Poool and the GDPR

Starting from 2018, May 25th, the GDPR (General Data Protection Regulation), which is a European regulation directly implemented in France, is coming into effect. It tends to reinforce the importance of data protection with entities that process them (data controllers and data processors) and to make them aware of their responsibilities. It empowers citizens’ rights by giving them more control on their personal data.

We collect personal data and activity data, that sometimes can be linked. This data can be collected and processed on our behalf or on behalf of our clients (publishers), which we inform related people about. As actors of these processings,

we, at Poool, do everything we can to comply with the General Data Protection Regulation (GDPR)

Thus, Poool is committing to respect its guiding principles:

Lawfulness, fairness and transparency of processing

We process data in a licit, loyal and transparent way

Purpose limitation

We collet data for determined, explicit and legitimate purposes, in relation to the services we offer

Data minimization

We collect appropriate and relevant data, that is limited to what is required to achieve our services

Data accuracy

We update obsolete data as much as we can when related people inform us about it

Storage limitation

We store data for a duration that does not exceed the one required in relation to the process purpose

Integrity and confidentiality

We guarantee an appropriate security, as far as our human, material and financial means allow us to do


We are aware of our responsibilities and we do every we can to protect personal data

To do so, Poool has implemented concrete actions:

From an organizational perspective

  • We have nominated our internal data protection officer

  • Synthesis of our data security processes

  • Security audits of our processing activities

  • Cartography of our processing activities

  • Creation of records for each processing activity

  • Implementation of a complaint processing procedure

  • Implementation of a data security breach management procedure

These documents can be checked by control authorities, like the French CNIL.

From a technical perspective

  • We have adapted our technical base to respect the user’s consent or non-consent, which has to be passed on to us by our clients, the publishers

  • Adaptation of our “newsletter” widget to collect readers’ express consent

  • We have adapted Poool’s own digital media to collect consent or non-consent, whether it be about cookie storage or about any personal data collection

  • We have put online this public information page about our GDPR process

These actions are implemented internally and we also guide our clients throughout this process

Concretely, users can exercise their rights at any moment by contacting our data protection officer, in order to:

  • Access their personal data

  • Rectify their personal data

  • Delete their personal data

  • Exercise their personal data portability rights

  • Exercice any other right given by the GDPR

From our side, we commit to:

  • Asking for the users' consent so their personal data is collected

  • Collecting only required data and for a required duration

  • Technically protecting personal data at best, subject to our own constraints

  • Informing users of any theft attempt on data

Any request or any question?

Feel free to contact us!