Legal Terms

PRIVACY POLICY FOR THE PROTECTION OF PERSONAL DATA - KOMPASS

The purpose of this ‘Personal Data Protection Policy’ (the ‘Policy’) is to inform all natural persons concerned (‘You’ or ‘Your’) about the manner in which Kompass (‘we’ or ‘us’) collects and uses such Personal Data and the means available to You to control such use.

Article I – Who we are ?

KOMPASS INTERNATIONAL SASU, a company incorporated under the laws of France and registered in the Nanterre Trade and Companies Register under number 823 374 137, whose registered office is at 6/10 rue Troyon 92310 SEVRES (hereinafter referred to as ‘KOMPASS’), is required in the course of its business to collect personal data from persons carrying out a professional activity. KOMPASS has specialised in B2B data for over 80 years and has successively operated paper directories on companies worldwide using a unique proprietary classification, then a web portal in 26 languages to serve some 60 countries and business intelligence solutions now powered by AI algorithms and data collection technologies, necessary for our customers, on thousands of websites, blogs, media, social networks etc..

In some cases, our various portals or websites allow B2B visitors to register in order to benefit from certain KOMPASS services, but we may also collect information available via their browser: IP address, name of the owner of the address, provider of the address, referrer, pages visited, etc.

We also process personal data that has not been collected directly from the individuals themselves. If, for example, your name, job title and contact details appear on a public site, your company's site or a social network in accordance with your visibility choices, our algorithms index the page concerned so that we can always find the source of any personal data made available to our customers in order to meet our contractual obligations.

The purpose of this document is to inform you about how we process your personal data in accordance with the GPDR.

Article II – Scope of application

This policy applies to personal data processed on a B2B basis.

Its purpose is to tell you how we process and protect your personal data"), as well as the choices available to you regarding the collection, processing, access, updating, correction and deletion of your personal data.

They apply to you if you fall into one of the following categories:

Employees of the Kompass group and partner network, customers who use our solutions, suppliers and any other natural person in our B2B database.

They apply only to operations (hereinafter referred to as ‘processing’) carried out on information relating to you where you are likely to be identified directly or indirectly (hereinafter referred to as ‘personal data’).

• Note to visitors and users of the sites: each Kompass.com site in a specific country is subject to specific conditions of use which are available on each site and which form part of this policy. Your use of the Sites and any personal data you agree to disclose on the Sites are subject to the provisions of this Policy and the applicable Terms of Use.

Article III – Why we collect and process your personal data ?

KOMPASS has been providing B2B matchmaking services for decades and our main mission is based on two pillars:

- To provide the best possible description of what companies (Producers, Distributors or Service Providers) do and around which activities and products.

- To indicate which professionals should be contacted to consider a business relationship as a buyer or seller.

We process personal data in the following cases:

1. On the basis of your consent:

• In order to respond to your requests via our online forms
• To send you advertising brochures, newsletters, etc.

You can always exercise your right to object to the use of your personal data.

1. On the basis of a contractual obligation (art 6.1.b RGPD), In particular:

- We provide services for updating our customers' prospecting databases

- We enable our customers to use data directly through our commercial intelligence solutions as part of their marketing and sales prospecting.

- We handle end-to-end emailing campaigns for our customers.

1. On the basis of our legitimate interests (art 6.1.f RGPD), we will use your personal data :

• To carry out our marketing or commercial actions or those of our B2B customers and users from the moment you have not requested to be excluded from our database,
• To deliver the services expected by users of our solutions,
• To Optimise our online offerings and any R&D work,
• More generally, to provide B2B services to our customers,
• To Establish, exercise or defend our legal rights.

1. On the basis of a legal obligation: (art 6.1.c RGPD) Kompass may also use your e-mail address for administrative or other non-marketing purposes (e.g. to notify you of important changes to the sites).

Article IV - Our sources of personal data

Sources of personal data include:

1. Data connected to Kompass sites: we collect data from people who register to benefit from certain B2B KOMPASS services but we may also collect information available via their browser: IP address, name of the owner of the address, provider of the address, referer, pages visited.
2. Browsing company websites: a dedicated team manually browses free and public access websites in order to collect only data from professionals. The data is all observed on sites at the time of browsing.
3. The world of OpenData: we use the OpenData repositories available (e.g. INSEE, INPI BODAAC, data.gouv.fr for France and equivalent sites for other countries).
4. Telephone directories on the internet, blogs, social networks or job search and offer sites.
5. We may also collect personal data from trusted third parties, subject to appropriate contractual safeguards, such as our subsidiaries, distributors, resellers and engage third parties such as marketing service providers, in order to collect personal data that may be relevant to the fulfilment of our contractual obligations.
6. Where necessary, we use our own automatic search algorithms which enable us to deduce email addresses which are then systematically subjected to validation tests before being stored in our database.

We do not process categories of sensitive personal data or deduce this type of information from the data we collect.

• Note to visitors and users of the Kompass sites: certain functions and features of the sites can only be used if you provide Kompass with certain personal data when you visit or use the sites. These personal data fields are marked with an asterisk.
• You are free to choose whether or not to provide all or part of your personal data.

However, if you choose not to provide them, such a decision may prevent the achievement or satisfactory achievement of the objectives described in ‘III - Our processing of your personal data’ above, certain services and functions of the Site(s) may not function correctly and/or you may be denied access to certain pages of the Site(s). In particular, You will not be authorised to purchase software licences or other products or services via the Site(s).

Article V – Data types :

The categories of personal data referred to in this agreement may take the form of :

o Surname

o First name

o Position or title

o Training

o Contact details: telephone number, email address

o Contact history and means of contact (timeline): date, phone calls or emails

o Contract history: solutions, subscriptions, dates, etc.

o Website visit history and details

Article VI – Legal basis and balance of interests

In view of the above, we always endeavour to strike a fair balance between your interests and ours when processing your personal data.

The various cases of use are described in the attached document on the balance of interests.

Article VII –Kompass commitments

Data processing security

We take care to protect and secure the personal data that you have chosen to communicate to us, in order to ensure its confidentiality and prevent it from being distorted, damaged, destroyed or disclosed to unauthorised third parties, including when certain operations are carried out by subcontractors.

With regard to the state of the art, we have taken physical, electronic, organisational and technical protection measures to prevent any loss, misuse, unauthorised access or distribution, alteration or possible destruction of this personal data. These safeguards include technologies specifically designed to protect personal data during transfer.

In the event of an incident or data breach, we have put in place appropriate alert procedures.

We grant our employees access to the personal data being processed to the extent strictly necessary for the performance, management and monitoring of the contract. We ensure that persons authorised to process personal data undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality.

Staff training

We ensure that our employees receive regular and appropriate training in the protection of personal data and that they apply good practice when processing data.

Privacy by design

We have taken physical, organisational and technical protection measures to prevent any loss, misuse, unauthorised access or distribution, alteration or possible destruction of this personal data.

To this end, we have implemented :

• Means to guarantee the confidentiality, integrity, availability and resilience of processing systems and services at all times;
• Means to restore the availability of personal data and access to it within an appropriate timeframe in the event of a physical or technical incident;
• A procedure for regularly testing, analysing and evaluating the effectiveness of technical and organisational measures to ensure the security of processing.

In the course of our business, we take data protection into account by adopting a ‘privacy by design’ approach - which means making the protection of personal data and privacy an absolute priority right from the design stage of a project - and we work mainly with service providers who offer technical and organisational security guarantees for the protection of personal data.

Article VIII - Profiling and Automated Decisioning

We do not carry out any profiling on the basis of the personal data you communicate to us and we do not take any decision that significantly affects you solely by relying on algorithms, including profiling.

Article IX - Transfer and Recipients of Personal Data

Personal data transfer

If you access the Sites from outside the European Union where data collection, use and transfer laws differ from those of the European Union, please note that by continuing to use the Sites, you are transferring your personal data to the European Union.

Your personal data may be disclosed to Kompass's affiliates or subsidiaries for the purposes set out in Article III of this Policy.

Kompass may transfer your personal data outside the European Union provided that Kompass ensures, prior to transfer, that entities outside the European Union, including Kompass's affiliates and members of the Kompass distribution network, provide an adequate level of protection or subject to appropriate safeguards in accordance with European legislation.

Recipients of personal data

In the course of our activities, we may pass on your personal data to recipients duly authorized by us:

• IT services required for the proper operation of the site (database management, hosting, storage, maintenance, etc.);
• Our customers, service providers and partners for the purposes of our business.

These recipients, who act independently or on behalf of our company, are subcontractors within the meaning of the regulations. They act solely on our instructions, except in the case of our customers. Customers may export personal data in order to integrate it directly into their Customer Relationship Management (CRM) solution or other solution of their choice. In this case, they become data controllers and are subject to the RGPD.

We ensure by contract that all recipients implement appropriate technical and organizational measures so that the processing of personal data they carry out meets the requirements of the GDPR, guarantees the protection of your rights and that they will not use your data for purposes other than those for which you are responsible.

The conditions relating to the processing of personal data carried out by these recipients and the rights you have in this respect are, unless expressly stated, the same as those described in this policy.

Furthermore, in accordance with the legislative provisions in force, your personal data may be communicated to any administrative or judicial authority authorized by law which may request it..

Article X – Service providers

We may use subcontractors and service providers to process personal data and we take data protection into account at all times by adopting a ‘privacy by design’ approach (see Art VII.c of this document) and only work with service providers who offer sufficient technical and organizational security guarantees to ensure data protection and in accordance with Article 28 of the GDPR.

Sometimes these service providers, including our distributors, resellers and partners, will be independently responsible for processing your data and their terms and conditions, license agreements and privacy statements will apply.

Article XI - Your rights and how to exercise them ?

Your rights

You have a right of access to your personal data, allowing you to rectify, modify, delete or limit its use, it being specified that :

• The right to object cannot be exercised for processing based on a contract, a legal obligation or vital interests,
• The right to erasure cannot be exercised for processing based on a legal obligation or the public interest,
• The right to portability cannot be exercised for processing based on a legitimate interest, a legal obligation, the public interest or vital interests,

You also have the right to define directives relating to the conservation, erasure and communication of personal data after your death.

In the event that we are unable to respond adequately to requests, you have the right to lodge a complaint with a supervisory authority (in France, the CNIL).

How to exercise your rights ?

You can exercise your rights by writing to the following address: Kompass, service DPO, 6-10 rue Troyon 92310 Sèvres or by e-mail: dpo@kompass.com

In order to ensure that your requests to exercise your rights are processed quickly and correctly, the following information is required: surname, first name, e-mail address, postal address and telephone number. In certain cases (right of access, right to portability and rights for heirs), in particular in order to protect you against identity theft and to check that your request is well-founded, you must attach a copy of proof of identity and provide any useful information or document in support of your request.

Article XII – How long we keep your personal data ?

Following the collection of personal data, we automatically send a KOMPASS message to the persons concerned stating ‘We would like to inform you that your professional details are referenced at KOMPASS. You can consult our Policy on the use of personal data via this link and exercise your rights’.

Unless the data subject objects, his or her data will be used by KOMPASS and its partners for a period of 24 months’.

12.1 Reminder every 20 months

Every 20 months, we send a KOMPASS emailing to the persons concerned to ensure that their professional email address is still active and to inform them again of their rights.

12.2 Hardbounce management

In order to keep our database up to date and to limit the number of profiles in permanent error during deliveries, we automatically upload Hardbounces (Email and Telephone) from :

- Our routing platforms (Email and SMS)

- Our partners

In general, we will keep your personal data on our systems for the following periods:

• For billing data, for as long as we have a legal obligation to do so or for our legitimate interests in establishing legal rights. We retain this data for a period of 6 years.
• For data in our database, for as long as you do not object to the processing of your personal data and your rights do not outweigh our legitimate interests.

Article XIII – How to contact us ?

To exercise any of your rights, or if you have any other questions or complaints about our use of your personal data and its confidentiality, please write to our Data Protection Officer: dpo@kompass.com

Article XIV - Modifications

We reserve the right to revise or amend this privacy policy.

Last update: 22 January 2025

Appendix to the General Data Protection Policy

Legitimate interests of KOMPASS

Why we use your data	Legitimate interest on which we base our position	What data we use
LOGIN AND NAVIGATION
To allow you to register and log in, and view premium information on companies of interest to you.	Sales interest for KOMPASS, but potentially also for the companies connected through our solutions.	Your account information such as your name, job title, e-mail address. More generally, all B2B professional contact data.
To enable you to browse our site while benefiting from the best possible services	Sales interest for KOMPASS	Data concerning your use of our Services such as IP address, device ID, user agent, location
SECURITY
To better protect your data against threats, we record user activity on KOMPASS and to identify suspicious behavior, scraping, hackers. To verify certain information you have provided. To share it with our partners, with the same aim of protecting it against malicious acts or hacking.	Enhance the security and performance of our systems. Better protect our customers' and visitors' data. Detect and analyze suspicious behavior. Enable our partners or customers to detect, investigate and remedy any potential threat or fraud.	Data concerning the use of our systems: IP address, device ID, location data, browser type, as well as other online identifiers collected through cookies. Your e-mail address, login details and, where applicable, payment details. Data provided by you or third parties on our site, such as your name, job title, location, contact information: e-mail address, telephone number, payment details, etc.
BUSINESS DEVELOPMENT
To monitor and analyze the use of our online services by our customers or unidentified visitors. To carry out our B2B matchmaking mission	To develop and manage our offers and solutions efficiently. To create business opportunities for our customers and partners.	Data concerning your use, such as your IP address and other types of information enabling you to be identified or located. Your professional identity (name, position, e-mail address, telephone number)
MARKETING CAMPAIGNS
To promote our own offers and solutions to professionals where authorized.	To create opportunities and increase the number of our Customers and Users. To provide time-saving solutions for your employees.	The professional identity (name, position, e-mail address, telephone number) of certain employees or managers by function.