THE RELATIONSHIP WITH A LEADS GENERATOR, THE REFLEXED GOODS

Today, the activity of lead generators is confronted with a paradox: it is becoming an important lever in the acquisition of new customers and is increasingly subject to theimportant sanctions, by DGCCRF or CNIL. Furthermore, since the sanction1, the penalties imposed by public authorities are no longer limited to an operator but to an entire sector value chain ...

The sanction highlights issues that have become crucial for any operator wanting to use lead generators: the need for accountability and the need to frame their contractual relations.

For this reason, and in the face of a niche area that remains complex and difficult to grasp at first glance, we have listed points of vigilance on which we consider it important to stagnate to minimize the risk, before and during the performance.

1. Ensure the level of maturity of the lead generator in GDPR matters:

Before contracting with a lead generator, you must always be interested in its practices. Today, even if any actor dealing with personal data has an obligation to comply with the GDPR, not all have the same level of maturity. So we can only advise to check this level of maturity.

The purpose of this audit is to ensure that theGDPR rulesThe Commission is also concerned that the Commission's proposal for a directive on the protection of the environment is not in line with the principles of the internal market.

In this respect, CNIL specifies what it expects in terms of controls: first of all, it is clear that it follows from these provisions that, as the controller, the company (...) is required to verify that the conditions for conducting commercial prospecting operations are met. In this respect, the responsibility of an organization could be held to be responsible by considering that a mere contractual commitment by its data broker to comply with the GDPR and the applicable rules on commercial prospecting was not sufficient.

1https://www.legifrance.gouv.fr/cnil/id/CNILTEXT000049231950

But then what to check in practice?

• that the prospect has obtained all the information necessary for a good understanding of the collection and processing of its data: in practice make sure that it knows who/how/why;

• the prospect, once informed, is willing and willing to collect and process its data in the conditions to which it has been informed;

• the lead generator asks the prospect the right questions so that it can really target its needs.

In asking these questions ahead of the delivery, we document its compliance, we take responsibility and guarantee that the principle of privacy by design is taken into account from the outset, i.e. to configure the service so that it is, in principle, in accordance with the applicable regulations.

2.Lead generators with legal teams

Until recently, lead generators were not on the frontlines in terms of sanctions imposed by public authorities. Recently, it has been regularly understood that a particular actor does not comply with the legislation, several decisions have stressed the importance of respect for legal frameworks, particularly those resulting from thedecree Naegelen and the adjustments provided for by the Cazenave law.

In this context, a determining factor in the selection of its lead generator in view of its maturity may or may not be the presence of a legal resource. These resources are proof that regulatory subjects are taken into account by lead generators but above all are the guarantee of having a qualified and privileged interlocutor on sometimes complex subjects.

Secondly, and as in the context of a call for tenders, the lead generator to be selected should meet a number of criteria including compliance with regulatory standards. It is therefore important to establish this grid with its legal department and to ensure that these standards are met in the opposite direction.

3.Contracting to frame the customer relationship

Today, sector practice generally favours the signature of quotations or purchase orders. However, these documents often prove insufficient to adequately frame the contractual relationship between the lead generator and the customer. Their synthetic nature leaves too much room for interpretation, creating areas of uncertainty that could be detrimental to both parties.

In this context, we strongly recommend that a detailed contract be negotiated, which allows us to address and clarify several crucial aspects, including: delivery terms; termination; GDPR guarantees; mutual responsibilities; ...

A thorough negotiation of the contract offers several significant advantages, as by anticipating potential scenarios, you reduce areas of legal and operational uncertainty. You de facto integrate a risk management dimension into your relationship with the lead generator. This proactive approach allows you to anticipate potential problems and to put in place appropriate resolution mechanisms.

The negotiation process also allows for a better understanding and clarification of the expectations and constraints of each party and thus for the removal of the veil on some complex aspects of thethe activity of the lead-intentionist generators.

Although potentially more time-consuming initially, negotiating a detailed contract with your lead generator is a wise investment.

4. Audit

Recent case law has significantly increased the responsibility of the client's client, who is now required to be more vigilant about the data collection practices of his provider.

In order to meet these new regulatory requirements, the integration of a robust audit clause is essential. Contrary to the ideas received, this clause must be conceived as a bilateral instrument, which can be invoked by both the client and the provider.

This two-way approach meets a dual objective:

• For the client: ensure compliance with the provider's data collection methods.

• For the provider: check the customer's compliance with certain specific regulations, such as the Naegelen decree.

The integration of an audit clause allows not only to assess the business processes related to delivery, but also to co-build them from a long-term perspective. This collaborative approach encourages continuous adaptation to regulatory and technological developments.

The complexity and technicality inherent in these processes require increased communication and cooperation between the client and the lead generator, which must be time-consuming, covering the entire delivery, to ensure consistent compliance and agile adaptation to regulatory changes.