Skip to main content

GDPR

1. Preamble

Aware of the importance of ensuring data confidentiality and respect for the privacy of its prospects, customers and partners, the ISB Group undertakes, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, to implement adequate measures to ensure the protection, confidentiality and security of the personal data collected.

The purpose of this policy is to inform you about the commitments made by the ISB Group to ensure that your personal data is respected and about your rights regarding the processing of this data.

This policy may change depending on the legal and regulatory context.

2. Scope of action

This policy applies to all processing of personal data carried out by the ISB Group relating to prospects, customers and partners, hereinafter referred to as the “Data Subjects”, of one or more of the group's companies.

3. Definitions

“Personal data” (hereinafter " Data "), any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an "identifiable natural person" is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Data controller”, the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

" Subcontractor ", the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

“Supervisory Authority”: independent public authority responsible for monitoring the application of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

" Treatment ", any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

" RECIPIENT ", the natural or legal person, public authority, agency or other body to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

" Consent " of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

4. Data collected

The ISB Group ensures that it only collects Data voluntarily transmitted by the Data Controllers and strictly necessary for the purpose of the processing implemented. In particular, data relating to identity (surname, first names, addresses, personal and professional contact details), customer account management and the management of quotes, orders and invoices are processed.

5. Lawfulness of processing

6. Purposes of processing

7. Information for Data Subjects

8. Recipients of Data

9. Data Retention

10.Safety

11. Cookies

12. Rights of Data Holders regarding Data Processing

13. Contact

4. Data collected

The ISB Group ensures that it only collects Data voluntarily transmitted by the Data Controllers and strictly necessary for the purpose of the processing implemented. In particular, data relating to identity (surname, first names, addresses, personal and professional contact details), customer account management and the management of quotes, orders and invoices are processed.

5. Lawfulness of processing

In the interests of transparency and loyalty, the processing of Data Subjects' Data is based on their consent.

6. Purposes of processing

The processing implemented meets explicit, legitimate and determined purposes.

Prospect and customer data is processed for the following purposes:

  • Creation and management of customer accounts;
  • Management of quotes and orders;
  • Invoice management;
  • Improving products and services and their quality;
  • Targeted marketing and business statistical analysis.

Partner Data is processed for:

  • Improving our services and products and their quality;
  • Targeted marketing;
  • Business development and business statistical analysis.

These purposes, determined by the data controller, are included in the ISB Group's personal data processing register.

7. Information for Data Subjects

In accordance with Regulation (EU) 2016/679, the ISB Group undertakes to inform the Data Controllers about the processing of their Data.
Thus, the ISB Group clearly provides the following information for each new Data collected:

  • The identity and contact details of the data controller, ISB France 11 bd Nominoë 35740 Pacé;
  • Contact details of the data protection officer: dpo.isb@groupe-isb.fr ;
  • The purposes of the processing for which the Data is intended as well as the legal basis for the processing;
  • The recipients or categories of recipients of the Data;
  • The retention period of the Data or, where this is not possible, the criteria used to determine this period;
  • All rights of natural persons attached to the processing of their Data.

8. Recipients of Data

The ISB Group only communicates Holder Data to authorized and specific recipients.

The recipients of the Data covered by this policy are the relevant departments of the ISB Group brands responsible for carrying out the purposes defined above, as well as, where applicable, authorized personnel of partner companies or subcontracting service providers contractually subject to compliance, at a level at least equal to that of the ISB Group, with the requirements relating to Data processing.

9. Data Retention

The ISB Group retains the Data:

  • From its customers for the duration necessary for the execution of the contracts which bind them and then for a period of 20 years following this execution;
  • Prospects for a period of 20 years from their collection;
  • Partners during the lifetime of the business that employs the partner or the contract that binds the partner to his business

10.Safety

The ISB Group implements all security measures for its information system (physical and IT security) in order to ensure the availability, integrity and confidentiality of Holders' Data.

11. Cookies

We use cookies on ISB Group websites to optimize your online experience and analyze traffic on our sites. You can accept or reject cookies by configuring your internet browser. However, we inform you that by rejecting cookies, certain features, pages, and areas of the site may no longer be accessible, for which we cannot be held responsible.

12. Rights of Data Holders regarding Data Processing

Data Subjects have the right to obtain from the data controller confirmation as to whether or not their Data is being processed and, where it is, access to said Data and the information listed in paragraph 7 of this Policy.

Data Subjects may also exercise their rights by requesting the data controller:

  • The rectification or erasure of their Data, or a limitation of the processing of their Data, or the right to object to this processing for legitimate reasons. The consequences of exercising these rights are then the responsibility of the applicant.
  • The withdrawal of their consent, within the limit:
    • Respect for the legitimate exercise of ISB's interests or;
    • When a legal obligation requires processing by the controller.
  • The portability of their Data.

These rights can be exercised by using the form for exercising the rights of individuals, to be requested at the following address: dpo.isb@groupe-isb.fr.

Data Subjects may also lodge a complaint with the national supervisory authority, the National Commission for Information Technology and Civil Liberties (CNIL).

13. Contact

For any requests for information regarding this Policy, you can send an email to: dpo.isb@groupe-isb.fr.