Privacy policy

This Confidentiality Policy describes how 国产AV collects, uses, and transmits personal data.

This privacy policy (hereinafter referred to as 鈥淧rivacy Policy鈥) describes how 国产AV and its Affiliates, as defined in Article 1 below, collect, use, transfer and, more generally, process Personal Data as defined below. 

Any mention of the term 鈥湽鶤V鈥 refers to the 国产AV Group as an entity, as defined below, acting as a Processor or Data Processor of your Personal Data as defined under the General Data Protection Regulation (GDPR) and as further explained in this Privacy Policy.

This Privacy Policy applies both to 国产AV SA as an entity, whose head office is located at 16-18 rue Chalgrin, 75016 Paris, France, and to its Affiliates (collectively referred to as the 鈥湽鶤V Group鈥). 

This policy may change, notably to meet the requirements of the regulations relating to personal data protection. You are therefore encouraged to periodically review this page of our website to stay informed of potential updates. 

1. Definitions

Each of the following terms, used in the singular or in the plural, shall have the same meaning as in the following definitions:

  • The terms 鈥減ersonal data鈥 (hereinafter referred to as 鈥Personal Data鈥, 鈥Categories of Data鈥, 鈥Process/Processing,鈥 鈥Data Controller鈥 and 鈥Data Processor鈥 shall have the same meaning as in Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (General Data Protection Regulation, hereinafter referred to as 鈥GDPR鈥) and the Law No.78-17 of January 6, 1978 relating to information technology, data files and civil liberties modified by decree No. 2019-536, published on May 30, 2019 (hereinafter collectively referred to as 鈥Information Technology and Liberties鈥).

Customer鈥: the organization (for example your employer or any other entity or individual) that has entered into the contract with 国产AV.

Customer Content鈥: any content submitted to 国产AV by the Customer, under their responsibility, in connection with the use of the Services.

User Content鈥: part of the Customer Content constituting Personal Data transmitted to 国产AV under the responsibility of the Customer.

Customer Contract鈥: the contract that the Customer has entered into with 国产AV.

国产AV Group鈥: refers to the 国产AV Company, registered with the RCS of Paris under number 300 702 305, whose head office is located at 16-18 rue Chalgrin, in Paris (75016) and its Affiliates.

Services鈥: tools and/or platforms and/or software made available and operated by 国产AV, including any 国产AV mobile applications.

Third party services鈥: tools and/or platforms and/or software made available and operated by third parties and used in connection with the Services.

Websites鈥: 国产AV.com and other 国产AV Group websites.

Affiliate鈥: any company controlled by, controlling, or under the same controlling entity as 国产AV. Control extends to the holding of at least 50% of the equity or voting rights.

Users鈥: employees, agents or subcontractors to whom a Customer grants access to the Services in accordance with the Customer Contract.

Visitors鈥: any individual accessing the Websites.

2. Applicability of this privacy policy

This Privacy Policy applies to the Services and Websites as well as to other interactions (for example, requests made to customer service, forms, emails of all types addressed to prospects or existing customers) that you might have with 国产AV.

If you do not agree with the content of this Privacy Policy, please do not access the Services and/or Websites and stop any interaction with 国产AV.

This Privacy Policy does not apply to Third Party Services, as they have their own privacy policies to which you should refer.

3. Collection and reception of personal data

3.1 Personal Data provided by 国产AV鈥檚 Customers and/or Users and/or Prospects

We collect Personal Data through the following:

  • Subscriptions to 国产AV Services or when they are used (including but not limited to the following: to create a user account in order to access the Services; when Users submit Customer Content; when 国产AV provides Customers with support in connection with the Services)
  • Subscriptions to newsletters
  • Marketing campaigns of all kinds, as well as satisfaction surveys
  • Registration for events (webinars, etc.)
  • Letters, if you contact us through a contact form on our Websites, by email or by any other means, notably to obtain information on 国产AV products;
  • Job applications
  • Participation in a discussion group, a competition or when you interact with 国产AV鈥檚 social network accounts or otherwise communicate with 国产AV.

This Personal Data may be added to through other means such as those listed below.

3.2 Passive data collection

When you visit our Websites and use our Services, some Personal Data are automatically collected, in particular:

  • Metadata: when Users access the Services, metadata is generated to provide additional information on the way users work and to facilitate access to and use of the features offered. 
  • Connection and usage data: 国产AV鈥檚 servers automatically collect and store information when you access the Websites and Services provided via the Internet. This data may include your Internet Protocol address (IP address), the address of the web page you visited before using the Website or the Services, the type of browser you used and information about its configuration and plugins, the date and time of your use of the Services, your language preferences and cookie data (for more details, please refer to our Policy regarding cookies).
  • Device data: 国产AV collects device data, including device type, operating system, device settings, application IDs, unique device IDs, and shutdown data.
  • Interaction data: 国产AV may also collect data about your interactions with 国产AV, through emails, notably to find out whether you have opened, forwarded, or clicked on a message.
  • Cookies: 国产AV collects data through cookies and similar technology on its Websites and through its Services. The Websites and the Services may also include cookies and similar tracking technologies, which may collect data about you through Third Party Services. To find out more about how 国产AV uses these technologies, please refer to our Cookie Policy.

3.3 Personal data from other sources

Personal data may also be collected through the following means:

  • Third Party Services: Third Party Services may be integrated into the Services. Third Party Service providers may share data with 国产AV. For example, if a Cloud storage application is used to import files to your user account, your username and email address may be transferred to 国产AV, as well as any additional information made available to 国产AV by the application to improve integration. Users should check the settings and privacy policy governing these Third Party Services to find out what Personal data may be disclosed to 国产AV.
  • Third Party Data: 国产AV may receive Personal Data such as identification data or professional data from its Affiliates, its partners or other parties used by 国产AV to improve data quality and relevance. It can also be more precise data, such as data used to analyze the performance of an online marketing campaign, a satisfaction survey, a recruitment or an email campaign.

4. Use of personal data

4.1 As a data controller

国产AV, as a Data Controller, as defined by the Information Technology and Liberties Regulation, may use Personal Data for the following purposes and according to the following legal bases :

PurposeLegal basisRetention period
For the management of customer accounts and other administrative tasks such as invoicingFulfilment of Customer ContractDuration of the contract and legal retention period
For marketing purposes (campaigns, online events or at trade fairs, customer satisfaction surveys) Consent or legitimate interestWithdrawal of consent or duration of the event or end of Customer Account activity
For communication purposes regarding new product features, promotions, or any other news about 国产AVConsent or legitimate interestWithdrawal of consent or end of Customer Account activity or inactive data for 2.5 years.
As part of Customer relationship follow-upFulfilment of Customer ContractDuration of commercial relationship
To conduct security investigations and help prevent security or fraud issues, as well as potential misuseLegitimate interest and legal obligationTime needed to undertake security or fraud investigations and their resolution. Extension possible in the event of litigation.
Management of requests from contact form or by any other meansConsentWithdrawal of consent or processing of the request
Job applicationsConsentWithdrawal of consent or end of recruitment process
Participation in a competitionConsentWithdrawal of consent or end of competition
Statistics and reporting of Website visitorsConsent and legitimate interestDifferent retention periods not exceeding 13 months (see our Cookie Policy )

Personal Data will be used by 国产AV in accordance with current regulations.

4.2 As a data processor

 

Personal Data is used by 国产AV (in its role of Data Processor according to the definition provided by the Information Technology and Liberties Regulation) in accordance with the instructions received, including the terms applicable to Customer Contract and to the use of the Services by the Customer, if applicable, and in compliance with the current regulations. The legal basis is therefore the fulfilment of the Customer Contract.

Customers control their instance of the Services, the accounts and the User Content associated with them. If you have any questions regarding Customers鈥 specific settings and privacy practices, please contact the entity or individual who, within your organization, manages the Customer Contract.

As a Data Processor, 国产AV uses Personal Data for the following purposes:

  • To provide, maintain and improve its Services;
  • To meet a legal or regulatory obligation;
  • To communicate with you and respond to your requests, comments, and questions;
  • To develop and deliver research, learning and productivity tools, as well as additional features;
  • To send emails and other communications. 国产AV may send you service or technical and administrative emails, messages and other types of communication relating to the status of the Services.  国产AV may also contact you to inform you of changes related to the Services and send you important notices related to the Services, such as security and fraud notices. These communications are considered part of the Services and you may not be able to opt out of them;
  • To produce dashboards and statistics relating to the use of the applications provided under the Customer Contract for the needs of the Customer and/or 国产AV; 
  • To conduct security investigations and help prevent security issues or fraud, as well as potential misuse.

5. Data retention

5.1 As a data controller

国产AV, in its role of Data Controller, stores Personal Data relating to associated processing operations in compliance with legal or regulatory obligations, if any, for all its activities. When no legal or regulatory obligation is available, 国产AV defines the retention periods for Personal Data relating to associated processing operations in compliance with the current regulations (Article 5, paragraph 1.e) of the GDPR).

5.2 As a data processor

国产AV, in its role of Data Processor, may store your Personal Data for as long as necessary for the fulfilment of the Customer Contract and/or to comply with current regulations. 国产AV therefore stores Customer Content in accordance with Customers鈥 instructions. The deletion of User Content and any trace related to the use of the Services by the Customer may result in the deletion and/or anonymization of the Personal Data associated with it.

6. Data sharing and disclosure

国产AV ensures, for each activity, that only authorized individuals can access your data. 国产AV may thus share information with its Affiliates if this is necessary for the fulfilment of the Customer Contract, to comply with a legal obligation and/or for its legitimate interest.

6.1 As a data controller

This section describes how 国产AV may share and disclose Personal Data in its role of Data Controller, notably to: 

  • Use aggregated or anonymized data. 国产AV may transmit, disclose, or use aggregated data if it does not identify the individuals to whom it relates or anonymized data for any purpose whatsoever. For example, 国产AV may share aggregated or anonymized data with other corporate clients or partners for commercial or research purposes.
  • Enforce 国产AV's rights, prevent fraud and ensure security. Protect and defend the rights, property, or safety of 国产AV or of third parties, including in the fulfilment of Customer Contracts, during investigations and to prevent fraud or security issues.
  • Comply with a legal or regulatory obligation following a request from an administrative or judicial authority.

6.2 As a data processor

This section describes how 国产AV can share and disclose Personal Data as a Data Processor, as defined by the Information Technology and Liberties Regulation. Customers choose their own policies and practices regarding Personal Data sharing and disclosure. 国产AV does not control how its Customers or other third parties choose to share or disclose their Personal Data. 国产AV may share and disclose Personal Data, notably to:

  • Follow Customers鈥 instructions. 国产AV will only share or disclose Customer and User Content in accordance with Customers鈥 instructions, including all applicable conditions defined in the Customer Contract.
  • Display the Services. When Users send information containing Personal Data, they may be disclosed to other Users.
  • Allow Customer access. Owners, administrators, Users and other Customer representatives and employees can access and modify Personal Data or restrict their access.
  • Use Third Party Service Providers and 国产AV partners. 国产AV may hire Third Party companies or individuals as service providers or business partners to process information and allow 国产AV to carry out certain activities. These third parties may notably provide virtual computing and storage services, manage authentication systems, or send emails.
  • Interact with Third-Party Services enabled by Customers. Customers may, if necessary, enable Third Party Services or allow Users to do so. When these are enabled, 国产AV may share information with Third Party Services, transfer information and data from its Services to a Third-Party Service, but its Services may also receive information and data from a Third-Party Service. Third-Party Services are not the property of 国产AV and third parties that were granted access to this information may have their own policies and practices regarding Personal Data. Please check the privacy settings and policies of these Third-Party Services or contact the provider for any questions.
  • Make a change in 国产AV鈥檚 activities. If 国产AV is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of part or all of its assets or shares, financing, public offerings of securities, the acquisition of part or all of its activities, or a similar transaction or procedure, or steps towards such activities (for example due diligence), certain Personal Data may be shared or transferred, subject to customary confidentiality provisions.
  • Enforce 国产AV鈥檚 rights in the fulfillment of the Customer Contract, prevent fraud and ensure security. To protect and defend the rights, property, or safety of 国产AV or of third parties, including the fulfillment of the Customer Contract, during investigations and to prevent fraud or security issues.   

7. Security

The security of your Personal Data is a major concern for 国产AV. 国产AV therefore implements technical and organizational measures to guarantee the security of your Personal Data and prevent any risk of loss or misuse and any unauthorized access or disclosure. These measures consider the sensitivity of the information that 国产AV collects, processes and stores and the state of the art. These measures are valid, in whole or in part, for certain processing of Personal Data, whether 国产AV acts as a processor, or as a Data Processor, as defined by the Information Technology and Liberties Regulation.

7.1 Technical security measures

1. Personal Data encryption: depending on the processing implemented and the sensitivity level of the Personal Data, 国产AV, both in its quality of Data Controller and Data Processor, as defined by the Information Technology and Liberties, may use Personal Data encryption, both when storing data in databases (at rest) and in transit.

2. Ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services: all the processing operations implemented by 国产AV, whether as Data Controller or Data Processor, as defined by the Information Technology and Liberties Regulation, are defined in compliance with the obligations prescribed by the GDPR, and by the interpretation made by 国产AV, in particular with regard to the assessment of the risks surrounding the Personal Data collected. These means can be managed by 国产AV itself or delegated to Third Party hosting providers meeting high security standards. 

3. Ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident: all the processing operations implemented by 国产AV, whether as Data Controller or Data Processor, as defined by the Information Technology and Liberties Regulation, are defined in compliance with the obligations prescribed by the GDPR, and by the interpretation made by 国产AV, in particular with regard to the assessment of the risks surrounding the Personal Data collected. Regarding the Services, guarantees of availability of service and incident handling may be set in the Customer Contract, depending on the Services concerned.

4. A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of data processing: the IT Security Policy (ITSP) describes the organization and the means implemented to define these measures applicable to 国产AV鈥檚 Internal Information System, which may contain Customer data and Personal Data. Regarding the Services, 国产AV relies on Third-Party hosting providers meeting high security standards. Other tests carried out by independent external bodies on a regular basis make it possible to check the efficiency of existing technical and organizational measures, leading, in the event of weaknesses identified, to a dedicated remediation plan.

7.2 Organizational security measures

1. Information security policy: Information security is a pillar of our company鈥檚 organization, both for our internal processes as well as regarding our customers. As such, information security in the way 国产AV鈥檚 employees conduct business is supported at management level, in accordance with business requirements and the current laws and regulations.

2. Information security organization: a management framework to initiate and then verify the implementation and operation of information security within the organization is established, documented, and monitored.

3. Security in human resource management: ability of employees and contractors to understand of their responsibilities. All employees and contractors are subject to confidentiality clauses in the performance of their duties. In addition, an awareness program on information security and good practices when handling Personal Data is being implemented on a regular basis to ensure that both employees and contractors understand their responsibilities and the issues at stake.

4. Asset management: the organization鈥檚 assets (human or technical resources such as applications and infrastructure) dealing with Customer and Personal Data have been identified, and responsibilities are clearly defined, in terms of organizational and human resources, as well as in terms of technical means, to provide appropriate guarantees regarding data protection. In addition, access to these assets is strictly controlled and restricted.

8. Data transfer

国产AV may transfer your Personal Data to countries other than the one in which you reside. If 国产AV transfers Personal Data outside the European Union to countries that do not provide a comparable level of protection of Personal Data, 国产AV will ensure that the requirements of Art. 44 et seq. of the GDPR are met, for example by signing the applicable European Union鈥檚 Standard Contractual Clauses, in accordance with current regulatory requirements.

8.1 As a data controller

Affiliates located outside the European Union may consult information about their respective Customers that is stored in France or in the European Union for the sole purpose of fulfilling the Customer Contract.

国产AV鈥檚 suppliers may consult or store information within their respective scope, and, as such, 国产AV has implemented the guarantees specified in Paragraph 8.

8.2 As a data processor

As part of the provision of its Services, 国产AV guarantees the localization of Personal Data in a country of the European Union with suppliers contractually bound to 国产AV, by default for all Customers in the European Union, subject to the GDPR and the Information Technology and Liberties Regulation. Failing this, 国产AV undertakes to sign Standard Contractual Clauses with potential subcontractors located outside the European Union or in a country that does not provide a comparable level of protection of Personal Data.

9. Rights of users and visitors

Data subjects have the right to request access to their Personal Data, as well as the updating, deletion, correction, and portability of their Personal Data, and in certain cases, to withdraw their consent and oppose or limit the processing of their Personal Data.

As part of the Services, 国产AV acting as a Data Processor, you can exercise your rights by contacting the Customer to obtain the necessary assistance. 

In other cases, when 国产AV acts as a processor, you can contact 国产AV directly using the contact details provided in Article 11, specifying your Last Name, First Name, Email address and/or Postal address.  

10. Competent authority for data protection

Subject to the legislation in force, you also have the right, if you consider that the response to your request was not satisfactory (i) to restrict the use made by 国产AV of your Personal Data and (ii) to make a complaint to your local supervisory authority, in accordance with Articles 13 and 14 of the GDPR, or to the lead authority designated by 国产AV, namely, in France, the Commission Nationale de l'Informatique et des Libert茅s, at the following address: 

Commission nationale de l'informatique et des libert茅s 

3 Place de Fontenoy - TSA 80715

75334 PARIS CEDEX 07 鈥 FRANCE

Contact form: 

11. Contact 国产AV

Anyone can contact 国产AV regarding this Privacy Policy or 国产AV's Personal Data practices, or to exercise their rights.

In addition, if you wish to contact 国产AV's Data Protection Officer (DPO), please write to dpo@lectra.com or to the address below:

Data Protection Officer (DPO) 国产AV S.A. - 16-18 rue Chalgrin - 75016 PARIS - France.