GDPR

Security and protection of personal data

Warnings

This tool is made available to you free of charge. The tool is based on information derived from the firm’s professional analysis of EPM compliance. However, since compliance is a dynamic process and any situation is unique, the information provided should be tailored and should not be considered exhaustive or accurate.

Unless you request a review and validation by the firm, the document generated is considered to be information only. Consequently, you are solely responsible for the interpretations made of the information provided, the advice you derive from it and the adaptations made for your own commercial activity. The use and operation of the tool is therefore under your sole responsibility and at your own risk.

Definitions :

The Publisher: The person, natural or legal person, who publishes communication services to the public online.
The Site: All the sites, web pages and online services offered by the Publisher.
The User: The person using the Site and the services.

Nature of the collected data

In the context of the use of the Sites, the Publisher may collect the following categories of data concerning its Users:

Vital statistics, identity, identification data…

Connection data (IP addresses, event logs…)

Communication of personal data to third parties

No disclosure to third parties

Your data will not be disclosed to third parties. You are informed, however, that they may be disclosed pursuant to a law, a regulation or a decision of a competent regulatory or judicial authority.

Prior information for the disclosure of personal data to third parties in the event of a merger / takeover

Collection of opt-in (consent) prior to data transmission following a merger / acquisition

In the event that we take part in a merger, acquisition or any other form of disposal of assets, we undertake to obtain your prior consent to the transmission of your personal data and to maintain the level of confidentiality of your personal data to which you have consented.

Purpose of the re-use of personal data collected

Carry out operations relating to the management of clients concerning

contracts; orders; deliveries; invoices; accounting and in particular the management of accounts receivable
a loyalty programme within one or more legal entities ;
customer relationship management, such as conducting satisfaction surveys, managing complaints and after-sales service
the selection of customers to carry out studies, surveys and product tests (except with the consent of the data subjects collected under the conditions laid down in Article 6, these operations must not lead to the establishment of profiles likely to reveal sensitive data – racial or ethnic origin, philosophical, political, trade union or religious opinions, sexual life or health of persons)

Carry out operations relating to prospecting

the management of technical exploration operations (which includes technical operations such as standardization, enrichment and deduplication)
the selection of people to carry out loyalty actions, canvassing, surveys, product testing and promotion. Except with the consent of the data subjects collected under the conditions laid down in Article 6, these operations must not lead to the establishment of profiles likely to reveal sensitive data (racial or ethnic origin, philosophical, political, trade union or religious opinions, sexual life or health of persons).
the carrying out of solicitation operations

The development of trade statistics

Data aggregation

Aggregation with non-personal data

We may publish, disclose and use aggregated information (information about all of our Users or specific groups or categories of Users that we combine in such a way that an individual User can no longer be identified or referred to) and non-personal information for industry and market analysis, demographic profiling, promotional and advertising purposes and other business purposes.

Aggregation with personal data available in the User’s corporate accounts

If you connect your account to an account of another service for the purpose of cross-mailing, that service may provide us with your profile information, login information, and any other information you have authorized to be disclosed.

We may aggregate information about all our other Users, groups, accounts, and personal data available about the User.

Collection of Identity Data

Free consultation

Consultation of the Site does not require prior registration or identification. It can be carried out without you communicating any personal data concerning you (surname, first name, address, etc.). We do not record any personal data for the simple consultation of the Site.

Collection of identification data

Use of the user’s identifier only for access to services

We use your electronic identifiers only for and during the execution of the contract.

Collection of terminal data

Collection of profiling and technical data for the purpose of providing the service

Some of the technical data of your device is collected automatically by the Site. This information includes, but is not limited to, your IP address, Internet service provider, hardware configuration, software configuration, browser type and language . The collection of this data is necessary for the provision of services.

Collection of technical data for advertising, commercial and statistical purposes

The technical data of your device is automatically collected and recorded by the Site for advertising, commercial and statistical purposes. This information helps us to personalize and continually improve your experience on our Site. We do not collect or store any personal data (surname, first name, address, etc.) that may be attached to technical data. The data collected may be resold to third parties.

Cookies

Cookie retention time

In accordance with the recommendations of the CNIL, the maximum retention period for cookies is a maximum of 13 months after their first deposit in the User’s terminal, as is the duration of the validity of the User’s consent to the use of these cookies. The lifetime of cookies is not extended with each visit. The User’s consent must therefore be renewed at the end of this period.

Purpose cookies

Cookies may be used for statistical purposes, in particular to optimise the services rendered to the User, from the processing of information concerning the frequency of access, the personalisation of pages as well as the operations carried out and the information consulted.
You are informed that the Publisher may place cookies on your terminal. The cookie records information relating to navigation on the service (the pages you have consulted, the date and time of the consultation…) that we will be able to read during your subsequent visits.

The User’s right to refuse cookies, as deactivation will result in a deterioration of the service’s operation.

You acknowledge that you have been informed that the Publisher may use cookies, and authorize it to do so. If you do not want cookies to be used on your device, most browsers allow you to disable cookies by going to the settings options. However, you should be aware that some services may no longer function properly.

Possible association of cookies with personal data to enable the operation of the service

The Publisher may collect browsing information through the use of cookies.

Retention of technical data

Retention period of technical data

The technical data are kept for the time strictly necessary to achieve the purposes referred to above.

Period of retention of personal data and anonymisation

Retention of data for the duration of the contractual relationship

In accordance with article 6-5° of the law n°78-17 of January 6, 1978 relating to data processing, files and liberties, personal data subject to processing are not kept beyond the time necessary for the performance of the obligations defined at the time of the conclusion of the contract or the predefined duration of the contractual relationship.

Retention of anonymised data beyond the contractual relationship / after deletion of the account

We keep personal data for the time strictly necessary to achieve the purposes described in these TOS. Beyond this period, they will be anonymised and kept for exclusively statistical purposes and will not be used for any other purpose whatsoever.

Deletion of data after deletion of the account

Means shall be put in place to purge data in order to provide for their effective deletion as soon as the retention or archiving period necessary for the fulfilment of the purposes determined or imposed is reached.

In accordance with the law n°78-17 of January 6, 1978 relating to data processing, data files and liberties, you also have the right to delete your data which you can exercise at any time by contacting the Publisher.

Deletion of data after 3 years of inactivity

For security reasons, if you have not authenticated yourself on the Site for a period of three years, you will receive an e-mail inviting you to connect as soon as possible, otherwise your data will be deleted from our databases.

Account deletion

Account deletion on request

The User has the possibility to delete his Account at any time, by simple request to the Editor OR through the Account deletion menu present in the Account settings if necessary.

Deletion of the Account in case of violation of the TOS

If you violate any provision(s) of the TOS or any other document incorporated herein by reference, the Publisher reserves the right to terminate or restrict, without prior notice and at its sole discretion, your use and access to the Services, your account and all Sites.

Indications in the event of a security breach detected by the Publisher

Information of the User in case of a security breach

We undertake to implement all appropriate technical and organisational measures to guarantee a level of security appropriate to the risks of accidental, unauthorised or illegal access, disclosure, alteration, loss or destruction of your personal data. In the event that we become aware of illegal access to your personal data stored on our servers or those of our service providers, or unauthorized access resulting in the realization of the risks identified above, we undertake to :

Notify you of the incident as soon as possible;
Examine the causes of the incident and inform you;
Take the necessary measures within the limits of reasonableness in order to reduce the negative effects and prejudices that may result from the said incident.

Limitation of liability

Under no circumstances can the commitments defined in the above point relating to notification in the event of a security breach be assimilated to any admission of fault or liability for the occurrence of the incident in question.

Transfer of personal data abroad

No transfers outside the European Union

The Publisher undertakes not to transfer the personal data of its Users outside the European Union.

Modification of the TOS and Privacy Policy

In the event of a modification of the present TOS, commitment not to substantially reduce the level of confidentiality without prior information of the persons concerned.

We undertake to inform you in the event of a substantial modification of these TOU, and not to lower the level of confidentiality of your data substantially without informing you and obtaining your consent.

Applicable law and terms of recourse

Arbitration clause

You expressly agree that any dispute that may arise from these TOS, including its interpretation or execution, will be subject to arbitration proceedings under the rules of the arbitration platform chosen by mutual agreement, to which you will adhere without reservation.

Data portability

Data portability

The Publisher undertakes to offer you the possibility of having all your data returned to you on request. The User is thus guaranteed a better control of his data, and keeps the possibility of reusing them. These data must be provided in an open and easily reusable format.