Follow us on
Data Management Policy
This Data Management Policy applies to Mytraffic. It outlines how Mytraffic collects, uses, shares, and secures personal data. It also describes your options as a user of mobile applications regarding the use, access, and correction of your data.
1. Preamble
Mytraffic is a company specializing in producing marketing studies in the form of statistical data, foot traffic analyses, and catchment area potential, targeting real estate professionals, commerce, and public sector actors, including cities. Notably, Mytraffic's entire activity targets a professional clientele.
Examples of statistical data produced:
- Average number of visitors passing daily in front of 48 rue de Béthune in Lille.
- Percentage of visitors to the Pigalle District coming from the Nation District in Paris.
- Monthly evolution of visitors in the Condé sur Sarthe Commercial Activity Zone.
- Heatmap of pedestrian traffic in the Amiens city center.
- Average socio-demographic profile (based on INSEE information) of visitors to the Bordeaux Saint André district.
These data are aggregated, meaning they are collected from multiple data points of the same type to produce aggregated data that preserves the desired information but makes it impossible to identify the individual data point. None of these can, directly or indirectly, identify or target an individual user.
This Policy reflects our commitment to transparency and fairness towards our clients and users of our solutions ("Users") and compliance with data protection regulations.
Below, you will find all information regarding the collection, processing, and protection of User Data rights.
A personal data item refers to any information relating to an identified or identifiable natural person.
As part of its activities, Mytraffic handles two types of data that may be personal:
- Some of the data produced by Mytraffic for its clients, post-processed statistical data, come from the processing of so-called "raw" data (geolocation paths) that may be personal under the GDPR regulations (definitions below).
- In the context of using its solutions (software or studies), Mytraffic may collect and process personal data from its users to manage its commercial relationship with them and ensure the proper functioning of its Products & Services.
2. Definitions
- Smartphone Geolocation Data, Vehicle Flow Data, or Raw Data: Geolocation data from smartphones or vehicles (point trajectories). These data may be personal under the GDPR regulations and are treated as such by Mytraffic.
- Post-Processed Statistical Data (or enriched/qualified data): Statistical data derived from the processing of raw data to analyze foot traffic in an area or in front of a commercial address, for example, "2,520 people passed in front of 32 rue de Clichy, Paris, on June 15, 2018." These data are inherently anonymous.
3. Data Controller
Mytraffic, registered with the Paris RCS under number 814 849 113, acts as the data controller for personal data.
4. Categories of Data Exploited by Mytraffic
In its various solutions and services, MYTRAFFIC offers statistical analyses to commercial real estate stakeholders to assist them in their expansion or in managing their points of sale.
The added value of our service lies in producing and analyzing statistical data from multiple data sources.
4.1. Smartphone Geolocation Data
To analyze the pedestrian flows in a geographical area, Mytraffic acquires geolocation data from smartphones (called "raw data") from data partners and/or via its own SDK (Software Development Kit) on a European scale.
The raw data includes the following elements:
- Mobile device advertising identifier (IDFA for iOS and GAID for Android).
- Geolocation data (latitude/longitude) / Date.
- Operating system.
- App ID.
- Background/foreground geolocation settings.
- Approximate geolocation settings.
Even though Mytraffic does not have any other information that could identify the smartphone holder (name, email, phone, address, etc.), these data are considered, under the GDPR, as potentially personal and are therefore treated as such by Mytraffic.
Mytraffic ensures that the data partner and/or Mytraffic's SDK has collected the raw data with the smartphone user's consent for the "Marketing and Commercial Studies" purpose described below.
The user can disable the geolocation function of their mobile device at any time in the system settings (see below).
Geolocation data is used with an advertising identifier.
The advertising identifier is the identifier of a mobile device. It can be reset at any time by the user as follows:
- iOS: go to "Settings," then "Privacy," then "Advertising," then "Reset Advertising Identifier."
- Android: go to "Settings," then "Google," then "Ads."
The data partners from whom Mytraffic may collect geolocation data are referenced by the IAB, whose member list is available at this link. For more information about our partners, please contact us at contact@mytraffic.fr.
4.2. Vehicle Flow Data
Mytraffic uses vehicle flow data. These data are statistical by nature and non-identifying, falling outside the scope of the GDPR.
4.3. Data on our Prospects/Clients and Visitors to our Website Mytraffic.io
Mytraffic operates in the commercial industry sector. To ensure commercial prospecting, manage client relationships, and allow clients to access its software, Mytraffic uses contact data on its Prospects and Clients (including name, first name, function, company, email address, mobile phone, postal address).
4.4. Public Data
For its analyses, Mytraffic uses various public data sources, including INSEE, BODACC, Commercial Court Registries, Open Data (transport, cinema entries, administrative sites), or retailer websites (e.g., store addresses). These data are inherently statistical and often public.
4.5. Data Provided by our Clients
In some cases, our clients provide us with certain data about their retail activities to execute their contracts. These data are transmitted in compliance with GDPR regulations and are only processed by MYTRAFFIC within the contract's scope to produce statistical analyses, without seeking to identify individuals, solely for the client's benefit. MYTRAFFIC commits to deleting all these data once the contractual relationship with the client ends.
5. Purposes of Processing Personal Data
We process your personal data in compliance with the General Data Protection Regulation (GDPR) 2016/679 of April 27, 2016, and the conditions outlined below.
5.1. Smartphone Geolocation and Vehicle Flow Data
Mytraffic processes raw geolocation data to convert it into statistical data and marketing studies offered to real estate and commercial stakeholders, such as retailers, independent businesses, or public entities like cities.
Mytraffic is committed to using only raw data for which users have consented to the intended purpose. Neither our SDKs nor our data partners collect geolocation data for applications targeting minors.
Examples of statistical data produced:
- Average number of visitors passing daily in front of 48 rue de Béthune in Lille.
- Percentage of visitors to the Pigalle District coming from the Nation District in Paris.
- Monthly evolution of visitors in the Condé sur Sarthe Commercial Activity Zone.
- Heatmap of pedestrian traffic in the Amiens city center.
- Average socio-demographic profile (based on INSEE information) of visitors to the Bordeaux Saint André district.
These data are aggregated. None of them can, directly or indirectly, identify or target an individual user.
5.2. Data on our Prospects/Clients and Visitors to our Website Mytraffic.io
Mytraffic processes User Data to manage its commercial relationship with its prospects and clients (professionals), ensure the proper functioning and improvement of the Solution, and ensure the proper execution of services under the General Terms and Conditions of Sale and Use.
Therefore, User Data is primarily stored and processed to:
- Manage and ensure proper access and navigation of visitors on the Mytraffic website.
- Send a newsletter to clients who subscribe to this service on the website.
- Manage Mytraffic's commercial interactions with its prospects and clients.
- Manage the registration, access, and performance of the Mytraffic SaaS platform.
- Ensure online payment (through our provider Stripe) for access to certain products.
- Manage the preferences and searches made by the User on the platform.
6. Legal Basis for Processing Personal Data
6.1. Smartphone Geolocation Data
Mytraffic only acquires geolocation data from its data partners that have obtained users' consent for the "Marketing and Commercial Studies" purpose. The user's consent is archived in the Consent Management Platform of the partner and/or the operator collecting the data.
Each user can withdraw their consent at any time, following the methods specified by the application publisher or in Mytraffic's cookie manager, in which case their personal data will no longer be collected.
6.2. Data on our Prospects/Clients and Visitors to our Website Mytraffic.io
Like most websites, Mytraffic and its partners use cookies or similar technologies to analyze trends, manage cookies or similar technologies to track the usage and performance of its site. This information may include IP address, browser type, Internet Service Provider (ISP), referring/exit pages, pages viewed on our site (HTML pages, graphics, etc.), OS, timestamp, and/or clickstream data to observe/measure site usage and help improve it.
Depending on CNIL recommendations, these cookies may or may not be exempt from consent.
For cookies exempt from consent:
You can control the use of cookies through your browser, but disabling certain cookies may affect or limit access to some functionalities of our site.
For cookies requiring consent:
The user's consent is archived in Mytraffic's cookie manager.
Each user can withdraw their consent at any time by accessing the cookie manager.
On the Website:
In managing visitors to its website, Mytraffic uses the following types of cookies:
| Type of Cookie | Provider | Purpose |
| Analytical | Google Analytics | Provides statistics on site access |
| Analytical | Hotjar | Tracks navigation |
| Advertising | LinkedIn Insight | Tracks conversion |
| Advertising | Google AdWords | Tracks conversion |
| Analytical | Salesloft | Tracks visits |
| Analytical | Google Optimize | Optimizes site content |
| Analytical | HubSpot | Tracks conversion (CRM) |
For all these cookies, users are given the option to refuse the cookies upon their first visit to the website. Users can then configure their browser software to oppose the placement of cookies on their device, either in part or in full, at any time through the cookie manager.
The MonLocalCommercial.fr website, published by Mytraffic, has a specific data management policy available at: https://www.monlocalcommercial.fr/rgpd/.
On the SaaS Platform:
To offer the best service to its SaaS platform users, Mytraffic uses the following types of cookies:
| Type of Cookie | Provider | Purpose |
| Analytical | Google Analytics| Provides statistics on site access |
| Analytical | Crisp | Chatbot tool |
| Technical | Stripe | Enables online payment |
| Analytical | Amplitude | Tracks SaaS user behavior (pages visited, clicks, time spent) |
| Analytical | Hotjar | Tracks SaaS user behavior (mouse movements) |
The Crisp chatbot cookie is used to respond to platform user queries after their consent (and providing their email to respond to their query).
The Amplitude software analyzes the behavior (pages visited, clicks, time spent) of visitors (Mytraffic clients) on the SaaS platform while anonymizing their data.
The Hotjar software also analyzes the behavior (mouse movements) of visitors (Mytraffic clients) on the SaaS platform while anonymizing their data.
On the website and platform, cookies placed on your browsing device are destroyed 13 months after being placed on your device.
We disclaim any responsibility for the consequences related to the degraded functioning of our services resulting from the inability to save or consult the cookies necessary for their functioning that you have refused or deleted.
For more information on cookies, you can visit the CNIL website: https://www.cnil.fr/fr/site-web-cookies-et-autres-traceurs.
7. Data Recipients
7.1. Smartphone Geolocation and Vehicle Flow Data
The raw smartphone geolocation data is strictly for internal use by Mytraffic.
These raw data are then processed and converted into post-processed statistical data, which no longer have personal characteristics. These are offered to Mytraffic's B2B clients, including real estate and commercial stakeholders, in the form of software and/or custom Marketing studies.
7.2. Data on our Prospects/Clients and Visitors to our Website Mytraffic.io
Mytraffic processes all these Data on its behalf and confidentially. In processing Data through the Mytraffic platform, Mytraffic may use technical service providers for hosting, security, maintenance, or providing specific services. The User agrees that Data concerning them may be transmitted to these service providers. Apart from these specific cases, we do not transmit them to unauthorized third parties.
8. Data Location
8.1. Smartphone Geolocation and Vehicle Flow Data
The raw smartphone geolocation data is stored on Amazon Web Services servers located in the European Union, in Germany.
The post-processed statistical data is also hosted on Amazon Web Services servers, in Germany.
8.2. Data on our Prospects/Clients and Visitors to our Website Mytraffic.io
These data (contact details) are stored in the Hubspot CRM solution, which hosts its data on Google Cloud servers based in Frankfurt (European Union).
The Amplitude software provider processes collected data (tracking Mytraffic SaaS user behavior) on servers located in the United States.
Data collected through Google Analytics is hosted in the United States.
Apart from these specific cases, none of the Data processed and collected by Mytraffic is transferred to servers hosted in a third country outside the European Union.
9. Retention of Personal Data
9.1. Smartphone Geolocation and Vehicle Flow Data
Smartphone geolocation data (or raw data) and vehicle flow data are retained by Mytraffic for a maximum period of 12 months, after which these data are irreversibly erased.
Post-processed statistical data have no retention limit.
9.2. Data on our Prospects/Clients and Visitors to our Website Mytraffic.io
Mytraffic retains these Data only for the time necessary to achieve the processing objectives. Retention periods are calculated based on the purpose for which Mytraffic retains the data and according to legal and contractual requirements.
10. User Rights to Their Personal Data
Under data protection regulations, particularly Articles 15 to 22 of the General Data Protection Regulation (GDPR) 2016/679, Users have rights concerning their Data. Each User has the right to withdraw their consent if previously given, access their Data, rectify or erase it, obtain the restriction of Data processing, object to this processing, and the right to Data portability. These rights can be exercised with our Data Protection Officer ("DPO").
For smartphone geolocation data (raw data), during the 12-month retention period, the user can exercise their rights directly with the mobile application publishers and/or data partners (list available from our DPO).
If the user wishes to exercise their rights directly with Mytraffic during this period, they must provide Mytraffic with their smartphone's advertising identifier (IDFA or GAID) by retrieving it as follows:
- For iOS: Download an application to retrieve the IDFA, which will give you access to your identifier by following this link: https://itunes.apple.com/us/app/the-identifiers/id564618183?mt=8
- For Android: Access your identifier in the phone settings by clicking on the "Ads" section.
The user can withdraw their consent at any time without affecting the legality of processing based on consent before its withdrawal.
Each request requires the requester's email address.
We will respond to any request within a reasonable timeframe.
If you do not wish to continue receiving our newsletters, you can update your preferences by sending us an unsubscribe email.
11. Security
Mytraffic is committed to ensuring the highest level of security for processing and storing personal data.
We have established organizational and technical measures to manage risks and protect personal data.
We apply specific security rules to protect our systems, including multi-factor authentication, encryption, access rights restriction, logging, and antivirus software.
Mytraffic's premises are secured, and employees are aware of security measures and personal data protection rules (Data Management Charter & Internal Regulations, etc.).
12. Contact and Complaints
To exercise your rights mentioned above or for any questions about Mytraffic's management of personal data, you can contact us at the following address: Mytraffic, Lot 3 – 12 rue Vivienne, 75002 Paris, or by email at: support@mytraffic.fr.
Mytraffic has appointed Me Yaël COHEN-HADRIA (ERNST & YOUNG AVOCATS) as DPO. For any specific questions about your Data or complaints about their processing, you can contact our DPO at: yael.cohen.hadria@ey-avocats.com.
For any request concerning the United Kingdom, Mytraffic has appointed Mr. Deepak Chadha as the UK Data Protection Representative (email: uk-gdpr@mytraffic.co.uk).
If your request is not resolved, you can file a complaint with the CNIL: https://www.cnil.fr/fr/agir or by postal mail at the following address: Commission Nationale de l'Informatique et des Libertés, 3 Place de Fontenoy - TSA 80715, 75334 PARIS CEDEX 07, France.
13. Modifications/Updates to this Data Management Policy
We may update this Data Management Policy. In case of substantial changes, we will specify this with a note on our website. We recommend that you regularly review this policy to access our latest information and practices in this area.