Privacy policy

Personal data protection is particularly governed by EU Regulation (EU) 2016/679 of the European Parliament and Council dated 27 April 2016 relating to the protection of individuals in the processing of personal data and the free movement of such data, otherwise called the General Data Protection Regulation (hereinafter the « GDPR ») and Act n° 78-17 dated 6 January 1978 amended referred to as « Information Technology and Privacy Act » (hereinafter « Act n° 78-17 »).

As part of their business, the RESEAU DEF company, a private limited liability company with a share capital of 20.976.137,80 euros, whose head office is located at Parc d’Activités du Moulin de Massy, ​​7 rue du Saule Trapu – 91300 Massy, ​​registered with the Business Register of Evry under the number 340 087 576 and all of its entities in the meaning of Article L. 233-1 of the Business Code (hereinafter, the « DEF UK« ) collect and process for their account the personal data of their customers, prospective customers, subcontractors, service providers or various partners (hereinafter referred to generally as « Customers« ).

In addition to the GDPR and Act No. 78-17, DEF UK agrees to comply with this Privacy Policy (hereinafter the « Privacy Policy« ) in the context of any personal data processing that it implements.

The purpose of the Privacy Policy is to inform all Customers in a clear manner about the data that DEF UK collects, what it does with such data, how long it retains them, the people it is likely to pass them to, the rights of the persons concerned and the protective measures that it implements.

The purpose of the Privacy Policy is to provide the Customers with all information relating to the personal data concerning them that are collected and processed by DEF UK.
The Privacy Policy applies only to the processing of personal data for which DEF UK acts as processing manager. In this context, the processing of personal data can be directly implemented by DEF UK or through a subcontractor specifically designated by him.

In accordance with applicable laws on the protection of personal data, the processing of personal data implemented by DEF UK relies on a legal basis.

DEF UK caries out the processing of the Customer’s personal data provided that the latter:

    • (i) has entered into a contract for the provision of services and / or the acquisition of products;
    • (ii) completed an electronic collection form in order to participate in an event organized by DEF UK ;
    • (iii) has registered or subscribed for services posted by DEF UK (for instance, website, social networks, YouTube channel); and or
  • (iv) that the Customer’s formal consent has been secured (e.g. the posting of cookies on the Customer’s browsing terminal when he visits a website published by DEF UK).

This paragraph is intended to inform the Customer about the use by DEF UK of data collected directly or indirectly.

The processing of the personal data of the Customer by DEF UK is necessary to enable it to accomplish the following purposes:

  • (i) file processing;
  • (ii) customer relationship management;
  • (iii) management of events organized by the DEF Network (lectures, breakfasts, etc.);
  • (iv) sending newsletters or news feeds;
  • (v) improved site browsing
  • (vi) answers to questions asked (by telephone or online);
  • (vii) responses to public or private tenders;
  • (viii) personalized business monitoring;
  • (ix) improvement of its services;
  • (x) responses to our administrative duties;
  • (xi) management of requests for the exercising of the rights persons concerned such as listed in Article 8 below.

All the personal data collected and processed by CLARKSON are strictly confidential.

CLARKSON agrees not to pass on the personal data of its Customers to a third party that may use them for its own purposes, without their formal consent.

DEF UK ensures that the data are accessible only to authorized internal or external recipients.

In-house recipients:

  • (i) All employees of DEF UK The in-house recipients of DEF UK are trained and authorized to process personal data.

External recipients:

  • (i) Providers or support services (subcontractors, various service providers, etc.)
  • (ii) Lawyers, experts, agents, bailiffs, etc.
  • (iii) Courts
  • (iv) Administration

When the recipient concerned is located outside the European Union, or in a country that does not have an adequate regulation in the meaning of the GDPR, DEF UK manages its contractual relationship with this third party by adopting an appropriate contractual mechanism.

It should be noted that DEF UK may be required to pass on the personal data of its Customers to respond to an injunction by the legal authorities.

The personal data of the Customer are kept for a period of three (3) years from their collection.

Audience measurement statistics are not retained for more than thirteen (13) months.

However, at the end of the aforementioned periods, including as and when necessary from the Customer’s request for deletion, his / her personal data may be the subject of interim filing so that DEF UK can meet to its legal retention duties:

  • (i) a contract entered into in the course of a business relationship will be retained for five (5) years after the date of its execution;
  • (ii) a contract entered into electronically in an amount greater than or equal to 120 euros will be kept for two (2) years after the date of its execution;
  • (iii) banking records will be kept for five (5) years as from their release;
  • (iv) records relating to the management of orders will be kept for ten (10) years;
  • (v) billing management documents will be retained for ten (10) years.

Some data may be filed beyond the standard durations (i) in the event of litigation in order to make it possible to establish the reality of the disputed facts; and / or (ii) for the purposes of the investigation, detection and prosecution of criminal offenses for the sole purpose of enabling, as needed, the provision of such data to the judicial authority.

Filing requires that these data be anonymous and can no longer be viewed online but that they may be extracted and stored on an autonomous and secure medium.

After the deadlines set in the said policy, the data are deleted.

Customers have a right of access, modification, opposition, limitation, portability, rectification, to define directives concerning the fate of their data after their death and the deletion of their personal data, the latter being subject to compliance with the following rules:

  • (i) the request originates from the person himself and is accompanied by a copy of an identity document, up to date;
  • (ii) the request should be made in writing and sent to the following address: rgpd@reseau-def.com

Upon receipt of the right to portability of the data, Customers have the right to request a copy of their personal data being processed.

The requested information will be provided in electronic form, unless otherwise requested. Customers are informed that these rights can never cover to confidential information or data or for data which the law does not authorize the communication. These rights cannot under any circumstances allow access to Defence Secret classified documents.

The right to the deletion of the personal data of the Customers will not be applicable in the cases where the treatment is implemented to meet a legal requirement.

The Customer may, at any time, file a complaint before the relevant supervisory authority.

DEF UK informs its Customers that it may involve any subcontractor at its option in the framework of the processing of their personal data. Subcontractor means any natural or legal person that processes personal data on behalf of DEF UK.

In this case, DEF UK ensures that the subcontractor complies with its duties under the GDPR.

DEF UK agrees to sign a written contract with all its subcontractors and imposes on subcontractors the same data protection duties as its own. In addition, DEF UK reserves the right to conduct an audit of its subcontractors to ensure compliance with the provisions of the GDPR.

It is the responsibility of DEF UK to determine and implement technical security or physical measures, that it sees fit, to fight against the destruction, loss, alteration or unauthorized disclosure of data in an accidental or unlawful manner.

Such measures include but are not limited to:

  • (i) the use of security measures for access to the premises (closing of offices, badges, etc.);
  • (ii) secured access to our computers and smartphones (passwords changed regularly);
  • (iii) setting up logins and passwords for all our business applications;
  • (iv) the management of authorizations for access to data (specificity for our financial and accounting and communication services);
  • (v) use of VPN for remote connections;
  • (vi) use of the complex passwords for our Wi-Fi network, changed each month.

In any case, DEF UK undertakes, in the event of a change in the means to ensure the security and confidentiality of personal data, to replace them by means of superior performance. No evolution can lead to a decrease in the security level.

DEF UK holds a register of personal data processing which is at the disposal of the National Information Technology and Privacy Commission.

This policy may be amended or modified at any time in the event of legal or jurisprudential developments, and of changes in decisions and recommendations of the European Commission.

Any new version of this policy will be brought to the attention of the Customers by any means chosen by DEF UK including by electronic means (circulation by email or online for instance).

For any further information please contact our GDPR committee at the following electronic address: rgpd@reseau-def.com