This Privacy Policy is published by Descartes Développement & Innovation (DDI), Association under the Law of 1901, registered with the National Institute of Statistics and Economic Studies (INSEE) under the number 524 514 338 and located at 2 B rue Alfred Nobel 77420 Champs-sur-Marne, France (hereafter “DDI“).

DDI offers a website (hereinafter the “Site“) accessible at the URL www.descartes-devinnov.com/en in free navigation on the Internet for users visiting the Site (hereinafter the “Users“) in order to present its activity and to allow you to contact us.

In this respect, we are particularly sensitive to the respect of your private life as regards the protection of your personal data in our capacity as data controller. DDI thus undertakes to ensure the compliance of the processing carried out in its capacity as data controller in accordance with the regulations relating to personal data and in particular with Law n°78-17 of 6 January 1978 known as IT & civil liberties (“Informatique et Libertés”) and as amended with the General Data Protection Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 known as the “GDPR” (hereinafter the “Regulations“).

In the context of this policy, the expression “Personal Data” refers to any data relating to the User that allows him/her to be identified directly or indirectly.

 

ARTICLE 1 – PERSONAL DATA COLLECTED

We collect your Personal Data, notably through forms or when you browse the Site. 

With the exception of certain information that is strictly necessary for you to navigate the Site, the decision to provide us with your Personal Data is voluntary. Refusal to provide your Personal Data to DDI will not result in any major negative consequences. 

If you provide DDI with Personal Data that you have directly or indirectly collected from an individual, it is your responsibility to ensure that the individual has given you permission to share his or her Personal Data with DDI and that he or she is properly informed of this Privacy Policy.

Your Personal Data may have been provided directly to DDI by you (for example, when you complete a form available on the Site) or obtained indirectly from third parties through various technological means (including through cookies).

As a general principle, DDI’s Personal Data processing activities do not result in the collection of sensitive data through the Site or by other means. In the event that DDI does collect and process sensitive data, it will do so in accordance with legal requirements for the protection of privacy. 

• 1.1 Through forms

The following Personal Data may be collected and processed by DDI through the forms on the Website:

• Identification data: surname, first name, email address;
• Browsing data: IP address, Internet service provider, type of browser used, operating system, pages of the Site visited, date and time of access, or behavioural data relating to the behavioural analysis of actions and choices made. 

All Users undertake to communicate only accurate, complete and regularly
updated data concerning their identity, content and information in general. DDI
shall not be held liable in the event of the communication of illicit data or
data contrary to public order.

Certain Personal Data must be provided in order to benefit from certain
features of the Site (for example, in order to send you newsletters, DDI
requires your email address). In such cases, refusal to provide such
information could result in limiting the User’s access to certain services or
features offered by the Site.

 

Apart from these cases, the User is free
to provide or not all or part of his Personal Data.

 

1.2 When browsing the Site – Cookies

DDI informs the User that it deposits tracking technologies such as cookies on the User’s terminal when the User browses the Site.

Cookies are tracers that are deposited and/or read, for example, when you visit a website and stored in the browser of your terminal. They enable us to recognise your computer’s browser and to retain information for the duration of the cookie’s validity.

Below is a list of the cookies used on the Site, their purpose and how to disable them. 

These cookies are necessary for the proper functioning of the Site, for the use of its most important features and for the fluidity of navigation. These include security features, easy access features. These cookies cannot be deactivated.

Functional cookies:

These cookies make it possible to improve the quality of navigation on the Site, in particular by saving your preferences expressed during your visit to the Site. The information collected via these cookies is anonymous and does not allow to identify you. These cookies can be deactivated. 

Cookies for audience measurement:

 

These cookies are used on the Site to produce anonymous statistics. They allow us to recognise Users, count them and identify how they move around the Site when they use it. This allows us to improve the operation of the Site, for example by ensuring that Users can easily find what they are looking for. They can be deactivated. 

Advertising cookies: 

These cookies allow us to send you targeted advertising based on your interests. In particular, they are used to limit the number of times you see an advertisement and to help measure the effectiveness of an advertising campaign. Refusing these targeting cookies has no impact on the use of the Site. However, refusing targeting cookies will not stop advertising on the Site or on the Internet. It will only result in the display of advertising that does not take into account your interests or preferences. These cookies are mainly third-party cookies and can be disabled.

Social network cookies:

When the User uses one of the sharing buttons on the Site, a cookie may be installed by the relevant social network in order to share the content instantly on the social network. The Site does not block cookies from these third-party sites and has no control over their placement. You are invited to consult the cookie policy of these social networks for more information.

Management of cookies:

You can manage, deactivate or authorize cookies by indicating your choices on the tag manager accessible at the time of your first visit via the cookies banner or accessible here.

The User can also manage his/her cookies globally by changing the settings of his Internet browser by following the corresponding link below:

• Chrome: https://support.google.com/accounts/answer/61416?hl=fr
• Internet Explorer: http://windows.microsoft.com/fr-fr/windows7/block-enable-or-allow-cookies
• Firefox: https://support.mozilla.org/fr/kb/activer-desactiver-cookies
• Safari: https://support.apple.com/fr-fr/HT1677

ARTICLE 2 – PURPOSES OF THE PROCESSING OPERATIONS CARRIED OUT

The information you provide when using the Site is used to manage access and use of the Site. More specifically, the Personal Data collected during browsing, access and use of the Site are processed for the following purposes: 

• Site Management: DDI processes Personal Data to develop and improve its communication methods and the functionality of the Site, to improve the safety and security of the Site, to prevent fraud or other illegal activity.
• Marketing: DDI processes Personal Data to manage the User’s subscription to its newsletters.

Processing for marketing purposes requires the consent of the User. The latter may unsubscribe from these communications at any time. 

ARTICLE 3 – LEGAL BASIS FOR COLLECTION

The legal basis for the processing carried out by DDI from the Site can only be the following:

• DDI’s legitimate interests that do not override Users’ own interests; or
• the consent of the User. 

Where, pursuant to the Regulation, the processing of Personal Data requires your consent, DDI will ensure that it obtains such consent in advance. 

DDI will not process Users’ Personal Data for purposes other than those originally agreed upon without first informing them and obtaining their consent to the new processing, unless the processing is required or permitted by Law, or is in your vital interest.

DDI informs the User that Personal Data is kept only for the period of time strictly necessary for the purposes stated above and in accordance with the Regulations. The length of time we retain your Personal Data varies depending on the type of Personal Data and the purposes of the processing. 

Personal Data from cookies and tracers will be kept for a maximum of thirteen (13) months from the date of their collection. 

Finally, Personal Data collected for marketing purposes (newsletters) will be kept – unless unsubscribed – for a period of three (3) years from the date of collection or the last contact from the User. 

In its capacity as data controller, and in accordance with the Regulations, DDI undertakes to: 

• To collect Personal Data only for the strict purposes described above; 
• Implement all technical and organisational measures to guarantee the security, confidentiality, integrity, availability and resilience of the processing systems and services at all times; 
• Restrict access to Users’ Personal Data to persons duly authorised for this purpose;
• To raise awareness and train its staff on the processing of Personal Data; 
• Guarantee Users all their rights of access, portability, deletion, rectification and opposition for the collection and processing of their data; 
• Notify the competent supervisory authority of any security breach presenting a high risk to the rights and freedoms of Users within seventy-two (72) hours of the discovery of the breach.

ARTICLE 6 – EXERCICE OF USERS’ RIGHTS

You have the right (in the circumstances, on the conditions, and subject to the exceptions, provided by the applicable Law) to:

• Request access to the Personal Data that DDI processes about you: this right allows you to find out whether DDI holds your Personal Data and, if so, to obtain information and a copy of such Personal Data. 
• Request rectification of your Personal Information: this right allows you to have your Personal Data corrected if it is inaccurate or incomplete. 
• Object to the processing of your Personal Data: this right allows you to request that DDI ceases processing your Personal Data. 
• Request the deletion of your Personal Data: this right allows you to request that DDI deletes your Personal Data, including when such Personal Data is no longer necessary for the purposes for which it was collected. 
• Request restriction of processing of your Personal Data: this right allows you to request that DDI only processes your Personal Data in limited circumstances, including with your consent. 
• Request portability of your Personal Data: this right allows you to receive a copy (in a structured, commonly used and machine-readable format) of the Personal Data you have provided to DDI, or to request that DDI transfers such Personal Data to another controller.
• To the extent that the processing of your Personal Data falls within the scope of DDI’s standard contractual clauses (SCC), DDI may also inform you of your rights in this regard.
• Insofar as the processing of your Personal Data is based on your consent, you have the right to withdraw such consent at any time by contacting the data protection officer at attractivite@descartes-devinnov.com and providing proof of identity. 
• File a complaint with a personal data protection supervisory authority. The French authority is the National Commission for Data Protection and Liberties (CNIL, “Commission Nationale de l’Informatique et des Libertés”).

ARTICLE 7 – FRAUDEULENT INTRUSION

In the event of fraudulent intrusion into its systems, theft, destruction, loss, alteration, disclosure, unauthorized access, or any other malicious act, DDI undertakes, if said intrusion creates a high risk for the rights and freedoms of Users to notify the latter of (i) the nature of the intrusion, (ii) the probable consequences of the malicious act, (iii) the measures proposed to remedy the malicious act, within seventy-two (72) hours of becoming aware of the intrusion.

The malicious act presenting a significant risk for the rights and freedoms of the Users will be communicated to the competent control authority.

User data is only accessible to persons duly authorised by DDI for the purposes of management, administration or maintenance of the Site, to the exclusion of any commercial use, and where applicable, for the purposes of implementing the rights of Users with regard to their data (in particular the right of access, withdrawal, rectification, opposition, portability and oblivion).

DDI informs the User that it notably uses the following subcontractors:

• Unikweb
  
• Google analytics
  
• Consentmanager AB

In any event, DDI requests that third party recipients of the User’s Personal Data undertake to comply with the Regulations.

 

ARTICLE 9 – SPECIFICITIES FOR MINOR UNDER THE AGE OF 16

The Site is not intended for minors under the age of 16. 

However, if information is collected on a minor under the age of 16 from the Site, the minor’s legal representative must give his or her prior consent and validate the communication of the Personal Data.

DDI reserves the right to make any changes to this privacy policy, in particular as a result of changes in the Laws and Regulations into force, it being specified, however, that it will duly inform the User.

 

Date of the privacy policy: 27/05/2021