Privacy policy

V 1.0 Applicable as of 15 October 2021

At Avisa Partners, your privacy and data are very important to us, so we take all reasonable precautions to protect them in the operation and features of our website. We have therefore drafted two documents to inform you of how we collect, use and protect your personal data when providing our different services:

• a policy specific to the data collected on our website (this privacy policy),
• and a document specifically covering the cookies that we use: the Cookie Management Policy.

The purpose of these policies is to keep you informed of what we do with the personal data and information that you give us, why we collect it, and how we keep it secure.

The terms “we”, “us”, and “our” used in this Privacy Policy refer to the company Avisa Partners.

In this document, we use the terms “personal data” and “personal information” interchangeably to refer to the information that identifies you personally, such as your first and last names and business addresses, data that is connected to you, such as answers provided to questions that appear on our forms, and the connection and browsing data on our site, such as your IP address and date and time of connection.

You can find the answers to some of your questions categorised by topic in the following sections:

1. Who are we?
2. What data do we collect about you, and why do we process your data?
3. Whom might we share your data with?
4. What about social networks?
5. How long do we keep your data?
6. Where do we keep your data?
7. How is your data protected?
8. What are your rights?
9. How can you exercise your rights?
10. Updates to the privacy policy

1 – Who are we?

Avisa Partners is a simplified joint stock company with share capital of €30,207,297.00, listed on the Paris trade and companies register under the number 835004094. The company’s headquarters are located at 17 Avenue Hoche 75008 PARIS.

We are the data controller within the meaning of Regulation (EU) 2016/679 (General Data Protection Regulation, or “GDPR” hereafter) for collecting and processing the personal data on the website www.incyber.org.

As such, we undertake to comply with the legal provisions in force and to take all reasonable measures to ensure that the Personal Data is accurate and relevant to the purposes for which it is processed by Avisa Partners.

2 – What data do we collect about you, and why do we process your data?

The personal information that you choose to share with us on our websites will only be processed on the following legal bases and for the following purposes:

• If you are a consumer, based on your consent should you offer it, to subscribe you to our newsletters and content sent by email or SMS, or to allow you to download our white papers or any other PDF documents

This data includes your name, professional identity (company and position held), and contact data (email address and telephone number).

• If you are a professional, on the legal basis of our legitimate interest, to subscribe you to our newsletters and content sent by email or SMS, or to allow you to download our white papers or any other PDF documents

This data includes your name, professional identity (company and position held), and contact data (email address and telephone number).

• based on your consent should you offer it, to carry out optional satisfaction surveys

This includes your email addresses, IP addresses, any nominative data, your professional identity (company, position held), your contact details (email address, telephone number), website browsing habits, and centres of interest.

• based on your consent should you offer it, to log you into your account from an account on another service and to send messages from other services

This service may share information with Avisa Partners about your profile, your connections, and any other information that you have allowed to be shared.

• based on your consent should you offer it, to help you find people you may know on the Avisa Partners network or to allow other Users of the Avisa Partners network to find you

We may then upload your address book and use your electronic credentials to search for contacts present by username, email address or service. We will then be able to make suggestions to you and other network Users based on the contacts imported from your address book.

• On the legal basis of our legitimate interest, to offer you a secure, high-quality service that meets your expectations in order to:
  – optimise how our site functions according to your profile,
  – evaluate and develop new features, technologies and improvements to the services available on our site,
  – fulfil other internal purposes in terms of research and statistics,
  – reinforce our data security and fraud prevention capabilities,
  – protect our legal rights leading up to and during disputes.

This includes the data previously listed as well as your IP addresses, connection time and date, and the devices used for browsing.

• On the basis of our legal obligations, to meet legal and regulatory obligations.

This could include all the data listed above.

3 – Whom might we share your data with?

Avisa Partners will not sell the User’s personal data.

Avisa Partners will only share your personal data:
– in response to legal or administrative procedures of any kind or to law enforcement measures as requested by the relevant authorities,
– or with our service providers, for example to store them on third-party hosting services or to provide our technical assistance, etc.
– or with our service providers such as lawyers or accountants within the scope of their assignment, strictly limited to the information needed to carry it out,

– or, should Avisa Partners take part in a merger, acquisition, or other transfer of assets, given that Avisa Partners undertakes to obtain your consent prior to sharing your personal data, to maintain the level of privacy that applies to it, and to ensure that any acquirer does the same.

We require that all these third parties apply, as a minimum, the security rules laid out by the French data protection authority CNIL, whether in their administrative, technical and organisational aspects, in order to protect your shared data against any illegal disclosure, use, modification and destruction.

In particular, we have taken great care to select our subcontractors according to the level of security of hosting that they offer.

We work with service providers who act on our behalf and may need to access some of your personal data to provide us with the assistance or technical infrastructure required to provide our services.

Therefore, your data may be shared with the following subcontractors:
– Gandi, which hosts our website, on servers located within the European Union,
In certain cases, efficient processing by our subcontractors may require processing that takes place outside of the European Union. In such cases, we have included appropriate ad-hoc contractual clauses recognised by the European Commission to protect your data at least as well as they would be if they were processed in France.

Furthermore, if you decide to use your social network accounts to share content or sign into our website, this connection may result in certain data being sent to the servers used by these services, especially in the United States. To find out more, read on.

4 – What about social media?

To provide you with the most complete services, we allow you to share pages easily on your favourite social networks. By using the buttons to access social networks, certain data may be collected and shared between our website and social networks.

Our site uses plug-ins or social modules on its various pages, such as “share” buttons for third-party social networks like Facebook, Twitter and LinkedIn. When you visit a page on our website that contains one of these modules, a connection is made automatically with the servers of the social network, such as Facebook or Twitter, who may then be informed that you have accessed the corresponding page on our website. If you wish to limit the information that these social networks know or publish about your actions on our website, we recommend that you sign out of your social networks before visiting our website.

To protect your privacy, we have nevertheless limited the information that is automatically sent in this way.

Thus:
• We only collect the fact that you were signed into the social network in question,
• The social network in question collects the information provided in their own personal data protection policy; we recommend that you read it and take any desired action in the settings on each social network.

Avisa Partners is not responsible for any use that these social networks might make of your data for their own purposes.

To conclude on this issue, please note that the data sent to social networks under the aforementioned conditions may be sent and processed by these companies on servers located in multiple countries around the world, including the United States, in accordance with their own privacy policies, which we encourage you to read.

5 – How long do we keep your data?

Your data is kept for as long as needed to fulfil the purposes described above, in accordance with the current legislation in force.

In regard to sales prospection data, should you not have signed up to the services offered on our site, we only keep personal data in our active database for the time needed to follow up on our business relationship with you, i.e., three years after our last contact.

If you have opened an account on our website, we keep the personal data regarding the terms and conditions that bind us in our active database for the time needed to follow up on our business relationship with you, then in an intermediate database for five years after the end of the contract. Please note that, regardless of these durations, if you have not signed into the website www.incyber.org for a period of three years, you will receive an email inviting you to sign in as soon as possible to avoid your account access being disabled, in accordance with our terms and conditions.

Furthermore, the data that establishes proof of a right or contract must be kept to fulfil a legal obligation and will be kept for the duration provided by the law in force in an intermediate archive.

Connection data, such as your IP address, connection date and time and pages visited, will be kept for a duration of up to 12 months.

At the end of this time, it will be archived, anonymised or deleted.

To this end, data flushing mechanisms have been set up to effectively delete data once the archival or storage durations necessary for fulfilling the required or desired purposes have expired.

6 – Where do we keep your data?

As a general rule, your data is stored in the European Union.

Should a personal data feed be shared with an entity located outside the European Union or in a country that does not have an adequate level of protection within the meaning of the General Data Protection Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, these data transfers will be carried out based on the standard contractual clauses of the European Commission and/or any other legal basis that complies with the legislation that applies to personal data, constituting “appropriate safeguards” within the meaning of the GDPR.

As regards our subcontractors in particular, transfers to the United States are governed by the European Commission’s standard contractual clauses.

7 – How is your data protected?

Our data hosting service stores your information on secure servers. Our website has an SSL certificate enabling the “https” protocol that secures the connection between the web server and the browser. We use adequate security measures to ensure that supporting documents have optimal protection.

We always do our utmost to protect your personal data. From the moment your data is received and throughout its lifecycle, we apply strict security measures and procedures to guarantee data availability and integrity and to prevent any unauthorised access.

Should we become aware of an incident that seriously impacts the integrity or privacy of the User’s Data despite our best data protection efforts, we will inform you as soon as possible and will indicate the corrective measures we have taken.

8 – What are your rights?

In accordance with Articles 13 and 15 to 22 of the General Data Protection Regulation (GDPR), we undertake to allow you to exercise your rights relating to the personal data that you share with us. In this regard and within the limits laid out in the applicable legal provisions, you have the right to:
– be informed in an intelligible way of how your data is processed,
– request access to your data,
– request rectification of any of your data that might be inaccurate or incomplete,
– request erasure of your data,
– object to or request a restriction of the processing of your data,
– exercise the portability of your data collected on the basis of the contract or consent as described in Article 1, such as the data inherent to using our services,
– provide instructions for the storage, erasure and communication of your personal data after your death,
– withdraw your consent to data processing at any time where consent is the legal basis for the processing in question (see Article 1), in particular subscriptions to our newsletters.

You have the right to make a claim to the French data protection authority CNIL by writing to them at 3 Place de Fontenoy TSA 80715 75334 PARIS CEDEX 07 or on its website at www.cnil.fr/fr/plaintes.

9 – How can you exercise your rights?

You can contact us:
– by email: dpo(@)avisa-partners(.)com
– using our form
– by letter addressed to our DPO and sent to the following address: 17 Avenue Hoche 75008 PARIS

To protect your privacy and your security, we may need to ask you for proof of identity.

10 – Updates to the privacy policy

We may update this Data Protection Policy at any time to adapt it to any new practices and service offerings. In this case, the Data Protection Policy’s date of update will be modified in accordance with the day the changes are made. If there are any significant changes, we will publish a notice of these changes on our website.