DPO Consulting attaches the utmost importance and care to the protection of privacy and personal data and to compliance with the relevant legal provisions in force.
This policy covers data processing activities performed within the framework of:
- The management of the website http://www.dpo-consulting.com and the requests sent from the online forms on this website
- The sending of DPO Consulting’s newsletter
- The recruitment of DPO Consulting’s employees
- The management of DPO Consulting’s clients, service providers and partners
- The management of inter-companies training courses organised by DPO Consulting
For all these data processing activities, DPO Consulting is the entity that determines the means and purposes and thus acts as data controller within the meaning of the applicable regulations on personal data and in particular EU Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereafter “GDPR”).
In this Policy, “DPO Consulting”, “we”, “us” and “our” refer to:
DPO Consulting, a simplified joint stock company with registered office at 112 boulevard Haussmann, 75008 Paris, France, registered in the Paris Trade and Companies Register under the number 817 754 138 and represented by Marine BROGLI in its capacity as President of DPO Consulting.
You can find all information about DPO Consulting on our legal notice page.
Within the framework of its audit, outsourced DPO and intra-companies training activities, DPO Consulting acts as a data processor within the meaning of the GDPR and only upon instructions from its clients, who act as data controllers. The implementation of the processing carried out within the framework of these activities are described in the Terms and Conditions of Sale of DPO Consulting or in the contract signed with the client and are not covered by this Policy.
The processing operations related to the website www.mydposolution.com and the myDPO Solution are also subject to separate policies and are not covered by this Policy.
- General rules applicable to all data processing operations carried out by DPO Consulting
DPO Consulting ensures that the fundamental data protection principles are observed for each data processing operation. This section informs you about the general rules applicable to all data processing operations covered by this Policy. Section II details, for each data processing operation, the specific conditions and procedures for carrying out the operation.
a. Data minimisation
Each form on the website limits the collection of personal data to what is strictly necessary and indicates the purpose(s) for which the data is collected as well as the recipient(s) of the data.
The information required to manage your request is indicated by an asterisk on each form. If you do not fill in these mandatory fields, DPO Consulting will not be able to answer your requests and/or provide you with the requested services. Other information is optional and allows us to better manage your request and improve our communications and services to you.
b. Sharing your data with third parties and transferring your data outside the European
We never share your personal information with other companies for direct marketing purposes.
Each section dedicated to a data processing operation details the internal recipients responsible for accessing and processing the data concerned. The data may be transmitted to technical service providers chosen for their expertise and reliability who act on our behalf and according to our instructions (IT subcontractor, host of our servers, etc.).
We allow these providers to use your personal data only to the extent necessary to perform services on our behalf or to comply with legal requirements and we strive to ensure that your personal data is always protected.
DPO Consulting may also disclose your data to third parties when such disclosure is required by law, regulation or court order, or if such disclosure is necessary to protect and defend our rights.
All such third parties may come from countries inside or outside the European Union (“EU”), including countries that do not offer the same level of data protection as your country of residence. In such a case and to the extent required by applicable law, we will ensure that:
- We have asked for and obtained your express and unambiguous consent to share your personal data with these third parties; or
- We have concluded data transfer contracts complying at least with the standard contractual clauses adopted by the European Commission; or
- For third parties located in the United States, we have ensured that they have joined the EU-U.S. Privacy Shield and registered as such with the US administration.
c. Security of your data
DPO Consulting is committed to protecting your personal data from loss, destruction, alteration, unauthorised access or disclosure. To this end, DPO Consulting implements appropriate technical and organisational measures, with regard to the nature of the data and the risks involved in its processing, to preserve the security and confidentiality of your personal data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorised third parties.
These measures may include, but are not limited to, precautions such as limiting access to data to authorised staff only because of their functions, contractual guarantees in the event of recourse to an external provider, conducting privacy impact assessments, reviewing regularly our privacy practices and policies and/or physical and/or logical security measures (secure access, authentication process, backups, antivirus software, firewall, etc.).
d. Data concerning minors
DPO Consulting services are not intended for minors. Therefore, we do not knowingly collect or process personal data relating to minors. In the event that we become aware of the collection of personal data from minors without the prior consent of the holder of parental responsibility, we will take appropriate measures to delete such personal data from our servers and/or those of our providers.
2. Data processing implemented by DPO Consulting
a. Management of the DPO Consulting website and requests sent from online forms
When you browse the DPO Consulting website, you may be prompted to:
- discuss with an employee of DPO Consulting through the online chat service;
- make a contact request via the contact forms.
Within the framework of these activities, and on the basis of your consent that you express by accepting the online chat service and/or submitting the contact request, DPO Consulting processes and stores the following personal data concerning you:
- To respond to your contact request: the information provided on the form, namely your identity, your contact details and, where applicable, the content of the message, as well as any information communicated subsequently during our exchanges. These data are processed by the department concerned by your request for the time necessary to answer you.
- Within the framework of the online chat service, conversations history and technical data related to login information, which are stored for 6 months
In both cases and depending on your request and the content of our exchanges, the data thus collected may be used for other purposes such as managing a request for a quote or a registration for a training course; these data processing operations are then subject to the terms and conditions relating thereto.
We also inform you that we make anonymous statistics about the number of visitors to the DPO Consulting website, which do not allow us to identify you.
b. Processing for promoting DPO Consulting’s events and services
DPO Consulting collects and uses identification data and professional contact details of clients’ and prospects’ point of contact.
These data are processed and stored for this purpose by DPO Consulting’s sales department, except in the case of an unsubscribe request:
- Concerning prospects: for 3 years from the last contact
- Concerning clients: during the contractual relationship, then for 3 years from the end of the contractual relationship
This processing is based on the legitimate interest of DPO Consulting in promoting its activities. You may object to receive our newsletter at any time and without justification, by clicking on the unsubscribe link included in the email or directly by notifying to the DPO that you object to the processing via the contact details identified in section III.
c. Processing for prospect, customer, service provider and partner management purposes
DPO Consulting may also process personal data concerning you when:
- You request a quote for audits, outsourced DPO and intra-companies training services, via the online form on the website or directly by telephone with the commercial department;
- Your company concludes a contract with DPO Consulting as a client, service provider or partner.
In this context, DPO Consulting will collect information on:
- The contact(s) indicated to DPO Consulting such as the contact indicated on the form, the main contact for the contract, the contact for invoices and any other contact (name, first name, business e-mail address, business telephone number, function), all information contained in the exchanges (nature of the request, etc.);
- The signatory(ies) of the contract: surname, first name, function, signature.
This data is intended, where necessary, for employees responsible for monitoring the business relationship and/or partnership, accounting/invoicing and for employees of the departments involved in the request/contract.
They are collected and stored:
- For quotation requests that do not result in the conclusion of a contract: the time required to study and follow up the request + one (1) year after the request is closed (or the last contact has taken place if applicable)
- For contracts and in order to execute the contract: the duration of the contractual relationship
- In order to meet our legitimate interest in ensuring the protection and defence of our rights in the event of litigation, for five (5) years following the end of the contractual relationship.
Your contact details might also be used to send you DPO Consulting’s newsletter about services and events of DPO Consulting. For more information, you are invited to check section b) “Processing for promoting DPO Consulting’s events and services”.
d. Processing for recruitment purposes
DPO Consulting processes your personal data related when you submit a spontaneous application or apply to a recruitment ad posted by DPO Consulting (via the “Career” page of the DPO Consulting website or job-seeking platforms such as Indeed).
In this context, your personal data are collected:
- Directly from you during the recruitment process, and
- Indirectly from third parties to check your diplomas and references, with your consent.
Personal data collected are as follow: first name, surname, email address, phone number, professional experience and all information you provide when you submit your application and/or your curriculum vitae and/or during job interviews: pictures, skills, level of education, languages spoken, salary expectations, home address, hobbies, etc.
If you provide your reference’s contact details, you are responsible for ensuring that he or she is informed and has given his or her agreement.
These data are collected and used for the management of your application, on the basis of DPO Consulting’s legitimate interest and/or your consent and are not used for marketing purposes.
These data are stored:
- In the event of a positive outcome to an application: personal data concerning an employee are stored during his or her period of employment at DPO Consulting and after his or her leaving, during the applicable legal retention period.
- In the event of a negative outcome to an application: for six (6) months unless you object to the processing.
You are entitled to request the deletion of your personal data will at any time during the recruitment process, being understood that doing so will prevent DPO Consulting from examining your application. See section III for the DPO’s contact details.
These data are only processed by employees in charge of recruitment at DPO Consulting and, incidentally, for technical and logistical reasons, by DPO Consulting’s sub-processors.
e. Processing for inter-companies training courses management purposes
DPO Consulting processes your personal data when you register for an inter-company training course organised by DPO Consulting, via the online registration form or by telephone directly with the Training Department.
In this context, DPO Consulting collects information concerning:
- Trainees: first name, surname, email and postal address, phone number, level of knowledge in personal data protection
- Company’s representatives (Training and Finance departments): first name, surname, title, email and postal address, phone number
These data are collected and stored by DPO Consulting’s Training department in order to register trainees to the training courses corresponding to their level of knowledge, send training materials and charge for training services.
These data are stored for the entire duration of the training contract and, in order to meet our legitimate interest in ensuring the protection and defence of our rights in the event of litigation, for five (5) years following the end of the contractual relationship.
These data are also used by DPO Consulting’s Sales department to communicate about DPO Consulting’s services and events, under the conditions of section b).
3. Exercise of your rights and contact details of our Data Protection Officer
In accordance with the regulations in force, you have a right of access and of correction of your personal data and the right to request the deletion (right to be forgotten), the right to oppose the processing of your personal data and the right to obtain the limitation or portability of your personal data to the extent that this is applicable, subject to urgent, legitimate grounds DPO Consulting may show to retain your Data.
As regards the personal data related to your application, we request that you keep up-to-date the information about you by notifying any change to DPO Consulting.
Moreover, you may request at any time to no longer receive our newsletter, et more generally, communications about our services, news and events by using the hypertext link provided for this purpose in each email we send to you.
When you exercise your rights, our Data Protection Officer processes your personal data for the purposes of managing your request (title, surname, first name, copy of identity document, nature of the request, response provided). This data is kept for a period of three (3) years, with the exception of a copy of your identity document, which is kept for one (1) year.
Lorsque vous exercez vos droits, notre Délégué à la protection des données traite vos données personnelles à des fins de gestion de votre demande (civilité, nom, prénom, copie de la pièce d’identité, nature de la demande, réponse apportée). Ces données sont conservées pendant une durée de trois (3) ans, à l’exception de la copie de votre pièce d’identité, laquelle est conservée un (1) an.
For any information or exercise of your rights on the processing of personal data managed by DPO Consulting, you can contact our Data Protection Officer (DPO) by accompanying your request with a copy of an identity document bearing your signature (identity card, passport):
- By email at: firstname.lastname@example.org
- Par courrier à l’adresse suivante :
A l’attention du délégué à la protection des données (DPO)
112 boulevard Haussmann
You also have the right to bring a claim with the French Data Protection Authority (the Commission Nationale de l’Informatique et des Libertés or CNIL), 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07, about the manner in which DPO Consulting collects and processes your data.
4. Cookies on our website
A « cookie » is a small text file that may be recorded in a dedicated space of the disk drive of your terminal (computer, tablet, smartphone, etc.) when you consult the Website. A cookie allows its issuer (us or our audience measurement providers) to identify and recognize the terminal on which it is recorded, for the entire period of the cookie’s validity or recording (max 13 months).
Our website uses 3 types of cookies:
- Internal cookies necessary for the website to function: these cookies enable the site to function optimally. You may object and delete them using your browser settings, however your user experience may be degraded.
- Cookies for audience measurement: in order to adapt the site to visitors’ requests, we measure the traffic on our website, anonymously, via an analytical solution: the number of unique visitors, the number of pages viewed, the country of origin of the connection to the website, the service that provided access (live, through a search engine or a social network), the type of device used (computer, mobile or tablet), the most viewed and shared articles and the time and date of attendance.
The setting of cookies can be made directly via your Internet browser and, depending on the type of browser used, allows the choice of systematically refusing cookies during browsing or their authorisation on a case-by-case basis. To learn more about the configuration to follow, consult the dedicated page on the CNIL website (https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser).
5. Links to third-party websites
The DPO Consulting website may contain links to social media platforms over which DPO Consulting has no control.
6. Changes to this Policy