This security policy informs you of the security consideration and measures that govern and protect the information you provide to us using our services, hardware and software.
In order to keep you informed of any changes in the way this data is processed, this policy may be regularly amended. This is why, if necessary, you will be alerted of any update concerning it and we invite you to note the date of the last update which systematically accompanies it.
Protection of personal data
For information within the meaning of the GDPR, "personal data" constitutes any data relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, data location, an online identifier or one or more specific elements specific to his physical, physiological, genetic, psychological, economic, cultural or social identity.
In general, we only collect, with your consent, the information necessary for the execution of the contracts that bind us, namely: your surname, first name, function in the company, contact details to contact you and attachment to your company. .
In accordance with the General Data Protection Regulation (General Data Protection Regulation) adopted by the European Parliament on April 14, 2016, and the amended Data Protection Act of January 6, 1978, Westeer SAS informs you of the following points:
1. Identity of the controller
As part of its activities, Westeer SAS may collect and process data in different ways.
For each of the treatments, a person in charge has been appointed, his contact details are systematically provided to you in order to be able to inform you of the security measures applicable to them.
In addition, for all practical purposes, we inform you that a Data Protection Officer (DPO) has been appointed. email@example.com
2. Purposes of processing
In accordance with the GDPR, Westeer SAS may process your Personal Information for the following purposes:
(a) provide you with information or services relating to the services and contracts that bind us (in particular: sending the newsletter, commercial offers, IT support, hotline, outsourcing, hosting, training, development, supply of software and hardware , provision of telecommunication lines); and or
(b) collect information allowing us to improve our offer, our products and services (in particular through cookies used on our sites); and or
(c) be able to contact you about various events relating to Westeer SAS, including in particular product updates and customer support.
3. Persons likely to consult this data
Only employees of the Westeer SAS company can consult the data that you transmit to us within the strict framework of the execution of their function.
All necessary security measures have been taken to ensure that this data is never transmitted to a third party, notwithstanding the subcontractors Westeer SAS uses.
In addition, the Westeer SAS company does not market personal data under any circumstances and in any way. Westeer SAS also ensures compliance with this commitment with all of its subcontractors.
4. Limitation of storage
Personal Data must be kept in a form allowing the identification of the persons concerned for a period not exceeding that necessary with regard to the purposes for which they are processed:
Time of the commercial relationship (eg act of purchase or until the expiry of a guarantee or contract)
3 years from last contact for prospect data
2 years from receipt of application for applicant data
In the event that several retention periods for your data may apply, the longest will be retained.
These durations are however applied in compliance with the applicable legal and regulatory provisions.
5. Computer Rights and Freedoms
You have rights concerning your Personal Information that you can exercise by writing to us at the postal address mentioned in point 1.
In accordance with the applicable regulations, you have in particular:
Permission to access :
You have the right to request information about the personal data we hold about you.
Right of portability:
You have the right to obtain a copy of your data transferred to you or to another party in a structured and common format. This only concerns the personal data that you have transmitted to us.
Right of rectification:
You have the right to request the rectification of your personal data if it is inaccurate, including to complete your incomplete personal data.
Right to deletion:
You have the right to request the deletion of any personal data at any time under legal conditions. However, you are informed that, for reasons of conservation of legal archives and traceability, we are likely not to delete the information related to your personal data. In this case, they would be anonymized as authorized by the GDPR.
Right to object to the processing of your data on the basis of a legitimate interest:
You have the right to object to the processing of your personal data based on a legitimate reason.
Right to object to direct marketing:
You have the right to oppose direct marketing, in particular by unsubscribing on the links provided for this purpose and present with each sending of our commercial emailings.
6. Response times
Westeer SAS undertakes to respond to your request for access, rectification or opposition or any other additional request for information within a reasonable period of time, which may not exceed 1 month from receipt of your request.
In addition, the company Westeer SAS informs you that it will be entitled, if necessary, to oppose manifestly abusive requests (by their number, their repetitive or systematic nature).
7. Authorized service providers and transfer to a third country of the European Union
Westeer SAS informs you that it may use several authorized and qualified service providers and partners to facilitate the collection and processing of the data that you have communicated to us. These service providers operate within the borders of the European Union and are therefore also subject to compliance with the rules imposed by the GDPR.
Westeer SAS has previously ensured the implementation by its service providers of adequate guarantees and compliance with strict conditions in terms of confidentiality, use and data protection.
In addition, where applicable, you will be consulted and informed before any intervention by one of these service providers concerning the data we collect.
8. Security measures and procedure in the event of a breach of personal data
As an IT service provider, our IT systems are equipped with the technologies and protection systems in force and with the greatest guarantees of security.
In addition, we remain vigilant in regularly testing and strengthening all of these systems according to the evolution of the latest computer threats brought to our attention or that we identify through increased technological monitoring by our experts.
We regularly inform and educate all of our staff on security practices concerning the handling of data present in our information systems. They are also committed to complying with strict procedures listed in our IT charter and the employment contracts of our employees.
If, despite all the care we have taken to secure our entire information system, a data breach should be noted, we undertake to contact the CNIL within 72 hours in the event of a breach or risk of breach. to your personal data (computer attack, access to files by an unauthorized or malicious person).
9. Specific conditions and responsibilities related to our quality of subcontractor
(a) Responsibilities of the customer and the Westeer SAS company
Acting as an IT partner for you, Westeer SAS may act as a subcontractor under the GDPR regarding the data you collect through our services.
As such, we remind you that the GDPR commits you as data controller when you collect, store and/or process personal data through our services. We also remind you that it is your responsibility to carry out an impact analysis concerning this data allowing you to assess the sensitive and/or personal nature of any data as well as the assessment of the security measures surrounding it.
We therefore invite you to provide us with any information and procedure that you deem necessary concerning this data so that we can work together to further strengthen our protection measures concerning them.
(b) Security Measures in Force
In general, we inform you that, within the framework of the execution of our services, we train and inform the staff likely to access any data that you transfer to us in order to guarantee the strict handling in the respect of the GDPR.
In particular, we bring to your attention the following points:
We do not retain or modify any personal information that you may have collected or stored through our services.
We undertake not to transfer this data without your explicit agreement and only within the exclusive framework described in paragraph 7 if necessary.
We are likely to make one or more copies of your data and software solely for the purposes of performing the contracts that bind us (in particular for backup, backup and restoration purposes in the event of the contractualization of this type of service with our company)
Only the employees of the Westeer SAS company who need specific access to your data have the accounts, identifiers and/or procedures that you transmit to us, with your explicit consent, with regard to this.
These employees are required not to consult your data outside of any other purpose required by the services you order from us (namely training, support for data recovery, research and identification of an anomaly, hotline assistance, supervision of your systems, outsourcing, development and testing of new solutions or functionalities, assistance in setting up reporting and possible hosting of your software, servers and/or databases of data).
(c) Procedure in the event of a personal data breach
In order to allow you to meet your obligation to alert the supervisory authority (the CNIL in France) within 72 hours from the discovery of the violation, the company Westeer SAS undertakes to provide your data controller with any information it would be aware of any violation observed through one of its services.
In addition, in the event of no alert on your part to the supervisory authority within 72 hours of the alert being raised by the company Westeer SAS, the company Westeer SAS also reserves the right to provide the CNIL directly with the information provided to his client.