Privacy Privacy Personal data TELELOGOS, a Société par Actions Simplifiée (French Public Limited Company) with capital of 100,000 euros, whose head office is at sis 3 avenue du Bois l’Abbé, 49070 Beaucouzé France, and which is registered with the Angers Trade and Companies Register under number 323 971 465 (“TELELOGOS”), is a publisher of digital signage software as well as device and data administration and synchronization software designed to manage and administer fleets of mobile, fixed and/or automatic devices (“TELELOGOS Software”). TELELOGOS Software solutions are available, via an international network of certified partners, in both license mode (On Premise) and cloud mode (SaaS). TELELOGOS publishes a website www.telelogos.com that has the following key functions: (i) to present the TELELOGOS Software solutions, (ii) so that people can contact TELELOGOS, and (iii) for users of any of the TELELOGOS Software solutions to connect, in order to have access to certain information about the TELELOGOS Software and/or to a TELELOGOS advisor (the “Website”). TELELOGOS will, in the course of its business, process the Personal Data of its Website users, of its customers and/or TELELOGOS Software users. TELELOGOS is concerned with protecting Personal Data, and makes the utmost effort to guarantee the highest level of protection in compliance with the applicable regulations. The purpose of this policy is to: present the technical and organizational measures put in place by TELELOGOS to guarantee a high level of protection of the processed Personal Data, which also complies with the applicable regulations; document its compliance with the applicable regulations; and inform the users concerned about how they can remain informed and monitor the Processing of their Personal Data. Furthermore, in parallel to the protection of the Personal Data that TELELOGOS will process as part of its business, the company is committed to a Privacy by Design and Privacy by Default policy that aims, starting at the design phase of the Software, to (i) minimize the use and storage of Personal Data in its solutions, (ii) encourage compliance with best practices in IT security to guarantee the maximum level of confidentiality, (iii) allow the users of its Software solutions to fulfill their obligations with regards to Personal Data Protection. Definitions For the purposes of this policy, pursuant to (EU) Regulation 2016/679 of the European Parliament and Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) and French law no. 2018-493 of June 20, 2018 for the protection of personal data: the term “Personal Data” means any information relating to an identified or identifiable natural person (hereafter the Person Concerned”); a natural person who can be identified, directly or indirectly, in particular with reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more elements specific to their physical, physiological, genetic, psychological, economic, cultural or social identity; the term “Processing” is understood as any operation or set of operations carried out with or without using automated processes applied to Personal Data or sets of Personal Data, such as collecting, recording, organizing, structuring, preserving, adapting or modifying, retrieving, consulting, using, communicating by transmission, disseminating or any other form of making available, matching or interconnecting, limiting, erasing or destroying; the term “Data Controller” means a natural person or legal entity, public authority, department or other organization who, either alone or jointly with others, determines the purposes and methods of Processing; and the term “Processor” means the natural person or legal entity, public authority, department or other organization that processes the Personal Data on the Data Controller’s behalf. Principles of Personal Data Processing Before any Processing, TELELOGOS ensures that said Processing of the Personal Data is: based on a specific, express and legitimate purpose for which the Personal Data is processed; strictly limited to the intended purpose; lawful to justify (i) the necessary execution of a contract/license binding TELELOGOS and the user concerned or pre-contractual measures; (ii) a legal obligation; (iii) the prior consent of the Person Concerned, or (iv) TELELOGOS’s pursuit of a legitimate interest, provided this does not contravene the fundamental rights of the Persons Concerned. TELELOGOS ensures that the processed Personal Data is accurate and up-to-date. TELELOGOS regularly analyzes its Processing operations and Personal Data protection procedures in order to adjust and refine them to guarantee its customers, the customers of its certified partners, its service providers, its users, and its prospects the highest level of protection possible given the applicable regulations. Category of personal data processed An asterisk (*) at collection will indicate whether the Personal Data collected are required or optional. Personal Data are usually collected while (i) browsing on the Website, (ii) placing an order (directly or indirectly via a certified partner) for one or several TELELOGOS Software solutions or service provisions related to the TELELOGOS Software, and (iii) creating a TELELOGOS Software customer/user account on the Website. The Personal Data that may be collected by TELELOGOS is, if applicable: title, surname, first name, positions and contact information for the customer, prospective customer or Website browser; and email address and other personal contact details of the aforementioned people. Use of the Website by any user gives rise to the collection of browsing data through the use of cookies and IP addresses. TELELOGOS also collects statistical data about the use of the search engine and the contact form. The statistics also cover sales data. No Sensitive Data, as defined by the applicable regulations, is processed by TELELOGOS. Purposes of personal data processing The Personal Data Processing implemented by TELELOGOS has the following purposes: the execution of a pre-contractual or contractual relationship between TELELOGOS and the Person Concerned or between a certified partner and a TELELOGOS Software user: the production/communication of any documentation or commercial and/or technical information relating to TELELOGOS Software and/or services relating to the Software provided by TELELOGOS, and the production/communication of any quote drawn up as part of TELELOGOS’s activity; the production, execution, management and monitoring of Software support tickets, Software orders, TELELOGOS Software licenses and rights of use, and services relating to TELELOGOS Software for each customer or prospective customer of TELELOGOS or of a certified partner; and invoicing and its follow-up; the legitimate interest pursued by TELELOGOS when it pursues the following purposes: sales prospecting and management as part of TELELOGOS’s business activities; the management of relations with customers and prospective customers of TELELOGOS or its certified partners; organization of, registration, and invitation to TELELOGOS events, if applicable, and as well as subscription to the TELELOGOS newsletter; users’ awareness of the Website; Website performance; and Website security; compliance with legal and regulatory obligations when Processing is performed for one of the following purposes: prevention of money-laundering, the financing of terrorism, and the fight against corruption, and compliance with any other applicable French and European regulations; invoicing; and accounting; the Person Concerned’s consent: direct solicitation. Personal data storage period TELELOGOS only stores Personal Data for as long as necessary in order to perform the operations for which it was collected, as well as to comply with the applicable regulations. The Personal Data of TELELOGOS customers or of a TELELOGOS Software user are stored throughout the entire contractual period or for the duration of the rights of use of the TELELOGOS Software used by the Person Concerned, and for a duration of five (5) years following the expiration of the contractual relationship or the period of the rights of use. For accounting purposes, they are stored for ten (10) years from the end of the fiscal year during which the last invoice was sent to the Person Concerned. The Personal Data of prospective customers are stored for a duration of three (3) months if no contractual relationship is established between the Person Concerned and TELELOGOS or between the Person Concerned and one of TELELOGOS’s certified partners. Personal data security measures In order to guarantee the security, confidentiality, integrity and availability of Personal Data processed by TELELOGOS against any destruction, loss, alteration or unauthorized disclosure, TELELOGOS implements the following protection measures: - training of TELELOGOS personnel on the applicable regulations concerning the Processing and protection of Personal Data; - restricted access of TELELOGOS personnel to the Personal Data; - verification of the compliance of every Data Processor with the applicable regulations; - securing of TELELOGOS’s premises, computer hardware and software; - update of personalized and secure profiles, using passwords that satisfy high security assurance standards and are changed regularly; - use of regularly updated anti-virus and IT security systems; - use of different internal and external backup modes; and - implementation of an internal procedure to manage any Personal Data incident or breach. Personal data breach In the event of a Personal Data breach, TELELOGOS will notify the competent supervisory authority of said breach as soon as possible no later than seventy-two (72) hours after of becoming aware of it. Furthermore, in the event that the breach could entail a high risk for the rights and liberties of a natural person, TELELOGOS will report the Personal Data breach to the Person Concerned as soon as possible, unless: TELELOGOS has also implemented the appropriate technical and organizational measures, and these measures have also been applied to the Personal Data affected by said breach, in particular measures that render the Personal Data incomprehensible to any person who is not authorized to access it, such as encryption; TELELOGOS has taken subsequent measures that ensure that the high risk to the Person Concerned’s rights and freedoms is no longer likely to materialize; and if communication to the Person Concerned requires disproportionate efforts. Processing by third parties and transfer of personal data The Personal Data processed are intended for TELELOGOS, and, where necessary, for its service providers and certified partners. These Data may also be shared with third parties in order to meet any legal or regulatory obligation. TELELOGOS will not transfer any Personal Data to countries outside the European Union. Furthermore, TELELOGOS does not resell processed Personal Data to third parties. Data subjects’ rights Under the conditions defined by the applicable regulations, the Persons Concerned have the following rights, under certain conditions: access to the Data concerning them; TELELOGOS must, on request, provide a copy of the Personal Data concerning them; to obtain from TELELOGOS, as soon as possible, the rectification of Personal Data concerning them which is inaccurate or incomplete; to obtain from TELELOGOS, as soon as possible, the erasure of Personal Data concerning them; to obtain from TELELOGOS the restriction of Processing; and to receive the Personal Data concerning them that they have provided, in a structured format that is commonly used and machine-readable, and to transmit this Data to another Data Controller (right to Data portability). When the Processing is based on the Person Concerned’s consent, the latter may, at any time, withdraw their consent. Every Person Concerned may also object to any Processing that is based on the legitimate interest of TELELOGOS by indicating this to the latter. For any further information or to exercise the aforementioned rights concerning the Processing of Personal Data, you may contact us by email at the following address: rgpd@telelogos.com, or by sending registered mail, accompanied by the copy of an ID card, to the address below: TELELOGOS, to the attention of the GDPR Manager, 3 avenue du Bois l’Abbé, 49070 Beaucouzé France. TELELOGOS will process all requests for information and requests to exercise rights relating to Personal Data as soon as possible following the date of receipt of the request, and within one (1) month at the latest. Any Person Concerned may, at any time, submit a claim to the French data protection authority (the “CNIL”) (Supervisory authority in France). Processing of Personal Data by TELELOGOS in its capacity as Data Processor on behalf of the users of TELELOGOS software in cloud mode As part of its business and especially as part of the distribution of TELELOGOS Software in Cloud Mode (SaaS), TELELOGOS may provide, on behalf of the user of TELELOGOS Software in Cloud mode, the hosting and storage of Personal Data collected and processed by the user concerned. The specific purpose of the Processing of these Personal Data is the supply of TELELOGOS Software in Cloud Mode (SaaS) to the users concerned. The user of TELELOGOS Software in Cloud Mode must provide TELELOGOS with precise and detailed instructions regarding the Processing of Personal Data. The latter is responsible for assuring the lawfulness of its Personal Data Processing. AS PART OF THIS ACTIVITY, TELELOGOS MAY NOT USE THE PERSONAL DATA PROCESSED ON BEHALF OF A USER OF TELELOGOS SOFTWARE IN CLOUD MODE FOR ANY PURPOSE OTHER THAN TO PROVIDE SAID SOFTWARE AND/OR RELATED SERVICES IN CLOUD MODE, AND IN PARTICULAR MAY NOT, IN ANY WAY WHATSOEVER, USE THESE DATA FOR PURPOSES OTHER THAN THAT MENTIONED ABOVE. For this purpose, in its capacity as Data Processor, TELELOGOS will specifically: process the Personal Data of a user of TELELOGOS Software in Cloud Mode only for the purposes of using TELELOGOS Software in Cloud Mode; as a result, it will not reuse, transfer, provide, enable or facilitate the use of the Personal Data by third parties, except in those circumstances agreed with said user or those provided for by the applicable regulations, unless the user concerned has provided their prior consent; process the Personal Data in accordance with the written instructions of the TELELOGOS Software user concerned, in its capacity as Data Controller, and transmitted in writing by the latter; guarantee the confidentiality of the Personal Data processed on behalf of the TELELOGOS Software user concerned, in accordance with this policy; take all necessary technical, logistical and/or organizational measures and adopt any necessary procedures to guarantee the protection of Personal Data against alteration, destruction, dissemination and/or unauthorized access, as well as against any illegal or unauthorized processing, in accordance with this policy; inform the TELELOGOS Software user concerned, as soon as possible, of any binding request to disclose Personal Data issued by an authority; ensure compliance with the applicable regulations concerning Personal Data by any data processor to which it has subcontracted a service on behalf of the TELELOGOS Software user concerned; assist the TELELOGOS Software user concerned, as far as possible, to fulfill their obligation to respond to requests from persons concerned to exercise their rights; it being specified that, in the event that the persons concerned contact TELELOGOS directly, TELELOGOS will forward such requests to said TELELOGOS Software user concerned as soon as possible; and delete all Personal Data from its servers at the end of the provision of TELELOGOS Software and/or its connected services in Cloud Mode, in accordance with this policy. TELELOGOS will notify the TELELOGOS Software user concerned of any proven or suspected breach of Personal Data no later than forty-eight (48) hours from the moment it becomes aware of it. Personal Data Processing record TELELOGOS will keep a record of Processing activities under its responsibility, mentioning all the information listed in the provisions of Article 30 of the GDPR. Cooperation with the supervisory authority TELELOGOS will cooperate with the CNIL (French Data Protection Authority), at the latter’s request, in the execution of its tasks. Personal Data controller within the company The Personal Data controller within TELELOGOS is Mr Eric Blin, in his capacity as data protection officer (DPO) for the TELELOGOS company. TELELOGOS MAY MODIFY THIS PERSONAL DATA PROTECTION POLICY AT ANY TIME WITHOUT INFORMING THE USERS, CUSTOMERS, OR ANY OTHER PERSON CONCERNED BEFOREHAND. IT IS RECOMMENDED THAT YOU REGULARLY CONSULT THIS POLICY ON THE TELELOGOS WEBSITE. FOR ANY OTHER INFORMATION ABOUT PERSONAL DATA PROTECTION, ANY PERSON MAY CONSULT THE CNIL WEBSITE: https://www.cnil.fr/. Use of cookies Cookies may be placed on the hard disk of a Website user’s device when they are consulting the Website. A cookie is a text file used to collect information about a Website user’s browsing activity and to store their login information. The maximum storage time for cookies installed by TELELOGOS is twelve (12) months. The Website user may object to the use of these cookies at any time by configuring their browsing software appropriately. Cookie preferences Please indicate whether this Website may use functional and/or advertising cookies as described below: Required cookies (These cookies are necessary for the Website to work properly.) Functional cookies (These cookies enable us to analyze Website use to be able to measure and improve its performance.) Advertising cookies (These cookies are used by advertising agencies to display ads that match your interests,) Authorized feature Provide a secure connection Remember where you are in an order process Remember your login information Remember what is in your shopping cart Greater consistency in the Website’s appearance Enable you to share pages with social networks Enable you to post comments Advertising matching your interests Google Analytics This Website uses Google Analytics, a website analysis service provided by Google Inc. (“Google”). Google Analytics uses cookies, which are text files placed on your computer, to help the Website analyze its use by its users. The data generated by cookies about your use of the Website (including your IP address) will be sent to and stored by Google on servers located in the United States. Google will use this information in order to assess your use of the Website, compile reports on the Website’s activity for its publisher, and provide other services relating to the Website’s activity and Internet use. Google may disclose this data to third parties if there is a legal obligation to do so or when these third parties process this data on Google’s behalf, in particular this Website’s publisher. Google will not triangulate your IP address with any other data held by Google. You can disable the use of cookies by selecting the appropriate settings in your browser. However, this deactivation may prevent the use of certain of this Website’s features. By using this Website, you explicitly consent to the processing of your named data by Google under the conditions and for the purposes described above.