The protection of personal data is governed in particular by Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, otherwise known as the General Data Protection Regulation (hereinafter the ” RGPD “) and Law no. 78-17 of January 6, 1978 as amended, known as the “Loi informatique et libertés” (hereinafter ” Law no. 78-17 “).
As part of its business activities, RESEAU DEFa limited liability company with share capital of 20,976,137.80 euros, headquartered at Parc d’activités du moulin de Massy, 7 rue du saule trapu – 91300 Massy, registered with the Evry Trade and Companies Registry under number 340 087 576, and all its entities within the meaning of article L. 233-1 of the French Commercial Code (hereinafter referred to as the “Group”). Réseau DEF “) collect and process on their behalf the personal data of their customers, prospects, subcontractors, service providers or various partners (hereinafter generally referred to as ” Customers “).
The purpose of the Confidentiality Policy is to clearly inform all Customers about the data that DEF Network collects, what it does with them, how long it keeps them, the persons to whom it is likely to transmit them, the rights of the persons concerned and the protection measures it implements.
Article 1: Purpose
The purpose of the Confidentiality Policy is to inform Customers of all information relating to personal data concerning them collected and processed by Réseau DEF.
Article 2. RGPD compliance
No processing of personal data is implemented by DEF Network if it does not comply with the general principles of the RGPD.
Customers will be informed of any new processing, modification or deletion of existing processing by means of an amendment to this policy.
Article 3. Legal basis for processing
In accordance with applicable legislation on the protection of personal data, the processing of personal data by Réseau DEF has a legal basis.
Réseau DEF processes the Customer’s personal data provided that the Customer :
- (i) has entered into a contract for the provision of services and/or the purchase of products ;
- (ii) has completed an electronic collection form in order to participate in an event organized by the DEF Network;
- (iii) has registered or subscribed to services made available online by the DEF Network (e.g., website, social networks, YouTube channel); and/or
- (iv) that the Customer’s express consent has been obtained (e.g. deposit of cookies on the Customer’s navigation terminal when visiting an Internet site published by Réseau DEF).
Article 4. Types of personal data collected
Réseau DEF collects and processes the personal data that the Customer voluntarily communicates to it either by means of a collection form or when concluding a contract for the provision of services and/or the acquisition of products.
Customers are informed on each personal data collection form of the compulsory or optional nature of their answers by the presence of an asterisk.
Where answers are compulsory, DEF explains the consequences of not answering.
The personal data collected in this context are as follows:
NON TECHNICAL DATA (depending on use) :
- (i) Identification: surname, first name, title, job title, pseudonym, social network pseudonym ;
- (ii) Contact details: Telephone, e-mail address, postal address, fax, … ;
- (iii) Photo: when you grant us this right (usually taken during events or interviews at our events);
- (iv) Professional life: profession, qualifications, work experience, … ;
- (v) Bank details if required ;
- (vi) Personal life and lifestyle habits (e.g. shopping habits, purchasing plans).
Réseau DEF collects and processes the Customer’s personal data relating to his browsing and behaviour on an Internet site published by Réseau DEF.
The personal data collected in this context are as follows:
TECHNICAL DATA (according to use)
- (i) Identification data (IP)
- (ii) Connection data (logs in particular)
- (iii) Consent data (click) mainly for access to our services (Sentinel etc.)
Réseau DEF does not process sensitive data within the meaning of Article 9 of the RGPD (personal data revealing racial or ethnic origin, philosophical, political, trade union or religious opinions, sex life or health).
Article 5. Purposes of processing
The purpose of this paragraph is to inform the Customer about the use by DEF Network of data collected directly or indirectly.
The processing of the Customer’s personal data by Réseau DEF is necessary to enable it to fulfil the following purposes:
- (i) processing ;
- (ii) customer relationship management ;
- (iii) management of events organized by the DEF Network (conferences, breakfasts, etc.);
- (iv) sending newsletters or information feeds;
- (v) to improve site navigation;
- (vi) answers to questions (by telephone or online) ;
- (vii) responses to public or private invitations to tender;
- (viii) personalized sales follow-up ;
- (ix) improvement of its services ;
- (x) meeting our administrative obligations ;
- (xi) management of requests to exercise the rights of data subjects as listed in article 8 below.
Article 6. Recipients of personal data
All personal data collected and processed by Réseau DEF is strictly confidential.
Réseau DEF undertakes not to transmit the personal data of its Customers to a third party likely to use them for its own purposes, without their express consent.
Réseau DEF ensures that data is only accessible to authorized internal or external recipients.
Internal recipients :
- (i) All DEF Network employees DEF Network internal recipients are trained and authorized to process personal data.
External recipients :
- (i) Service providers or support services (subcontractors, various service providers, etc.)
- (ii) Lawyers, experts, agents, bailiffs, etc.
- (iii) Legal proceedings
- (iv) Administration
When the recipient concerned is located outside the European Union, or in a country that does not have adequate regulation within the meaning of the RGPD, Réseau DEF frames its contractual relationship with this third party by adopting an appropriate contractual arrangement.
It should be emphasized that Réseau DEF may be required to transmit the personal data of its Customers in response to an injunction from the legal authorities.
Article 7. Shelf life
The customer’s personal data is kept for a period of three (3) years from the date of collection.
Audience measurement statistics are not kept for longer than thirteen (13) months.
However, at the end of the aforementioned periods, including as necessary from the date of the Customer’s request for deletion, the Customer’s personal data may be subject to intermediate archiving so that Réseau DEF can meet its legal retention obligations:
- (i) the contract concluded as part of a commercial relationship will be kept for five (5) years from its conclusion;
- (ii) contracts concluded by electronic means for an amount equal to or greater than 120 euros will be kept for two (2) years from their conclusion;
- (iii) bank documents will be kept for five (5) years from the date of their communication;
- (iv) documents relating to the management of orders will be kept for ten (10) years;
- (v) documents relating to billing management will be kept for ten (10) years.
Some data may be archived for longer periods than those specified. (i) in the event of contentious proceedings in order to establish the reality of the facts in dispute; and/or (ii) for the purposes of investigating, ascertaining and prosecuting criminal offences, with the sole aim of making such data available to the judicial authorities where necessary.
Archiving means that this data is anonymized and can no longer be consulted online, but is extracted and stored on an autonomous, secure medium.
Once the time limits set out in the policy have elapsed, the data is deleted.
Article 8. Rights of persons concerned
Customers have a right of access, modification, opposition, limitation, portability, rectification, to define directives concerning the fate of their data after their death and deletion of their personal data, the latter being subject to compliance with the following rules:
- (i) the request is made by the individual himself/herself and is accompanied by a copy of an up-to-date identity document;
- (ii) the request must be made in writing to the following address: firstname.lastname@example.org
In accordance with the right to data portability, customers have the right to request a copy of their personal data being processed. The information requested will be provided in electronic form, unless expressly requested otherwise.
Customers are hereby informed that these rights may never relate to confidential information or data, or to data for which communication is not authorized by law. Under no circumstances may these rights allow access to documents subject to the Secret Défense.
The right to the deletion of customers’ personal data shall not apply where processing is carried out in order to comply with a legal obligation.
The customer may, at any time, lodge a complaint with the competent supervisory authority.
Article 9. Subcontracting
Réseau DEF informs its Customers that it may involve any subcontractor of its choice in the processing of their personal data.
The subcontractor refers to any individual or legal entity that processes personal data on behalf of Réseau DEF.
In this case, DEF Network ensures that the processor complies with its obligations under the RGPD. Réseau DEF undertakes to sign a written contract with all its subcontractors and to impose the same data protection obligations on subcontractors as it does. In addition, DEF Network reserves the right to audit its subcontractors to ensure compliance with the provisions of the RGPD.
Article 10. Optional or compulsory answers
Customers are informed on each personal data collection form of the compulsory or optional nature of their answers by the presence of an asterisk. Where answers are compulsory, DEF explains the consequences of not answering.
Article 11. Subcontracting
Réseau DEF informs its Customers that it may involve any subcontractor of its choice in the processing of their personal data. The subcontractor refers to any individual or legal entity that processes personal data on behalf of Réseau DEF.
In this case, DEF Network ensures that the processor complies with its obligations under the RGPD.
Réseau DEF undertakes to sign a written contract with all its subcontractors and to impose the same data protection obligations on subcontractors as it does. In addition, DEF Network reserves the right to audit its subcontractors to ensure compliance with the provisions of the RGPD.
Article 12. Security
Réseau DEF is responsible for defining and implementing the technical security or physical measures it deems appropriate to protect against the accidental or unlawful destruction, loss, alteration or unauthorized disclosure of data.
These measures include the following:
- (i) the use of security measures for access to premises (locked offices, badges, etc.);
- (ii) secure access to our computers and smartphones (passwords changed regularly);
- (iii) setting up login and password for all our business applications;
- (iv) data access authorization management (specific to our finance, accounting and communications departments);
- (v) use of VPN for remote connections ;
- (vi) use of a complex password for our Wi-Fi network, changed monthly.
In any event, in the event of a change in the means used to ensure the security and confidentiality of personal data, Réseau DEF undertakes to replace them with means of superior performance. No development can lead to a reduction in the level of safety.
Article 13. Treatment register
Réseau DEF keeps a register of personal data processing, which is available to the French Data Protection Authority (Commission nationalité informatique et liberté).
Article 14. Evolution
The present policy may be modified or amended at any time in the event of changes in legislation, case law, or the decisions and recommendations of the European Commission.
Any new version of the present policy will be brought to the attention of Customers by any means chosen by Réseau DEF, including electronic means (distribution by e-mail or online, for example).
Article 15. Information
For any further information, you can contact our RGPD Committee at the following email address: email@example.com