This policy is addressed to persons whose professional contact details are processed via Prospectra in the context of B2B commercial prospecting campaigns run by the service's clients (the « Senders »).
If you received a message originating from Prospectra, or if your contact details have been imported into the service by a Sender, you are a data subject within the meaning of the GDPR, and you have the rights detailed in this policy.
1. Who processes your data?
Controller: the Sender
For each message received and each contact list imported, the controller within the meaning of article 4.7 of the GDPR is the Sender themselves (the company or professional person who imported your contact details and chose to send you a message). The Sender determines the purposes and means of processing, may hold a file concerning you, and is your main point of contact for the exercise of your rights.
The Sender's identity systematically appears in the message you received (signature, identification details).
Technical processor: Prospectra
(à configurer par l'opérateur), publisher of the Prospectra service, acts as a processor within the meaning of article 28 of the GDPR on behalf of the Sender. Prospectra provides the technical infrastructure enabling the Sender to send their messages and manage their prospect file, but does not decide on the recipients, the content of the messages or the commercial purpose pursued.
2. What data is processed?
Depending on the information imported by the Sender, the following categories of data may be processed:
- your first and last name (if provided);
- your professional email address;
- the name of the company or organisation you are affiliated with;
- your role or job title (if provided);
- tags or notes added by the Sender (such as your industry, the origin of your contact, your stated preferences);
- the history of messages sent and interactions (opens, clicks, unsubscribes, replies).
Prospectra does not collect data directly from you: all data is provided by the Sender, who obtained it by their own means (professional directories, forms, business exchanges, trade fair lists, etc.).
3. On what legal basis is your data processed?
In accordance with the consistent doctrine of the French CNIL and article 6.1.f of the GDPR, business-to-business commercial prospecting (between professionals) may be based on the legitimate interest of the controller, provided that:
- the message is connected to your professional activity;
- you were informed, when your contact details were collected, of the possible commercial use;
- you can easily exercise a right to object (one-click unsubscribe).
For recipients who are natural persons acting in a personal capacity (B2C), processing would require your prior explicit consent (article L.34-5 of the French Post and Electronic Communications Code, and equivalent national provisions in other EU jurisdictions). Such use is prohibited by the Prospectra terms of use, and any report in this regard may be sent to the abuse@ address of the Sender's domain, or, failing that, to .
4. Who has access to your data?
Your data is accessible to:
- the Sender and authorised persons within their organisation;
- authorised staff of Prospectra, strictly limited to technical maintenance of the Service and the handling of abuse reports;
- the technical processors mentioned in the user privacy policy, §7 — host, the Sender's SMTP provider, AI providers if the Sender uses these features on content concerning you.
Your data is never sold or transferred to third parties for commercial purposes by Prospectra.
5. How long is your data retained?
The retention period is determined by the Sender, within the limits of what is necessary for the purpose pursued.
For guidance, and in line with French CNIL deliberation no. 2016-264 of 21 July 2016, reference durations are as follows:
- active prospects (recent interactions or exchanges): up to three (3) years after the last contact;
- prospects who have exercised their right to object (unsubscribed): retention only of the information necessary to honour that opt-out (typically the email address and the date of opting out), for a period of three (3) years, to avoid contacting you again.
If the Sender terminates their contract with Prospectra, your data is deleted from Prospectra's systems within a reasonable timeframe, subject to technical backups (purged within ninety days).
6. Your rights
In accordance with the GDPR, you have the following rights regarding your data:
- right of access (art. 15);
- right to rectification (art. 16);
- right to erasure (art. 17);
- right to restriction of processing (art. 18);
- right to portability (art. 20);
- right to object (art. 21), notably to processing for commercial prospecting, at any time and without having to justify a reason;
- right to define post-mortem directives (article 85 of the French Data Protection Act).
How to exercise your rights
Option 1 — Direct unsubscribe (fastest): use the unsubscribe link present in any message received. Your address is immediately added to the Sender's opt-out list, and you will no longer receive messages from them via Prospectra.
Option 2 — Contact the Sender: the Sender's identity and contact details appear in any message sent to you. You may contact them directly to exercise any of your rights.
Option 3 — Contact Prospectra: if you cannot reach the Sender, or if you wish to report abusive behaviour (sending despite unsubscribe, list manifestly obtained unlawfully, unlawful content), you may contact us:
- for an abuse report: abuse@ of the Sender's domain (failing that, );
- for a GDPR request: .
In the latter case, Prospectra, as processor, will forward your request to the relevant Sender as soon as possible and ensure that it is handled in accordance with article 28.3.e of the GDPR. Prospectra may also, at your request and within the limits of its technical means, indicate whether your data is in the system and which Senders hold it.
A response will be provided within one month.
Lodging a complaint with the supervisory authority
If, after contacting us (or the Sender), you consider that your rights have not been respected, you may lodge a complaint with the French data protection authority (CNIL) — www.cnil.fr/plaintes — or with the supervisory authority of your habitual residence in the European Union.
7. Security
Prospectra implements the technical and organisational measures described in the user privacy policy, §10. These measures apply equally to User data and Prospect data.
8. Transfers outside the EU
Transfers outside the European Economic Area are framed by the guarantees detailed in the user privacy policy, §6.
9. Changes
This policy may be updated. The current version is always available at /legal/prospects-privacy. The change log is available at the bottom of this page.