Universal Registration Document 2025

4.3.11.6 Modes of dialogue with consumers and end-users

Interactions with consumers and end-users mainly take place at three key points in the communication and technology professions: upstream of the projects, during the project itself, and afterwards. [S 4-2-20 (a)&(b)] This work may be carried out by the agency alone or with the support of a specialized consulting firm. Five types or moments of dialogue can be distinguished:

• upstream, the agency’s strategic thinking will be based on quantitative and qualitative studies and surveys. Their purpose is to enable teams to listen to the intentions, expectations and reactions of potential consumers and end-users. From this active listening, a certain number of arguments emerge that are shared with clients. This preliminary work is essential for the entity’s strategic planning and consulting teams, for a good understanding of the context in which the campaign will then take place. This phase provides important keys to the success of the project;
• during the project, the immediate nature of the online feedback allows consumers and end-users to look directly to the brand at any time, and to express their positive (or negative) point of view. This is considered engagement with consumers because the dialogue is direct and instant, without an intermediary between the brand and its consumers. The agency, which supports its client, can then intervene at its request to strengthen arguments that work and increase the level of satisfaction;
• afterwards: this stage is essential because it takes a step back at the end of an operation or communication campaign to collect other information, which will be useful to the brand for its future projects; [S4-1-16 (b)]
• Agencies have set up local stakeholder committees (France, United Kingdom, etc.), enabling regular dialogue not only with clients and partners, but also with associations representing consumers and/or end users, or organizations committed to causes that benefit a wider population (e.g. environmental associations).
• Finally, agencies are in contact with local consumer and user associations or other nongovernmental associations (NGOs). These relationships are useful and make it possible to explain a brand’s project beforehand, and potentially to cooperate in order to ensure that consumer expectations are met. These meetings are held according to the projects and are conducted locally in order to be in tune with a context that is by definition unique. They are initiated and monitored by the agency’s management and/or CSR teams.

By way of illustration, the policies put in place by Epsilon describe how consumers or end-users can exercise their rights simply and directly on the website: https://legal.epsilon.com/dsr. These policies are reviewed annually to ensure that they comply with the local regulatory context and incorporate best practices. [S4-1-AR 13]

The example of Free Thinking in France : a pioneer and pure player in collaborative work, FreeThinking is dedicated to the detection of trends and insights in France and internationally – studies conducted in 26 countries. For nearly 20 years, they have been developing their investigative tools in the service of social and societal listening. The FreeThinking conversational platform is a 100% responsive agora for an “ATAWAD” reflection⁽¹⁾ as close as possible to new consumer uses, and the FreeThinking Gallery is a space for illustrations/photos. These tools are designed to work iteratively and push reflection as far as possible, as well as to work in projection or observation.

4.3.11.7 Data security system and role of the Global Security Office (GSO)

1) Governance, organization and mission

The GDPO (Global Data Privacy Office) is an experienced team of specialists, lawyers and certified professionals, working under the supervision of the Chief Data Protection Officer (CDPO). [ESRS 2 MDR-P-65 (c)]. The GDPO is part of the Groupe’s Legal Department, which reports to the Secretary General. Its role is to oversee the data protection program, advise agencies on protection issues and help them with risk management. It also participates in various professional bodies or joint initiatives such as IAB EU’s Transparency & Consent Framework and the IAB (Interactive Advertising Bureau). The deployment of the global data protection program is managed by a central team, in charge of the implementation and support to the local Country/Regional Privacy Operational Leads. They work closely with the Data Privacy Stewards appointed in each agency to implement the action plan, worldwide. This hybrid operation, with centralized and local governance, ensures that all entities are aligned behind the same principles and rules, while enabling agencies to respond to more specific issues linked to their country or region.

The GDPO and GDPOps teams work closely with the GSO (Global Security Office) on technical or organizational aspects to ensure the protection of personal data and their encryption, transfer and storage, as well as destruction. A Group process is dedicated to incident response (Incident Response Process) to manage cybersecurity incidents and data breaches. [ESRS 2 MR-A]