Mytraffic company activity is focused on doing marketing studies, including production of statistical data, traffic analysis and catchment area potential, for players in real estate & retail, and for public players, particularly cities. It should be noticed that the whole Mytraffic business targets B2B customers.
Example of statistical data produced :
- Average number of visitors per day passing in front of 48 rue de Béthune in Lille (France),
- % of visitors to the Quartier Pigalle from the Quartier Nation in Paris.
- Evolution in the monthly number of visitors to the Condé-sur-Sarthe Commercial Activity Zone.
- Heat map of pedestrian traffic in Amiens city (France) centre.
- Averaged socio-demographic profile (based on INSEE information) of pedestrian traffic in the Bordeaux Saint André district.
These data are aggregated data, i.e. several data of the same type put together in order to produce what is known as aggregated data, which contains the desired information but makes it impossible to identify the part of the aggregate information corresponding to a given individual. None of them allows, directly or by cross-checking, to identify and a fortiori to target an individual user.
This Policy is meant to show transparency and loyalty towards our customers and smartphone users of our solutions, and to comply with the regulations on data protection (European GDPR Directive).
Please find below all information related to collection, processing & protection of users’ rights & data. Personal data encompasses any information or combination of information enabling the identification of a physical person.
As part of its activities, Mytraffic exploits two types of data which can be considered as personal data from a GDPR perspective:
- Part of statistical data produced by Mytraffic for its customers are derived from the processing of Users’ geolocated smartphones data (defined as “raw data” hereafter), which can be potentially considered as personal data in the frame of GDPR regulation.
- To operate its business (statistics proposed to its clients through software or studies), Mytraffic can collect and process personal information from its prospects & clients, in order to manage its commercial relationship with them, and to ensure the proper functioning of its Products & Services.
Smartphone Geolocation data, Vehicle Geolocation Data or Raw data: Smartphone or Vehicle geolocation data (pings journey). This data may be considered as a Personal Data, from GDPR perspective. It is treated as such by Mytraffic.
Enriched / Qualified or Converted Data: Statistical data, from raw data processing, in order to analyse footfall of an area or in front of a commercial address, such as
« 2 520 visitors in front of the 32, rue de Clichy, in Paris, the June, 15 2018 ». This data is anonymous & statistical by design.
3. CONTACT IN CHARGE OF PERSONAL DATA PROCESSING
The Mytraffic company, registered at RCS Paris, under the number 814 849 113, operates as Personal Data Controller for the two categories of personal data.
4. CATEGORIES OF DATA PROCESSED BY MYTRAFFIC
As part of its various solutions and services, MYTRAFFIC offers statistical analysis to commercial real estate players, to support them in their expansion and/or in the management of their sales outlets.
The added value of our service lies in the production and the analysis of statistics, from several data sources.
4.1. Smartphone geolocation data
In order to analyse physical flows (footfall) in a geographic area, Mytraffic acquires data from data partners and/or through its own SDK (Software Development Toolkit), then exploits geolocation data of smartphones, at European scale.
Geolocation raw data includes the following components:
- Device geolocation (latitude / longitude)
- Device advertising identifiers (IDFA for iOS, AAID for Android)
- Device operating system (iOS, Android)
- Latitude / Longitude
- Time Stamp
- Device type / Operating System
- App id
- Settings - Geolocation in background / foreground
- Settings – Approximate geolocation
Even if Mytraffic has no other information that would allow identification of the smartphone holder (name, email, phone, address ...), these raw data could be potentially considered, in the framework of GDPR, as personal data, and will therefore be treated as such by Mytraffic.
Mytraffic thus ensures through its own SDK / CMP, or with the data partner, that the raw data were collected with the consent of the smartphone user, for the purpose of Marketing Study or Geo-based analytics as described below.
The user may deactivate the geolocation function of his mobile device at any time, in the System Parameters (as described hereunder).
Geolocation data is used along with an advertising identifier.
The advertising identifier is a unique ID for a device. It can be reset, at any time, by the user, following this approach:
- iOS: go to "Settings", then "Privacy", then "Advertising", then "Reset Advertising ID".
- Android: go to "Settings" then "Google", then in "Ads".
Mytraffic sources geolocation data from data partners which are referenced at IAB, of which the list of subscribers is accessible with this link. For further info on our partners, you may contact us at firstname.lastname@example.org.
4.2. Vehicle flows data
Mytraffic sources & treats vehicle flow data. There data are statistics, not enabling any individual identification, therefore not in the GDPR framework.
4.3. Data on Prospects / Clients and on Mytraffic.io Website visitors
Mytraffic proposes solutions to B2B customers, in real estate, retail & public industry. In order to manage its commercial prospection, to manage its interactions with its customers and to get its customers access to its SaaS software, Mytraffic exploits data of contacts on its Prospects and Customers (with the name / first name / function / company / email address / mobile phone / mailing address, those elements being professional contact details).
4.4. Open Data
To carry out its analysis for its clients, Mytraffic uses a variety of open data sources, including INSEE, BODACC, Trade Court, other Open Data (transport, admissions to cinemas, administration locations, etc.) or retail websites (with for example the addresses of their points of sale). These data are by nature statistical data, with no Personal features.
4.5. Client Data for Analytics
In some cases, our clients rely on us to process their data (such as commercial activity of their points of sale) & hydrid them with our data, in the frame of our contractual relationship.
These data are transmitted, in accordance with the GDPR regulation, and are processed by MYTRAFFIC within the limits of the execution of the contract, to produce statistical analysis, without any search for individuals, and for the only only benefit of the client. MYTRAFFIC commits to delete all these data as soon as the contractual relationship with the customer ends.
5. END PURPOSE OF PERSONAL DATA PROCESSING
We process your personal data, complying with the 2016/679 GDPR general rule (issued April 27, 2016), as detailed here after:
5.1. Smartphone geolocation & Vehicle flows data
Mytraffic exploits and processes raw smartphone geolocation data, in order to convert them into statistics & marketing study, proposed to real estate and retail players, such as large retail networks, real estate brokers, or public players, such as cities.
Mytraffic commits to ensure that the raw data are collected with the user opt-in for the appropriate end-purpose (Marketing Study or Geo-based analytics).
Neither our SDK nor our data partners collect geolocation data for applications targeting minors.
Example of statistical data produced:
- Average number of visitors passing by 48 rue de Béthune in Lille (France) per day,
- % of visitors to the Pigalle district coming from the Nation district in Paris.
- Evolution of the monthly number of visitors in the Condé sur Sarthe shopping area.
- Heat map of pedestrian frequency in Amiens town centre.
- Averaged socio-demographic profile (based on public statistics sources) of footfall in the Bordeaux Saint André district.
These data are aggregated. None of them allows, directly or by cross-checking, to identify or a fortiori to target an individual user.
5.2. Prospects / Clients data, and data on Mytraffic.io website visitors
Mytraffic processes the prospects and clients’ data to manage the commercial relationships with them (all being professionals) and ensures the proper operations of its solutions & services, as expected in General Terms & Conditions.
Users data are therefore stored and processed to:
- Manage access to the Mytraffic website
- Send a newsletter to clients / prospects who asked for it
- Handle commercial interactions with prospects & clients
- Manage subscription, access & performance of Mytraffic SaaS solution
- Ensure online payment (with our Stripe partner) to access certain products
- Manage preferences & searches done by clients on our SaaS platform
6. LEGAL GROUND FOR PERSONAL DATA PROCESSING
6.1. Smartphone geolocation data
Mytraffic acquires, from data partners, only smartphone geolocation data with the opt-in for the Analytics purpose. The opt-in of the user is stored in the Consent Management platform (CMP) of the data partner and/or of the app publisher operating the data collection.
Each user may opt-out, following the indications detailed by the app publisher for the app used, or in the Mytraffic cookie management banner, then data collection will be stopped.
6.2. Prospects / Clients data, and data on Mytraffic.io website visitors
Depending on the recommendations of the CNIL, these cookies may or may not be exempt from consent.
For consent-exempt cookies:
For cookies subject to consent:
The user's consent is stored in the Mytraffic cookie manager.
Each user can withdraw his consent at any time by accessing the cookie manager.
On Mytraffic.io website
Mytraffic uses the following cookies, to manage Mytraffic.io website visitors :
Type of cookie-Supplier-Objectives
Analytics-Google Analytics-Website visitors’ statistics
Analytics-Hotjar-Visitors’ navigation monitoring
Ad-Linkedin Insight-Conversion monitoring
Ad-Google Adword-Conversion monitoring
Analytics-Google Optimize-Optimization of MT website content
Analytics-Hubspot-CRM lead conversion monitoring
For all cookies, user is proposed when entering our website, refuse our cookies on his device. The user may, at any time, using the cookies banner, reset its web-browser to block cookie installation and / or erase those already stored.
The MonLocalCommercial.fr website, published by Mytraffic, is subject to a specific data management policy, accessible via the link: https://www.monlocalcommercial.fr/rgpd/.
On SaaS platform
Mytraffic uses the following cookies, in order to ensure the best service level of its SaaS platform:
Type of cookie-Supplier-Objectives
Analytics-Google Analytics-Statistics on SaaS visits
Technical-Stripe-Online payment solution
Analytics-Amplitude-SaaS users’ behaviour tracking
Analytics-Hotjar-SaaS users’ behaviour tracking
Crisp chatbot cookie is used to answer clients / SaaS platform users’ requests (implying their opt-in).
Amplitude software analyzes the users’ behavior (pages visited, clicks, time spent) (Mytraffic customers) on the SaaS platform (anonymizing their data).
The Hotjar software also analyzes the behavior (mouse movement) of the visitors (Mytraffic clients) on the SaaS platform (anonymising their data).
On website and SaaS platform, in any case, cookies are erased after 13 months. We decline all responsibility in case of downgraded level of our services, in case you suppressed or blocked cookies.
To get further information on cookies, you may visit the French-authority CNIL website:
7. PERSONAL DATA RECIPIENTS
7.1. Smartphone geolocation & Vehicle flows data
Smartphone geolocation data (defined as « raw data ») are fully restricted to a Mytraffic internal use.
After processing, these data are converted into business insights & statistics, with no longer personal feature. These statistics are proposed to Mytraffic B2B clients, retail and real estate players, under a software format and/or through ad-hoc marketing study.
7.2. Prospects / Clients data, and data on Mytraffic.io website visitors
Mytraffic processes the whole dataset for its own business purpose and under a strict confidentiality.
To handle this data processing, Mytraffic may have recourse to suppliers for data storage, security, maintenance or specific services supply. The User accepts that its data may be transmitted to those suppliers, for those specific cases. For the rest, data are not transmitted to any third-party.
8. DATA STORAGE
8.1. Smartphone geolocation & Vehicle flows data
Raw smartphone geolocation data are stored on Amazon Web Services (AWS) servers, located in the European Union, in Germany.
Data converted in statistics are also stored on Amazon Web Services servers, in Germany.
8.2. Prospects / Clients data, and data on Mytraffic.io website visitors
These data (contact details) are managed through Hubspot CRM, which stores its data on Google cloud servers, located in Francfurt (Germany – European Union).
None of the data collected & processed by Mytraffic is transferred on servers located out of European Union.
The data collected through Google Analytics is hosted in the USA.
9. PERSONAL DATA RETENTION PERIOD
9.1. Smartphone geolocation & Vehicle flows data
Smartphone geolocated data (or “raw data”) & Vehicle flows are stored by Mytraffic within a maximum 105-day period. After 105 days, those data are deleted, with an irreversible approach.
Data converted into statistics have no retention period limitation.
9.2. Prospects / Clients data, and data on Mytraffic.io website visitors
Mytraffic keeps those raw Data, only the period of time enough to manage processing. Those retention limits are defined with regards to the Mytraffic business end-purpose, complying with contractual & regulatory prescriptions.
10. USERS’ RIGHTS ON THEIR PERSONAL DATA
In the limits set by GDPR regulation, and especially the 15 & 22 chapters of 20176/679 GDPR, Users may exercise their rights on their personal data. Any user may ask to access his data, to rectify or delete them, ask for limiting data processing, oppose data processing (in case the user previously gave consent) or ask for portability.
These rights may be freely exercised through a request to our Data Protection Officer (DPO).
For the smartphone geolocation data, within the 105 days after collection, User may exercise his rights directly towards app publisher and/or our data partners (list accessible with specific request to our DPO).
In the case the User wants, specifically or in parallel, exercise his rights to Mytraffic, within the same period, User will communicate to Mytraffic his advertising identifier (IDFA for iOS, or GAID for Android), accessible following this process:
- For iOS : upload an app to get your IDFA, using this link :
- For Android: access to your GAID identifier in your smartphone parameters, clicking in the “Advertising” section.
User may withdraw his opt-in at any time (while keeping valid personal data collected prior to the consent withdrawal).
Any request, to be handled, will need an email.
We will respond to your request within a reasonable timeframe.
If you would like to discontinue receiving newsletters, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you.
Mytraffic commits to ensure the highest level of security in management, processing and storage of personal data.
We have set-up organisational & technical measures to manage risks and to protect personal data.
We apply specific security rules to protect our systems, with 2-FA, encryption, access restriction, antivirus software.
Mytraffic office is secured. The full staff is aware of security & protection rules for personal data (Charter, Internal Rules specific for Personal Data).
12. CONTACT & CLAIM
In order to exercice your rights, as described here above, or for any question regarding Personal Data managed by Mytraffic, you may contact us at the following address: Mytraffic, Lot 3 – 12, rue Vivienne 75002 Paris - France, or by email at :
In accordance with GDPR, Mytraffic has appointed, as DPO, Me Yaël COHEN-HADRIA (ERNST & YOUNG AVOCATS). For any question on Personal Data, any User may contact our DPO at : Yael.Cohen.Hadria@ey-avocats.com. In case you have no answer to your request, you may claim your rights to the French Cnil at: https://www.cnil.fr/fr/agir
Or by mail at : Commission Nationale de l'Informatique et des Libertés, 3 Place de Fontenoy - TSA 80715, 75334 PARIS CEDEX 07 – France.
For any request regarding the UK, as required by ICO, Mytraffic names M. Deepak CHADHA as UK Data Protection Representative – email@example.com.