We specialize in data hosting, so we know our customers, prospects, employees, suppliers, collaborators and various partners are concerned about the security and confidentiality of their personal data. We therefore wish to build a relationship of trust with them, in particular by being perfectly transparent regarding their personal data.

This is why, with the entry into law on 25 May 2018 of European Regulation no. 2016/679 of 27 April 2016 on the protection of personal data (hereinafter the “GDPR”), we have redefined and formalised our personal data protection policy in the present document called “Data Protection Policy”.

The purpose of this Data Protection Policy is therefore to inform you of the commitments and technical and organisational measures we have put in place to ensure the protection of your personal data.

It complements ALWAYSDATA’s General Terms and Conditions of Service (hereafter the “GTCS”), which include its contractual clauses regarding subcontracting.

This Data Protection Policy is not fixed; it may evolve according to national and European regulations and will undergo the adaptations that the doctrine of the CNIL (Commission Nationale de l’Informatique et des Libertés) and the guidelines of the G29 (Working Group bringing together the representatives of the independent supervisory authority of each member country of the European Union) will require.

Article 1: Data collection and processing

Within the framework of its activity, ALWAYSDATA is led to collect and process personal data necessary for the management of the relationship with its employees and collaborators, its customers and prospects, its suppliers and various partners.

To this end, ALWAYSDATA ensures that it collects and processes only data that is adequate, relevant and limited to what is necessary for the purposes for which it is processed. It is in this way that we respect the principle of data minimisation laid down by the GDPR.

Article 2: Purposes of processing

The data we collect is for a specific purpose, and is not used for any other purpose. Our purposes are determined, legitimate, explicit and compatible with our missions, in this case the management of activities relating to data hosting as well as ancillary services and ancillary activities.

The defined purpose makes it possible to determine the relevance of the data to be collected: only adequate data that is strictly necessary to achieve the defined purpose is collected and processed by ALWAYSDATA.

Article 3: Information to data subjects

In accordance with the GDPR, ALWAYSDATA informs and encourages its employees and collaborators, customers and prospects, suppliers and various partners to inform the person from whom personal data is collected:

• The identity and contact details of the data controller and, if applicable, the representative of the data controller;
• Where appropriate, the contact details of the data protection officer;
• The purposes of the processing operation for which the personal data is intended and the legal basis of the processing operation;
• Where appropriate, the legitimate interests pursued by the controller or by a third party;
• The recipients or categories of recipients of the personal data, if any;
• Where applicable, the fact that the controller intends to transfer personal data to a third country or to an international organisation;
• The period of time for which personal data is stored or, where that is not possible, the criteria used to determine that period;
• the existence of the right to request access, rectification or erasure of personal data from the controller, or a restriction on the processing in respect of the data subject, or the right to object to the processing and the right to data portability;
• Where appropriate, the existence of the right to withdraw consent at any time, without prejudice to the lawfulness of processing based on consent prior to withdrawal of consent;
• The right to lodge a complaint with a supervisory authority;
• Information on whether the requirement to provide personal data is regulatory or contractual in nature or whether it is a condition for the conclusion of a contract and whether the data subject is under an obligation to provide the personal data, as well as on the possible consequences of failure to provide such data;
• the existence of automated decision-making.

In the absence of individualised contact with the person concerned by the collection and processing, ALWAYSDATA encourages its employees and collaborators, customers and prospects, suppliers and various partners, to inform said person by all appropriate means according to the modalities of the collection (posting at the place of collection; information a posteriori, for example at the time of the first individualised contact with the person concerned; etc.).

Article 4: Recipients of the data

ALWAYSDATA does not communicate the data of its employees and collaborators, customers and prospective suppliers and various partners to third parties; ALWAYSDATA does not trade in them.

Your personal data is therefore only intended for specific recipients who are authorised to receive them, in this case and as the case may be, ALWAYSDATA and its subcontractors, ALWAYSDATA’s customers and their subcontractors as well as any other persons, organisations or entities to whom these customers may wish to communicate or show this data (in particular in the context of demos and presentations of our products and services), and this only for the purposes relating to the hosting of the data as well as ancillary services and activities.

Article 5: Data storage

ALWAYSDATA keeps the personal data of its employees and collaborators, customers and prospects, suppliers and various partners only for the time necessary for the operations for which they were collected and in compliance with the regulations in force.

This data is deleted after a maximum of 5 years after the end of the contractual relationship.

Data relating to prospects are kept for a maximum period of 3 years from the last contact between ALWAYSDATA and the prospect.

Article 6 : Data security

ALWAYSDATA determines and implements the means necessary for the protection of personal data in order to avoid risks resulting in particular from the destruction, loss, alteration, unauthorised disclosure of personal data transmitted, stored or otherwise processed, or unauthorised access to such data, whether accidental or unlawful.

These means shall consist of appropriate technical and organisational measures to ensure a level of security appropriate to the risk, and shall include, inter alia, as appropriate :

• Pseudonymisation and encryption of personal data;
• Means to ensure the continued confidentiality, integrity, availability and resilience of processing systems and services;
• Means to restore the availability of and access to personal data within appropriate time frames in the event of a physical or technical incident;
• A procedure for regularly testing, analysing and evaluating the effectiveness of technical and organisational measures to ensure the security of processing.

In particular, access to data is secured by strong security systems: identification by certificate, double authentication and other processes implemented by ALWAYSDATA.

Thus, the protection policy for personal data processed by ALWAYSDATA is organized around logical, physical or organizational measures.

Article 7: Restricted access to data

ALWAYSDATA defines and implements the access and confidentiality rules applicable to the personal data processed.

The access rights are updated in case of evolution or change of its beneficiary.

Article 8: Transfer of data outside the European Union

In principle, ALWAYSDATA does not transfer personal data outside the European Union.

Should such a transfer prove necessary, it would be within the scope of the purpose of the processing operation for which the data is intended.

In that case, the data recipients would only be given the categories of data necessary for the fulfilment of that purpose.

More generally, ALWAYSDATA would transfer data only in accordance with the provisions of Articles 44 to 50 of the GDPR.

Article 9: Rights of data subjects with regard to the collection and processing of personal data

In application of the GDPR and the provisions of Law No. 78-17 of 6 January 1978 relating to data processing, files and freedoms (known as the “Data Protection Act”), any natural person whose personal data is processed has the right to oppose the collection and processing of personal data concerning him or her, the right to access, rectify or delete such data (right to oblivion), the right not to be subject to a decision based solely on automatic processing, including profiling, the right to have the processing concerning her/himself restricted, the right to have information about the persons to whom the controller has transmitted personal data concerning her/him, and the right to the portability of such data as described in Articles 15 to 22 of the GDPR. It may exercise these rights by sending its request to moc.atadsyawla@opd accompanied by documents proving in particular its identity and signature.

Article 10: Data protection actors

Within the framework of the entry into force of the GDPR on 25 May 2018, ALWAYSDATA has appointed a Data Protection Officer (DPD or DPO) directly attached to the ALWAYSDATA Management.

In coordination with ALWAYSDATA’s Management, the DPO permanently ensures the conformity of all personal data processing within ALWAYSDATA.

Article 11: Maintenance of the non-contracting provisions of ALWAYSDATA’s GTCS

This Data Protection Policy supplements ALWAYSDATA’s Terms and Conditions, whose provisions not to the contrary remain applicable.

Therefore, any service provided by ALWAYSDATA for the benefit of the customer implies the customer’s unreserved adherence to this Personal Data Protection Policy.