PROTECTION OF YOUR PERSONAL DATA
1. Who are we?
In the Charter, “Ardenoy Consulting” refers to the Company Ardenoy Consulting, digital publisher, whose registered office is located at CC Boisripeaux, 97139 LES ABYMES, FRANCE. To find out more, please visit our dedicated page on the Ardenoy Consulting corporate website. We can offer our solutions in partnership with the companies and organisations of which you are a client/user. In the implementation of these programmes, Ardenoy Consulting and its partners are jointly responsible for the processing of your personal data and their respective responsibilities have been determined by agreement. To exercise your rights regarding the processing of your personal data under these programmes,you can contact the Ardenoy Consulting IT and Freedoms department or our partners as defined in section 9 “HOW TO EXERCISE YOUR RIGHTS? of this Policy. We work closely with our partners to facilitate the exercise of your rights and to deal with any questions or complaints.
2. What are our commitments regarding the protection of your personal data?
As privacy is one of our major concerns and is at the heart of the experience we wish to offer through the use of our services, we are committed to guaranteeing a high level of protection of the personal data of our customers, prospects, users of our websites or our mobile applications and, more generally, of any person concerned by our processing operations. We undertake to comply with the regulations applicable to all processing of personal data that we implement, in particular the provisions of the French Data Protection Act of 6 January 1978 as amended and the General Data Protection Regulation (EU Regulation 2016/679) or “RGPD”. More precisely,
- Your personal data is processed lawfully, fairly and transparently ( lawfulness, fairness, transparency ).
- Your personal data is collected for specified, explicit and legitimate purposes and is not further processed in a way that is incompatible with these purposes ( purpose limitation ).
- Your personal data is collected in a way that is adequate, relevant and limited to the purposes for which it is processed ( data minimisation ).
- Your personal data is accurate, kept up to date and every reasonable step is taken to ensure that data which is inaccurate for the purposes for which it is processed is erased or updated ( accuracy ).
We are committed to putting in place appropriate internal procedures to raise awareness and ensure compliance within our organisation. In addition, we undertake to implement appropriate technical and organisational measures to ensure an appropriate level of security and to protect your personal data at the design stage of our processing operations. Finally, we contractually impose the same level of personal data protection on our subcontractors. In order to ensure the correct application of these rules, we have appointed a Data Protection Officer (DPO) who is the privileged intermediary of the Commission Nationale de l’Informatique et des Libertés (CNIL), the personal data protection authority in France.
3. What different categories of your personal data do we process?
3.1. Common categories of personal data.
We may collect and process the following categories of personal data:
a) Name, first name and other identifying data
When you report, the identifying data we collect may include your title, first and last name, gender, date of birth, nationality, home address, telephone number, meter number, contract number. If you add other users’ information, we also collect their credentials. In this case, you will also need to ensure, where appropriate, that they understand that we collect their personal data, how we use it and how they can exercise their rights. In the case of unaccompanied minors, we collect the identification data of the parents or legal representative. If you have created a personal account, you can save this information. In accordance with French and international laws and regulations, the absence of communication or the inaccuracy of certain data may result in a decision to refuse access to the services, without Ardenoy Consulting being held responsible.
b) Contact details, personal account or registration information
Your contact details include your telephone number and e-mail address. When you create a personal account or subscribe to a specific service, we may also record your postal address, login details and any other data you provide via the relevant registration forms. In the case of minors, we collect the details of the parents or legal guardian. If you create a business account, we may also collect information about your company, such as its name and address.
c) Information about your reports/statements, consultations/payments of bills or other services When you make a report/notification, we process the data you provide on that occasion. This data contains details of your GPS coordinates as well as photos and dates of your reports/records. We also process information related to the services you may select in addition to the data necessary to finalise and pay your invoice. We may also collect your specific support needs for your use of our solutions as well as your preferences. In order to facilitate your use of our solutions, to alert you and to ensure a reliable service, we may also collect from certain managing bodies data relating to your needs and your identification. We do not collect or process any biometric data about you. For more information on the collection and use of your personal data, we invite you to consult the privacy policies of the organisations or authorities responsible for processing.
d) Interactions, electronic or telephone communications
When you communicate with us by e-mail, online chat or on social networks, we record these exchanges. We may also record telephone calls when you contact our service by telephone for the purposes of monitoring our service quality or for evidential or fraud prevention purposes. We also record your communication preferences, for example when you subscribe or unsubscribe to one of our newsletters or when you choose to receive communications via other channels (such as WhatsApp, Facebook, Messenger, etc).
e) Information we collect when you use our websites, mobile applications or other digital services
Lorsque vous visitez nos sites Web ou utilisez l’une de nos applications mobiles, nous pouvons enregistrer votre adresse IP, votre type de navigateur, votre système d’exploitation, le site référent et votre navigation ou comportement de navigation. use of the application. We also collect information through cookies or other similar technologies. For more information, please see our Cookie Management Policy. We record the fact that you open our e-mails or the links contained in these e-mails. We may combine this information with other data we already have about you. With your permission, through Ardenoy Consulting’s mobile applications, we may also receive your location data or access certain data stored on your mobile phone, such as photos, contacts and calendar data. You can fill in your personal information without having to enter it manually. You are free not to use these features.
f) Information on social networks
g) Other information you choose to share with us
We process information that you choose to share with us, for example when you share your interests and preferences on our websites, leave a comment on our Facebook page or complete a customer satisfaction survey.
3.2. Special categories of personal data
As mentioned in the section above, in order to provide you with the appropriate service, we may collect information that is sensitive under applicable data protection laws. Indeed, such data, such as specific needs or preferences for assistance, may indirectly give indications of your ethnic origin, religious beliefs or health status and may fall under Article 9 of the GDPR. This data is only collected with your consent – when you select the relevant services – and is only used to provide the service concerned. You can of course refuse to give your consent at the time of collection of this information, but this may mean that you will not be able to benefit from these services or advantages. However, we do not collect or process any biometric data about you when implementing these devices.
3.3 Cookies and similar technologies
When you use our websites or mobile applications, we collect information through cookies and other similar technologies. For more information, please read our Cookie Management Policy.
3.4 Special services, applications, events, campaigns or competitions
For certain specific services, applications, events, campaigns, games or competitions that we may offer to enhance your experience in addition to our regular services, we may collect other types of data than those described in this Policy. In this case, in accordance with the applicable regulations, information on the processing of such data may be communicated to you by means of specific notices or privacy policies when you download the application or register for the service, event, campaign or competition using the corresponding form.
3.5 Data collection on minors
We only collect and process personal data on minors under the age of 16 with the prior consent of their parents or guardians. If personal data relating to minors under the age of 16 is collected without such consent via the Ardenoy Consulting website, applications or mobile sites, parents or guardians have the right to object to the relevant processing or to request the deletion of such data (see section 9 “HOW TO EXERCISE YOUR RIGHTS?”).
4. How do we collect your personal data?
In the course of our relationship, we may collect the above categories of personal data in various ways:
a) We collect the personal data you provide to us directly
Thus, we collect personal data when you report an incident, consult/pay an invoice, create an online account, register for one of our services, make a request or a complaint, respond to a satisfaction survey, leave us a message on social networks, contact our user service, chat with a chatbot, subscribe to receive our emails or mobile notifications, or register for one of our events, contests or specific campaigns.
b) We receive your personal data from our partners or other companies involved in the organisation and management of your services
We receive your data from these third parties via our systems in order to provide our services to you. For example, when you pay an invoice, we receive all the data necessary to process your invoice and make your payment. The companies involved in the organisation and management of your services are also responsible for processing your personal data. You can find more information on how they handle your personal data in their respective privacy policies.
c) We receive personal data from partners who participate in our services
Our services are provided by Ardenoy Consulting and its partners (see also 1 “About us” above). In several countries, we offer our services in partnership with participating partners. You use our services and those of our partners. In order to provide you with these benefits, we share some of your personal data with these third parties. Partners are also responsible for processing your personal data. You can find more information on how they handle your personal data in their respective privacy policies.
d) When you use our websites or mobile applications, we collect information using cookies and similar technologies. Ardenoy Consulting uses its own cookies and third party cookies. For more information, please read our Cookie Management Policy.
e) If you use social media, we may also receive information from your social media provider. For more information, please see section 3 “What different categories of your personal data do we process? “above.
5. What do we use your personal data for?
5.1 Purpose of the processing
The main purposes for which we use your personal data are
a) To provide our services to you
General information : In order to manage your reports/statements, accounts and payments, we need to process most of the information listed in section 3.1. Among other things, we need your identification data to identify you and issue your notifications. In order to provide you with all the information related to your accounts, the different stages of your applications and the evolution of the status of your declarations/statements, we need your contact details. In order to provide you with a service that meets your expectations, we also process all your meter data and preferences, especially if you have created a personal account.
Legal basis for processing : We process your personal data because it is necessary for the provision of our services.
b) Manage your membership in our loyalty programmes
General : In order for you or your business to benefit from our services, we process your name, contact details, contract information, meter information, payments and, where applicable, any interaction or communication with our services (see section 3.1 a, b, c, e, f).
Legal basis for processing : We process this data because it is necessary for the provision of our services.
c) Provide you with our services online or on our mobile applications and offer you an optimal experience
Legal basis for processing : We process your personal data because it is necessary for the performance of your contract and the provision of our services and also for the purposes of the legitimate interests described above, so that we can better serve you via the channel of your choice. Your location data is processed on the basis of your consent.
d) To carry out statistical studies and improve our products and services
General information : We conduct research on the use of our services, websites, mobile applications and social networks, as well as on the behavioural trends and preferences of our users. We use the results of our research to develop better services and offerings for our users, improve tools, provide better service to users and improve the design and content of our websites and mobile applications.
Categories of personal data : To carry out our research, we may use the categories of personal data described in section 3.1. We also use the various surveys we carry out to measure your satisfaction and better understand your expectations. For example, we use your referral data and additional tools you use to improve our services and provide more relevant offers.
Legal basis for processing : We process your personal data for the legitimate interests described above. In accordance with the applicable regulations, you have the right to object, for reasons specific to your particular situation, to the processing of your personal data for the purposes of statistical studies (see Article 9 “HOW TO EXERCISE YOUR RIGHTS”).
e) Send you updates and special offers tailored to your interests
General : if you are a subscriber, we send you personalised announcements by e-mail for services related to our company. You can register/unregister at any time (see conditions below).
Channels: We use different channels such as email, mobile push notifications, postal mail, advertising space on websites and social networks.
Offres personnalisées : Our goal is to provide you with offers of our services that are tailored to your interests and relevant to your expectations. For this purpose, we may use the categories of personal data described in section 3.1. In the same type of communication, we can also offer other similar services. In this case, all communications are sent by Ardenoy Consulting. No contact information is shared with our partners for this purpose without your consent.
Legal basis for processing : Depending on the nature of your relationship with our company and the communication we send to you, we process your personal data as described in this paragraph on the basis of your consent or for the purposes of our legitimate interests, or those of our partners (in compliance with the rules applicable to commercial canvassing) in order to promote our services and carry out direct marketing actions taking into account your commercial relationship with our company. You have the right to object to the use of your personal data for direct marketing purposes at any time (see section 9 “HOW TO EXERCISE YOUR RIGHTS” below).
Unsubscribe : you can always unsubscribe from receiving personalized ads and offers. Below is an explanation of how to unsubscribe.
- E- mails : You can unsubscribe from our e-mail advertisements and offers, as well as from e-mails you have subscribed to, at any time by clicking on the unsubscribe link. If you have an account, you can also unsubscribe by changing your communication preferences in your profile. If you unsubscribe, you will only receive the emails you need to use our services (e.g. your declaration confirmation, your meter reading memo and your electronic invoice).
- Postal mail : You may object to receiving personalised offers by post by contacting us (see section 9 “HOW TO EXERCISE YOUR RIGHTS” below).
- Other communication channels : If you have opted-in to receive personalised advertisements and offers via mobile notifications, you can unsubscribe by changing the settings on your smartphone (for push notifications). Visit your social media provider’s website for more information on how to opt out of receiving personalised ads and offers via social media (e.g. Messenger, WhatsApp and WeChat).
- Contact our Data Protection Department : you can always contact us to unsubscribe from receiving messages containing advertisements and offers (see section 9 “HOW TO EXERCISE YOUR RIGHTS” below).
f) Communicating with you
We use your contact information to communicate with you about our services, answer your questions and handle your complaints.
Legal basis for processing: We process your personal data because it is necessary for the provision of our services
g) Ensuring the safety of our users
Legal basis for processing: We process this data to comply with our legal or regulatory obligations but also in our legitimate interest to ensure the safety of our services and other users.
h) To manage our disputes, prevent fraud or meet our legal obligations
We collect, store and use your data for internal business purposes, such as record keeping, managing our disputes, incident prevention and fraud prevention. In the event of fraud, we may include your personal data in our internal control and alert systems. Furthermore, we process your personal data in accordance with our legal and fiscal obligations. We may be required by law to collect and share your identification data and usage information with public authorities or governmental organisations for security screening or anti-terrorism purposes.
Legal basis for processing: We process this data to comply with our legal or regulatory obligations but also in our legitimate interest, in particular for the management of disputes, the prevention of incidents or the fight against fraud.
i) Offer you specific services, applications, events, competitions or special campaigns
5.2 Legal basis
As mentioned in the purposes described above, we may only process your personal data if we have a legal basis to do so. In many cases, the legal basis for processing your data is “necessary for the performance of our services” and, more generally, for the provision of our services. Some processing of personal data may be based on the collection of your consent. You may then withdraw it at any time for the processing concerned (see section 9 “HOW TO EXERCISE YOUR RIGHTS” below). In some cases, we may use your personal data if we (or third parties) have a legitimate interest. We always carry out a careful assessment of all interests: yours, those of others and those of our company. On this basis, for example, we process your data to ensure the safety of our users or for statistical research or direct marketing purposes, or to provide personalised services and offers (see 5.1 d to f, h and i below). above for more information). We may have a legal obligation to process your data, for example to comply with security requirements (see 5.1.h above for more information). If you refuse to provide the personal data we need to provide the service or meet a legal requirement, we may not be able to provide some or all of the services you have requested. For example, we may cancel your access or not be able to provide you with additional services that you have requested from us. If you provide incomplete or incorrect information, we may deny you access to our services.
6. Who may have access to your personal data?
In order to provide our services and, given our operations in many countries, to offer you the same experience across all our services, we need to share your personal data with internal and external recipients. Within our company, your data is processed by duly authorised personnel: commercial departments, IT departments, etc. We may also pass on your data to third parties such as companies in our Group, our partner companies, your agents, payment service providers, service providers or subcontractors, etc. for the purposes described in point 6.2. As such,
6.2 Sharing your data with third parties
We may transfer or share your personal data with third parties for the following purposes:
a) To facilitate your declarations/declarations and the execution of your consultations/invoice payments
To manage your reports/statements or consultations/bill payments, we may share your personal data with third parties who process this information on our behalf or assist us in providing our services worldwide, such as customer contact centres or payment operators, but also with other companies involved in providing your services. You can consult the privacy policies of these third parties for more information. This sharing may be necessary for the normal execution of your service but also allows you to ensure continuity of service and recognition of your status throughout your journey, to facilitate the management of your accounts, particularly in the event of unforeseen disruption or to ensure the safety and security of all operations within our partnerships. For more information, please refer to point b) of the section “4. HOW DO WE COLLECT YOUR PERSONAL DATA? “.
b) To support our operations and provide our services
For the provision of our services, we also use other types of third parties, such as specific IT service providers, social networks, marketing agencies or external fraud detection and prevention services. Like all of our contractors, these third parties are required to safeguard your personal data properly and to process it only in accordance with our instructions under the regulations and this Policy.
Our processing activities are based on centralised databases and systems which may be hosted or managed by a group company on behalf of other group companies. In addition, for efficiency purposes, certain operational and commercial functions may be performed by one of the group companies for other group companies. This means that our group companies may have access to your personal data in the course of such processing. Our group companies may only process your personal data in connection with these activities and in accordance with this Policy.
c) For the management of our loyalty services and associated benefits
For more information, you can consult the chapter “1. WHO ARE WE?” and point c) in the section “4. HOW DO WE COLLECT YOUR PERSONAL DATA? “.
d) To improve our online services and mobile applications
For more information, please see point c) of the section “5. WHAT DO WE USE YOUR PERSONAL DATA FOR ?
e) For the management of our corporate clients’ accounts and their policies
If you activate a service using your employer’s company account, your employer will have access to certain information. Your employer is responsible for the way it handles your personal data.
f) To process payments and refunds
In order to process payments and refunds, we may pass on certain data to third parties such as banks, financial institutions or providers who offer payment services. In many cases, these payment service providers also carry out anti-fraud checks. These third parties have their own privacy policies that apply to how they use your personal data.
g) For personalised marketing via social media platforms
For more information, please see point f) of section “5. WHAT DO WE USE YOUR PERSONAL INFORMATION FOR? “.
h) To enable our partners to provide you with their services and tailor them to your needs
We may share your information with third parties who offer services or products available through us. We may also share certain non-personalised information (such as flagging, date and duration of flagging) with these partners so that they can tailor and improve the services they provide to you. In this case, these exchanges take place through trusted third parties. Our partners also have their own privacy policies that apply to how they use your personal data.
6.3 Special services, applications, events, campaigns or competitions
For certain specific services, applications, events, campaigns, games or competitions that we may offer to enhance your user experience in addition to our regular services, we may share your data with third parties other than those described in this Policy (for example, when we run a campaign or event with a partner or when we integrate their services into our applications). In this case, in accordance with the applicable regulations, information on the processing of such data may be communicated to you through specific notices or privacy policies when you download the application, register for the service, event, campaign or competition using the relevant form.
6.4. Public authorities
Like any company, in accordance with the laws and regulations applicable in France and internationally, we may be legally required to collect and share your identification and activity data with the public authorities of France (customs, immigration, police, etc.) or of the countries of origin or of the countries from which you use our services for the purposes of security control or the fight against terrorism or any other serious crime. For services provided by Ardenoy Consulting, from France to a non-European Union country or from a non-European Union country to France, in accordance with law n°78-18 of 6 January 1978 relating to data processing, data files and freedoms, as amended, and article L. 232-7 of the Code of Internal Security, we inform you that your personal and usage data may be transmitted to the competent authorities. In some cases, we may also be required to disclose certain data to public bodies and authorities, law enforcement agencies, courts or other authorised third parties if disclosure is required by applicable law, regulation or legal process (such as a subpoena or court order), if it is necessary to protect or defend our rights against legal claims and those of third parties, or for reasons of public interest.
6.5. Third party websites
7. How long will your data be kept?
We undertake to keep your personal data for no longer than is necessary for the purposes for which they are processed and described in Article 5 of this Policy. These retention periods are defined according to the purposes of the processing that we carry out and take into account, in particular, the applicable legal provisions imposing a precise retention period for certain categories of data, any applicable limitation periods and the recommendations of the CNIL. , the data protection authority in France, regarding certain categories of processing.
8. Is your personal data transferred outside the European Union?
For the purposes indicated in Article 5 of this Policy, we may transfer your personal data (name, first name, telephone number, GPS position, etc.) to recipients who may be established in a country other than your country of residence and notably outside the European Union. These transfers are carried out in particular to offer you our services, to manage your accounts, more generally for the good execution of your services or because the companies of our group, our partners or our providers operate from different countries. The laws of the countries to which we transfer your personal data may not offer the same level of protection. If these transfers are necessary to provide our services to you,we are committed to ensuring the same level of protection for your personal data as required by the GDPR, including by signing, on a case-by-case basis, the standard contractual clauses set out by the European Commission, or any other mechanism described in the Regulation. In addition, we may, if required by applicable law, transfer your personal data, including your identification or usage data, to public or governmental authorities in countries outside the European Union. European. Please refer to point 6.4 in section “6. WHO CAN ACCESS YOUR PERSONAL DATA? “. on a case-by-case basis, standard contractual clauses defined by the European Commission, or any other mechanism described in the regulations.In addition, we may, if required by applicable law, transfer your personal data, including your identification or usage data, to public or governmental authorities in countries outside the European Union. European. Please refer to point 6.4 in section “6. WHO CAN ACCESS YOUR PERSONAL DATA? “. on a case-by-case basis, standard contractual clauses defined by the European Commission, or any other mechanism described in the regulations. In addition, we may, if required by applicable law, transfer your personal data, including your identification or usage data, to public or governmental authorities in countries outside the European Union.Please refer to point 6.4 in section “6. WHO CAN ACCESS YOUR PERSONAL DATA? “. including your identification or usage data, to public or government authorities in countries outside the European Union. Please refer to point 6.4 in section “6. WHO CAN ACCESS YOUR PERSONAL DATA?” “. including your identification or usage data, to public or government authorities in countries outside the European Union. Please refer to point 6.4 in section “6. WHO CAN ACCESS YOUR PERSONAL DATA? “.
9. How to exercise your rights?
9.1 Your legal rights In accordance with the applicable regulations, in particular the provisions of the RGPD and the amended “Informatique et Libertés” law of 6 January 1978, you can contact us (see section 9.4 below) to exercise your access rights, (b) of rectification, (c) erasure, (d) to restrict the processing of data and your rights to (e) data portability and (f) the opposition. In addition, you have the legal right to define directives concerning the fate of your personal data after your death.
a) The right of access
You have the right to request confirmation that we are processing your personal data and, if appropriate, to receive a copy of it. When we respond to a request to exercise the right of access, we will also provide you with additional information such as the purposes of the processing concerned, the categories of personal data and any other information relating to that processing.
b) The right of rectification
You have the right to request rectification of your personal data if you find it to be inaccurate. You may also, in view of the purposes of the processing concerned, request to supplement them, which may lead to the provision of additional data.
c) The right to erasure
You have the right to request the deletion of your personal data. This right can only be exercised in certain cases, where one of the grounds set out in Article 17 of the GDPR applies. This may include, for example, personal data that is no longer necessary for the purposes for which it was collected or that has been processed unlawfully. If you exercise this right and if one of the reasons is applicable to your request, we will delete your personal data as soon as possible.
d) The right to data portability
You have the right to request the provision of personal data that you have directly communicated to us in a structured, commonly used and machine-readable format, if their processing is automated and based on the collection of your consent or the execution of a contract to which you have subscribed. This right does not apply to other legal bases for processing. If necessary and where technically possible, you also have the option of requesting the transfer of this data directly to another controller.
e) The right to limit data processing
You have the right to have the processing of your personal data restricted. This means that we mark this data, if we keep it, with a view to temporarily suspending its processing. This right may be exercised on the grounds set out in Article 18 of the GDPR, in particular where you dispute the accuracy of your personal data. This right does not give rise to their erasure and we are obliged to inform you of this prior to the lifting of the relevant processing restriction.
f) The right of opposition
You have the right to object to the processing of your personal data. This means that you can ask us to stop processing your personal data. For our company, this right only applies where our legitimate interests (including the profiling arising therefrom) constitute the legal basis for the processing (see 5.2 “Legal basis” above). For example, you may at any time and free of charge object to the processing of your personal data for direct marketing purposes, including for profiling purposes insofar as they relate to such direct marketing. If you exercise this right, we will no longer process your personal data for these purposes. You can also, when you are in contact with our user service,
9.2 Withdrawing your consent
Where required by law for certain processing purposes (e.g. electronic canvassing), your data will only be used after obtaining your explicit consent. You may withdraw your consent at any time by following the specific instructions related to the processing concerned. You can withdraw your consent by clicking on the unsubscribe link in our emails (e.g. Ardenoy Consulting newsletter), by changing your communication preferences on your account if the option is available or by changing your smartphone settings for push mobile notifications and location data.
9.3 Refusal of certain requests
The rights described above are not applicable in all situations. Indeed, in accordance with the applicable regulations, we may be entitled to refuse certain requests. For each application, we carefully assess whether such an exemption applies and inform you accordingly. For example, we may refuse your request for access if this is necessary to protect the rights and freedoms of others or refuse to delete your personal data if the processing of that data is necessary to comply with legal requirements. . The right to data portability does not apply, for example, if you did not provide the personal data or if we process the data other than on the basis of your consent or the performance of a contract.
9.4 Contact for exercising rights
If you wish to assert your rights, simply send a request to the Data Protection Department of Ardenoy Consulting: Ardenoy Consulting, Délégué à la Protection des Données/Data Protection Officer – CC Boisripeaux, 97139 LES ABYMES, France. E-mail address: email@example.com. In order to process your request in the best possible way, we kindly ask you to accompany your request with the elements necessary for your identification (surname, first name, e-mail, a copy of an official identity document such as an identity card or passport, user ID, etc.) as well as any other information necessary to confirm your identity. Requests are processed as quickly as possible and in accordance with the applicable law. On the other hand, any request that is not related to the protection of personal data cannot be processed. You can also contact us if you have any questions, comments or complaints about this policy..
9.5. Questions, comments or complaints
10. How is your personal data secured?
10.1 Our commitment
Ensuring the security and confidentiality of the personal data you entrust to us is our priority. We therefore implement all useful technical and organisational measures – in accordance with the applicable legal provisions (in particular Article 32 of the RGPD) – with regard to the nature of the personal data that you provide to us and the risks presented by their processing. , in order to preserve their security and, in particular, to prevent any destruction, loss, alteration, disclosure, intrusion or unauthorised access to such data, whether accidental or unlawful.
10.2 The security measures that we take
We are required to comply with the Payment Card Industry Data Security Standard (“PCI DSS”) promulgated by the PCI Security Standards Council (“PCI SSC”). This standard was created to increase control over cardholder information in order to reduce fraudulent use of payment instruments. Any Ardenoy Consulting service provider who may be required to process credit card data complies with the PCI DSS standard. We strive to combat identity theft on the Internet. This is why we use, for example, a device to detect fraudulent payments made by credit card. This device is designed to protect you if your bank card is lost or stolen.
Protection of your personal data
We are committed to the security of the personal data you entrust to us and as such we implement various organisational measures to increase the awareness and accountability of our employees. Dedicated programmes within our company ensure this awareness and the sharing of good practice and safety standards. In this context, a rich body of literature on the issues of information security and privacy protection is made available to them. In addition, we implement technical measures appropriate to the nature of the personal data you provide to us and the risks involved in processing them. We therefore strictly control physical and logical access to the internal servers hosting or processing your personal data. We protect our network with state-of-the-art hardware devices (Firewall, IDS, DLP etc.) and architectures (including secure protocols such as TLS 1.2) to prevent and limit the risks of cyber-malware.
The evolution of our security devices
We have internal processes based on the best standards in place, and in particular the ISO 27000 family of standards, to maintain best practice security. We rely on dedicated experts to ensure the best possible level of protection. In particular, we follow the recommendations of the ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information), which allows us to be supported by the French reference in cybersecurity.
10.3 How do you protect yourself?
10.4 Security incident management
There is no such thing as zero risk and even if we put in place all the measures recognised as standard in terms of security, imponderables can occur. To this end, we have specific procedures and means to manage security incidents in the best possible conditions. We have also put in place a specific procedure to assess the possible breach of your personal data, notify the competent authority within the time limit provided for by the regulations and notify you when the breach is likely to create a significant risk. for you and invade your privacy. Exercises are carried out periodically to check the functioning of the security installations and the adequacy of the procedures and devices deployed.
If you have any further questions about this policy or the way in which we process your data, please contact our data protection department at the following address: firstname.lastname@example.org.
This version is applicable from 1 January 2021. It replaces the version dated 1 March 2018. We reserve the right to change this Policy from time to time. All changes are published on our websites. We invite you to consult it regularly, especially when you use our services.