Personal Data Protection

The BUSINESS & DECISION division of Orange Business Services S.A. (hereinafter referred to as “B&D”) cares about respecting your privacy and protecting your personal data.

Therefore, B&D observes applicable European laws on personal data protection, and the General European Regulation on Personal Data Protection No. 2016/679 dated 27 April 2016 (GDPR), as well as all national legal regulations which have been adopted pursuant to it. B&D is responsible for processing your personal data in the sense of the above-mentioned legal standards.

The purpose of this Personal Data Protection Charter (the “Charter”) is to inform all individuals and entities concerned about why and how the Business & Decision Group processes your personal data, the safety measures taken to ensure data integrity, and the methods available to you for controlling the use of your data and exercising your rights.

1. Identity and Contact Details of the Data Controller

B&D, including the company Orange Business Services, a public limited company with a capital of €1,063,592,809.20, registered in the BOBIGNY Trade and Companies Register under number 345 039 416, whose registered office is located at 1 place des Droits de l’Homme, 93210 Saint Denis La Plaine (France), as well as all of its subsidiaries within the meaning of Article L 233-1 of the French Commercial Code, both existing and future, is the publisher of the present site (hereinafter referred to as the “Group”)

2. When and what information do we collect?

We may collect personal information that you provide to us, directly (for example via our website), that contains contact information, such as first name, last name, e-mail address, job title and company name; or if you are a customer. B&D may also collect information about you from publicly accessible sources such as social network websites, or informational websites; or because other people gave that data to B&D (employer, third party service provider that we use to help operate our business).

Depending on the purpose involved, B&D may need to collect different categories of personal data: identification data, data about your personal life, information about financial conditions, your professional life, etc.

Applying the principle of personal data minimisation, we will only process information that is relevant, appropriate, and limited to what is necessary for the purposes of their processing.

3. Why and on what basis will your data be collected?

Your personal data are collected for specific and legitimate purposes.

We collect personal data about you to send you content that we make (newsletters, white papers, etc.) or to get in touch with you (for example after a contact request). We also use it for our marketing communications (for example, registration to events organised by B&D or its partners, etc.). Concerning our customers, we use their personal information to set up their client account and provide our services to them.

We use your personal data for the proper operation of our business. Your personal data may be processed by B&D for the purposes, or related to:

– Legal and regulatory requirements;Requests from official authorities;
– For administrative management;
– To administer customer relationship and maintain contractual relations;
– For accounting and tax purposes;
– For recruitment and business development purposes.

    In addition to the purposes connected to the operations of our business, we may also use your personal data for marketing and business development, for example:

    • Communicating information about the Group and the services offered ;
    • Sending communications, white papers, newsletters, etc. ;
    • Invitations and registrations to events, including those of partners, etc.

      We are legally required to indicate on which legal grounds we rely on to process your personal data.

      As a result, you can find below the legal grounds on which we carry out the processing operation :

      1. Contract performance e.g.: partnerships, employment contracts, etc.
      2. Legal and regulatory obligations we are subject to e.g.: responding to official authorities
      3. Serving our legitimate interests e.g.: IT safety measures; operational delivery of our business.
      4. Your consent e.g.: application, subscription to a newsletter, registration to an event.

      For minors under 18 years of age, such consent must be given or authorised by the holder of parental responsibility. Should the holder of parental responsibility discover that the minor’s personal data have been entrusted to B&D, he/she shall be entitled to request their deletion.

      4. To whom will your personal data be disclosed?

      We do not rent or sell information for monetary consideration.

      Your personal data may be disclosed to the following persons or entities, depending on the purposes involved:

      • All entities of the Group (e.g.: Contact forms; B&D events; Content downloads, etc.);
      • Service providers and subcontractors (e.g.: registration and participation in events; subscription to the Newsletter; processing of applications by a recruitment agency.);
      • Business partners (e.g.: registration and participation in events.)

        5. How will your personal data be kept safe ?

        Ensuring the security of your personal data is a priority at the Group.

        To protect the confidentiality and integrity of your personal data, the Group has taken the necessary technical and organisational measures to prevent data from being distorted, damaged, or accessed by unauthorised third parties. The Group guarantees an appropriate level of security according to the state of knowledge, implementation costs, and the nature, scope, context and purposes of the data processing, as well as the risks involved and the likelihood thereof.

        In the event that B&D communicates personal data to a third party, B&D will ensure that such third party certifies that it has and maintains the same level of protection as that applied within the Group, and will obtain contractual guarantees so that, in particular, all data are processed for the agreed purposes while ensuring their integrity and confidentiality, and that the required security measures are taken.

        However, as a reminder, no security system or measure is infallible, and despite all precautions and measures taken, the Group cannot guarantee absolute security for all personal data.

        In the event of a verified breach of personal data likely to generate a high risk for the rights and freedoms of the individuals and entities concerned, B&D agrees to communicate such breach to the competent supervisory authority, and, wherever required by said regulations, to the individuals and entities concerned.

        The recipients of your personal data may be located abroad, including outside of the European Economic Area.

        Your data are likely to be transferred to our subsidiary located in Tunisia to process your requests. Any transfer of your data outside the European Economic Area will be made with the appropriate guarantees, including contractual guarantees, in accordance with applicable regulations on personal data protection.

        6. How long will your personal data will be kept ?

        The Group will keep your personal data for the period necessary to achieve the pursued purposes.

         This period will vary depending on the purpose of data collection, e.g.:

        • Personal data of clients/prospects/partners: 2 years after the last contact with the client/prospect/partner;
        • Personal data of website users: 2 years
        • Any retention period that is required by law.

          At the end of this period, B&D may contact you again to know whether you wish to continue receiving communications about offers, news and events from B&D. In addition, your data will be destroyed within a maximum period of 30 days starting from your request to unsubscribe.

          7. Your rights

          If you would like to access, review, update, rectify, and delete any Personal Information we hold about you, or exercise any other data subject right available to you under the EU General Data Protection Regulation (GDPR), you can.

          You have the following rights on your personal data:

          • The right to obtain information about the data we have about you and what type of processing they are subject to, and to obtain a copy of these data in an electronic form;

          • Under certain circumstances, the right to withdraw at any time your consent to the processing of your personal data (please note that we are likely to continue processing your personal data if we have a legitimate reason for doing so, or if we are subject to a legal requirement);

          • Under certain circumstances, the right to ask us to transfer this information to third parties when it is technically possible (please note that this right will only apply to data which you have provided to us);

          • The right to edit or correct your personal data;

          • The right to restrict the processing of your personal data in certain cases;

          • The right to ask that we delete your data under certain circumstances (please note that legal or regulatory provisions, or legitimate reasons, may require us to continue storing your data);

          • The right to ask us to restrict the processing of your data, or to oppose such processing, under certain circumstances (please note that we are likely to continue processing your personal data if we have a legitimate reason for doing so, or if we are subject to a legal requirement);

          • The right to set guidelines for the storage, deletion or communication of your personal data which will apply after your death.

          8. Contact us

          For any questions regarding this Charter and/or to exercise your rights as described above, you may contact B&D electronically by sending a message accompanied by a copy of a valid identification document.

          • For personal data processed by Orange Business as the Data Controller in connection with Business & Decision’s marketing activities, please send a message to mesdonnees@businessdecision.com.

          • For other personal data processed by Orange Business as the Data Controller, you may use the online contact form (https://assistance.orange-business.com/contact-us/public) or email obs.dpo@orange.com.

              B&D is committed to responding to you as promptly as possible, and in any event, within one month from the date of receipt of your request.

              9. Changes to our personal data protection Charter

              B&D may need to make changes to this Charter from time to time. We invite you to check this webpage regularly to make sure you are aware of the latest version update of this Charter.