Within the framework of its activity, SMART GLOBAL GOVERNANCE, a company under French law registered in the Trade and Companies Register of Grasse under the number 853 951 556, whose head office is located at 1240 route des Dolines 06560 Valbonne, processes personal data in the database of its solution.
Smart Global Governance provides a platform to manage and pilot data protection compliance regulations to customers around the world, hereinafter referred to as “customers”. This solution is made available to SMART GLOBAL GOVERNANCE Customers in the form of a subscription in the legitimate interest of customers who wish to have a regulatory compliance solution. SMART GLOBAL GOVERNANCE’s customers are therefore exclusively composed of public or private organisations concerned by these regulations and who wish to have a tool or an online management solution.
3 types of data are concerned:
This policy may be modified in accordance with legal and regulatory developments, in particular those of the French Data Protection Act relating to information technology, files and freedoms, and the European Regulation on the protection of personal data known as the “GDPR” (General Data Protection Regulation) as they exist at present and as they may be amended, and any other rules, laws, recommendations, regulations of the French data protection authority or any competent European supervisory authority.
The purpose of these Confidentiality Rules is to tell you what information SMART GLOBAL GOVERNANCE collects and for what purpose, as well as how to update, manage, export and delete it.
SMART GLOBAL GOVERNANCE has appointed M° Odile Dussart, lawyer at the Draguignan Bar, 95 avenue Victor HUGO 83700 SAINT RAPHAEL (FRANCE) as Data Protection Officer (DPO).
The data controller is Smart Global Governance, represented by Mr. Guignard Benoît, manager.
SMART GLOBAL Governance collects non-sensitive business data about customers and prospects.
The personal data collected may include the following:
SMART GLOBAL Governance collects and uses the personal data of clients/prospects for the needs of its business and in particular for the following purposes:
SMART GLOBAL GOVERNANCE ensures that the personal data of clients/prospects is kept up to date throughout processing so that it is not obsolete.
Subject to the applicable local legislation, by providing their professional email, the customer has expressly authorized SMART GLOBAL GOVERNANCE to use it with other useful personal data among those mentioned in the previous paragraph to send them commercial messages or to ensure the support of its services.
SMART GLOBAL GOVERNANCE is also likely to use the decision-maker’s professional email for administrative or other non-marketing purposes (for example, to offer them access to their personal data in order to update it).
These purposes have been brought to the attention of the Data Protection Officer of SMART GLOBAL GOVERNANCE who has included them in his register.
SMART GLOBAL GOVERNANCE only keeps the personal data of clients/prospects for the time necessary for the operations for which they were collected and in compliance with the regulations in force. This parameter is systematic, obligatory and present for each contact. Each data collection indicates the duration of explicit consent as well as the storage period and its purpose (with a default storage value of 18 months).
Only duly authorised recipients may have access, within the framework of an access management policy, to the information necessary for their activity. Actually, SMART GLOBAL GOVERNANCE defines the rules of access and confidentiality applicable to the personal data processed. Access rights are granted in accordance with the User’s function and are updated in case of upgrade or change of function. This internal company document and appendix to our internal regulations is available on request by mail from the SMART GLOBAL GOVERNANCE data processing manager.
The data collection process is based on the following elements CONFIDENTIALITY AND PROTECTION POLICY
SMART GLOBAL GOVERNANCE implements the necessary means to ensure that clients/prospects have access, rectification, opposition, limitation, portability and deletion of personal data concerning them when they request it. Data may be rectified, completed, updated, locked or deleted when they are inaccurate, incomplete, ambiguous, outdated, or when their collection, use, communication or storage is prohibited.
In accordance with the French Data Protection Act No. 1.165 as amended, clients/prospects have the right to access, rectify and oppose information concerning them by contacting: firstname.lastname@example.org. (or the data controller)
The personal data collected relating to customers/prospects is hosted within the European Union only. All data is processed by SMART GLOBAL GOVERNANCE employees located within the European Union being the headquarters of Smart Global Governance.
SMART GLOBAL GOVERNANCE uses the services of its subcontractor Microsoft Azure for the hosting in France of all data concerned by its data processing.
SMART GLOBAL GOVERNANCE attaches particular importance to the security of its Data and implements all appropriate measures in order to limit the risks of loss, deterioration or misuse thereof.
To this end, SMART GLOBAL GOVERNANCE ensures the security of personal data of clients/prospects/users/customers/prospects by implementing data protection reinforced by the use of physical and logical security means.
SMART GLOBAL GOVERNANCE has taken all reasonable precautions to preserve the security of personal data and, in particular, to prevent them from being distorted or damaged or from unauthorised access to them by third parties.
These security measures include the following in particular:
The data is stored on a cloud infrastructure and is subject to computer processing in order to provide the service subscribed to by the Customer and to improve the services. The hosting servers on which SMART GLOBAL GOVERNANCE processes and stores the databases of its Customers/Users are exclusively located within the European Union.
The privacy and data protection policy is distributed:
This policy will be renewed each time a new DPO is appointed and otherwise every three years. Validation by Odile Dussart in her capacity as Data Protection Officer.
Date of last update : 24/05/2018