Privacy Policy

Introduction

“OPENSEE SAS”, a French simplified joint stock company with a capital of €20 000,00, whose registered office is located at 21 boulevard Saint Germain 75005 Paris (France), registered on the Paris Trade and Companies Register under number 811 474 709 and represented by Mr Stephane RIO in his capacity of CEO, processes personal data as part of its business activities. Here in after “OPENSEE SAS”

The purpose of this Policy is to set out the technical and organizational measures taken by OPENSEE SAS to ensure a high and sustainable level of protection for processed data, to document its compliance with the French Data Protection Law and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR Regulation” or “Regulation (EU) 2016/679”), and to provide information to data subjects on the way in which OPENSEE SAS processes personal data and the means at their disposal to control such data processing.

ARTICLE 1. Definitions

Agreement: means any agreement between a DATA SUBJECT and OPENSEE SAS under which OPENSEE SAS collects, retains and processes the Data Subject’s Personal Data, such as an employment contract, a service contract or OPENSEE SAS’s general terms and conditions.

Personal data: within the meaning of Regulation (EU) 2016/679 of 27 April 2016 (see in particular Article 4) “any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

Collected Data: roles, surnames, first names, postal addresses, e-mail addresses, telephone numbers, login and password details, university, qualifications, information on family situation, type of organization, name of organization, job title, financial data, bank details, IP address and any other personal data that may be relevant to the specific purposes.

Sensitive data: within the meaning of Regulation (EU) 2016/679 (see in particular recital 51) all data that are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms. Those personal data should include personal data revealing racial or ethnic origin. Such personal data should not be processed, unless processing is allowed in specific cases set out in the GDPR Regulation.

Purposes of collecting personal data: personal data are collected fairly and lawfully for specified, explicit and legitimate purposes and are not further processed in a manner that is incompatible with those purposes.

They are accurate, complete and, if necessary, updated in light of the purposes for which they are collected. They are kept in a form that permits identification of DATA SUBJECTS for no longer than is necessary for the purposes for which the personal data are collected and processed.

The data are collected and processed for the purposes of OPENSEE SAS’s business activities, in particular in connection with OPENSEE SAS’s business relationships and the provision of services in accordance with its General Terms and Conditions, available at www.opensee.io. In addition, OPENSEE SAS processes personal data for the following purposes: identifying needs with a view to providing more appropriate services; managing OPENSEE SAS’s marketing activities; processing applications and any other purposes relating to its business.

Data Subject: an identified or identifiable natural person to whom the personal data processed by OPENSEE SAS relate.

Policy: means this document, which applies to all customers, users of the Websites, employees and service providers of OPENSEE SAS.

Controller: within the meaning of Regulation (EU) 2016/679, “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.”

Services: means all services provided under the conditions set out in the Agreement.

Processor: within the meaning of Regulation (EU) 2016/679, “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.”

Third Party: within the meaning of Regulation (EU) 2016/679, “a natural or legal person, public authority, agency or body other than the DATA SUBJECT, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.”

Processing: within the meaning of Regulation (EU) 2016/679, “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”

Transfer of personal data: transfer of data from a OPENSEE SAS entity to another entity or to a third party located inside or outside the European Economic Area.

ARTICLE 2. Scope

This POLICY applies from 1st march 2021.

The POLICY applies where OPENSEE SAS is the CONTROLLER and processes personal data on its own behalf.

ARTICLE 3. Key principles for the processing of personal data

1. Purpose limitation

Before any processing of personal data, OPENSEE SAS must ensure that such processing is based on a specified, explicit and legitimate purpose for which the personal data are processed.

2. Legal basis, lawfulness, fairness and transparency

When processing personal data, OPENSEE SAS must ensure that the PROCESSING has a legal basis.

If the PROCESSING is carried out pursuant to an agreement, it is then considered to be lawful.

If the PROCESSING is not carried out pursuant to an agreement, OPENSEE SAS must demonstrate that the PROCESSING has a legitimate purpose. The PROCESSING must have a legitimate purpose for OPENSEE SAS connected to its main business activity and must not prejudice the privacy of the DATA SUBJECTS.

If the PROCESSING does not meet the above conditions, OPENSEE SAS may request the prior consent of the DATA SUBJECTS under the following conditions, all of which must be met:

Consent must be given by a clear positive act (opt-in);
Consent must be freely given.
Consent must specifically, clearly and unequivocally indicate the DATA SUBJECT’s consent to the processing of personal data.

3. Data minimisation

The processing of personal data must be strictly necessary for the initial purpose of the processing.

4. Compatible further processing operations

OPENSEE SAS may carry out further processing operations on the collected data provided that those processing operations are compatible with the purposes for which the data were originally collected (scientific research, statistics, etc.).

5. Accuracy/Quality of data

During the data’s life cycle, OPENSEE SAS must ensure that the data are accurate and up-to-date.

DATA SUBJECTS may exercise their right of rectification to update their personal data.

6. Data storage limits

OPENSEE SAS must ensure that the data are not stored for longer than necessary for the processing purposes.

7. Security measures/Integrity and confidentiality

OPENSEE SAS has security measures in place to secure its IT environment against unauthorised or unlawful PROCESSING and against accidental loss, destruction or damage.

ARTICLE 4. Processing sensitive data

OPENSEE SAS deals with sensitive personal data in limited circumstances.

In these limited cases, treatment is only permitted if any of the following conditions is met:

The DATA SUBJECT has given his/her consent;
The DATA SUBJECT is not able to give consent but the processing is necessary to protect the vital interests of the DATA SUBJECT or any other person;
The processing is required by law;
The DATA SUBJECT has himself/herself placed sensitive data in the public domain;
The processing is essential for the purpose of initiating, bringing or defending legal proceedings, provided that there is no reason to believe that the DATA SUBJECT has a compelling legitimate interest in ensuring that the data are not processed;
The PROCESSING is explicitly permitted by national legislation.

ARTICLE 5. Storage period

The Personal Data collected in connection with the SERVICES shall be stored for the entire duration of the contractual relationship between OPENSEE SAS and the DATA SUBJECT.

In the event that the SERVICES and any contractual relationship are terminated for any reason whatsoever, the PERSONAL DATA shall be returned to the DATA SUBJECT and/or irreversibly deleted within the maximum periods permitted by applicable regulations.

ARTICLE 6. Personal data breaches

In the event that OPENSEE SAS determines that there has been unauthorized or unlawful processing or access, or that the personal data for which it is responsible may potentially be, or have been, used or disclosed, OPENSEE SAS shall determine whether the breach should be reported to the competent supervisory authority in accordance with the procedure to be applied by OPENSEE SAS in the event of a Personal Data breach.

ARTICLE 7. Processing by third parties

OPENSEE SAS may use third parties for its own purposes or in connection with the SERVICES.

When OPENSEE SAS uses a third party as a PROCESSOR, it shall ensure that the third party:

implements procedures to ensure compliance with the instructions provided by OPENSEE SAS, itself and its sub-contractors;
informs OPENSEE SAS of any request to communicate OPENSEE’s personal data received from another third party;
undertakes to ensure that its employees and sub-contractors comply with applicable laws and sign a specific confidentiality agreement;
allows OPENSEE SAS to perform data protection audits as part of the processing of personal data;
undertakes to regularly audit its sub-contractors as part of the processing of personal data;
cooperates with OPENSEE SAS to assess and document that the processing of personal data is compliant.

ARTICLE 8. Transfer of personal data to third countries

Transfers of personal data from a OPENSEE SAS entity acting as CONTROLLER to another OPENSEE entity located in the European Economic Area acting as Controller are governed by a data processing agreement or by specific provisions inserted into the Agreement.

Transfers of personal data from a OPENSEE SAS entity acting as CONTROLLER to another OPENSEE entity located outside the European Economic Area acting as CONTROLLER or as a PROCESSOR are subject to the provisions of this POLICY.

Transfers of personal data by an OPENSEE entity acting as CONTROLLER to a third party located outside the European Economic Area are governed through the adoption of standard contractual clauses.

ARTICLE 9. Rights of DATA SUBJECTS

DATA SUBJECTS may ensure that this data protection policy is applied by OPENSEE SAS.

If data subjects consider that OPENSEE SAS has breached this policy, they will need to follow the procedure described in this document.

If the dispute is unable to be resolved out of court, DATA SUBJECTS may bring legal proceedings.

1. Right to object, right of access, right of rectification, right to data portability and right to erasure

DATA SUBJECTS have the following rights:

To access their data that are processed by the company;
To request the rectification, erasure, deletion or limitation of any inaccurate or incomplete personal data and personal data for which there is no longer any legal or appropriate processing purpose; in this context, the deletion of data cannot be required in the following cases:

If the data processing is necessary for exercising the right of freedom of expression and information;

If the data processing is necessary to comply with a legal obligation;

If the data processing is necessary on public interest grounds in the area of public health;

If the data processing is necessary for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes;

If the data processing is necessary for the establishment, exercise or defense of legal claims.

To object to the processing of their personal data at any time, unless such processing is required by law and provided that the DATA SUBJECT proves that he/she has a legitimate reason linked to the particular nature of the situation.
To receive personal data in a structured, commonly used and machine-readable format, in cases where the processing is carried out pursuant to an agreement or is based on the consent of the DATA SUBJECT. If the processing is based on the legitimate interest of the CONTROLLER or a legal obligation, the right to portability shall not be mandatory;
The right not to be the subject of a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects him or her.

2. Requests for information, comments and complaints

If a user has comments or questions about these rules, they can be emailed to OPENSEE SAS at [email protected]

ARTICLE 10. Procedure for handling complaints from DATA SUBJECTS

Data subjects will be required to submit complaints in accordance with this complaint’s procedure.

OPENSEE SAS undertakes to deal with these complaints within a reasonable period of time and, in any event, within one month of receiving the complaint.

This procedure shall also apply to requests by DATA SUBJECTS to exercise their rights to access, update and delete their personal data.

For any information or to exercise your rights concerning the processing of your personal data by OPENSEE SAS, you may contact our Data Protection Officer (DPO) by sending an email to: [email protected]. Or by sending a signed letter together with a copy of an identity document to the following address: 112 avenue Kléber, 75116 Paris (FRANCE)

ARTICLE 11. Privacy by default

OPENSEE SAS adopts data protection restrictions at the start of any new project to ensure that the privacy of DATA SUBJECTS is respected as soon as a product or service is designed.

The principles and obligations set out in this policy will be incorporated as soon as a project is designed.

In order to ensure respect for privacy by design and by default, OPENSEE SAS ensures that:

it integrates data protection restrictions from the design phase onwards;
it anticipates data protection restrictions and integrates data into the design phase of any project;
privacy restrictions are taken into account at the start of projects;
a project’s commitment to data protection is clearly defined and identified to facilitate compliance assessments and to ensure complete transparency for DATA SUBJECTS;
privacy restrictions are complied with throughout the life cycle of the product or system or the personal data storage period.

ARTICLE 12. Impact analysis on the protection of personal data

OPENSEE SAS monitors that its data processing operations comply with prevailing regulations.

To that end, OPENSEE SAS may, in certain specific cases, carry out a privacy impact assessment to:

identify processes that pose a particular risk to the protection of personal data;
assess the level of compliance of the processing it carries out;
decide on the corrective measures to be implemented to ensure that personal data are processed in accordance with prevailing regulations.

ARTICLE 13. Personal data processing register

OPENSEE SAS undertakes to keep a register of processing activities.

OPENSEE SAS is responsible for ensuring that any new processing is recorded in the register with relevant background information on the processing.

ARTICLE 14. Cooperation with the supervisory authorities

OPENSEE SAS undertakes to maintain a good relationship with the data protection authorities. To that end, OPENSEE SAS shall cooperate with and agree to be audited by the data protection authorities and follow their advice on matters of which these authorities may be aware.

OPENSEE SAS shall decide which data protection authorities have jurisdiction over each processing operation it carries out.

If data protection authorities carry out an audit at any of the OPENSEE SAS sites, the Group Data Protection Officer shall be informed as soon as possible.

ARTICLE 15. The use of cookies

OPENSEE’s websites may contain cookies that collect personal data in order to improve the interactivity of the website and enable it to provide services.

1. What are cookies?

A cookie is a small text file, usually consisting of letters and numbers, sent to your browser on your computer’s hard drive, via our Opensee.io website. It may be permanent (used at the time of subsequent website visits) or temporary (disappears when the user leaves the website).

2. Why do we use cookies?

Our cookies are used to improve your user experience. You are not required to use cookies at any time and you may refuse to use them at any time.

3. What cookies do we use?

OPENSEE SAS uses technical cookies that are required for the website to function properly. These cookies, also called session cookies, enable the website to recognize identified users on different pages.

A cookie does not identify the user, but it records information on browsing on our website for statistical purposes.

These cookies are stored on a user’s hard disk for thirty days.

Third Party cookies:

OPENSEE SAS also uses third-party services such as the Google Analytics service. This service may use cookies. As such, Google may place cookies on your device. OPENSEE SAS has no control over the cookies stored by this publisher. We suggest that you refer to this publisher’s legal notices.

4. Your cookie choices

You may block cookies by changing your browser’s settings.

Refusing cookies may prevent you from accessing certain features of the website

ARTICLE 16. Ongoing assessment of GDPR compliance

OPENSEE Group is committed to continuously assessing the compliance of the group’s structures with this data protection policy.

The assessment program will define the procedures for carrying out the checks, the expected scope of these checks and the team responsible therefore.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_6FDMQRPKP7	2 years	This cookie is installed by Google Analytics.
_ga_N0PJF4JLJQ	2 years	This cookie is installed by Google Analytics.

Cookie	Duration	Description
_lfa	2 years	This cookie is set by the provider Leadfeeder to identify the IP address of devices visiting the website, in order to retarget multiple users routing from the same IP address.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	Used by Linkedin.com to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries
li_gc	2 years	Used to store guest consent to the use of cookies for non-essential purposes.