Privacy policy

Objective and Scope of the Policy

SECCOM Consulting attaches great importance and care to the protection of privacy and personal data, as well as compliance with applicable legislation.

Regulation (EU) 2016/679 of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR") states that personal data must be processed lawfully, fairly, and transparently. Thus, this privacy policy (hereinafter the "Policy") aims to provide you with simple, clear information about the processing of personal data concerning you, in the context of your browsing and operations carried out on our website.


Data Controller

In the context of your activity on the website https://www.seccomconsulting.com, we collect and use personal data related to you, natural persons (hereinafter "Data Subject").

For all processing, SECCOM Consulting, SAS, RCS No. 880 612 734 RCS Paris, with a capital of 3,000 euros, headquartered at 11-13 Avenue de Friedland, 75008 Paris, determines the means and purposes of the processing. Thus, we act as the Data Controller, within the meaning of the Regulation on personal data, and in particular Regulation (EU) 2016/679 on the protection of individuals regarding the processing of personal data and on the free movement of such data.


What Personal Data Do We Collect and How?

By using our website, you provide us with a certain amount of information about yourself, some of which may identify you ("Personal Data"). This is the case when you browse our site, fill out our online contact form, or simply become clients.

The nature and quality of the personal data collected about you vary depending on the relationships you establish with SECCOM Consulting, the main ones being:

  1. Identification data: this includes all information that would allow us to identify you, such as your name, first name, phone number. We may also collect your email address, as well as your postal address (in case of payment, the postal address will be necessary to generate an invoice). In the case of a subscription, proof of identity may also be requested.
  2. Connection data: this includes all the information we need to access your personal account on our e-learning platform, such as the password, and other information necessary for authentication and access to an account. We also collect your IP address for maintenance and statistical purposes.
  3. Financial data: this corresponds to banking data such as an IBAN.
  4. Documents of various types (PDF, Office format, Image) with titles, contents, folder names, or information related to a document, such as written comments in documents, alert and reminder dates.
  5. Information about your browsing: by browsing our website, you interact with it. Therefore, certain information about your browsing is collected.
  6. Data collected from Third Parties: personal data that you have agreed to share with us or on publicly accessible social networks and/or that we may collect from other publicly accessible databases.

 

Why Do We Collect Your Personal Data and How?

We collect your personal data for specific purposes and on various legal bases.

In the context of contract performance or pre-contractual measures, your data is processed for the following purposes:

  1. Order and purchase management.
  2. Contract management.
  3. Management of your customer account.
  4. Complaints management and after-sales service.

Based on your consent, your data is processed for the following purposes:

  1. Conducting commercial and marketing prospecting operations.
  2. Transmission of your data to our business partners as part of the assigned missions.
  3. Management of cookies requiring your consent.
  4. Responding to your request via our "Contact us" form.

In the legitimate interest of SECCOM Consulting, your data is processed for the following purposes:

  1. Conducting satisfaction surveys and polls.
  2. Managing pre-litigation and litigation.

Under the legal and regulatory obligations to which SECCOM Consulting is subject, your data is processed for the following purposes:

  1. Fight against Fraud.
  2. Fight against money laundering and the financing of Terrorism.
  3. Maintenance of general and auxiliary accounting.

 

Do We Share Your Personal Data?

Your data is intended for authorized SECCOM Consulting employees responsible for contract management and execution and legal obligations, depending on the purposes of the collection and within the limits of their respective responsibilities.

They may also be transmitted for certain tasks related to the purposes, and within the limits of their missions and authorizations, to the following recipients:

  1. Technical partners of SECCOM Consulting as part of an outsourcing activity.
  2. Service providers and subcontractors that we use to carry out a set of operations and tasks, on our behalf, including:
  3. SOCIATEX Group for the maintenance of our website
  4. Public authorities duly authorized (judicial, control...), within the framework of our legal and regulatory obligations.
  5. Regulated professions (lawyers, bailiffs, etc...) who may intervene in the context of the implementation of guarantees, recovery or litigation.

When your data is communicated to our providers and subcontractors, they are also asked not to use the data for purposes other than those initially planned. We make every effort to ensure that these Third Parties preserve the confidentiality and security of your data.

In any case, only necessary data is provided. We make every effort to ensure secure communication or transmission of your data.

We do not sell your data.


Are Your Personal Data Transferred to Third Countries?

SECCOM Consulting strives to keep personal data in France, or at least within the European Economic Area (EEA).

However, it is possible that the data we collect when you use our platform or as part of our services may be transferred to other countries. This is the case, for example, if some of our service providers are located outside the European Economic Area.

In the event of such a transfer, we ensure that it is carried out:

  1. To a country providing an adequate level of protection, i.e., a level of protection equivalent to what European regulations require;
  2. Within the framework of standard contractual clauses;
  3. Within the framework of internal company rules.

 

How Long Do We Keep Your Personal Data?

We only keep your personal data for as long as necessary to achieve the purpose for which we hold this data, in order to meet your needs or to fulfill our legal obligations.

The retention periods vary depending on several factors, such as:

  1. The needs of SECCOM Consulting's activities;
  2. Contractual requirements;
  3. Legal obligations;
  4. Recommendations from supervisory authorities.

The retention periods for your data are as follows:

PurposeLegal basis for processingRetention period
Prospecting & Commercial Communication (emails, prospecting calls, newsletters, etc.)Consent3 years from collection
Contract ManagementContract execution5 years from contract termination
Management of client, supplier, partner, or user accountsContract execution5 years from the end of our commercial relationship 
Handling of complaints and after-sales serviceContract execution5 years from contract termination
Transmission of your data to our commercial partners as part of assigned missionsContract execution5 years from contract termination
Management of cookies requiring your consentConsent13 months from cookie deployment
Responding to your inquiries via our "Contact Us" formConsent3 years from collection
Conducting satisfaction surveys and pollsConsent3 years from collection
Pre-litigation and litigation managementLegitimate Interest10 years
Fraud preventionLegitimate Interest3 years from being added to an alert list
Anti-money laundering and counter-terrorism financingCompliance with Legal Obligation3 years from being added to an alert list
General and auxiliary accounting recordkeepingCompliance with Legal Obligation10 years from the accounting closing date

How Do We Ensure the Security of Your Personal Data?

SECCOM Consulting is committed to protecting the personal data we collect or process against loss, destruction, alteration, unauthorized access, or disclosure.

To this end, we implement all appropriate technical and organizational measures, depending on the nature of the data and the risks involved in their processing. These measures are designed to preserve the security and confidentiality of your personal data. They may include practices such as limited access to personal data by authorized persons due to their functions, pseudonymization, or encryption.

In addition, our physical and/or logical security practices, policies, and/or measures (secure access, authentication process, backup copy, software, etc.) are regularly reviewed and updated as necessary.


What Are Your Rights?

The GDPR provides data subjects with rights they can exercise. The following rights are provided:

  1. Right to information: the right to have clear, precise, and complete information about the use of personal data by SECCOM Consulting.
  2. Right of access: the right to obtain a copy of the personal data that the Data Controller holds about the requester.
  3. Right to rectification: the right to rectify personal data if it is inaccurate or outdated and/or to complete it if it is incomplete.
  4. Right to erasure / right to be forgotten: the right, under certain conditions, to have data erased or deleted, unless SECCOM Consulting has a legitimate interest in retaining it.
  5. Right to object: the right to object to the processing of personal data by SECCOM Consulting for reasons relating to the requester's particular situation (subject to conditions).
  6. Right to withdraw consent: the right at any time to withdraw consent when processing is based on consent.
  7. Right to restriction of processing: the right, under certain conditions, to request that the processing of personal data be temporarily suspended.
  8. Right to data portability: the right to request that personal data be transmitted in a reusable format for use in another database.
  9. Right not to be subject to automated decision-making: the right for the requester to refuse fully automated decision-making and/or to exercise additional safeguards offered in this regard.
  10. Right to define post-mortem directives: the right for the requester to define directives regarding the fate of personal data after their death.

Additional rights may be granted by local regulations to data subjects.

To this end, SECCOM Consulting has implemented a procedure for managing the rights of data subjects in accordance with the requirements of applicable legislation. This procedure establishes:

  1. The standards to be respected to ensure transparent information for data subjects;
  2. The legal requirements to be complied with;
  3. The authorized means to submit a request for each right, according to the category of data subjects;
  4. The operational processes for handling these requests in accordance with the aforementioned requirements;
  5. The parties involved in these processes, their roles, and responsibilities.

To exercise your rights, you can contact the Data Protection Officer (DPO):

  1. By email at the following address: contact@seccomconsulting.com
  2. By mail at the following address: SECCOM Consulting SAS, 11 – 13 avenue de Friedland, 75008 PARIS

When you submit a request to exercise a right, you are asked to specify as much as possible the scope of the request, the type of right exercised, the personal data processing concerned, and any other useful information to facilitate the examination of your request. In addition, in case of reasonable doubt, you may be asked to prove your identity.

You also have the right to lodge a complaint with the National Commission for Data Protection (CNIL), 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07, regarding any complaint related to how SECCOM Consulting collects and processes your data.

  1. Updating of this Policy

This Policy may be regularly updated to take into account developments in regulations concerning personal data.

Last updated: January 1, 2024.

 

Annex 1: Definitions

Consent: any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, agree to the processing of personal data relating to them.

Personal data/Data: any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an identity card number, a salary, health records, bank account information, driving or consumption habits, location data, an online identifier, etc. The term "personal data" includes sensitive personal data.

Sensitive personal data/Sensitive data: refers to personal data revealing or based on:

  1. racial or ethnic origin, political opinions, religious or philosophical beliefs
  2. membership of a trade union
  3. physical or mental health
  4. sexual orientation or sex life
  5. genetic and biometric data
  6. data concerning criminal convictions, offenses, or related security measures
  7. the NIR code (social security number)

Applicable legislation: the set of regulations relating to the protection of personal data and applicable to the processing of personal data carried out by SECCOM Consulting SAS, namely the European Regulation No. 2016/679 on the protection of personal data (GDPR), the amended Data Protection Act, and any other regulations related thereto applicable to SECCOM Consulting SAS.

Data subject/Individual: a natural person whose personal data is processed and who can be identified or identifiable, directly or indirectly, by means of such personal data. This includes customers, prospects, and former and current employees.

Data controller: a natural or legal person who, alone or jointly, determines which personal data are collected, why, and how they are collected and processed.

GDPR: abbreviation of the European Regulation No. 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

Processor: any physical or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller and according to their instructions (e.g., service providers or suppliers).

Third party: any natural or legal person, public authority, agency, or other body other than the data subject, the data controller, the processor, and the persons who, under the direct authority of the data controller or processor, are authorized to process data.

Processing: any operation or set of operations performed, whether or not by automated means, on personal data such as collection, access, recording, copying, transfer, storage, cross-referencing, modification, structuring, retrieval, dissemination, erasure, whether performed automatically, semi-automatically, or otherwise. This list is not exhaustive.

Data transfer: any communication, copying, or movement of data via a network, or any communication, copying, or movement of such data from one medium to another, regardless of the medium, of personal data to a third country outside the European Union or to an international organization, which involves or is intended to involve processing after such transfer.