Poool and the GDPR

Since 2018, May 25th, the GDPR (General Data Protection Regulation), which is a European regulation directly implemented in France, has came into effect. It tends to reinforce the importance of data protection with entities that process them (data controllers and data processors) and to make them aware of their responsibilities. It empowers citizens’ rights by giving them more control on their personal data.

We may collect personal data and activity data, that sometimes can be linked. This data can be collected and processed on our behalf or on behalf of our clients (publishers), which we inform related people about. As actors of these processings,

We, at Poool, do everything we can to comply with the General Data Protection Regulation (GDPR)

Thus, Poool is committing to respect its guiding principles:

Lawfulness, fairness and transparency of processing

We process data in a licit, loyal and transparent way

Purpose limitation

We collet data for determined, explicit and legitimate purposes, in relation to the services we offer

Data minimization

We collect appropriate and relevant data, that is limited to what is required to achieve our services

Data accuracy

We update obsolete data as much as we can when related people inform us about it

Storage limitation

We store data for a duration that does not exceed the one required in relation to the process purpose

Integrity and confidentiality

We guarantee an appropriate security, as far as our human, material and financial means allow us to do


We are aware of our responsibilities and we do every we can to protect personal data

To do so, Poool has implemented concrete actions:

From an organizational perspective
  • checkWe have nominated our internal data protection officer
  • checkSynthesis of our data security processes
  • checkSecurity audits of our processing activities
  • checkCartography of our processing activities
  • checkCreation of records for each processing activity
  • checkImplementation of a complaint processing procedure
  • checkImplementation of a data security breach management procedure
These documents can be checked by control authorities, like the French CNIL.
From a technical perspective
  • checkWe have adapted our technical base to respect the user’s consent or non-consent, which has to be passed on to us by our clients, the publishers
  • checkAdaptation of our “newsletter” widget to collect readers’ express consent
  • checkWe have adapted Poool’s own digital media to collect consent or non-consent, whether it be about cookie storage or about any personal data collection
  • checkWe have put online this public information page about our GDPR process
These actions are implemented internally and we also guide our clients throughout this process

Concretely, users can exercise their rights at any moment by contacting our data protection officer, in order to:

  • Access their personal data
  • Rectify their personal data
  • Delete their personal data
  • Exercise their personal data portability rights
  • Exercice any other right given by the GDPR

From our side, we commit to:

  • Asking for the users' consent so their personal data is collected
  • Collecting only required data and for a required duration
  • Technically protecting personal data at best, subject to our own constraints
  • Informing users of any theft attempt on data
Any request or any question?