“OPENSEE SAS”, a French simplified joint stock company with a capital of €20 000,00, whose registered office is located at 21 boulevard Saint Germain 75005 Paris (France), registered on the Paris Trade and Companies Register under number 811 474 709 and represented by Mr Stephane RIO in his capacity of CEO, processes personal data as part of its business activities. Here in after “OPENSEE SAS”
The purpose of this Policy is to set out the technical and organizational measures taken by OPENSEE SAS to ensure a high and sustainable level of protection for processed data, to document its compliance with the French Data Protection Law and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR Regulation” or “Regulation (EU) 2016/679”), and to provide information to data subjects on the way in which OPENSEE SAS processes personal data and the means at their disposal to control such data processing.
ARTICLE 1. Definitions
Agreement: means any agreement between a DATA SUBJECT and OPENSEE SAS under which OPENSEE SAS collects, retains and processes the Data Subject’s Personal Data, such as an employment contract, a service contract or OPENSEE SAS’s general terms and conditions.
Personal data: within the meaning of Regulation (EU) 2016/679 of 27 April 2016 (see in particular Article 4) “any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
Collected Data: roles, surnames, first names, postal addresses, e-mail addresses, telephone numbers, login and password details, university, qualifications, information on family situation, type of organization, name of organization, job title, financial data, bank details, IP address and any other personal data that may be relevant to the specific purposes.
Sensitive data: within the meaning of Regulation (EU) 2016/679 (see in particular recital 51) all data that are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms. Those personal data should include personal data revealing racial or ethnic origin. Such personal data should not be processed, unless processing is allowed in specific cases set out in the GDPR Regulation.
Purposes of collecting personal data: personal data are collected fairly and lawfully for specified, explicit and legitimate purposes and are not further processed in a manner that is incompatible with those purposes.
They are accurate, complete and, if necessary, updated in light of the purposes for which they are collected. They are kept in a form that permits identification of DATA SUBJECTS for no longer than is necessary for the purposes for which the personal data are collected and processed.
The data are collected and processed for the purposes of OPENSEE SAS’s business activities, in particular in connection with OPENSEE SAS’s business relationships and the provision of services in accordance with its General Terms and Conditions, available at www.opensee.io. In addition, OPENSEE SAS processes personal data for the following purposes: identifying needs with a view to providing more appropriate services; managing OPENSEE SAS’s marketing activities; processing applications and any other purposes relating to its business.
Data Subject: an identified or identifiable natural person to whom the personal data processed by OPENSEE SAS relate.
Policy: means this document, which applies to all customers, users of the Websites, employees and service providers of OPENSEE SAS.
Controller: within the meaning of Regulation (EU) 2016/679, “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.”
Services: means all services provided under the conditions set out in the Agreement.
Processor: within the meaning of Regulation (EU) 2016/679, “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.”
Third Party: within the meaning of Regulation (EU) 2016/679, “a natural or legal person, public authority, agency or body other than the DATA SUBJECT, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.”
Processing: within the meaning of Regulation (EU) 2016/679, “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”
Transfer of personal data: transfer of data from a OPENSEE SAS entity to another entity or to a third party located inside or outside the European Economic Area.
ARTICLE 2. Scope
This POLICY applies from 1st march 2021.
The POLICY applies where OPENSEE SAS is the CONTROLLER and processes personal data on its own behalf.
ARTICLE 3. Key principles for the processing of personal data
1. Purpose limitation
Before any processing of personal data, OPENSEE SAS must ensure that such processing is based on a specified, explicit and legitimate purpose for which the personal data are processed.
2. Legal basis, lawfulness, fairness and transparency
When processing personal data, OPENSEE SAS must ensure that the PROCESSING has a legal basis.
If the PROCESSING is carried out pursuant to an agreement, it is then considered to be lawful.
If the PROCESSING is not carried out pursuant to an agreement, OPENSEE SAS must demonstrate that the PROCESSING has a legitimate purpose. The PROCESSING must have a legitimate purpose for OPENSEE SAS connected to its main business activity and must not prejudice the privacy of the DATA SUBJECTS.
If the PROCESSING does not meet the above conditions, OPENSEE SAS may request the prior consent of the DATA SUBJECTS under the following conditions, all of which must be met:
- Consent must be given by a clear positive act (opt-in);
- Consent must be freely given.
- Consent must specifically, clearly and unequivocally indicate the DATA SUBJECT’s consent to the processing of personal data.
3. Data minimisation
The processing of personal data must be strictly necessary for the initial purpose of the processing.
4. Compatible further processing operations
OPENSEE SAS may carry out further processing operations on the collected data provided that those processing operations are compatible with the purposes for which the data were originally collected (scientific research, statistics, etc.).
5. Accuracy/Quality of data
During the data’s life cycle, OPENSEE SAS must ensure that the data are accurate and up-to-date.
DATA SUBJECTS may exercise their right of rectification to update their personal data.
6. Data storage limits
OPENSEE SAS must ensure that the data are not stored for longer than necessary for the processing purposes.
7. Security measures/Integrity and confidentiality
OPENSEE SAS has security measures in place to secure its IT environment against unauthorised or unlawful PROCESSING and against accidental loss, destruction or damage.
ARTICLE 4. Processing sensitive data
OPENSEE SAS deals with sensitive personal data in limited circumstances.
In these limited cases, treatment is only permitted if any of the following conditions is met:
- The DATA SUBJECT has given his/her consent;
- The DATA SUBJECT is not able to give consent but the processing is necessary to protect the vital interests of the DATA SUBJECT or any other person;
- The processing is required by law;
- The DATA SUBJECT has himself/herself placed sensitive data in the public domain;
- The processing is essential for the purpose of initiating, bringing or defending legal proceedings, provided that there is no reason to believe that the DATA SUBJECT has a compelling legitimate interest in ensuring that the data are not processed;
- The PROCESSING is explicitly permitted by national legislation.
ARTICLE 5. Storage period
The Personal Data collected in connection with the SERVICES shall be stored for the entire duration of the contractual relationship between OPENSEE SAS and the DATA SUBJECT.
In the event that the SERVICES and any contractual relationship are terminated for any reason whatsoever, the PERSONAL DATA shall be returned to the DATA SUBJECT and/or irreversibly deleted within the maximum periods permitted by applicable regulations.
ARTICLE 6. Personal data breaches
In the event that OPENSEE SAS determines that there has been unauthorized or unlawful processing or access, or that the personal data for which it is responsible may potentially be, or have been, used or disclosed, OPENSEE SAS shall determine whether the breach should be reported to the competent supervisory authority in accordance with the procedure to be applied by OPENSEE SAS in the event of a Personal Data breach.
ARTICLE 7. Processing by third parties
OPENSEE SAS may use third parties for its own purposes or in connection with the SERVICES.
When OPENSEE SAS uses a third party as a PROCESSOR, it shall ensure that the third party:
- implements procedures to ensure compliance with the instructions provided by OPENSEE SAS, itself and its sub-contractors;
- informs OPENSEE SAS of any request to communicate OPENSEE’s personal data received from another third party;
- undertakes to ensure that its employees and sub-contractors comply with applicable laws and sign a specific confidentiality agreement;
- allows OPENSEE SAS to perform data protection audits as part of the processing of personal data;
- undertakes to regularly audit its sub-contractors as part of the processing of personal data;
- cooperates with OPENSEE SAS to assess and document that the processing of personal data is compliant.
ARTICLE 8. Transfer of personal data to third countries
Transfers of personal data from a OPENSEE SAS entity acting as CONTROLLER to another OPENSEE entity located in the European Economic Area acting as Controller are governed by a data processing agreement or by specific provisions inserted into the Agreement.
Transfers of personal data from a OPENSEE SAS entity acting as CONTROLLER to another OPENSEE entity located outside the European Economic Area acting as CONTROLLER or as a PROCESSOR are subject to the provisions of this POLICY.
Transfers of personal data by an OPENSEE entity acting as CONTROLLER to a third party located outside the European Economic Area are governed through the adoption of standard contractual clauses.
ARTICLE 9. Rights of DATA SUBJECTS
DATA SUBJECTS may ensure that this data protection policy is applied by OPENSEE SAS.
If data subjects consider that OPENSEE SAS has breached this policy, they will need to follow the procedure described in this document.
If the dispute is unable to be resolved out of court, DATA SUBJECTS may bring legal proceedings.
1. Right to object, right of access, right of rectification, right to data portability and right to erasure
DATA SUBJECTS have the following rights:
- To access their data that are processed by the company;
- To request the rectification, erasure, deletion or limitation of any inaccurate or incomplete personal data and personal data for which there is no longer any legal or appropriate processing purpose; in this context, the deletion of data cannot be required in the following cases:
If the data processing is necessary for exercising the right of freedom of expression and information;
If the data processing is necessary to comply with a legal obligation;
If the data processing is necessary on public interest grounds in the area of public health;
If the data processing is necessary for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes;
If the data processing is necessary for the establishment, exercise or defense of legal claims.
- To object to the processing of their personal data at any time, unless such processing is required by law and provided that the DATA SUBJECT proves that he/she has a legitimate reason linked to the particular nature of the situation.
- To receive personal data in a structured, commonly used and machine-readable format, in cases where the processing is carried out pursuant to an agreement or is based on the consent of the DATA SUBJECT. If the processing is based on the legitimate interest of the CONTROLLER or a legal obligation, the right to portability shall not be mandatory;
- The right not to be the subject of a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects him or her.
2. Requests for information, comments and complaints
If a user has comments or questions about these rules, they can be emailed to OPENSEE SAS at [email protected]
ARTICLE 10. Procedure for handling complaints from DATA SUBJECTS
Data subjects will be required to submit complaints in accordance with this complaint’s procedure.
OPENSEE SAS undertakes to deal with these complaints within a reasonable period of time and, in any event, within one month of receiving the complaint.
This procedure shall also apply to requests by DATA SUBJECTS to exercise their rights to access, update and delete their personal data.
For any information or to exercise your rights concerning the processing of your personal data by OPENSEE SAS, you may contact our Data Protection Officer (DPO) by sending an email to: [email protected]. Or by sending a signed letter together with a copy of an identity document to the following address: 112 avenue Kléber, 75116 Paris (FRANCE)
ARTICLE 11. Privacy by default
OPENSEE SAS adopts data protection restrictions at the start of any new project to ensure that the privacy of DATA SUBJECTS is respected as soon as a product or service is designed.
The principles and obligations set out in this policy will be incorporated as soon as a project is designed.
In order to ensure respect for privacy by design and by default, OPENSEE SAS ensures that:
- it integrates data protection restrictions from the design phase onwards;
- it anticipates data protection restrictions and integrates data into the design phase of any project;
- privacy restrictions are taken into account at the start of projects;
- a project’s commitment to data protection is clearly defined and identified to facilitate compliance assessments and to ensure complete transparency for DATA SUBJECTS;
- privacy restrictions are complied with throughout the life cycle of the product or system or the personal data storage period.
ARTICLE 12. Impact analysis on the protection of personal data
OPENSEE SAS monitors that its data processing operations comply with prevailing regulations.
To that end, OPENSEE SAS may, in certain specific cases, carry out a privacy impact assessment to:
- identify processes that pose a particular risk to the protection of personal data;
- assess the level of compliance of the processing it carries out;
- decide on the corrective measures to be implemented to ensure that personal data are processed in accordance with prevailing regulations.
ARTICLE 13. Personal data processing register
OPENSEE SAS undertakes to keep a register of processing activities.
OPENSEE SAS is responsible for ensuring that any new processing is recorded in the register with relevant background information on the processing.
ARTICLE 14. Cooperation with the supervisory authorities
OPENSEE SAS undertakes to maintain a good relationship with the data protection authorities. To that end, OPENSEE SAS shall cooperate with and agree to be audited by the data protection authorities and follow their advice on matters of which these authorities may be aware.
OPENSEE SAS shall decide which data protection authorities have jurisdiction over each processing operation it carries out.
If data protection authorities carry out an audit at any of the OPENSEE SAS sites, the Group Data Protection Officer shall be informed as soon as possible.
OPENSEE’s websites may contain cookies that collect personal data in order to improve the interactivity of the website and enable it to provide services.
1. What are cookies?
A cookie is a small text file, usually consisting of letters and numbers, sent to your browser on your computer’s hard drive, via our Opensee.io website. It may be permanent (used at the time of subsequent website visits) or temporary (disappears when the user leaves the website).
3. What cookies do we use?
OPENSEE SAS uses technical cookies that are required for the website to function properly. These cookies, also called session cookies, enable the website to recognize identified users on different pages.
A cookie does not identify the user, but it records information on browsing on our website for statistical purposes.
These cookies are stored on a user’s hard disk for thirty days.
Third Party cookies:
4. Your cookie choices
You may block cookies by changing your browser’s settings.
Refusing cookies may prevent you from accessing certain features of the website
ARTICLE 16. Ongoing assessment of GDPR compliance
OPENSEE Group is committed to continuously assessing the compliance of the group’s structures with this data protection policy.
The assessment program will define the procedures for carrying out the checks, the expected scope of these checks and the team responsible therefore.