34 / 71
Societal Indicators
Vivendi’s Four “Core” Issues Relating to Human Rights
4.1.4.
VALUATING AND PROTECTING
PERSONAL DATA
Personal data protection is a strategic issue for the group, which must
build relationships of trust with its audiences. It is one of Vivendi’s four
“core” CSR issues. Since 2015, it has been included in the CSR criteria
taken into account in the variable compensation of senior executives. The
Data and Content Protection Charter adopted in 2008 and implemented
in each of the subsidiaries, defines Vivendi’s commitments in relation
to the collection and management of customers’ personal data and the
protection of content. Vivendi and its subsidiaries have a designated
officer responsible for the protection of personal data.
POLICIES PUT IN PLACE TO PROTECT
CUSTOMERS’ PERSONAL DATA
GRI
UNGC OECD Scope covered
G4-DMA PR
Customer Privacy aspect,
DMA HR MSS
1, 2
IV,
VIII.6
UMG
Canal+ Group
Vivendi Village
Canal+ Group complies with the French Act on Information Technology,
Data Files and Civil Liberties, which requires organizations engaged
in the processing or handling of data files to guarantee the security of
those files. Thus a dedicated team within the group’s Legal department
develops the personal data protection policy, monitors it, and manages
relations with the CNIL (the French data protection authority).
The issue of personal data protection is taken into account specifically
in the training provided to customer advisors. In 2015, for example, the
“Customer Relations” certification (see Section 4.3) included a section on
raising awareness of data confidentiality. Responsible use of personal
data is also taken into account in the customer relationship itself.
An intensity relations team ensures that during customer relations,
communications are harmonious and personal information is treated
respectfully.
The entities are also mobilized at an international level. The Polish
subsidiary of Canal+ Group has a strict policy covering security of
personal customer data, and in 2015 more than 500 of its staff were
trained on this topic. In addition, Canal+ Afrique explicitly includes
contractual provisions in its contracts with distributors and mobile
operators that have access to subscribers’ personal data that require
them to agree to the confidentiality of that data.
In its Code of Conduct, used in every country where the group operates,
UMG stresses the need to protect its customers’ personal data. In 2015,
UMG also appointed a Privacy Officer, whose mission is to ensure that
the procedures established by UMG properly protect the personal data of
its customers and employees and to review the data transfer provisions
contained in contracts with upstream and downstream third parties.
At UMG, emphasis is also placed on staff training and in 2015 more than
2,300 staff underwent online training devoted to protecting personal
data. Moreover, UMG is reviewing its customer data protection policies in
order to receive TRUSTe certification which attests to the implementation
of best practices in regard to confidentiality and protection of personal
data.
Vivendi Village’s entities, Watchever and See Tickets, each display on
their website their policy in the area of personal data.
DESCRIPTION OF ACTIONS FOR RAISING
THE AWARENESS OF CUSTOMERS REGARDING
PERSONAL DATA AND INFORMATION CONCERNING
PRIVATE LIFE ONLINE
GRI
UNGC OECD Scope covered
G4-DMA PR
Customer Privacy aspect,
DMA HR MSS
1, 2
IV,
VIII.6
UMG
Canal+ Group
In order to ensure that customers are aware of the management of
information collected from them, Canal+ Group defines clearly, in its
General Subscription Conditions, the rules applying to the use of personal
customer data. As regards services dedicated to young users, the General
Conditions of Sale of the Canalplay Kids offer specify the details of
personal data processing, and the website of nc+
(www.miniminiplus.pl),
which offers audiovisual programs, video games and creative workshops
for young children, also displays its confidentiality policy relating to the
information it collects.
For its customers, UMG makes its policy on use of personal data available
on the group’s sites
(privacypolicy.umusic.com). This helps customers
better understand and manage information about themselves, and
especially the option to authorize or refuse collection of their data. For
young audiences, UMG requires consent by a parent or guardian when
web users between the ages of 13 and 16 subscribe to its online music
sites. Websites that are likely to appeal to children provide a Safe Surfing
Guide to help parents and children control their Internet experience.
EXTRA-FINANCIAL INDICATORS HANDBOOK
2015
34