This privacy policy (hereinafter the ‘Privacy Policy’) describes how Neteven, as defined in Article 1 below, collects, uses, shares, and more generally, processes Personal Data as defined below.
Any mention of the term ‘Neteven’ refers to the Neteven entity defined below, which acts as the controller of your Personal Data pursuant to the General Data Protection Regulation (GDPR), as further explained in this Privacy Policy.
This policy is subject to change, particularly when necessary to meet the requirements of data protection regulation. You are therefore encouraged to visit our site regularly on this page to remain informed of any changes.
1. DEFINITIONS
Each of the following terms, used in the singular or plural, shall have the meaning assigned by its definition:
The terms ‘personal data’ (hereinafter ‘Personal Data’), ‘categories of data’, ‘process/processing’, ‘controller’ and ‘subcontractor’ hold the meaning given to them in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, hereinafter ‘GDPR’) and Law No. 78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties, as amended by Decree No. 2019-536 of 30 May 2019 (hereinafter together ‘IT and liberties regulations’).
‘Customer’: the organization (legal entity) that has entered into the contract with Neteven.
‘Neteven’: refers to the Company Neteven, registered in the Paris Business and Company Register (RCS) under number 485 374 649 and headquartered at 40-44 Rue Letort, 75018 Paris, France and to its Affiliated Companies.
‘Website’ www.neteven.com
‘Third-party services’: tools and/or platforms and/or software made available and operated by third parties.
‘Affiliated companies’: existing and future companies controlled by, controlling or under common control with the company Neteven, as the term ‘control’ is defined in Article L233-3 of the Commercial Code.
2. APPLICABILITY OF THIS PRIVACY POLICY
This Privacy Policy applies to the Website as well as to other interactions that you may have with Neteven (e.g. customer service inquiries, forms or email correspondence of any kind with prospective or existing customers).
If you do not agree with the content of the Privacy Policy, we invite you not to access the Website, nor engage with Neteven in any way.
This Privacy Policy does not apply to Third-party services. They have their own privacy policies and you are invited to refer to them.
3. COLLECTION AND OBTENTION OF PERSONAL DATA
1.Personal data provided by you or by a third party (customer, supplier, etc.)
Neteven may directly or indirectly collect Personal Data concerning you by the following means:
– When you interact with Neteven on the Website, in particular by completing an online form;
– When you subscribe to Neteven newsletters;
– For the purpose of marketing campaigns of any nature and satisfaction surveys carried out by Neteven;
– When you register for an event (e.g. webinars);
– When sending and receiving emails, in particular if you contact us to obtain information regarding Neteven products;
– When you take part in a discussion group, a contest or when you interact with Neteven’s social media accounts or otherwise communicate with Neteven;
– When you are the representative of a Neteven Customer;
– When you are the representative of a Neteven Supplier;
– When you apply for a job at Neteven.
Concerning indirectly collected data, Neteven may, as indicated above, collect data concerning you within the framework of contractual relations with its customers and suppliers. This data is usually transmitted to Neteven by the person designated by the customer or supplier to deal with Neteven. This data is mainly contact data, such as first name, last name, title, business mailing address, business email address, business telephone number and job title.
Neteven may also process applications submitted by recruitment agencies.
This Personal Data may be supplemented by other sources, including those listed below.
2. Passively collected personal data
When you visit our Website, certain Personal Data is automatically collected, including:
– Connection and traffic data: Neteven servers automatically collect and record information when you access the Web site. These records may include the Internet Protocol address (IP address), the address of the web page you visited prior to using the Web site, the type of browser used and information about its browser configuration and plug-ins, the date and time of use of the Services, language preferences, and cookie data (for more details, please refer to our Cookies Policy).
– Device information: Neteven collects information about devices, including the type of device, its operating system, device settings, application identifiers, unique device identifiers, and shutdown data.
– Communication-related information: Neteven may also collect information concerning your communication with Neteven, via email, in particular to know if you have read, transferred, or clicked on a message.
– Cookie information: Neteven collects information by using cookies and similar technology on the Website. The Website may include similar cookies and tracking technology which may collect information about you via third-party services. To learn more about how Neteven uses these technologies please consult the Cookies Policy.
4. USE OF PERSONAL DATA
As the controller pursuant to the IT and liberties regulations, Neteven may use Personal Data for the following purposes, based on the corresponding legal provision:
Purpose | Legal provision | Duration |
Management of accounts receivable or payable and other administrative matters such as invoicing | Legitimate interest (customer and supplier relationship management) | Duration of the contract and legal retention period |
Marketing (campaigns, online or trade show events, customer satisfaction surveys) | Consent or legitimate interest (communications with professionals) | Withdrawal of consent or duration of the event or termination of the Customer account |
Communication on new product features, promotions or any other news related to Neteven | Consent or legitimate interest (communications with professionals) | Withdrawal of consent or termination of the Customer account or data inactive for 2.5 years. |
Customer relationship management | Legitimate interest (customer relationship management) | Duration of the business relationship |
Security assessments and the prevention of security or fraud problems and potential abuse | Legitimate interest | Duration required to manage security or fraud assessments and to resolve any problems. Extension possible in the event of litigation. |
Management of requests via the contact form or any other means | Consent | Withdrawal of consent or duration required to process the request |
Job applications | Consent | Withdrawal of consent or termination of the recruitment process |
Statistics and reporting on visitors to the Websites | Consent and legitimate interest | Durations vary but do not exceed 13 months (see Cookies Policy) |
Personal Data will be used by Neteven in accordance with applicable regulations.
5. DATA RETENTION
In addition to the retention periods indicated above, Neteven, in its capacity as data controller, retains Personal Data used for related processing in accordance with the various legal or regulatory obligations when they exist, for all of its activities.
Where no legal or regulatory provision exists, Neteven defines the retention period for Personal Data used for related processing in line with the provisions of GDPR regulation (Article 5, paragraph 1e))
As such, Neteven may retain the data for any useful period insofar as the applicable limitation period allows.
6. SHARING AND DISCLOSURE OF INFORMATION
Data collected and processed by Neteven for the purposes mentioned above may be shared with:
– the customer service department, the marketing department and the technical department of Neteven,
– the administrative, accounting and legal departments of Neteven,
– the general management team as well as the direct manager involved in a recruitment process,
– companies from which Neteven requests services, on the understanding that these service providers are contractually obliged to protect the personal data shared with them in this context,
– affiliates for the purpose of providing information about their products and services.
Neteven may share your email address with subcontractors located outside of the European Union who may use emailing tools. Such transfers are governed by standard contractual clauses (see Paragraph 8 on ‘Data transfer’). A copy of these clauses can be requested from Neteven by email at the following address: dpo@neteven.com.
7. SECURITY
Protecting your Personal Data is very important at Neteven. Neteven takes the necessary technical and organizational measures to ensure the security of your Personal Data and prevent any risk of loss, misuse and unauthorized access or disclosure. These measures take into account the sensitivity of the information that Neteven collects, processes and stores and the current state of technology. These measures apply, in whole or in part, to certain cases of processing of Personal Data.
7.1 TECHNICAL SECURITY MEASURES
1. Personal Data encryption: based on the processing involved and the degree of sensitivity of the Personal Data, Neteven may encrypt the Personal Data, for its storage in databases (at rest) as well as for the transit of this Personal Data.
2. Guarantee of the ongoing confidentiality, integrity, availability and resilience of the processing systems: all forms of processing used are defined in accordance with GDPR obligations and Neteven’s interpretation of said obligations, in particular with regard to the assessment of risks related to Personal Data collection. These resources may be managed by Neteven itself or delegated to third-party hosts who meet high security standards.
3. Resources to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident: all forms of processing used are defined in accordance with GDPR obligations and Neteven’s interpretation of said obligations, in particular with regard to the assessment of risks related to Personal Data collection.
4. A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing: the Information Systems Security Policy (PSSI) describes the organization and means provided to establish the measures that are applicable on Neteven’s Internal Information System, which may contain Customer Data and Personal Data. Other tests, carried out regularly by independent external bodies, allow us to verify the efficiency of existing technical and organizational measures and to take remedial action if weaknesses are identified.
7.2 ORGANIZATIONAL SECURITY MEASURES
1. Information security policy: information security is a key component of the company, both in its internal processes and with respect to its customers. As such, support to ensure the security of data shared in the conduct of business by Neteven employees is provided by the company’s executive team, in accordance with business requirements and applicable laws and regulations.
2. Information Security organization: A management framework for initiating and then verifying the implementation and operation of information security measures within the organization is established, documented, and monitored.
3. Security in human resources management: Neteven ensures that employees and contractors understand their responsibilities. All employees and contractors are subject to confidentiality clauses in the performance of their duties. In addition, Neteven has implemented an information security and best practices awareness program related to the handling of Personal Data to ensure a level of understanding of the issues and responsibilities faced by employees and contractors on a regular basis.
4. Asset management: company assets (human or technical resources such as applications and infrastructure) involved in processing Customer and Personal Data are identified, and responsibilities are defined, both in terms of organizational and human resources, and in terms of technical resources, in order to provide appropriate data protection guarantees. Furthermore, access to these assets is strictly controlled and limited.
8. DATA TRANSFER
Neteven may transfer your Personal Data to countries other than where you reside. If Neteven transfers Personal Data outside the European Union to countries not recognized as having equivalent Personal Data legislation, Neteven shall ensure that the obligations set out in Article 44 et seq. of the GDPR are met, for example by committing to sign applicable EU standard contract terms in accordance with applicable regulatory requirements.
9. YOUR RIGHTS
Under the conditions and within the limits provided for by the IT and liberties regulations, you are entitled to exercise the following rights regarding your personal data:
– Right of access: you can ask Neteven to send you the personal data it holds which concerns you;
– Right to rectification: you can ask Neteven to rectify inaccurate information which concerns you;
– Right to object: you may object at any time to the processing of your data, for reasons relating to your particular situation;
– Right to erasure (or to be forgotten): you can ask Neteven to delete the data for the reasons stated in the Applicable Regulation;
– Right to processing limitations: you can ask Neteven to restrict processing for the reasons stated in the Applicable Regulation;
– Right to set out your instructions for the retention, deletion and disclosure of your personal data after your death.
If you wish to exercise one or more of these rights, it is advisable to address the corresponding request to Neteven by e-mail to the following address: dpo@neteven.com.
In certain cases, Neteven may not respond favorably to your request. If this happens, Neteven will give you the reason or reasons for this refusal.
In any case, you may file a complaint with the competent control authority (the Commission Nationale de l’Informatique et des Libertés (CNIL) in France).
10. COMPETENT DATA PROTECTION AUTHORITY
Subject to applicable legislation, you also have the right, if you are unsatisfied with the answer to your request (i) to restrict Neteven’s use of your Personal Data and (ii) to lodge a complaint with your local supervisory authority, in accordance with Articles 13 and 14 of the GDPR, or with the lead authority designated by Neteven, which in France is the CNIL, at the following address:
Commission nationale de l’informatique et des libertés
3 Place de Fontenoy – TSA 80715
75334 PARIS CEDEX 07 – FRANCE
Contact form: https://www.cnil.fr/fr/webform/nous-contacter
11. CONTACT NETEVEN
Any individual may contact Neteven regarding this Privacy Policy or Neteven’s Personal Data practices, or to exercise his or her rights.
Moreover, he or she can contact the Neteven Data Protection Officer (DPO) by email: dpo@neteven.com or at the mailing address below:
Délégué à la Protection des Données (DPO)
Neteven S.A. – 40-44 Rue Letort, 75018 Paris Paris – France.