SOLOCAL_Registration Document_2017

CORPORATE SOCIAL RESPONSIBILITY 3.4 Societal responsibility

SOCIETAL RESPONSIBILITY 3.4

major accounts, regulated professions, local authorities, etc. in the appropriation and use of communication media and technologies. At the same time, with its media and content, the Group enables consumers to search, find out, choose and connect with all of these players, and thus contribute to the local economy. SoLocal’s commitment to society is consistent with our values as a company that places the interests of its customers at the heart of everything it does.

“To promote responsible local economic development”

As a major player in local and digital communication, SoLocal Group contributes to boost the local economic fabric by creating content and information that simplifies the relationship between consumers and businesses. For more than 70 years, the Group has been supporting French micro-enterprises, small and medium-sized businesses, national

1

2

GOVERNANCE AND ETHICS 3.4.1

3

The Group strives to maintain a trusted relationship with all of our stakeholders. This is why we have taken steps to ensure that we protect personal data and observe the rules of fair competition and ethical behaviour.

a procedure describing the rules to be respected in case of an l audit by the CNIL (latest version dated 24 April 2014); the procedure for managing requests for access and opposition l by individuals (latest version dated 22 April 2015) which details the procedures for processing applications from individuals in the context of the exercise of their rights of access, rectification and opposition to personal data concerning them. This procedure makes it possible to standardise these methods within SoLocal Group and to facilitate the implementation of this exercise; a procedure aiming to deal specifically with requests to exercise l rights made to the Customer Relations Centre and those received in the email account of the Data Protection Correspondent (latest version dated 19 October 2015). The latter two procedures are part of our personal data protection system. Accordingly, all of our companies, and especially employees responsible for data processing, must be sure to implement procedures for satisfying the requests of individuals who exercise their right to have their personal data corrected or deleted pursuant to Articles 38 and 40 of the French Data Protection Act of 6 January 1978, as amended, and Articles 92 to 97, 99 and 100 of Decree No. 2007-451 dated 25 March 2007, which amended the Decree dated 20 October 2005. These procedures are consistent with the DPC’s role, which is to ensure that personal data correction and deletion rights are observed, mostly by ensuring that appropriate procedures are implemented. We also posted a process to ensure compliance with the rules for protecting the personal data of SoLocal Group website users on the Group’s intranet. These rules cover the encryption of communications, the authentication of users on their personal accounts and the need to obtain consent for the deposit of cookies or other tracking tools. These rules were accompanied by practical information on the use of cookies on our website (last update May 2014).

4

PERSONAL DATA

3.4.1.1

SoLocal Group endeavours to disseminate reliable and secured information to its users. The Group’s sites support citizens on a daily basis who appreciate the relevance and accuracy of the information provided. We are also actively committed to protecting the data we collect from them and showing respect for their privacy. The IT and Freedoms Correspondent (CIL) team consists of 4 people: the DPC, two lawyers and a safety engineer. “Personal data” internal rules and procedures The Group’s commitment to information security is governed by the following rules and procedures: the “Personal Data Archiving Rules”, implemented in l March 2005 (data retention procedure); a procedure to formally document processing personal data (last l updated on 3 May 2012) which among other things specifies the disclosure obligations that must be observed before processing personal data; a procedure relating to organising the feedback of information l concerning the processing of personal data. This procedure must allow the proper maintenance of the DPC register containing all the processing of personal data for the French companies of the Group, and the verification of compliance with the French Data Protection Act (loi Informatique et Libertés) of any new processing or modification to existing processing (latest version dated 3 May 2012); a procedure that governs the transfer of databases containing l personal data within the Group, to ensure the protection of such data by specifying the requirements for transfers, so as to minimise any risk of misuse, theft or loss, during their transmission or otherwise (last version dated 14 January 2014);

5

6

7

8

71

2017 Registration Document SOLOCAL