Legal
Updated
March 2024
“OPENSEE SAS”, a French simplified joint stock company with a capital of €20 000,00 whose registered office is located at 21 boulevard Saint Germain 75005 Paris (France), registered on the Paris Trade and Companies Register under number 811 474 709 and represented by Mr Stephane RIO in his capacity of CEO, processes personal data as part of its business activities. Here in after “Opensee”
The purpose of this Website Privacy Policy is to inform you about how the Company may use your Personal Information. In order to optimise the provision of our services to you and to facilitate some of our marketing efforts, we collect certain specific information about you.
This Website Privacy Policy explains the following:
The Company uses all Personal Information that you provide to us or that we collect from you in accordance with all applicable laws, including those concerning the protection of Personal Information such as the French Data Protection Law and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR Regulation” or “Regulation (EU) 2016/679”), and Data protection Act 2018, and any successor legislation or other directly applicable EU regulation relating to data protection and privacy for as long as, and to the extent that, EU law has legal effect in the UK), and to provide information to data subjects on the way in which Opensee processes personal data and the means at their disposal to control such data processing.
Agreement: means any agreement between a DATA SUBJECT and Opensee under which Opensee collects, retains and processes the Data Subject’s Personal Data, such as an employment contract, a service contract or Opensee’s general terms and conditions.
Personal data: within the meaning of Regulation (EU) 2016/679 of 27 April 2016 (see in particular Article 4) “any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
Collected data: roles, surnames, first names, postal addresses, e-mail addresses, telephone numbers, login and password details, university, qualifications, information on family situation, type of organization, name of organization, job title, financial data, bank details, IP address and any other personal data that may be relevant to the specific purposes.
Sensitive data: within the meaning of Regulation (EU) 2016/679 (see in particular recital 51) all data that are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms. Those personal data should include personal data revealing racial or ethnic origin. Such personal data should not be processed, unless processing is allowed in specific cases set out in the GDPR Regulation.
Purposes of collecting personal data: personal data are collected fairly and lawfully for specified, explicit and legitimate purposes and are not further processed in a manner that is incompatible with those purposes.
They are accurate, complete and, if necessary, updated in light of the purposes for which they are collected. They are kept in a form that permits identification of DATA SUBJECTS for no longer than is necessary for the purposes for which the personal data are collected and processed.
The data are collected and processed for the purposes of Opensee’s business activities, in particular in connection with Opensee’s business relationships and the provision of services in accordance with its General Terms and Conditions, available at www.opensee.io. In addition, Opensee processes personal data for the following purposes: identifying needs with a view to providing more appropriate services; managing Opensee’s marketing activities; processing applications and any other purposes relating to its business.
Data Subject: an identified or identifiable natural person to whom the personal data processed by Opensee relate.
Policy: means this document, which applies to all customers, users of the Websites, employees and service providers of Opensee.
CNIL: Commission nationale de l’informatique et des libertés. The supervisory authority for data protection in France.
Controller: within the meaning of Regulation (EU) 2016/679, “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.”
Consent: the consent of the data subject which must be a freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify their agreement to the processing of Personal Data relating to them.
Data Controller: the person that decides how and why to collect and use the data. This will usually be an organisation, but can be an individual (eg a sole trader). If you are an employee acting on behalf of your employer, the employer would be the Data Controller. The Data Controller must make sure that the processing of that data complies with data protection law. (Source ico.org.uk)
Data Protection Law: all legislation and regulations in force from time to time regulating the use of Personal Data and the privacy of electronic communications including, but not limited to, EU Regulation 2016/679 General Data Protection Regulation (“GDPR”), the Data Protection Act 2018, and any successor legislation or other directly applicable EU regulation relating to data protection and privacy for as long as, and to the extent that, EU law has legal effect in the UK)
Data Processing: any operation or set of operations that are performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. A Data Processor will only carry out processing to the direct instruction of a Data Controller (i.e. processing will not include decision- making).
Encryption or encrypted data: The most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text;
GDPR: the General Data Protection Regulation (the “GDPR”) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of Personal Data outside the EU and EEA areas. The primary aim of the “GDPR” is to give control to individuals over their Personal Data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
ICO: Information Commissioner’s Office. The supervisory authority for data protection in the UK.
Personal Data: any information relating to an identifiable person who can be directly or indirectly identified from that information, for example, a person’s name, identification number, location, online identifier. It can also include pseudonymised data. The terms Personal Data and Personal Information are used interchangeably within this policy.
Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
PII (Personally Identifiable Information): any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for deanonymising previously anonymous data can be considered PII.
Processing: within the meaning of Regulation (EU) 2016/679, “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”
Processor: within the meaning of Regulation (EU) 2016/679, “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.”
Services: means all services provided under the conditions set out in the Agreement.
Special Categories of Personal Data: this data needs more protection because it is sensitive. It includes data which relates to an individual’s health, sexual orientation, race, ethnic origin, political opinion, religion, and trade union membership. It also includes genetic and biometric data (where used for ID purposes).
Transfer of personal data: transfer of data from an Opensee entity to another entity or to a third party located inside or outside the European Economic Area.
Third Party: within the meaning of Regulation (EU) 2016/679, “a natural or legal person, public authority, agency or body other than the DATA SUBJECT, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.”
The POLICY applies where Opensee is the CONTROLLER and processes personal data on its own behalf.
The website may contain hyperlinks to websites owned and operated by third parties. These third party websites have their own privacy policies, and are also likely to use cookies. We recommend that you review these policies which will govern the use of Personal Information which you submit when visiting these websites and which may also be collected by cookies. We do not accept any liability for such third party websites and your use of such websites is at your own risk.
Please review the Company’s Terms of Use in conjunction with this policy. This can be found athttps://www.opensee.io/legal/terms-and-conditions
Before any processing of personal data, Opensee must ensure that such processing is based on a specified, explicit and legitimate purpose for which the personal data are processed.
When processing personal data, Opensee must ensure that the PROCESSING has a legal basis.
If the PROCESSING is carried out pursuant to an agreement, it is then considered to be lawful.
If the PROCESSING is not carried out pursuant to an agreement, Opensee must demonstrate that the PROCESSING has a legitimate purpose. The PROCESSING must have a legitimate purpose for Opensee connected to its main business activity and must not prejudice the privacy of the DATA SUBJECTS.
If the PROCESSING does not meet the above conditions, Opensee may request the prior consent of the DATA SUBJECTS under the following conditions, all of which must be met:
The processing of personal data must be strictly necessary for the initial purpose of the processing.
Opensee may carry out further processing operations on the collected data provided that those processing operations are compatible with the purposes for which the data were originally collected (scientific research, statistics, etc.).
During the data’s life cycle, Opensee must ensure that the data are accurate and up-to-date.
DATA SUBJECTS may exercise their right of rectification to update their personal data.
Opensee must ensure that the data are not stored for longer than necessary for the processing purposes.
Opensee has security measures in place to secure its IT environment against unauthorised or unlawful PROCESSING and against accidental loss, destruction or damage.
Opensee deals with sensitive personal data in limited circumstances.
In these limited cases, treatment is only permitted if any of the following conditions is met:
1. How do we collect information
This Policy relates to the Company’s use of any Personal Information collected from you via the following services:
2. What information do we collection
When you participate in, access or sign up to any of the Company’s services, activities or online content (including on social media and messaging applications), such as newsletters, promotions, live chats, message boards, web and mobile notifications or votes, we may receive Personal Information about you.
This may include:
your name
email address
job title
telephone or mobile number
information collected about your use of Opensee’s services
3. How will we use the information?
Depending on your use of our site, we will use your personal information for a number of purposes including:
We collect and use the Personal Information about you for the purposes described above, because we have a legitimate business interest to do so that is not overridden by your right to have your Personal Information adequately protected. You do not have to provide us with any of the Personal Information described above, but if you choose not to do so, you may not be able to receive certain Company services, access certain parts of our website or receive information from us that you have requested.
4. Sharing information with third parties
We may send your personal information to other affiliates and third parties to help us process your personal information for the purposes set out in this policy.
We may disclose personal information to third parties when we reasonably believe we are required by law, and in order to investigate, prevent, or take action regarding suspected or actual unlawful or otherwise prohibited activities, including, but not limited to, fraud.
5. Where do we send your information
The Company may be required to transfer personal data to a country/countries around the world including ( Europe ). We will, where the country to which your data is transferred has not been found to provide an adequate level of protection, put in place appropriate safeguards to ensure your Personal Information is protected.
The Personal Data collected in connection with the SERVICES shall be stored for the entire duration of the contractual relationship between Opensee and the DATA SUBJECT.
In the event that the SERVICES and any contractual relationship are terminated for any reason whatsoever, the PERSONAL DATA shall be returned to the DATA SUBJECT and/or irreversibly deleted within the maximum periods permitted by applicable regulations.
In the event that Opensee determines that there has been unauthorized or unlawful processing or access, or that the personal data for which it is responsible may potentially be, or have been, used or disclosed, Opensee will shall determine whether the breach should be reported to the competent supervisory authority in accordance with the procedure to be applied by Opensee in the event of a Personal Data breach.
Opensee may use third parties for its own purposes or in connection with the SERVICES.
When Opensee uses a third party as a PROCESSOR, it shall ensure that the third party:
Transfers of personal data from a Opensee entity acting as CONTROLLER to another OPENSEE entity located in the European Economic Area acting as Controller are governed by a data processing agreement or by specific provisions inserted into the Agreement.
Transfers of personal data from a Opensee entity acting as CONTROLLER to another OPENSEE entity located outside the European Economic Area acting as CONTROLLER or as a PROCESSOR are subject to the provisions of this POLICY.
Transfers of personal data by an OPENSEE entity acting as CONTROLLER to a third party located outside the European Economic Area are governed through the adoption of standard contractual clauses.
DATA SUBJECTS may ensure that this data protection policy is applied by Opensee.
If data subjects consider that Opensee has breached this policy, they will need to follow the procedure described in this document.
If the dispute is unable to be resolved out of court, DATA SUBJECTS may bring legal proceedings.
DATA SUBJECTS have the following rights:
If the data processing is necessary for exercising the right of freedom of expression and information;
If the data processing is necessary to comply with a legal obligation;
If the data processing is necessary on public interest grounds in the area of public health;
If the data processing is necessary for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes;
If the data processing is necessary for the establishment, exercise or defense of legal claims.
If a user has comments or questions about these rules, they can be emailed to Opensee at gdpr@opensee.io.
Data subjects will be required to submit complaints in accordance with this complaint’s procedure.
Opensee undertakes to deal with these complaints within a reasonable period of time and, in any event, within one month of receiving the complaint.
This procedure shall also apply to requests by DATA SUBJECTS to exercise their rights to access, update and delete their personal data.
For any information or to exercise your rights concerning the processing of your personal data by Opensee, you may contact our Data Protection Officer (DPO) by sending an email to: gdpr@opensee.io.
Or by sending a signed letter together with a copy of an identity document to the following address: 112 avenue Kléber, 75116 Paris (FRANCE)
Opensee adopts data protection restrictions at the start of any new project to ensure that the privacy of DATA SUBJECTS is respected as soon as a product or service is designed.
The principles and obligations set out in this policy will be incorporated as soon as a project is designed.
In order to ensure respect for privacy by design and by default, Opensee ensures that:
Opensee monitors that its data processing operations comply with prevailing regulations.
To that end, Opensee may, in certain specific cases, carry out a privacy impact assessment to:
Opensee undertakes to keep a register of processing activities.
Opensee is responsible for ensuring that any new processing is recorded in the register with relevant background information on the processing.
Opensee undertakes to maintain a good relationship with the data protection authorities. To that end, Opensee shall cooperate with and agree to be audited by the data protection authorities and follow their advice on matters of which these authorities may be aware.
Opensee shall decide which data protection authorities have jurisdiction over each processing operation it carries out.
If data protection authorities carry out an audit at any of the Opensee sites, the Group Data Protection Officer shall be informed as soon as possible.
We may use information obtained from cookies or similar technology.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org . You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser. However, if you do so in a few cases some of our website features may not function as a result.
During the course of any visit to our website, the pages you see, along with a cookie, are downloaded to your device. Many websites do this, because cookies enable website publishers to do useful things like find out whether the device (and probably its user) has visited the website before. This is done on a repeat visit by checking to see, and finding, the cookie left there on the last visit. If you continue without changing your settings, we’ll assume that you are happy to receive all cookies on our website.
However, you can change your cookie settings at any time.
Our cookies are used to improve your user experience. You are not required to use cookies at any time and you may refuse to use them at any time.
Opensee uses technical cookies that are required for the website to function properly. These cookies, also called session cookies, enable the website to recognize identified users on different pages.
A cookie does not identify the user, but it records information on browsing on our website for statistical purposes.
These cookies are stored on a user’s hard disk for thirty days.
This website uses cookies that fall into one or more of all the categories below:
Strictly necessary cookies – these enable services you have specifically asked for. These cookies are essential to enable you to move around our website and use its features, such as accessing secure areas of the website. Without these cookies certain services you have asked for cannot be provided.
Performance cookies – these collect information on the pages visited. These cookies collect information about how users use a website, for instance which pages users go to most often, and if they get error messages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. They are only used to help us make improvements to the website for a better user experience.
Functionality cookies – these remember choices you make to improve your experience. These cookies allow the website to remember choices you make and provide enhanced, more personal features. They may be used to help provide services you have asked for such as watching a video. The information these cookies collect may be anonymised and they cannot track your browsing activity to other websites
Opensee also uses third-party services such as the Google Analytics service. This service may use cookies. As such, Google may place cookies on your device. Opensee has no control over the cookies stored by this publisher. We suggest that you refer to this publisher’s legal notices.
You may block cookies by changing your browser’s settings.
Refusing cookies may prevent you from accessing certain features of the website
OPENSEE Group is committed to continuously assessing the compliance of the group’s structures with this data protection policy.
The assessment program will define the procedures for carrying out the checks, the expected scope of these checks and the team responsible therefore.
1. How do we protect your information?
We take appropriate measures to ensure that any personal information which you disclose to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used. The security measures taken may include, but are not limited to, data authentication and encryption
Under the “GDPR”, you have the following rights, which the Company will always work to uphold:
1. Right to opt out
You can request that we stop sending you marketing materials at any time. Electronic communications typically include an unsubscribe link that allows you to manage your communication preferences including the ability to unsubscribe from all future marketing. If for any reason that has not been successful please contact us using the details provided below.
2. How to contact us
This Website Privacy Policy should tell you everything you need to know, but you can always contact us to ask any questions or if you wish to exercise any of your rights in relation to your Personal Information, using the contact information below:
The Company has appointed a Data Protection Officer (“DPO”), who is responsible for managing any questions you may have in relation to this Policy. Please contact them using the details set out below:
You have the right to make a complaint to the supervisory authority if you are unhappy with how we’ve handled your Personal Information.
Responsibility for the Website Privacy Policy rests with the Marketing manager and DPO. Duties include, but are not limited to: