Personal data protection is particularly governed by EU Regulation (EU) 2016/679 of the European Parliament and Council dated 27 April 2016 relating to the protection of individuals in the processing of personal data and the free movement of such data, otherwise called the General Data Protection Regulation (hereinafter the « GDPR ») and Act n° 78-17 dated 6 January 1978 amended referred to as « Information Technology and Privacy Act » (hereinafter « Act n° 78-17 »).
As part of its business, Extinctium, a company with a share capital of 460 000 euros, whose head office is located at Rue Duhamel du Monceau – ZA de la Guinette – 45300 Dadonville, registered in the Register of Commerce and Companies of Orleans under the number 349 462 192, collects and processes for its account the personal data of their customers, prospective customers, subcontractors, service providers or various partners (hereinafter referred to generally as “Customers“).
Extinctium caries out the processing of the Customer's personal data provided that the latter:
- (i) has entered into a contract for the provision of services and / or the acquisition of solutions;
- (ii) completed an electronic collection form in order to participate in an event organized by Extinctium;
- (iii) has registered or subscribed for services posted by Extinctium (for instance, website, social networks, YouTube channel); and or
- (iv) that the Customer’s formal consent has been secured (e.g. the posting of cookies on the Customer's browsing terminal when he visits a website published by Extinctium).
Customers are informed on each personal data collection form of the mandatory or optional nature of the responses by the presence of an asterisk.
Where answers are required, Extinctium explains to the Customers the consequences of a lack of response.
The personal data collected in this context are as follows:
NON-TECHNICAL DATA (depending on the use case):
- (i) Identification: name, surname, title, position, pseudonym, pseudo social networks;
- (ii) Contact information: phone, e-mail address, postal address, fax, ...;
- (iii) Photo: when you grant us this right (usually taken during an event or interview at our events);
- (iv) Professional life: occupation, degrees, professional background, ...;
- (v) Banking data as necessary;
- (vi) Personal life and lifestyle (e.g., shopping habits, purchase plans).
Extinctium collects and processes the Customer's personal data relating to his browsing and behaviour on a website published by Extinctium.
The personal data collected in this context are as follows:
TECHNICAL DATA (depending on the use case)
- (i) Identification Data (IP)
- (ii) Connection data (logs in particular)
- (iii) Data on consent (click) mainly for access to our services (Sentinel etc.)
Extinctium does not deal with sensitive data in the meaning of Article 9 of the GDPR (personal data that show racial or ethnic origin, philosophical, political, trade union, religious opinions, sexual or health life).
The processing of the personal data of the Customer by Extinctium is necessary to enable it to accomplish the following purposes:
- (i) file processing;
- (ii) customer relationship management;
- (iii) management of events organized by the DEF Network (lectures, breakfasts, etc.);
- (iv) sending newsletters or news feeds;
- (v) improved site browsing
- (vi) answers to questions asked (by telephone or online);
- (vii) responses to public or private tenders;
- (viii) personalized business monitoring;
- (ix) improvement of its services;
- (x) responses to our administrative duties;
- (xi) management of requests for the exercising of the rights persons concerned such as listed in Article 8 below.
Extinctium agrees not to pass on the personal data of its Customers to a third party that may use them for its own purposes, without their formal consent.
Extinctium ensures that the data are accessible only to authorized internal or external recipients.
- (i) All employees of Extinctium The in-house recipients of Extinctium are trained and authorized to process personal data.
- (i) Providers or support services (subcontractors, various service providers, etc.)
- (ii) Lawyers, experts, agents, bailiffs, etc.
- (iii) Courts
- (iv) Administration
When the recipient concerned is located outside the European Union, or in a country that does not have an adequate regulation in the meaning of the GDPR, Extinctium manages its contractual relationship with this third party by adopting an appropriate contractual mechanism.
It should be noted that Extinctium may be required to pass on the personal data of its Customers to respond to an injunction by the legal authorities.
Audience measurement statistics are not retained for more than thirteen (13) months.
However, at the end of the aforementioned periods, including as and when necessary from the Customer's request for deletion, his / her personal data may be the subject of interim filing so that Extinctium can meet to its legal retention duties:
- (i) a contract entered into in the course of a business relationship will be retained for five (5) years after the date of its execution;
- (ii) a contract entered into electronically in an amount greater than or equal to 120 euros will be kept for two (2) years after the date of its execution;
- (iii) banking records will be kept for five (5) years as from their release;
- (iv) records relating to the management of orders will be kept for ten (10) years;
- (v) billing management documents will be retained for ten (10) years.
Some data may be filed beyond the standard durations (i) in the event of litigation in order to make it possible to establish the reality of the disputed facts; and / or (ii) for the purposes of the investigation, detection and prosecution of criminal offenses for the sole purpose of enabling, as needed, the provision of such data to the judicial authority.
Filing requires that these data be anonymous and can no longer be viewed online but that they may be extracted and stored on an autonomous and secure medium.
After the deadlines set in the said policy, the data are deleted.
- (i) the request originates from the person himself and is accompanied by a copy of an identity document, up to date;
- (ii) the request should be made in writing and sent to the following address: email@example.com
Upon receipt of the right to portability of the data, Customers have the right to request a copy of their personal data being processed.
The requested information will be provided in electronic form, unless otherwise requested. Customers are informed that these rights can never cover to confidential information or data or for data which the law does not authorize the communication. These rights cannot under any circumstances allow access to Defence Secret classified documents.
The right to the deletion of the personal data of the Customers will not be applicable in the cases where the treatment is implemented to meet a legal requirement.
The Customer may, at any time, file a complaint before the relevant supervisory authority.
In this case, Extinctium ensures that the subcontractor complies with its duties under the GDPR.
Extinctium agrees to sign a written contract with all its subcontractors and imposes on subcontractors the same data protection duties as its own. In addition, Extinctium reserves the right to conduct an audit of its subcontractors to ensure compliance with the provisions of the GDPR.
Such measures include but are not limited to:
- (i) the use of security measures for access to the premises (closing of offices, badges, etc.);
- (ii) secured access to our computers and smartphones (passwords changed regularly);
- (iii) setting up logins and passwords for all our business applications;
- (iv) the management of authorizations for access to data (specificity for our financial and accounting and communication services);
- (v) use of VPN for remote connections;
- (vi) use of the complex passwords for our Wi-Fi network, changed each month.
In any case, Extinctium undertakes, in the event of a change in the means to ensure the security and confidentiality of personal data, to replace them by means of superior performance. No evolution can lead to a decrease in the security level.
Any new version of this policy will be brought to the attention of the Customers by any means chosen by Extinctium including by electronic means (circulation by email or online for instance).