Earlier in the year, the CNIL looked into the Stop-Covid application set up by the French government, in order to ensure respect for the privacy of users and the proper management of the data captured by the application. At Syned, we asked ourselves the same questions: who will access the data, where will it be stored, what security is in place to protect it, how long will it be kept, and to do what? We questioned ourselves because it is our domain. Despite everything, we are like everyone else: when we love a site, we implicitly trust it and subscribe to its newsletter, the same for the customer file of our favorite store ...  

End up arriving emails to which we have never subscribed, SMS advertising, or highly targeted advertisements. We are seriously annoyed at first… then we give up. Yes, we let it go, we prefer to spam all these emails, some people simply create a new email box because they are drowned in a deluge of disguised advertising. Others will block unknown numbers that try to reach them four times a day. The most reckless unsubscribe from emails (sometimes unsuccessfully), the most relentless seek for 45 minutes the email address of the company to write to to remind them of their refusal to receive these emails. You still have to have time to find the company's website, then go through the legal notices one by one and follow up on the confidentiality policy… when it exists! Yet we have the right to be informed.

Right to be informed of the use of your data by a company: processing carried out, data supplier partners, data subcontracting, profiling, targeting, cross-checking, statistical and predictive calculations, etc. Your right also applies as an employee (current or past), trainee, provider or medical patient. Think of some of these companies that collect our data during job interviews, for example, or others that profile their employees [eg Ikea , H&M ].

You have the right to be informed of where your data is stored, the company services that have access to it and what they do with it, the technological means implemented to secure them, if they are shared or sold. to third parties, etc.

You can also find out if there have been any data leaks (date, volume of affected customers), if you are concerned by the leak, and the solutions provided by the company to remedy this problem.  

A business is legally obligated to notify you in the event of a data breach. In the absence of notification to its customers, the organization is exposed to sanctions from the CNIL. To find out more about what you can expect when exercising your right to information, it's here .

Don't expect a company to have all of the information about you. It must comply with a minimization of the collection of data necessary and sufficient to provide its services to you within the framework of the contract which binds you to it. Unfortunately, as soon as we question the organizations, we quickly realize, if they play the game in a transparent way, that the data they have on us goes well beyond the scope of the service they provide us.

For example, when you surf the web, many websites collect your IP address in order to geolocate you precisely. This is why you see advertisements or search results targeted to where you live, for example. However, knowing your location does not allow the site to better provide you with its news articles, when it comes to media. Conversely, if the site finds the closest restaurants for you, locating you becomes legitimate. On the other hand, keeping your geolocation data may not be ...

You don't need to be known to a company to exercise your right to information! In this case, the company should not have any of your personal data… except maybe if you were a customer and you closed your file? Unfortunately, many organizations do not erase our data after termination of our contracts. They are often kept to contact us later with a new offer, or used for statistical calculations.

There is a category of companies, invisible to the general public, which is nevertheless found almost everywhere on the internet and which almost knows us. Their activity? We trace. In reality, they do not only trace Mrs. So-and-so who went to site A and then to site D at such and such a time, on such and such a day with such and such a device; they follow a device that browses the web.  

A simple small file (cookie) placed on the device allows tracking by assigning the browser (sometimes the device) an identifier. This tracking activity consists of aggregating the navigation data of this identifier and then reselling it to other companies to enrich their knowledge of visitors (areas of interest, type of device used, etc.) and ultimately to better serve us. “Serve” in targeted content or advertising.

Does this identifier constitute personal data? That is the question, my dear Watson! In the eyes of European regulations, no, because the identifier does not allow the identity of the individual to be traced. This remains, in our opinion, very questionable ... In Syned's eyes, yes. This is data that does not belong to us, in the sense that it has been assigned to us by a third party system, but we consider that we are co-owners, because the use made of it concerns us. This is why on Dare, the user is the owner of all his personal data and co-owner of the data assigned to him.

To learn more about data, personal or not, it's here.

To avoid this tracking, we advise you to refuse all cookies when you arrive on a website and to delete them regularly. Unfortunately, many sites do not offer the refusal as such, but rather configure the cookies that we accept. This clearly unfair practice is now targeted by the CNIL. However, even when we refuse all cookies, we find ourselves obliged to accept those “necessary for the proper functioning” of the site. And generally, these relate to anything that makes it possible to ensure the statistical follow-up of the frequentation of the site.

Example of the cookie that is really essential for you

When you are on the Dare platform, built by us, there is only one cookie, the one that allows you to secure access to your account. We do not do any tracking of any kind, no counting, no tracing. If you refuse this cookie, we cannot ensure the security of your access, so you cannot access the platform.

Example of the so-called "essential" cookie for a website

When you are on this page, hosted and built with the tools of the company Wix, you are followed, even by refusing cookies. This system is that of the majority of websites in the world. It does not provide you, the visitor, with any information, any additional service. On the other hand, on our side, we have interesting information which allows us to understand mass behaviors:

• origin of visitors

• type of device used (mobile or computer)

• date and time of visit

• duration of a visit

These figures cannot be traced back to an identifiable person; in reality, these are completely anonymized visits. A visitor can make multiple visits. For example, at the time of writing this article, we know that there were 12 visits from Paris, and one from Belgium, last week. We are also able to better push Dare up in the results of your favorite web search engine, or at a minimum , understand why Dare receives few visits and what we could do about it.

Exercising your right to information makes it possible, on the one hand, to obtain information, and on the other hand, to assess the legitimacy of an organization to hold, manage and store our data. Information is the first step towards informed choices. As soon as you know more, you can choose to act while exercising your other rights. For example, oppose the use of your data , request their erasure or modification of some.

Do you want to know in detail what is done with your data on Dare? Our privacy policy is the central text that lists all the information on this subject. Despite the rigor and precision expected by the supervisory authority (CNIL) concerning the text of our policy, we have done our best to keep it clear and intelligible.

If you want to go further, we provide you with a section to find out more with specific questions and detailed answers that will inform you on sensitive points .  

If you have any doubts or other questions, you can write to our data officer ( privacy@syned.co ) who will get back to you as soon as possible. 

Illustration proposed by CNIL

Official text of European regulations provided by the CNIL

• https://www.cnil.fr/fr/reglement-europeen-protection-donnees/chapitre3#Article13

• https://www.cnil.fr/fr/reglement-europeen-protection-donnees/chapitre3#Article14