Privacy policy

n addition to the GDPR and Law No. 78-17, Réseau DEF is committed to complying with this privacy policy (hereinafter the 'Privacy Policy') in the context of every personal data processing it carries out.

In particular, the protection of personal data is governed by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, otherwise known as the General Data Protection Regulation (hereinafter the “GDPR“) and Law No. 78-17 of 6 January 1978, as amended, known as the Data Protection Act (hereinafter the “Act no. 78-17“).

As part of their activities, Réseau DEF, a limited liability company with capital of 20,976,137.80 euros, whose registered office is at Parc d’activités du moulin de Massy, 7 rue du saule trapu – 91300 Massy, registered with the Évry Trade and Companies Register under number 340 087 576 and all its entities within the meaning of Article L. 233-1 of the French Commercial Code (hereinafter, the “Réseau DEF“) collect and process on their behalf personal data of their customers, prospective customers, subcontractors, service providers or various partners (hereinafter referred to generally as the “Customers“).

In addition to the GDPR and Act No. 78-17, Réseau DEF undertakes to comply with this privacy policy (hereinafter the “Privacy Policy“) in connection with each processing of personal data that it implements.

The purpose of the Privacy Policy is to inform, in a clear manner, all Customers about the data that Réseau DEF collects, what it does with it, how long it keeps it, the persons to whom it is likely to transmit it, the rights of the persons concerned and the protection measures that it implements.

 

The purpose of the Privacy Policy is to inform Customers of all information relating to personal data concerning them collected and processed by Réseau DEF.
The Privacy Policy applies only to the processing of personal data for which Réseau DEF acts as data controller. In this context, the processing of personal data may be carried out directly by Réseau DEF or through a processor specifically appointed by it.

 

In accordance with the applicable legislation on the protection of personal data, the processing of personal data by the Réseau DEF has a legal basis.

Réseau DEF processes the Customer’s personal data provided that the Customer:

  • (i) has entered into a contract for the provision of services and/or the acquisition of products;
  • (ii) completed an electronic collection form in order to take part in an event organised by the Réseau DEF;
  • (iii) registered or subscribed to services put online by the Réseau DEF (e.g. website, social networks, YouTube channel); and/or
  • (iv) the Customer’s express consent has been obtained (e.g. placement of cookies on the Customer’s browsing terminal when visiting a website published by Réseau DEF).

 

Réseau DEF collects and processes the personal data that the Customer voluntarily communicates to it either by means of a collection form or when concluding a contract for the provision of services and/or the acquisition of products.

Customers are informed on each personal data collection form of the compulsory or optional nature of their responses via an asterisk.

If answers are required, Réseau DEF will explain to Customers the consequences of not providing a response.

The personal data collected in this context are as follows:

NON-TECHNICAL DATA (depending on use case):

  • (i) Identification: surname, first name, title, job title, pseudonym, nickname, social networks;
  • (ii) Contact details: Telephone, e-mail address, postal address, fax… ;
  • (iii) Photo: when you grant us this right (usually taken at events or interviews at our events);
  • (iv) Professional life: profession, qualifications, professional experience…;
  • (v) Bank details if required;
  • (vi) Personal life and lifestyle habits (e.g. shopping habits, shopping plans).

Réseau DEF collects and processes the Customers’ personal data relating to their browsing and behaviour on an Internet site published by Réseau DEF.

The personal data collected in this context are as follows:

TECHNICAL DATA (depending on use case)

  • (i) Identification data (IP)
  • (ii) Connection data (logs in particular)
  • (iii) Data relating to consent (click) essentially for access to our services (Sentinel etc.)

Réseau DEF does not process sensitive data within the meaning of Article 9 of the GDPR (personal data revealing racial or ethnic origin, philosophical, political, trade union or religious opinions, sex life or health).

 

The purpose of this paragraph is to inform the Customer about the use by Réseau DEF of the data collected, directly or indirectly.

The processing of the Customer’s personal data by Réseau DEF is necessary to enable it to fulfil the following purposes:

  • (i) processing of files;
  • (ii) customer relationship management;
  • (iii) management of events organised by the Réseau DEF (conferences, breakfasts, etc.);
  • (iv) sending newsletters or news feeds;
  • (v) improving website navigation;
  • (vi) answers to questions put to it (by telephone or online);
  • (vii) responses to public or private invitations to tender;
  • (viii) personalised commercial follow-up;
  • (ix) improving its services;
  • (x) meeting our administrative obligations;
  • (xi) management of requests to exercise the rights of data subjects as listed in Article 8 below.

 

All personal data collected and processed by Réseau DEF is strictly confidential.

Réseau DEF undertakes not to transmit the personal data of its Customers to a third party likely to use them for its own purposes, without their express consent.

Réseau DEF ensures that data is only accessible to authorised internal or external recipients.

Internal recipients:

  • (i) All Réseau DEF employees Réseau DEF internal recipients are trained and authorised to process personal data.

External recipients:

  • (i) Service providers or support services (subcontractors, various service providers, etc.)
  • (ii) Lawyers, experts, agents, bailiffs, etc.
  • (iii) Judicial proceedings
  • (iv) Administration

When the recipient concerned is located outside the European Union, or in a country that does not have adequate regulation within the meaning of the GDPR, Réseau DEF organises its contractual relationship with this third party by adopting an appropriate contractual arrangement.

It should be noted that Réseau DEF may be required to transmit the personal data of its Customers in response to an injunction from the legal authorities.

 

Article 6. Retention period

The Customer’s personal data is kept for a period of three (3) years from the date of collection.

Audience measurement statistics are not kept for longer than thirteen (13) months.

However, at the end of the aforementioned periods, including as necessary from the date of the Customer’s request for deletion, the Customer’s personal data may be subject to intermediate archiving so that Réseau DEF can meet its legal retention obligations:

  • (i) the contract concluded in the context of a commercial relationship will be kept for five (5) years from its conclusion;
  • (ii) a contract concluded electronically for an amount equal to or greater than 120 euros will be kept for two (2) years from its conclusion;
  • (iii) bank documents will be kept for five (5) years from the date of their disclosure;
  • (iv) documents relating to the management of orders will be kept for ten (10) years;
  • (v) documents relating to the management of invoicing will be kept for ten (10) years.

Certain data may be archived beyond the periods stipulated (i) in the event of legal proceedings in order to establish the facts in question; and/or (ii) for the purposes of investigating, finding and prosecuting criminal offences with the sole aim of making this data available to the judicial authorities as required.

Archiving means that this data is anonymised and can no longer be consulted online, but is extracted and stored on an autonomous and secure medium.

Once the time limits set out in the aforementioned policy have expired, the data will be deleted.

 

AArticle 7. Rights of data subjects

Customers have a right of access, modification, opposition, limitation, portability, rectification, to define instructions about what happens to their data after their death and to delete their personal data, subject to compliance with the following rules:

  • (i) the request originates from the actual person and is accompanied by a copy of an identity document, up to date;
  • (ii) the request must be made in writing to the following address: rgpd@reseau-def.com

With regard to the right to data portability, Customers have the right to request a copy of their personal data being processed. The information requested will be provided in electronic form, unless expressly requested otherwise.

Customers are informed that these rights may never relate to information or data that is confidential or for which communication is not authorised by law. Under no circumstances may these rights allow access to documents subject to the Military Secret.

Customers’ right to have their personal data deleted shall not apply where processing is carried out in order to comply with a legal obligation.

The Customer may lodge a complaint with the competent supervisory authority at any time.

 

Réseau DEF informs its Customers that it may ask any processor of its choice to process their personal data.

Processor means any natural or legal person who processes personal data on behalf of Réseau DEF.

In this case, Réseau DEF ensures that the processor complies with its obligations under the GDPR. Réseau DEF undertakes to sign a written contract with all its processors and to impose the same data protection obligations on processors as its own. In addition, Réseau DEF reserves the right to audit its processors to ensure compliance with the provisions of the GDPR.

 

Article 9. Security

Réseau DEF is responsible for defining and implementing the technical security or physical measures it deems appropriate to prevent the accidental or unlawful destruction, loss, alteration or unauthorised disclosure of data.

The main measures include:

    • (i) the use of security measures for access to premises (locked offices, badges, etc.);
    • (ii) secured access to our computer workstations and smartphones (passwords changed regularly);
    • (iii) setting up login and password for all our business applications;

<(iv) management of access rights to data (specific to our finance, accounting and communications departments).

  • (v) use of VPNs for remote connections;
  • (vi) use of the complex password for our Wi-Fi network changed every month.

In any event, Réseau DEF undertakes, in the event of a change in the means used to ensure the security and confidentiality of personal data, to replace them with more effective means. No change can lead to a reduction in the level of security.

 

DEF Network holds a register of personal data processing which is available to the Commission Nationale de l’Informatique et des Libertés.

 

This policy may be amended or modified at any time in the event of changes in legislation, case law or European Commission decisions and recommendations.

Any new version of this policy will be brought to the attention of Customers by any means chosen by DEF Network, including electronic means (distribution by e-mail or online, for example).

 

Article 12. Information

For any further information, you can contact our GDPR Committee at the following email address: rgpd@reseau-def.com