subject cannot be identified or can no longer be identified (anonymous data) is no longer considered personal data.  

We may need to amend or update this privacy notice from time to time. Therefore, please read this privacy notice at regular intervals.
1. Controller, data protection officer
DATAMIA LLC
1 rue de metz
75010 Paris

DATAMIA LLC has appointed a data protection that you can contact by email at : dpo@datamia-app.com,mentioning “Datamia LLC” in the email subject line.
3. Personal data categories, processing purposes, legal bases of processing and data storage periods or rules
Personal data categories
Processing purposes
Legal basis of the processing
Storage periods or rules
email transactional data
After you register for our service, we ask you to provide us with access to your email and retail account(s) to extract this transactional data that allows us to produce reports for our clients that do not identify you as an individual and are used for statistical, research, investment or educational purposes. You can also choose to share this data with other partners in exchange for a compensation
consent
as long as you keep the sharing active
banking transactional data
After you register for our service, we ask you to provide us with access to your banking transactional data and retail account(s) to extract this transactional data that allows us to produce reports for our clients that do not identify you as an individual and are used for statistical, research, investment or educational purposes. You can also choose to share this data with other partners in exchange for a compensation
consent
as long as you keep the sharing active
transactional data from retailers (from the retailers accounts connected)
After you register for our service, we ask you to provide us with access to your email and retail account(s) to extract this transactional data that allows us to produce reports for our clients that do not identify you as an individual and are used for statistical, research, investment or educational purposes. You can also choose to share this data with other partners in exchange for a compensation
consent
as long as you keep the sharing active
loyalty cards data
After you register for our service, we ask you to provide us with access to your email and loyalty cards data to extract this transactional data that allows us to produce reports for our clients that do not identify you as an individual and are used for statistical, research, investment or educational purposes. You can also choose to share this data with other partners in exchange for a compensation
consent
as long as you keep the sharing active
personal data from the form after registration
After you register for our service, you can give more information about yourself to better qualify your profile and the data you will choose to share
consent
as long as you keep the sharing active
personal data you filled in surveys and focus groups
After you register for our service, you can answer to surveys or focus groups in exchange for a compensation
consent
as long as you keep the sharing active
browsing data
After you register for our service, you can give access to your browsing data to be shared in exchange for a compensation
consent
as long as you keep the sharing active
app usage via the installation of a SDK
After you register for our service, you can give access to your browsing data to be shared in exchange for a compensation
consent
as long as you keep the sharing active
email address
In order to create the account
legitimate interest
as long as your account is active
technical data (identification data, connection data, acceptance data and, where applicable, location data)
legitimate interest
as long as your account is active
Device data: We may collect standard technical data about your device when you use the Datamia Mobile Application (Datamia App), including your unique device identifier, device manufacturer and model, operating system name and version, and Media Access Control (MAC) address
We use this data for the purpose of determining and/or improving compatibility between your mobile device and the Datamia App as well as system administration
legitimate interest
as long as your account is active
Log and usage data
In order to help us improve our service, when you download and use the Datamia App, we automatically record and store certain usage data, such as your device’s Internet Protocol (IP) address, browser type and version, and browser language as well as the pages that you visit, the dates and times of your visits, and the information and files that have been downloaded to the Datamia App.
legitimate interest
as long as your account is active
Location-based data
If you give us permission, when you use the Datamia App we may receive data about the imprecise geolocation (latitude and longitude) of your mobile device through various means depending on the device you are using, including Global Positioning System (“GPS”), Bluetooth, or Wi-Fi signals/connections. We collect this data to be able to know the country you belong to for audience measurements purposes. We do not store your IP address and do not share it with third parties.
legitimate interest
as long as your account is active
Cookies and similar technologies
We may use cookies (small data files placed on your device for recordkeeping and other purposes) and similar technologies to enable certain features and functionality and collect additional data that helps us improve the Datamia App and better deliver our services to you. Specifically, we may use cookies to identify your browser or device, display information more effectively, provide you with tailored content, and gather statistical data about how you use the Datamia App. We may also use cookies and other data collection technologies (e.g., web beacons, pixels, or tags) for security purposes and to detect against fraud and other risks in order to protect the Datamia App’s users. If you do not wish to have data collected from your device by cookies and/or similar technologies, most browsers and mobile settings allow you to decline the use of cookies. Please note, however, that by doing so, some features of the Datamia App may not work properly. To learn more about cookies, including how to see what cookies have been set and how to manage and delete them, please visit http://www.allaboutcookies.org.
consent
12 months
4. Recipients
We may share your personal data with other companies in the Datamia LLC group. Within the Datamia LLC group, only employees and departments with a “need to know” have access to your personal data and only to the extent necessary. Regarding the transfer of your personal data within the Datamia LLC Group, the companies of the Datamia LLC Group are either independent controllers, joint controllers or processors, depending on the processing activity.  

We may transfer your personal data to recipients, who are usually processors, outside the Datamia LLC group. These third parties belong to the following categories of recipients:  

- service providers for the operation of our website and the processing of personal data stored or transmitted by the systems (e.g. hosting or service providers for data centre services, payment processing or IT (Information Technology) security);
- consultants and service providers as independent controllers or joint controllers (e.g. insurance companies or accounting service providers);
- persons who are subject to professional secrecy or are obliged to maintain confidentiality, for example lawyers, tax consultants and auditors;
- government agencies/authorities, to the extent deemed necessary to comply with legal obligations;
- persons involved in carrying out our business operations (e.g. auditors, banks, insurance companies, legal advisors, regulatory authorities, parties involved in company acquisitions or the establishment of joint ventures);
- recipients in the course of any reorganisations, mergers, disposals or other transfers of assets. We will then ensure that the recipient of your personal data agrees to handle it in a manner that complies with applicable data protection law and is compatible with the original purposes of the processing. We continue to ensure the confidentiality of your personal data and inform you about the transfer to another controller.

Where we use third party service providers (including processors), these third parties are subject to contractual obligations (e.g. a data processing agreement). These processors will only process your personal data in accordance with our prior written instructions and must take measures to protect the confidentiality and security of your personal data.
Category
Examples
Source
Identifiers
First and last name, alias, home postal address, online identifiers (such as a cookie ID or mobile device ID), internet protocol (or IP) address, email address, account name to login to our Website,
As a quality control measure and to maintain the integrity of our digital research, we use a digital fingerprinting technology, also known as "machine identification" technology, to gather certain information about the device you use to participate in our research. This information is sent to a trusted third-party service provider that converts it into a unique serial number for your computer – the digital fingerprint – through the use of a proprietary algorithm and determines if it matches any previous digital fingerprint.
Directly from you (or another member of your household),Indirectly from you, such as when you use and/or interact with our Website and/or our App,
Data provider,
Our clients
Identifiers Demographic Information (including Protected Classification information)
Information about your unique demographic profile, including your age, state of residence, marital status or sex (such as gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions). Please note, these categories of information are dependent on the type of research in which you are invited to participate.
Directly from you

Data provider
Commercial
Information
Records or information about products or services that you have purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. This includes “behavior information,” such as when, why, or how you do things, such as how frequently you shop for groceries or use your computer, TV, or the Internet. It also includes “preference information,” which refers to the choices you make, such as which breakfast cereals you buy, which stations you listen to or watch, or the websites that you visit.
Directly from you

Data provider
Internet or Other
Similar Network
Activity Information
When you use and/or interact with our Website and/or our App, we collect certain information, including: (i) standard technical information from and about your device (e.g., your device ID, device manufacturer and model, operating system, and version, IP address); and (ii) log and usage information (e.g., our webpages that you visit, the dates and timestamps associated with your visits and certain transactions.

For more information, please see the “Cookies and Similar Technologies” section below.
Indirectly from you (i.e., passively when you visit and/or interact with our Website and/or our App
Sensory Information
This refers to audio, electronic, visual, or similar information. This information is dependent on which survey in which you are asked to participate. Not all surveys will require this information.
Directly from you (video and sound recordings)
Professional / Employment Information
This refers to information, such as your job title, industry, and income range.
Directly from you

Data provider
Extracted Information
Data collected via access your email account(s) and retail account(s), including subscriptions, commercial transactions, registration confirmations, and the promotions that you receive by email
Directly from you

Passively when you authorize us to collect these types of information
Other Personal Information
This refers to any physical characteristics or descriptions, such as your height and weight. This is dependent on the survey in which you are asked to participate.

This also refers to any information that you provide to us, enable us to collect, or voluntarily post or upload to our Website or our App (e.g., comments and requests).
Directly from you (video and sound recordings, photographs)
5. Transfers of Data outside the EU/EEA
Due to the international nature of our business, it may be necessary for us to transfer your personal data to other companies within the Datamia LLC group and to third parties outside the European Union (EU) and/or the European Economic Area (EEA) (“Third Countries”). For this reason, we may transfer your personal data to Third Countries that have different laws and data protection compliance requirements than the country in which you are located. The third countries concerned, e.g. the USA, may not have the level of data protection that you enjoy under the GDPR. This can mean disadvantages such as an impeded enforcement of data subjects’ rights, a lack of control over further processing and access by state authorities. You may only have limited legal remedies against this.  

Within the Datamia LLC group, we have concluded an intra-group data transfer agreement with the relevant transfer mechanisms (standard contractual clauses of the European Commission) to ensure an adequate level of protection for your personal data when it is transferred from the EU/EEA to third countries.  

Insofar as we transfer your personal data from the EU/EEA to recipients in third countries that are not covered by an adequacy decision of the EU Commission, we achieve an adequate level of data protection by concluding standard contractual clauses of the European Commission or by means of binding corporate rules of our business partners and supplement these transfer mechanisms with further contractual, technical and organisational measures if necessary. Please contact dpo@datamia-app.com, mentioning “Datamia LLC” in the email subject line, to obtain a copy of transfer mechanisms.
6. Are you obliged to provide your personal data?
In principle, you are not obliged to provide your personal data. However, if you do not provide your personal data, we may only be able to provide you with limited services or not answer your enquiries. If the processing of your personal data is necessary for the fulfilment of a contract between you and us and you do not provide the required information, we may discontinue our contractual services. In this case, we will notify you in advance.
7. Your data subject rights
You have the following rights in relation to your personal data:

- right to access and right to receive a copy of your personal data, Art. 15
- GDPR right to rectification, Art. 16 GDPR
- right to erasure, Art. 17 GDPR
- right to restriction of processing, Art. 18 GDPR
- right to data portability, Art. 20 GDPR
- Right to object, Art. 21 GDPR: You have a general right to object, on grounds relating to your situation, if we process your personal data based on our legitimate interest. This means that you must always give reasons for your objection and the reasons for the objection must not result from the processing situation as such but must be justified in your person. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.  
- Further, you have the right to object to the processing of your personal data for direct marketing purposes at any time.
- Right to withdraw your consent, Art. 7 (3) GDPR: You can withdraw consent at any time with effect for the future by contacting us at or using the contact information in section 1.  
- Right to lodge a complaint, Art. 77 GDPR: In the event of a (suspected) infringement of applicable data protection laws, you may lodge a complaint with a supervisory authority.

We do not make decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you (Art. 22 GDPR).

Processing Time: We will comply with your request without undue delay and in any event within one month of receipt of the request. This period may be extended by a further two months if necessary, considering the complexity and number of requests. Datamia LLC will inform you of any such extension, together with the reasons for the delay, within one month of receipt of the request. This does not apply to right to withdraw consent, which we implement without delay within our statutory obligation.
8. Duration of the processing
We will only process your personal data for as long as is necessary to achieve the above purposes. For details, please see column “data storage periods or rules” in sec. 2. Third parties engaged by us will store your personal data on their systems for as long as is necessary in connection with the provision of services to us in accordance with the relevant contract. We will delete or anonymise your personal data as soon as it is no longer required for the purposes described in this privacy notice and if we have no legal basis to further store your personal data.  

In addition, the retention period may be extended if we are subject to statutory retention and documentation obligations (for Germany these are up to ten years). The retention period may also be based on the statutory limitation periods (for Germany this is up to thirty years, with the regular limitation period being three years). In certain circumstances, we may also need to store your personal data for longer, e.g. in connection with authority or legal proceedings.  

Regarding the use and retention period of cookies, please note section XII.
9. Security
We protect your personal data from loss, misuse, disclosure, alteration, unavailability, unauthorised access and destruction and maintain the confidentiality of your personal data. This is also ensured using appropriate technical and organisational measures. We choose our security measures considering the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons and continuously improve them. Technical measures include, for example, the use of encryption (e.g. TSL encryption for personal data in transit), access control to our systems, monitoring of system resources and system messages, ensuring the availability and resilience of systems and services.  

Organizational measures include, for example, defining roles and responsibilities, ensuring the correct and secure operation of information processing systems, regular training and awareness-raising of employees, as well as evaluating and assessing the effectiveness of the aforementioned measures. Access to your personal data is only granted to employees, service providers or Datamia LLC who require such access for the fulfilment of a business purpose or for the performance of their duties.
10. Cookies and other technologies
Our website contains cookies and other technologies (e.g. pixels, scripts) (together “Cookies”). Cookies are used to make our website user-friendly, effective and secure. Cookies are, for example, small text files that are stored on your terminal device and contain personal data such as personal settings and login information.  

We use the following categories of Cookies:  
- Performance Cookies: These Cookies allow us to track visits and website usage so that we can measure and improve the performance of our website. They help us understand which pages are the most or least popular, or to record error messages on the website. All analysis based on this information is aggregated.
- Functional Cookies: These Cookies allow us to improve the functionality and personalization of the website. They ensure that your website preferences (e.g., settings or filters) are maintained and help us to include third-party services on the website. Any analysis performed based on this information is aggregated.
- Advertising Cookies: These Cookies help us to better analyze the impact of our website and your interests, e.g. to show you personalized advertising or put other content on our or other websites. These may be displayed on our website or on third-party websites. In particular, the Cookie collects information about your browsing activities to understand which topics are relevant to you.
- Strictly Necessary Cookies: These Cookies are necessary for the functioning and management of the website and cannot be disabled in our systems. They are usually set based on your input, such as when you set your Cookie preferences, log in, or fill out forms. You can set your browser to block these cookies, but then some parts of the website will not work.

We use first- and third-party Cookies. First party Cookies come from our platform and send information only to us; third party Cookies are placed on our website by third parties and send information about your device to other companies that recognise the Cookie. We use session Cookies, which are only stored for individual online sessions and are deleted when you close your browser; and persistent Cookies, which are deleted when they reach their expiry date or are deleted by the user.  

We place Strictly Necessary Cookies to provide you with a tele media service or other equivalent information society service expressly requested by you. The subsequent processing of Strictly Necessary Cookies is based on our legitimate interest to provide you with a technically optimized, user-friendly and appropriate website or your consent (as applicable). We use other Cookies only with your consent. Where we rely on consent, you can withdraw your consent at any time with effect for the future, e.g. by managing your Cookie settings or by sending an e-mail to contact@datamia-app.com

A list of Cookies used by our website can be found in the following:

Strictly Necessary Cookies
Cookie name
Purpose
First Party/Third Party
Token
Temporary 30-day authentication ID to prevent reconnection.
First party
Firebase Remote config
Change the behavior and appearance of the application without needing to update it.
First party
Performance Cookies
Cookie name
Purpose
First Party/Third Party
Amplitude
Measure the performance of the application to improve it.
First party
Firebase crashlytics
Detects errors and measures the stability of the application.
First party
utm
Measure the audience of the site and application.
First party
Adjust Analytics  
Measure the audience of the application to improve it.  
First party
Functional Cookies
Cookie name
Purpose
First Party/Third Party
Session Preference
Local backup of the user's choices for using the service.
First party
Firebase messaging
Receive notifications from Datamia
First party
We also use third-party technologies with your consent. You can find a list below:

Targeting Cookies
Cookie name
Purpose
First Party/Third Party
Facebook pixel
Measures the audience of the application to improve it.
Third party – Facebook (Meta)
Mediafilliation
Measures the audience of the application to improve it.
Third party - Mediaffilliation
r-advertising
Measures the audience of the application to improve it.
Third party - R-advertising
You can also use our website without Cookies, but you might not be able to use our website to its full extent or to use certain functionalities.
11. Questions, exercising your data protection rights, complaints
If you have any questions or complaints about the collection, use or retention of your personal data, or if you wish to exercise any of your rights in relation to your personal data, you can contact our data protection officer by emailing
dpo@datamia-app.com

We will investigate and attempt to remedy any complaint or dispute regarding the processing of your personal data. You can also lodge a complaint with the competent data protection authority.