Cosmo Tech

Privacy Policy

Privacy Policy

We attach great importance to the protection of your Personal Data and pay close attention to compliance with privacy regulations, in particular European Regulation n°2016/679 of April 26th, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR) and Law n°78-17 of January 6, 1978 known as “Informatique et libertés” amended in 2018 (the “Legislation in Force“). 

We invite you to carefully read this privacy policy (the “Policy”), which contains important information about how we collect, use and communicate some of your Personal Data in order to meet your needs but also to improve the quality of the services we offer you. This Policy applies to all types of Personal Data, whatever their form (e.g., electronic, paper, etc.) and all types of Data Processing, whether manual or automated. Its scope includes the Personal Data of our partners, subcontractors, consultants, clients, users, prospect, suppliers and applicants, and more generally of any third party whose Personal Data we process in the course of our business.

The Policy is divided into two parts as it includes:

  • The privacy policy relating to the collection and processing of Personal Data where we are acting as the Data Controller, and more specifically: 
    • The collection and processing of Personal Data carried out generally in the context of our business (below);
    • The collection and processing of Personal Data carried out on the website accessible at the following address: https://cosmotech.com/fr/ (the “Site”). This privacy policy applies to you when you browse the Site or log in to your partner account on the Site (below);
  • The privacy policy relating to the collection and processing of Personal Data when we act as Data Processor, i.e., carried out on the COSMO solutions (the “Solutions”). This policy applies to you when you are a User of the Solutions (below).


Who are we ?

Your Personal Data is collected and processed by COSMO TECH, a simplified joint stock company, registered in the Lyon Trade and Companies Register under number 523 175 644, whose registered office is located at 05, passage du Vercors – 69007 LYON – France (hereinafter “we”, “us” or “our”). 

We invite you to contact us at the following address: dpo@cosmotech.com 

Definitions

To help you better understand the Policy, please refer to the definitions given below which will be used throughout our Policy:

“Data Controller”

Refers to the person who determines the purposes and means of the Data Processing;

“Data Processor”

Refers to the person who processes Personal Data on the instructions of the Data Controller in the context of a service or provision; 

“Data Processing” or “processing” or to “process”

Refers to any operation or set of operations carried out using automated or manual processes on an electronic or paper medium, such as the collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission and dissemination of Personal Data;

“Data Subject”

Means any natural person whose Personal Data is collected and processed by us;

“Informed Consent”

Means any freely given, specific and informed indication of the Data Subject’s agreement to the processing of his or her Personal Data; 

“Legislation in Force”

Has the meaning set forth above;

“Personal Data” 

Refers to any information that directly or indirectly identifies or makes identifiable a natural person;

“Purpose of Processing”

Means the main purpose for which we collect and process Personal Data;

“Site”

Has the meaning set forth above;

“Solutions”

Has the meaning set forth above;

“You”, “your”, or “User”

Means the natural person whose Personal Data is collected for processing hereunder, and who is a Data Subject within the meaning of Legislation in Force.

GENERAL PRIVACY POLICY OF COSMO AS DATA CONTROLLER

COSMO acts as a Data Controller:

When COSMO enters into relations with prospects and when it enters into a contractual relationship with its partners, clients and suppliers. Generally speaking, certain processing operations are common to all of COSMO’s activities.

1. How do we collect Your Personal Data?

We collect Personal Data from You in a number of ways:

  • When we enter into a contractual relationship with You as a supplier, partner, or client;
  • When You send us any request resulting from the sending of the form “Contact an expert” available on our Site;
  • When You send us a request to create an account on our Site;
  • When You send us a request made via the “book a demo” form available on our Site;
  • When You send us a request to receive our Newsletter on our Site;
  • When You apply for one of our job offers on our Site;
  • When You contact us via social networks (Facebook, twitter);
  • Indirectly and automatically through cookies or other analysis tools. 


2. What is a cookie?

Browsing the Site may cause cookies to be installed on your terminal (by us and/or our Data Processors). When You connect to the Site, You are asked to configure your choices regarding cookies. 

2.1 Definition

GENERAL PRIVACY POLICY OF COSMO AS DATA CONTROLLER

A cookie is a small text file, deposited on your terminal, via the Internet browser, for example when visiting a site, reading an email, installing software, etc.

A cookie does not allow You to be identified but records information about your browsing.

2.2 Types of cookies used

The different types of cookies and their purposes:

  • Consultation of the Site entails the deposit by us of cookies on your terminal in order to simplify and improve your navigation on the Site and to personalize the services offered to You under the conditions defined below;
  • Necessary cookies: these are those that are strictly necessary for the proper functioning of the Site (for example: cookies that allow us to remember Your choice on the deposit of cookies, certain audience measurement cookies). These cookies contribute to the technical functioning of the Site and cannot be deactivated.
  • Functional cookies: these cookies make it possible to improve navigation on the Site and in particular to make navigation more fluid and personalized without being essential to the proper functioning of the Site.
  • Analytical cookies or audience measurement: these cookies allow us to know the use and performance of the Site and to improve its operation (for example, the most visited pages of the Site, the number of people connected at a given time and the place of connection, etc.).


2.3 Cookie retention time 

We store the cookies listed above, subject to your consent and settings, for a maximum of thirteen (13) months.

2.4 Cookie settings

When You log on to the Site, you are invited to set your cookie preferences. You can modify your choices at any time. However, the setting of cookies is likely to have effects on your navigation on the Site. It is therefore advisable to set the parameters of cookies according to their respective purposes.

3. What Personal Data do we collect?

We collect the following Personal Data:

  • When You become our supplier, client or partner or when you are a prospect: surname, first name, job title, e-mail address, telephone number, LinkedIn profil;
  • To follow up User client metrics with Azure Insight (Microsoft): user iD, logs, IP address;
  • When You send us an email via “Contact an expert” form available on our site: first name, last name, professional e-mail address, all Personal Data provided in the free field;
  • When You send us an email via the “book a demo” form available on our site: surname name, last name, e-mail address, company name and any data You send us via the free “message” field;
  • When we prospect You or make reporting: Surname, last name, function, email, LinkedIn credential, customer ID
  • When You request the creation of an account on our Site as a partner: first name, last name, email address;
  • When we create User access for clients to the Solutions: name, surname, email, name of the company, id and passwords;
  • When You register to receive our Newsletter on our Site: email;
  • When You apply for one of our job offers on our Site: full name, email address, CV/resume, data You send us via the free “message” field;
  • When You contact us via social networks (Facebook, Twitter) and/or when You share and/or comment COSMO content from your social network account: name, surname, pseudonym, photograph or avatar, messages exchanged, etc.
  • When managing invoicing/orders (clients, suppliers): surname, last name, professional email address, function, phone number ; 
  • Information that we automatically collect through cookies or other analysis tools (your IP address, and Personal Data submitted through contact forms on the Site via HubSpot and Personal Data collected through other third party cookies via LinkedIn notably);
  • When managing request to exercise your rights: surname, first name, e-mail address, subject of request, action taken, data relating the requester ID copy.


Details:      

We respect the principles of minimization and accuracy when collecting your Personal Data: we ensure that the Personal Data we collect is relevant, adequate and not excessive in relation to the Purposes of Processing and their possible use. This means that only information that is necessary and relevant to the Purposes can be collected and processed.

4. What are the Data Processing and the Purposes of Processing?

Management of contact via our Site, opening and managing User account on the Site

 

 

To respond to your requests on our Site (e.g., book a demo, send You our newsletters) ;

To manage the partner or client account on the Site (e.g., to enable You to download our promotional materials from your User account or to access to e-learning trainings) ;

Details

Your Personal Data will not be further processed in a manner incompatible with these Purposes of Processing
Management of the User’ account to the Solutions (clients)

To manage User account of the Solutions and User support; 

  

 

Prospection

 

 Management of prospection;  

The realization of statistics and analyses

 To improve the use of the Site;  

To interact with social network users and management of social network accounts

 

 

 

To interact with You when You contact us via social networks, namely Twitter and Facebook (e.g., via messenger) and to manage our accounts on the aforementioned social networks;

To enable You to share and/or comment COSMO content from your social network account;

  

 

To manage contractual relationship with clients and partners and follow up User metrics (clients)

 

To manage the commercial relationship, the orders,  delivery, etc.)

To follow-up User metrics (client)

  

 

Recruitment management

 

 To manage the recruitment, to process your job application through the Site  

 

Invoicing/purchase order

 

 To manage invoicing and purchase orders;  

 

To manage contractual relationship with suppliers

 

 To source suppliers, place orders and pay suppliers ;  

 

Management of exercise requests

 

 To receive requests via the dedicated e-mail service, process, track and respond to requests, manage request history  

5. What is the legal basis enabling us to process Your Personal Data? 

We only process Personal Data on a precisely identified legal basis, namely: 

  • The Informed Consent You have given for us to collect and process your Personal Data for the Purposes of Processing identified above; 
  • Our legitimate interests in processing your Personal Data; 
  • The performance of pre-contractual measures or the contract we have entered into with You, where we have entered into a contractual relationship;
  • To comply with our legal obligations, in particular when managing invoicing or handling requests to exercise rights.


6. What security and confidentiality measures do we put in place to protect Your Personal Data?

Technical and organizational measures implemented

 

 

 

 

 We protect Personal Data collected, used, stored and disclosed by complying with the technical and organizational measures necessary to ensure its security, integrity and absolute confidentiality. Technical and organizational measures complying with applicable standards are implemented to prevent any accidental or unlawful destruction or loss, alteration, unauthorized disclosure or access, or any other form of unlawful or unauthorized processing. We implement these measures from the earliest stages of designing processing operations, so as to protect the principles of confidentiality and data protection from the outset (“Privacy by design”). By default, we ensure that Personal Data is processed to protect privacy (for example: by limiting its accessibility to only those who need to have access to it), so that Personal Data is not accessible to an indeterminate or excessively large number of people (“Privacy by default”).

 

Selection of service providers and partners

We select service providers and partners offering sufficient guarantees to implement technical and organizational measures that are at least as protective.

 

Documentation

 

We establish and maintain the documentation necessary to demonstrate compliance with all our obligations under the Legislation in Force.

 

Breach of Personal Data

 

 

When required by the Legislation in Force, we will notify the User and any Data Subject, as well as the competent supervisory authority, of any breach of Personal Data within the required legal timeframe after becoming aware of it. We undertake to implement technical and organizational security measures in order to limit the impact of any Personal Data breach and to ensure that it does not recur.


7. For how long do we keep your Personal Data?

We retain Personal Data for as long as is necessary for the purposes for which it was collected and processed, after which we archive it for the applicable retention period as defined in our retention policy. The purposes of this archiving and the corresponding retention periods are indicated below:

The use of your contact Personal Data via our Site for sending our newsletter and any communication by electronic means (including in particular responses to solicitations via the forms available on the Site), and for opening and managing a User account on the Site

 

 

 

 

The Personal Data collected during the contact process is kept for a maximum period of:

  • the time to answer to your message plus three (3) years for a prospect;
  • the duration of the contractual years plus three (3) years for a client or partner;
  • until You ask for unsubscribe for the newsletter.

 
Management of the User’ account to the Solutions (clients)

The duration of the contractual years plus three (3) years 

 

Prospection

 

Three (3) years the collection or as from last incoming contact with a prospect

 

The realization of statistics and analyzes in order to improve the use of the Site

 

The Personal Data is kept for three (3) years from the last incoming contact.

 

Interaction on social networks and account management

 

For the duration of existence of the social network account.

To manage contractual relationship with clients and partners and follow-up User metrics

 

 

For the duration of the contractual years plus three (3) years

For the duration of the contractual years (follow-up User metrics with Azure Insight)

Invoicing/ purchase order

 

 

For the duration of the contract plus three (3) years for the clients or suppliers, plus ten (10) years in accordance with COSMO TECH’s legal obligations.

Recruitment management

 

 

For the duration of the recruitment process, and for a maximum of two (2) years from the date your CV/resume is collected or the last contact by email

 

Manage the contractual relationship with suppliers

 

 

For the duration of the contract, plus three (3) years from the end of the contract for probationary purposes.

 

Managing cookies not subject to consent

 

The retention period does not exceed thirteen (13) months.

Managing cookies subject to consent

 

The retention period does not exceed thirteen (13) months.

Management of requests to exercise rights

 

 

 

 

 

 

 

The Personal Data is kept for the calendar year of the request, plus (5) five years. 

Any identity documents transmitted are: 

  • Immediately deleted when the request validly addressed to the referent did not require the transmission of an identity document; 
  • Deleted one (1) year after receipt of the request in all other cases.

 

Any third-party processing Personal Data on our behalf will retain it only for as long as is necessary for the purposes for which it was collected and processed and for other compatible purposes, which may include:

  • participation in the applicable Purposes of Processing as set out above; or
  • the need to comply with a legal or regulatory requirement and applicable statutes of limitation;
  • the defense against legal or contractual claims (in which case Personal Data may be retained until the end of the relevant statute of limitations or in accordance with applicable litigation hold policies).

 

All reasonable steps are taken to ensure that Personal Data is kept in a sufficiently accurate and up-to-date form at each stage of Data Processing.

We encourage Data Subjects to help us keep your Personal Data up to date by exercising your rights, in particular of access and rectification.


8. What Are your Rights as a Data Subject?

We are receptive to requests relating to your Personal Data and, in accordance with the Legislation in Force, we give You the possibility of accessing, correcting, restricting and deleting your Personal Data. We also allow you to object to the Data Processing of your Personal Data and to exercise your right to data portability.

To exercise your rights, please contact our data protection office at dpo@cosmotech.com. 

You also have the right to lodge a complaint with the competent authority for the control of Personal Data, the “Commission Nationale de l’Informatique et des Libertés” (https://www.cnil.fr/fr/plaintes) if You feel that we have not respected your rights.

Right of access

 

We will provide access to all Personal Data relating to a Data Subject in accordance with the Legislation in Force, the Purposes of Processing, the categories of Personal Data processed, the categories of recipients, the data retention period, the rights of rectification, deletion or restriction of Personal Data consulted where applicable, etc.

Right of portability

 

We may also provide a copy of any Personal Data we retain in a compatible and structured format to enable the exercise of the right to data portability to the extent relevant under applicable law.

 
Right of rectification Data Subjects may ask us to correct, amend or delete any Personal Data that is incomplete, out of date or inaccurate.

Right of erasure

 

 

Data Subjects may request the erasure of their Personal Data (i) if such Personal Data is no longer necessary for the purposes of the Data Processing, (ii) the Data Subject has withdrawn consent to Data Processing based exclusively on such consent, (iii) the Data Subject has objected to the Data Processing, (iv) the Data Processing of the Personal Data is unlawful, or (v) the Personal Data must be erased to comply with a legal obligation applicable to us.

Right of limitation

 

 

Data Subjects may request the limitation of their Personal Data (i) if the accuracy of the Personal Data is disputed in order to allow us to verify this accuracy, (ii) if the Data Subject wishes rather to limit the Personal Data than to delete it despite the fact that the Data Processing is unlawful, (iii) if the Data Subject wishes us to retain the Personal Data because it needs it for its defense in the context of claims.
Right to withdraw consent

 

Where the Data Processing of Personal Data is based on the consent of the Data Subject, the Data Subject may withdraw consent at any time, without the lawfulness of the Data Processing based on consent being affected prior to withdrawal.
Right to object

 

The Data Subject may also object to the Data Processing of his or her Personal Data at any time when his or her data is used for marketing purposes to send targeted advertising, or object to the sharing of his or her Personal Data with Third Parties, or when the Data Processing is based on the legitimate interest we have, unless we can justify legitimate grounds that outweigh the Data Subject’s rights and freedoms or the establishment, exercise or defense of legal claims.
Digital legacy

 

Data Subjects have the right to define (general or specific) directives concerning the use of their Personal Data after their death.
Profiling

 

We do not make fully automated decisions that have a legal effect or significant impact on a Data Subject on the basis of activity profiling that person, except where required or permitted by applicable law, the performance of a contract or the consent of the Data Subject, and where appropriate safeguards are put in place to protect the rights of the Data Subject.

9. To whom can we transmit your Personal Data?

Internal use: people in charge of marketing, sales, administrative and IT departments and their line managers

Your Personal Data may be processed by our employees, within the limits of their respective responsibilities and exclusively in order to achieve the purposes set out in this Policy. In this case, our employees undertake to respect the confidentiality of your Personal Data.

Disclosing to third parties

 

 

 

 

 

 

Personal Data is disclosed to third parties only to the extent that there is a legal justification for such sharing (e.g., the Data Subject has given consent, disclosure is necessary to perform a contract, pursuit of a legitimate aim that does not infringe the Data Subject’s fundamental rights, including the right to privacy). Disclosure is made on a strictly limited “need-to-know” basis in relation to the legal basis. If disclosure is necessary to comply with a legal obligation (for example, for a government agency or police force/security service) or as part of legal proceedings, Personal Data may generally be provided as long as disclosure is limited to what is legally required and, if permitted by law, the Data Subject has been informed of the situation.

Our Data Processors

 

 

 

 

 

 

 

 

In accordance with its commitments, we choose our Data Processors carefully and requires them to:

  • A level of protection of Personal Data equivalent to his own;
  • Use of Personal Data or information solely for the purpose of administering the services they are to provide;
  • Strict compliance with applicable laws and regulations regarding privacy and Personal Data;
  • The implementation of all appropriate measures to ensure the protection of Personal Data that they may be required to process;
  • The definition of the technical and organizational measures necessary to ensure security.

We conclude with its Data Processors, in accordance with legal obligations, contracts defining precisely the conditions and modalities of the Processing of Personal Data.
Administrative and legal authorities We may be required to communicate Personal Data to the competent administrative and legal authorities in response to legal requests.

 

10. Are your Personal Data transferred outside the European Union?

The various categories of Personal Data collected and processed by us may be transmitted to Data Processors located in countries outside the European Union such as the United States.

In case of transfer of all or part of the Personal Data subject to Data Processing to a third country, i.e., located outside the European Union or not presenting a level of protection recognized as adequate within the meaning of the regulations, or to an international organization, we undertake to provide the appropriate guarantees provided for within the regulations and to ensure that its Data Processors respect them.

Such transfers may be governed by a cross-border flow agreement drawn up in accordance with the standard contractual clauses for data controllers and processors issued by the European Commission and currently in force.


11. How do We handle complaints?

We are committed to resolving legitimate privacy concerns of Data Subjects. We investigate all claims of potential or actual violations of this Policy, or the Legislation in Force brought to our attention and will take all reasonable steps to limit their impact.

Details

In the event of a complaint that is not satisfactorily resolved, we will cooperate with the appropriate data protection supervisory authorities and comply with their advice in resolving any outstanding complaint. If we or the data protection supervisory authorities determine that our company or one or more of our employees has not complied with the Policy, we will take appropriate steps to remedy the effects of such non-compliance and promote future compliance.


12. Modification of the Policy

This Policy was last updated on the date indicated on page 1. We reserve the right to modify this Privacy Policy. If this Privacy Policy changes, we will not lower the level of protection afforded to your Personal Data. In the event of significant modifications to the terms of the present Policy (i.e., relating to legal basis, Purposes of Processing, or the exercise of rights), we undertake to inform You by any written means at least thirty (30) days prior to the effective date. Any access to the Site after this Period will be subject to the terms of this new Policy. Any Data Subject whose Personal Data is subject to this Policy acknowledges that the only version of the Policy that is authoritative is the online version. 

GENERAL PRIVACY POLICY OF COSMO SOLUTIONS


1. How do we collect your Personal Data? 

We collect your Personal Data when You use the Solutions and its functionalities, or more generally when your Personal Data is processed as a part of the use of the Solutions.


2. What are the Personal Data that we collect?

We collect the following Personal Data when You use the Solutions : login, password including e-mail address, metrics according to your parameters

Details

We respect the principles of minimization and accuracy when collecting your Personal Data: We ensure that the Personal Data we collect is relevant, adequate and not excessive in relation to the Purposes of Processing and their possible use. This means that only information that is necessary and relevant to the Purposes can be collected and processed.

 


3. Who is the Data Controller?

Within the framework of the operation of the Solutions, the Data Controller is the client whose use of the Solutions involves the processing of your Personal Data, and we act as Data Processor on behalf of this Data Controller (the Initial Processing). In this context, we simply follow the instructions of the Data Controller.

In some cases where your Personal Data is also processed as part of the operation of the Solutions, We act as a Data Processor, for example when We process data for the purposes of fraud and malware prevention and detection, security incident management, creation of statistics, and improvement of the Solutions (Subsequent Processing). This Subsequent Processing is compatible with the Initial Processing given (among other things) the link that exists between these two processes (use and improvement of the Solutions), the nature of the Personal Data involved (absence of sensitive data), the limited consequences of the Subsequent Processing for the Data Subjects, and the existence of appropriate safeguards that We implement as part of this Processing.


4. What are the Purposes of Processing?

 

To provide the Solutions

 

 

 

 

 

Providing the Solution to clients

  • To create authentication information
  • To manage product access
  • To provide associated services
  • To track metrics

Details

Personal Data will not be further processed in a manner incompatible with these Purposes of Processing

 

 

 

 


5. What is the legal basis enabling us to process Your Personal Data? 

We only process Personal Data on a precisely identified legal basis.

For the Solution, this means:

  • To perform the contract with the client acting as Data Controller;
  • To comply with our legal obligations, in particular when we process Personal Data to manage your requests to exercise your rights by collaborating with the Data Controller.


6. What security and confidentiality measures do we put in place to protect your Personal Data?

Technical and organizational measures implemented

 

 

 

 

 

 We protect Personal Data collected, used, stored and disclosed by complying with the technical and organizational measures necessary to ensure its security, integrity and absolute confidentiality. Technical and organizational measures complying with applicable standards are implemented to prevent any accidental or unlawful destruction or loss, alteration, unauthorized disclosure or access, or any other form of unlawful or unauthorized processing. We implement these measures from the earliest stages of designing processing operations, so as to protect the principles of confidentiality and data protection from the outset (“Privacy by design”). By default, we ensure that Personal Data is processed to protect privacy (for example: by limiting its accessibility to only those who need to have access to it), so that Personal Data is not accessible to an indeterminate or excessively large number of people (“Privacy by default”).  
Selection of service providers and partners

We select service providers and partners offering sufficient guarantees to implement technical and organizational measures that are at least as protective.

 

  

Documentation

 

We establish and maintain the documentation necessary to demonstrate compliance with all our obligations under the Legislation in Force.

 

  

Breach of Personal Data

 

When required by the Legislation in Force, we will notify the User and any Data Subject, as well as the competent supervisory authority, of any breach of Personal Data within the required legal timeframe after becoming aware of it. We undertake to implement technical and organizational security measures in order to limit the impact of any Personal Data breach and to ensure that it does not recur.

  


7. For how long do we keep your Personal Data?

We retain Personal Data for as long as is necessary for the purposes for which it was collected and processed, after which we archive it for the applicable retention period as defined in our retention policy. The purposes of this archiving and the corresponding retention periods are indicated below:

 

To provide the Solution

The Personal Data is kept for the duration of the contract with the client.


8. What Are your rights as a Data Subject?

We are receptive to requests relating to your Personal Data and, in accordance with the Legislation in Force, we give You the possibility of accessing, correcting, restricting and deleting your Personal Data. We also allow you to object to the Data Processing of your Personal Data and to exercise your right to data portability.

To exercise your rights, please use the contact details provided above or write to the Data Controller. 

You also have the right to lodge a complaint with the competent authority for the control of Personal Data, the “Commission Nationale de l’Informatique et des Libertés” (https://www.cnil.fr/fr/plaintes) if You feel that we have not respected your rights.


Right of access

 

We will provide access to all Personal Data relating to a Data Subject in accordance with the Legislation in Force, the Purposes of Processing, the categories of Personal Data processed, the categories of recipients, the data retention period, the rights of rectification, deletion or restriction of Personal Data consulted where applicable, etc.

Right of portability

 

We may also provide a copy of any Personal Data we retain in a compatible and structured format to enable the exercise of the right to data portability to the extent relevant under applicable law.

Right of rectification

 

Data Subjects may ask us to correct, amend or delete any Personal Data that is incomplete, out of date or inaccurate. 


Right of erasure

 

 

 

Data Subjects may request the erasure of their Personal Data (i) if such Personal Data is no longer necessary for the purposes of the Data Processing, (ii) the Data Subject has withdrawn consent to Data Processing based exclusively on such consent, (iii) the Data Subject has objected to the Data Processing, (iv) the Data Processing of the Personal Data is unlawful, or (v) the Personal Data must be erased to comply with a legal obligation applicable to us.


Right of limitation

 

 

Data Subjects may request the limitation of their Personal Data (i) if the accuracy of the Personal Data is disputed in order to allow us to verify this accuracy, (ii) if the Data Subject wishes rather to limit the Personal Data than to delete it despite the fact that the Data Processing is unlawful, (iii) if the Data Subject wishes us to retain the Personal Data because it needs it for its defense in the context of claims.

Right to withdraw consent 

Where the Data Processing of Personal Data is based on the consent of the Data Subject, the Data Subject may withdraw consent at any time, without the lawfulness of the Data Processing based on consent being affected prior to withdrawal.


Right to object

 

 

 

 

The Data Subject may also object to the Data Processing of his or her Personal Data at any time when his or her data is used for marketing purposes to send targeted advertising, or object to the sharing of his or her Personal Data with Third Parties, or when the Data Processing is based on the legitimate interest we have, unless we can justify legitimate grounds that outweigh the Data Subject’s rights and freedoms or the establishment, exercise or defense of legal claims.

Digital legacy

 

Data Subjects have the right to define (general or specific) directives concerning the use of their Personal Data after their death.

Profiling

 

 

We do not make fully automated decisions that have a legal effect or significant impact on a Data Subject on the basis of activity profiling that person, except where required or permitted by applicable law, the performance of a contract or the consent of the Data Subject, and where appropriate safeguards are put in place to protect the rights of the Data Subject.


9. To whom can we transmit your Personal Data? 

 

 

Internal use: people in charge of marketing, sales, administrative and IT departments and their line managers

Your Personal Data may be processed by our employees, within the limits of their respective responsibilities and exclusively in order to achieve the purposes set out in this Policy. In this case, our employees undertake to respect the confidentiality of your Personal Data.

Disclosing to third parties

 

 

 

 

 

Personal Data is disclosed to third parties only to the extent that there is a legal justification for such sharing (e.g., the Data Subject has given consent, disclosure is necessary to perform a contract, pursuit of a legitimate aim that does not infringe the Data Subject’s fundamental rights, including the right to privacy). Disclosure is made on a strictly limited “need-to-know” basis in relation to the legal basis. If disclosure is necessary to comply with a legal obligation (for example, for a government agency or police force/security service) or as part of legal proceedings, Personal Data may generally be provided as long as disclosure is limited to what is legally required and, if permitted by law, the Data Subject has been informed of the situation.

Our Data Sub-Processors

 

 

 

 

 

 

 

 

In accordance with its commitments, we choose our Data Sub-Processors carefully and requires them to:

  • A level of protection of Personal Data equivalent to his own;
  • Use of Personal Data or information solely for the purpose of administering the services they are to provide;
  • Strict compliance with applicable laws and regulations regarding privacy and Personal Data;
  • The implementation of all appropriate measures to ensure the protection of Personal Data that they may be required to process;
  • The definition of the technical and organizational measures necessary to ensure security.

We conclude with its Data Processors, in accordance with legal obligations, contracts defining precisely the conditions and modalities of the Processing of Personal Data.

Administrative and legal authorities

We may be required to communicate Personal Data to the competent administrative and legal authorities in response to legal requests.


10. Are your Personal Data transferred outside the European Union?

The various categories of Personal Data collected and processed by us may be transmitted to Data Processors located in countries outside the European Union such as the United States.

In case of transfer of all or part of the Personal Data subject to Data Processing to a third country, i.e., located outside the European Union or not presenting a level of protection recognized as adequate within the meaning of the regulations, or to an international organization, we undertake to provide the appropriate guarantees provided for within the regulations and to ensure that its Data Processors respect them.

Such transfers may be governed by a cross-border flow agreement drawn up in accordance with the standard contractual clauses for data controllers and processors issued by the European Commission and currently in force.


11. How do we handle complaints?

We are committed to resolving legitimate privacy concerns of Data Subjects. We investigate all claims of potential or actual violations of this Policy, or the Legislation in Force brought to our attention and will take all reasonable steps to limit their impact.

  

Details

In the event of a complaint that is not satisfactorily resolved, We will cooperate with the appropriate data protection supervisory authorities and comply with their advice in resolving any outstanding complaint. If We or the data protection supervisory authorities determine that our company or one or more of our employees has not complied with the Policy, We will take appropriate steps to remedy the effects of such non-compliance and promote future compliance.


12. Modification of the Policy

This Policy was last updated on the date indicated on page 1. We reserve the right to modify this Privacy Policy. If this Privacy Policy changes, we will not lower the level of protection afforded to your Personal Data. In the event of significant modifications to the terms of the present Policy (i.e., relating to legal basis, Purposes of Processing, or the exercise of rights), we undertake to inform You by any written means at least thirty (30) days prior to the effective date. Any access to the Site after this Period will be subject to the terms of this new Policy. Any Data Subject whose Personal Data is subject to this Policy acknowledges that the only version of the Policy that is authoritative is the online version. 

BY USING THE SOLUTION, YOU ACCEPT THE TERMS AND CONDITIONS MENTIONED IN THIS POLICY

Contact an expert

Ready to get started or just want to learn more? Reach out to the Cosmo Tech team to discuss your project today.

Newsletter

Sign up to receive the latest Cosmo Tech news straight to your inbox.