Capitalized terms used in this General Privacy Policy (hereinafter the “Policy”) are defined in the Appendix “Definitions”.
DPO Consulting attaches the utmost importance and care to the protection of privacy and personal data and to compliance with the relevant legal provisions in force.
This privacy policy (hereinafter the “Policy”) aims to provide simple, clear and complete information to individuals (“you”, “your”) about the processing of personal data concerning you and implemented by DPO Consulting in its capacity as data controller.
This policy covers data processing activities performed within the framework of:
– the management of the website dpo-consulting.com and the requests sent from the online forms on this website;
– Sending the DPO Consulting newsletter
– Recruitment of DPO Consulting staff
– Management of clients, prospects, service providers and partners of DPO Consulting
– Management of inter-company training courses organised by DPO Consulting
For all these data processing activities, DPO Consulting is the entity that determines the means and purposes and thus acts as data controller within the meaning of the applicable regulations on personal data and in particular EU Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereafter “GDPR”).
In this Policy, “DPO Consulting”, “we”, “us” and “our” refer to:
DPO Consulting, a simplified joint stock company with headquarters at 18 rue Pasquier, 75008 Paris, France, registered with the Paris Trade and Companies Register under number 817 754 138 and represented by Marine BROGLI in her capacity as President of DPO Consulting.
You can find all the information about DPO Consulting on our legal notice page.
Within the framework of its audit, outsourced DPO and intra-companies training activities, DPO Consulting, acts as a data processor within the meaning of the GDPR and only upon instructions from its clients, who act as data controllers. The implementation of the processing carried out within the framework of these activities are described in the Terms and Conditions and Sale of DPO Consulting or in the contract signed with the client and are not covered by this Policy.
DPO Consulting ensures that the fundamental data protection principles are observed for each data processing operation. This section informs you about the general rules applicable to all data processing operations covered by this Policy. Section II details, for each data processing operation, the specific conditions and procedures for carrying out the operation.
Each form on the website limits the collection of Personal Data to that which is strictly necessary and indicates the purpose(s) of the collection of such Data as well as the Recipient(s) of the Data. The information required to manage your request is indicated by an asterisk on each form. If you do not fill in these mandatory fields, DPO Consulting will not be able to answer your requests and/or provide you with the requested services. Other information is optional and allows us to better manage your request and improve our communications and services to you.
For minimisation purposes and insofar as DPO Consulting’s activities are offered to professionals, the forms on the DPO Consulting website have been set to accept professional email addresses only (with the exception of the job application form). In other words, email addresses whose extension is that of a public email provider such as gmail, yahoo, hotmail, mail.com, etc. will block the sending of the form; in this case, you are invited to send us an email at contact@dpo-consulting.com.
We never share your Personal Information with other companies for marketing purposes. Each section dedicated to a Processing operation details the internal Recipients who may access and process the Data concerned. The Data may be transmitted to technical service providers chosen for their expertise and reliability who act on our behalf and according to our instructions (IT subcontractor, host of our servers, etc.). We only allow these service providers to use your Personal Information to the extent necessary to perform services on our behalf or to comply with legal requirements and we endeavour to ensure that your Personal Information is protected at all times. DPO Consulting may also disclose your Data to Third Parties when such disclosure is required by law, regulation or court order, or if such disclosure is necessary to protect and defend our rights.
All such third parties may come from countries inside or outside the European Union (“EU”), including countries that do not offer the same level of data protection as your residence country. In such a case, the Data we collect when you use our platform or services may be transferred to other countries. This is for example the case if some of our service providers are located outside the European Economic Area. In the event of such a Transfer, we guarantee that it will be carried out :
– To a country that provides an adequate level of protection, i.e. a level of protection equivalent to that required by European Regulations;
– Within the framework of standard contractual clauses;
– Within the framework of internal company rules.
DPO Consulting is committed to protect your Personal Data from loss, destruction, alteration, unauthorised access or disclosure. To this end, DPO Consulting implements appropriate technical and organisational measures, with regard to the nature of the data and the risks involved in its processing, to preserve the security and confidentiality of your personal data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorised third parties.
These measures may include, but are not limited to, practices such as limited access to data by staff of the services authorised to access it because of their functions, contractual guarantees in the event of recourse to an external provider, privacy impact assessments, regular reviews of our privacy practices and policies and/or physical and/or logical security measures (secure access, authentication process, backups, antivirus software, firewall, etc.).
DPO Consulting services are not intended for minors. Therefore, we do not knowingly collect or process personal data relating to minors. In the event that we become aware of the collection of personal data from minors without the prior consent of the holder of parental responsibility, we will take appropriate measures to delete such personal data from our servers and/or those of our providers.
When you browse the DPO Consulting website, you may need to:
o Completing a response form to an actual recruitment
o Request a quote
o Download documents
o Make a request for a brochure and/or information about a service
Within the framework of these activities, and on the basis of your consent that you express by accepting and submitting the contact request, DPO Consulting processes and stores the following personal data concerning you to respond to your contact request: the information provided on the form, namely your identity, your contact details and, where applicable, the content of the message, as well as any information communicated subsequently during our exchanges. These data are processed by the department concerned by your request for the time necessary to answer you.
Depending on your request and the content of our exchanges, the data thus collected may be used for other purposes such as managing a request for a quote or a registration for a training course; these data processing operations are then subject to the terms and conditions relating thereto.
We also inform you that we make anonymous statistics about the number of visitors to the DPO Consulting website, which do not allow us to identify you.
DPO Consulting collects and uses the Identification Data and business contact information of prospects and clients, including the Public Data available on the Internet, for the purpose of promoting the services and events of DPO Consulting.This Processing is based on the legitimate interest of DPO Consulting to promote its activities to professional profiles likely to be interested in the services and products of DPO Consulting. You may object to receiving our newsletter at any time and without justification, by clicking here or on the unsubscribe link integrated in the email or by notifying DPO Consulting directly via the contact means identified in section III.
The Data are treated and preserved for this purpose by the commercial service of DPO Consulting, subject to a request of unsubscription:
– for the prospects: during 3 years as from the last contact
– for the clients: the time of the commercial relation then during 3 years as from the end of the commercial relation. In the event of indirect collection of your data for purposes of marketing communication, in particular of public Data on Internet, DPO Consulting will take care to inform you as of the first communication, and in any event in the month following the collection of the Data, of the envisaged use and of your possibility of opposing the processing of your Data to commercial purposes.
DPO Consulting may also process personal data concerning you when:
– You request a quote for audit, advice, outsourced DPO or training, via the form filled online or directly by phone;
– your company concludes a contract with DPO Consulting as a client, provider or partner.
In this context, DPO Consulting is going to collect information on:
– the contact(s) indicated to DPO Consulting such as the contact indicated on the form, the main contact for the contract, the contact for invoices and any other contact (name, first name, business e-mail address, business telephone number, function), all information contained in the exchanges (nature of the request, etc.);
– the signatory(ies) of the contract: surname, first name, function, signature.
This data is intended, where necessary, for employees responsible for monitoring the business relationship and/or partnership, accounting/invoicing and for employees of the departments involved in the request/contract.
They are collected and stored:
Your contact details may also be used to send you the DPO Consulting Newsletter on DPO Consulting services and events. For more information, please see section B. “Processing for the purpose of promoting DPO Consulting services and events”.
DPO Consulting is led to process Personal Data concerning you when you submit an unsolicited application or when you apply to an advertisement posted by DPO Consulting (via the “Careers” area of the DPO Consulting website).
In this context, Personal Data about you is collected:
– directly from you during the recruitment process;
– indirectly from Third Parties for the verification of your diplomas and references, with your consent.
The Data collected are the following: surname, first name, email address, telephone number, professional experience as well as all the information that you communicate to us via the transmission of your application and/or your curriculum vitae and/or interviews: photo, skills, level of education, languages spoken, salary expectations, personal address, hobbies, family situation, etc.
If you communicate us the coordinates of a reference, it is your responsibility to ensure that this one is informed and gave you its agreement.
These Data are collected and kept only within the framework of the management of your candidature, on the basis of the legitimate interest of DPO Consulting and/or of your Consent and are not used for any other purpose, in particular commercial.
They are kept:
– in the event of a positive outcome to an application: the Data relating to an employee are preserved for the time of its presence within DPO Consulting and after its departure for the applicable legal duration of conservation;
– in the event of negative outcome of an application: one (1) year, unless you object.
Your Personal Data will in any case be destroyed upon your request (see section on DPO contact details), within a maximum period of 1 month from your request.
These data are processed by the collaborators in charge of the recruitment within DPO Consulting only and, in an incidental way, for technical and logistic reasons, to the data controllers of DPO Consulting.
DPO Consulting is led to process Personal Data concerning you when you register for a training course organised by DPO Consulting, via the online registration form or by telephone with the Training Department.
In this context, DPO Consulting will collect information relating to :
– the trainees: surname, first name, e-mail and postal addresses, telephone number, level of knowledge in the field of personal data;
– company representatives (training and finance departments): surname, first name, title, e-mail and postal addresses, telephone number.
These Data are collected and treated by DPO Consulting’s training department in order to register the trainees with the trainings corresponding to their level of knowledge, to address the supports of training to them and to invoice the services.
They are kept for the duration of the training contract and, in order to meet our legitimate interest to ensure the protection and the defences of our rights in the event of litigation, for five (5) years following the end of the contractual relationship.
It is also used by the sales department in order to communicate on the services and events of DPO Consulting, under the conditions of section B.
In accordance with the regulations in force, you have a right of access and of correction of your personal data and the right to request the deletion (right to be forgotten), the right to oppose the processing of your personal data and the right to obtain the limitation or portability of your personal data to the extent that this is applicable, subject to urgent, legitimate grounds DPO Consulting may show to retain your Data.
With regard to personal data relating to your application, we invite you to keep your information up to date by notifying DPO Consulting.
In addition, you may at any time and without justification, request to no longer receive our newsletter and, more generally, our communications relating to our services, news and events by using the hyperlink provided for this purpose in each email we send you.
When you exercise your rights, our Data Protection Officer processes your personal data for the purposes of managing your request (title, surname, first name, copy of identity document, nature of the request, response provided). This data is kept for a period of three (3) years, with the exception of a copy of your identity document, which is kept for one (1) year.
For any information or exercise of your rights on the processing of personal data managed by DPO Consulting you can contact our Data Protection Officer (DPO):
– By email at the following address: dpo@dpo-consulting.com
– By postal mail at the following address:
DPO Consulting
To the Data Protection Officer (DPO)
18 rue Pasquier
75008 PARIS
If there is reasonable doubt about the identity of the applicant, proof of identity may be requested.
You also have the right to complain to the Commission Nationale de l’Informatique et des Libertés (CNIL), 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07, about any complaint relating to the way in which DPO Consulting collects and processes your data.
Our website www.dpo-consulting.fr uses cookies.
A “cookie” is a small text file which can be registered on the user’s hard drive (computer, digital tablet, smartphone, etc.) while you are navigating on the website. A cookie allows its sender (us or any audience measurement supplier) to identify and recognise the terminal on which it is registered, during the whole validity or registration period of the cookie (13 months maximum).
Our website uses 3 types of cookies:
– Internal cookies necessary for the functioning of the website: these cookies allow the website to function optimally. They allow you to navigate from one page to another. Their deposit is functional and essential for the total optimisation of the website. You cannot object to them.
– Cookies to measure the audience: in order to adapt the website to the visitors’ requests, we measure the traffic on our website, in an anonymous way, via an analytical solution. This solution measures the number of unique visitors, the number of pages viewed, the country of origin of the connection to the website, the access service (live, via a search engine or a social network), the type of device used (computer, mobile or tablet), the most consulted and shared articles, as well as the time and date of visit. You can opt out of these cookies via our cookies banner on your first visit or by clicking on “revoke previously accepted cookies” at the bottom of your browser
– Advertising cookies: our social networks may place cookies in your browser to enable you to navigate from these networks to our website. You can object to these cookies by clicking on our cookies banner on your first visit or by clicking on “revoke previously accepted cookies” at the bottom of your browser.
We do not use cookies for commercial purposes such as retargeting. You can follow our offers and news by subscribing to our newsletter by clicking here.
Cookies can be set directly via your Internet browser and, depending on the type of browser used, can be systematically refused during navigation or authorised on a case-by-case basis.
DPO Consulting’s website can contain links to social media plateforms managed from third-party servers, by people or entities on which DPO Consulting has no control.
On this basis, DPO Consulting cannot be held responsible of the way your personal data are stored or used on the third-party’s servers. Our advice is to be aware of the personal data protection policy applicable to each third-party’s website on which you will navigate in order to appreciate the way your personal data will be used by such websites.
DPO Consulting may modify the data protection policy if needed. We will ensure that you are aware of any modification of this policy by special mention on the website, or by a personalised warning, for example by a special mention in the newsletter.
Consent: any free, specific, informed and unambiguous expression of will by which the Data Subject accepts, by a declaration or by a clear positive act, that Personal Data concerning him or her may be processed.
Data Protection Officer (or “DPO”): the person appointed by DPO Consulting in charge of the protection of Personal Data within DPO Consulting and the compliance of DPO Consulting with the applicable Legislation.
Recipient: natural or legal person, public authority, service or any other body that receives communication of Personal Data, whether or not it is a Third Party.
Personal Data/Data: any information relating to a Data Subject including by reference to an identifier such as a name, identification number, ID card number, salary, health records, bank account information, driving or consumption habits, location Data, online identifier, etc. The term “Personal Data” includes sensitive Personal Data.
Sensitive Personal Data/Sensitive Personal Data: means Personal Data revealing or based on:
– racial or ethnic origin, political, religious or philosophical opinions
– membership of a trade union
– physical or mental health
– sexual orientation or sex life
– Genetic and biometric Data
– Data relating to criminal convictions, offences or related security measures.
Applicable legislation: set of regulations relative to the protection of the personal Data and applicable to the processings of personal Data carried out by DPO Consulting, namely the European Regulation n°2016/679 relative to the protection of the Data to personal character (GDPR), the Data-processing law and freedoms modified, and any other regulation which would be relative to it, applicable to DPO Consulting.
Data Subject: a natural person who is the subject of Personal Data and who can be identified or identifiable, directly or indirectly, through that Personal Data. This includes former and current customers, prospects, and employees.
Controller: the natural or legal person who, individually or jointly, decides what Personal Data is collected, why and how it is collected and processed.
GDPR: abbreviation of the European Regulation n°2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
Processor: any natural or legal person, Public Authority, agency or other body that processes Personal Data on behalf of the Controller and according to its instructions (e.g. contractors or suppliers).
Third party: any natural or legal person, public authority, agency or other body other than the Data Subject, the Controller, the Processor and those persons who, under the direct authority of the Controller or the Processor, are entitled or authorised to process the Data.
Processing: any operation or set of operations carried out or not by means of automated processes and applied to Personal Data, such as collecting, accessing, recording, copying, transferring, keeping, storing, cross-referencing, modifying, structuring, making available, communicating, recording, destroying, whether automatically, semi-automatically or otherwise. This list is not exhaustive.
Transfer of Data: any communication, copying or movement of Data over a network, or any communication, copying or movement of such Data from one medium to another, irrespective of that medium, of Personal Data to a country outside the European Union or to an international organisation which is or is intended to be Processed after such Transfer.
Cookies are data placed on your computer or mobile phone. They are differentiated by their unique identifiers, associated with your computers or phones. Cookies help prevent you from having a bad consumer experience on your favourite websites, as they remember your actions and preferences. This means you don’t have to enter your browsing preferences each time you use the website, such as location, font or language.
These “cookies” are stored in your computer’s RAM. They do not allow us to identify you; however, they record information relating to your computer’s navigation on the website (the pages you consulted, the date and time of the consultation, etc.) which we can read during your subsequent visits.
For the whole processings of Data related to the collection of the cookies, DPO Consulting, SAS registered with the Paris Commercial & Compagnies Registry under the number B 817 754 138au capital of 5 500€, having its registered office with the 18 rue Pasquier 75008 Paris, determines the means and the finalities of the processing. Thus, DPO Consulting acts as a Data Controller, in the sense of the Regulation on Personal Data, and in particular of the Regulation (EU) 2016/679 on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such Data.
DPO Consulting attaches the utmost importance and care to the protection of privacy and Personal Data, as well as to compliance with the provisions of the applicable Legislation.
This Cookies policy (hereinafter the “Policy”) aims to provide you with simple, clear information on how your Data is collected through the cookies placed on the internet.
When you first visit the website, a banner will inform you of the presence of these cookies and invite you to indicate your choice. Cookies requiring your consent in accordance with the regulations are only deposited if you accept them. You may at any time inform yourself and configure the cookies to accept or refuse them by going to the [Cookie Management] page at the bottom of each page of the website or by configuring your browser.
All data relating to a terminal at a given time may be collected via cookies, in particular
– One or more technical identifiers that identify your Internet box
– The date, time and duration of a terminal’s connection to a website;
– The Internet address of the page from which the terminal accesses the website;
– The type of operating system of the terminal (e.g. Windows, MacOs, Linux, Unix, etc.);
– The type and version of the browser software used by the terminal (Internet Explorer, Firefox, Safari, Chrome, Opera, etc.);
– The make and model of the mobile terminal or tablet;
– Possible download errors;
– The language of the browser software used by the terminal;
– The characteristics of the content consulted and shared.
On the website, we may place different types of cookies for several purposes:
– Cookies needed for the personalisation and operation of the website: they allow you to use the main features of the website and in particular to record information between two visits to the website on the same device, to record session connection identifiers or even elements of customisation of the interface (choice of language or presentation). They do not require your prior consent. These cookies are essential for the proper functioning of the website. If you refuse to accept these cookies on your terminal or browser, or if you delete the cookies stored on it, you will be informed that your browsing experience on the website may be limited.
– Analytical, statistical or website audience measurement cookies that allow us to know the use and performance of the website audience and to improve its operation for our visitors, for example, to establish statistics and volumes of traffic and use of the various elements making up the website (sections and content visited, path), in order to improve the interest and ergonomics of the website.
– The social network cookies placed by the social networks when you share with other people the contents of our websites or let them know your opinion on these contents via an application button. These cookies are only set when you have expressly consented to them through the banner presented at the time of your first connection. We have no control over the process used by these social networks to collect information relating to your browsing on our websites and associated and Personal Data they hold. We invite you to consult their data protection policies in order to know your rights with respect to each of them, and to manage your privacy settings.
– Advertising cookies, which allow us to choose in real time which advertisements to display on third-party websites. These cookies are only deposit when you have expressly consented to them through the banner presented when you first connect.
COOKIE’S NAME | PURPOSE | RETENTION PERIOD |
Operating cookies | Allowing information to be saved between two visits to the same website on the same device. They can be used to record a shopping basket, session connection identifiers or interface customisation elements (choice of language or presentation). They do not require the user’s consent. | 6 months |
Marketing cookies | Enable sharing of website content on social networks. | 25 months |
Audience statistics cookies | Allowing the tracking of a user’s actions on a website. When statistics are anonymous (i.e. not traceable to an individual), user consent is not required if they meet specific conditions. | 13 months |
Consent Cookies | Enable the user to consent by a clear positive act. | 6 months |
The entities placing the cookies on the website are:
– The editor of the website is DPO Consulting and the data processors of DPO Consulting namely the technical service providers which treat your Data of navigation for the account of DPO Consulting;
– The publishers of social networks that may place cookies on the website are Facebook, LinkedIn;
– Our commercial partners:
– Hubspot;
– Google;
– Youtube;
– AWS.
The deposit of a cookie for the purposes of audience measurement, personalisation of content, social networks and targeted advertising requires your prior consent. This consent is requested through the banner that is displayed when you first browse the website. You can choose to accept the deposit of cookies for all the purposes listed, refuse them or personalise your choice. You can withdraw your consent at any time by going to the [Cookie Management] page at the bottom of each page of the website.
You have the choice to set your browser to accept or reject all cookies, to delete cookies periodically or to see when a cookie is issued, how long it is valid, and its content, and to refuse its storage on your hard drive.
You can choose to block or disable these cookies at any time by adjusting your computer, tablet or mobile internet browser settings in accordance with the instructions set out by your internet browser provider and listed on the websites below:
Open the “Tools” menu, then select “Internet Options”; click on the “Privacy” tab and then the “Advanced” tab; choose the desired level or follow the link below:
Open the “Tools” menu, then select “Internet Options”; click on the “Privacy” tab and then the “Advanced” tab; choose the desired level or follow the link below:
Open the “Tools” menu, then select “Options”; click on the “Privacy” tab and choose the desired options or follow this link:
https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
Choose “Safari > Preferences” and then click on “Security”; in the “Accept Cookies” section choose the desired options or follow this link: https://support.apple.com/fr-fr/guide/safari/sfri11471/mac
Open the configuration menu (spanner logo), then select “Options”; click on “Advanced Options” and then in the “Privacy” section, click on “Content Settings”, and choose the desired options or follow the following link:
https://policies.google.com/technologies/cookies?hl=en-US
https://support.apple.com/en-gb/guide/safari/sfri11471/mac
You can also type “cookies” in the “help” section of your browser to access instructions on how to set them.
For more information, you can also consult the CNIL (French supervisory authority) website:
https://www.cnil.fr/en/cookies-and-other-tracking-devices-cnil-publishes-new-guidelines
Policy updated on November, 2021 by DPO Consulting