Privacy Policy for Data Protection

Introduction

Within the framework of its activity, SMART GLOBAL GOVERNANCE, a company under French law registered in the Trade and Companies Register of Grasse under the number 853 951 556, whose head office is located at 1240 route des Dolines 06560 Valbonne, processes personal data in the database of its solution.

Smart Global Governance provides a platform to manage and pilot data protection compliance regulations to customers around the world, hereinafter referred to as “customers”. This solution is made available to SMART GLOBAL GOVERNANCE Customers in the form of a subscription in the legitimate interest of customers who wish to have a regulatory compliance solution. SMART GLOBAL GOVERNANCE’s customers are therefore exclusively composed of public or private organisations concerned by these regulations and who wish to have a tool or an online management solution.

3 types of data are concerned:

  1. Personal data of customers and prospects appearing in the CRM and internal management tools of SMART GLOBAL GOVERNANCE.
  2. Personal data of its Clients/Users, produced by the client directly in the service
  3. Personal data of partners, subcontractors of Smart Global Governance.

These provisions set out our personal data protection policy which constitutes the commitment of SMART GLOBAL GOVERNANCE with regard to the respect of privacy and the protection of personal data collected and processed with the use of SMART GLOBAL GOVERNANCE’s services under the conditions referred to in the General Terms of Use of SMART GLOBAL GOVERNANCE’s services.

This policy may be modified in accordance with legal and regulatory developments, in particular those of the French Data Protection Act relating to information technology, files and freedoms, and the European Regulation on the protection of personal data known as the “GDPR” (General Data Protection Regulation) as they exist at present and as they may be amended, and any other rules, laws, recommendations, regulations of the French data protection authority or any competent European supervisory authority.

The purpose of these Confidentiality Rules is to tell you what information SMART GLOBAL GOVERNANCE collects and for what purpose, as well as how to update, manage, export and delete it.

Data Controller – Data Protection Officer

SMART GLOBAL GOVERNANCE has appointed M° Odile Dussart, lawyer at the Draguignan Bar, 95 avenue Victor HUGO 83700 SAINT RAPHAEL (FRANCE) as Data Protection Officer (DPO).

The data controller is Smart Global Governance, represented by Mr. Guignard Benoît, manager.

Data produced by Smart Global Governance relating to customers

Description of the treatment

SMART GLOBAL Governance collects non-sensitive business data about customers and prospects.

Data Collected

The personal data collected may include the following:

  • Sex, first name, surname
  • Function
  • Title
  • Company
  • Professional email
  • Direct telephone or business mobile phone
  • Business mailing address

Purposes of collecting personal data

SMART GLOBAL Governance collects and uses the personal data of clients/prospects for the needs of its business and in particular for the following purposes:

  • To follow and ensure the commercial follow-up of its customers and prospects through marketing operations, support and communication.
  • Serving Smart Global Governance Customers who subscribe to our solution

SMART GLOBAL GOVERNANCE ensures that the personal data of clients/prospects is kept up to date throughout processing so that it is not obsolete.

Subject to the applicable local legislation, by providing their professional email, the customer has expressly authorized SMART GLOBAL GOVERNANCE to use it with other useful personal data among those mentioned in the previous paragraph to send them commercial messages or to ensure the support of its services.

SMART GLOBAL GOVERNANCE is also likely to use the decision-maker’s professional email for administrative or other non-marketing purposes (for example, to offer them access to their personal data in order to update it).

These purposes have been brought to the attention of the Data Protection Officer of SMART GLOBAL GOVERNANCE who has included them in his register.

Storage of the data:

SMART GLOBAL GOVERNANCE only keeps the personal data of clients/prospects for the time necessary for the operations for which they were collected and in compliance with the regulations in force. This parameter is systematic, obligatory and present for each contact. Each data collection indicates the duration of explicit consent as well as the storage period and its purpose (with a default storage value of 18 months).

Restricted access to personal data

Only duly authorised recipients may have access, within the framework of an access management policy, to the information necessary for their activity. Actually, SMART GLOBAL GOVERNANCE defines the rules of access and confidentiality applicable to the personal data processed. Access rights are granted in accordance with the User’s function and are updated in case of upgrade or change of function. This internal company document and appendix to our internal regulations is available on request by mail from the SMART GLOBAL GOVERNANCE data processing manager.

Data collection process

The data collection process is based on the following elements CONFIDENTIALITY AND PROTECTION POLICY

Source of collected data

  • Direct collection from customers/prospects or from our partners by telephone in compliance with the principle of prior information within the framework of B2B use of personal data.

Qualification of collected data

  • Initial qualification
    All the data collected are checked (by telephone or with the person concerned), directly with the decision-maker or, failing that, with a reference contact (assistant, company communication department if necessary).
  • Regular qualification
    At least twice a year, SMART GLOBAL GOVERNANCE verifies that the personal data collected is not obsolete. This is done automatically via the administrative and customer support team.
    This verification takes the form of a telephone call to the decision-maker’s business contact details, enabling the change in professional information to be identified and the data to be updated accordingly if necessary. This can also be done via the Smart Global Governance platform by the end user who has the possibility to update their personal information.

Right to your data

SMART GLOBAL GOVERNANCE implements the necessary means to ensure that clients/prospects have access, rectification, opposition, limitation, portability and deletion of personal data concerning them when they request it. Data may be rectified, completed, updated, locked or deleted when they are inaccurate, incomplete, ambiguous, outdated, or when their collection, use, communication or storage is prohibited.

In accordance with the French Data Protection Act No. 1.165 as amended, clients/prospects have the right to access, rectify and oppose information concerning them by contacting: customer@smartglobal.com. (or the data controller)

Transfer of data collected on customers/prospects

The personal data collected relating to customers/prospects is hosted within the European Union only. All data is processed by SMART GLOBAL GOVERNANCE employees located within the European Union being the headquarters of Smart Global Governance.

SMART GLOBAL GOVERNANCE uses the services of its subcontractor Microsoft Azure for the hosting in France of all data concerned by its data processing.

Security of personal data

SMART GLOBAL GOVERNANCE attaches particular importance to the security of its Data and implements all appropriate measures in order to limit the risks of loss, deterioration or misuse thereof.

To this end, SMART GLOBAL GOVERNANCE ensures the security of personal data of clients/prospects/users/customers/prospects by implementing data protection reinforced by the use of physical and logical security means.

SMART GLOBAL GOVERNANCE has taken all reasonable precautions to preserve the security of personal data and, in particular, to prevent them from being distorted or damaged or from unauthorised access to them by third parties.

These security measures include the following in particular:

  • Organizational measures
    • Opening access to SMART GLOBAL GOVERNANCE employees when hiring, and closing upon dismissal from the company. The access integrates the management of rights limiting the access to the data according to the employee’s profile.
    • External security audit carried out regularly by an expert service provider.
    • Inactivation of obsolete downstream data
    • Setting up secure servers to carry out data exchanges
  • Logical security measures
    • Regular backup of its entire infrastructure
    • Access to business applications controlled by password and login with profile-based rights management 
    • Historization of mass data manipulations
    • Historization of all the data consulted on our system
    • Advanced activation management
    • Securing workstations (access to workstations after authentication via login / password) and access to the database (authentication via login / dedicated password)
    • Restricted access to business tools limited to the company’s premises
    • Daily update of workstations, antivirus software on all workstations
    • Connections to the application tools are encrypted in TLS or SSH.
  • Physical security measures
    • Each employee has access to the premises with a personalised badge and during specific time slots.
    • Building guarded night and day

The data is stored on a cloud infrastructure and is subject to computer processing in order to provide the service subscribed to by the Customer and to improve the services. The hosting servers on which SMART GLOBAL GOVERNANCE processes and stores the databases of its Customers/Users are exclusively located within the European Union.

Distribution of the data privacy policy

The privacy and data protection policy is distributed:

  • internally to employees as an appendix to the company’s internal regulations
  • as part of the General Terms and Conditions of Use.

This policy will be renewed each time a new DPO is appointed and otherwise every three years. Validation by Odile Dussart in her capacity as Data Protection Officer.

Date of last update : 24/05/2018