HYPERSPREAD is very concerned about the question of the management of Personal Data that it may have to process.
These conditions are intended to establish the guidelines that regulate the processing of Personal Data by HYPERSPREAD.
This policy applies to the processing of Data conducted by HYPERSPREAD as Data Controller.
This policy can be modified at any time. In this case, the new version will be communicated to the Data Subjects by any means and shall automatically be enforceable against them.
Personal Data or Data: Any information relating to a natural person identified or identifiable (hereinafter called “Data Subject”) directly or indirectly, notably by reference to an identifier such as a name, an identification number, location data, an online identifier or one or several particular elements specific to his physical, physiological, genetic, psychological, economic, cultural or social identity.
Data Controller: The natural person or company who determines the purposes and means of the processing.
Data Processor: The natural person or company, who processes personal data on behalf of the Data Controller.
Data Recipient: The natural person or company who receives Personal Data, whether it is a Third Party or not.
Third Party: A natural person or company, a public authority, a service or a body other than the Data Subject, the Data Controller, the Data Processor and the persons who, placed under the direct authority of the Data Controller or Data Processor are authorised to process the Personal Data.
Consent: any expression of free, specific, informed and unambiguous expression of will, by which the Data Subject by the processing of Personal Data accepts, by a declaration or by a clear positive act, that Personal Data concerning to him or her may be processed.
This policy applies to all Personal Data processed by HYPERSPREAD as Data Controller. This can involve data concerning its employees, service providers, prospects, customers, etc.
HYPERSPREAD may collect data such as: first and last name; e-mail address; gender; telephone number; postal address; age/date of birth; invoicing data; prospection; data of connection, etc.
Personal Data is processed by HYPERSPREAD in accordance with the principles of lawfulness, fairness, transparency and proportionality.
Personal Data is collected for specified, explicit and legitimate purposes and processed in a adequate and relevant manner restricted to what is necessary for the purposes for which it is used.
Personal Data is kept in a form that allows the identification of the Data Subjects for no longer than is necessary for the purposes for which it is processed.
INFORMATION OF THE DATA SUBJECTS
When Personal Data concerning a Data Subject is collected from that person or from a Third Party, the Data Controller shall provide him or her, with the following information in particular:
- the identity and address details of the Data Processor.
- the purposes of the processing for which the Data is intended as well as the legal basis of the processing.
- the recipients of the Data.
- the possible intent of the Data Controller to make a transfer of Data to a country outside of the European Union.
- how long the Data will be retained or, when this is not possible, the criteria used to determine this period.
- where applicable, the implementation of a profiling mechanism or mass processing of personalised data
- where applicable, the source of the Data.
To the extent possible and subject to other legal or contractual obligations, this information will be provided at the time of collection or at the time of first communication with the Data Subject.
RIGHTS OF THE DATA SUBJECTS
The Data Subjects may exercise their right to request access to Data, rectification or erasure of Data, portability of Data to a Third Party, limitation of processing as well as to object to Processing by sending a request by e-mail to the following address: firstname.lastname@example.org
All requests must be clear, precise and justified and accompanied by a copy of an identity document and made in accordance with the applicable legal framework.
The Data Subjects can make a complaint to the French National commission (CNIL) at the following address:
3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07
Tel: 01 53 73 22 22 /Fax: 01 53 73 22 00
Or to the address www.cnil.fr/fr/plaintes or www.cnil.fr
The Data Subject is informed that, if she/he objects to the Processing or if he/she transfers inaccurate or misleading Data, the services related to the collection of the Data cannot be rendered, and the Data Controller cannot be held liable in any way
Furthermore, the collection of certain Data may be imposed for regulatory or contractual reasons. The Data Subject is thus required to provide the Personal Data requested.
THE RECIPIENTS OF THE DATA
The Data collected will be processed by the employees of HYPERSPREAD, who are entitled to access and process the Data according to their position.
In some cases, the Data may be processed by subcontractors or partners or by other subsidiaries of ALTAVIA S.A., and only to the extent necessary for the performance of the tasks entrusted to them.
HYPERSPREAD strictly requires that its sub-contractors or partners process the Personal Data only for the purpose of administering the services for which they are responsible. HYPERSPREAD also requires such subcontractors or partners to always act in compliance with the applicable laws regarding the protection of Personal Data and to pay particular attention to the confidentiality of such Data.
The Data can be communicated by HYPERSPREAD to the Administration, Courts and departments of the Government in compliance with the statutory and regulatory provisions.
Personal Data is stored either in the databases of HYPERSPREAD or in those of its subcontractors.
In some cases, and mainly for technical reasons, these databases may be stored on servers located outside of the territory of the European Union.
Personal Data is processed in such a way as to ensure appropriate security by means of physical, technical or organisational measures appropriate to the state of the art, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Depending on the needs, risks, costs and purpose of the Processing, these measures can include pseudonymisation and encryption of Data.
Every Data Controller shall put in place a procedure aimed at regularly testing, analysing and assessing the effectiveness of the technical and organisational measures to ensure the security of the processing.
In the event of breach of the Personal Data, each Data Controller shall use its best efforts to notify the National Commission (CNIL) as soon as possible and, if possible, no later than72 hours after becoming aware of the breach.
If this breach of Personal Data is likely to result in a high risk to the rights and freedoms of the Data Subject, the Data Controller shall inform them by any means as soon as possible unless the Data Controller has taken sufficient technical protection measures to stop the breach.
DATA TRANSFER OUTSIDE OF THE EUROPEAN ECONOMIC AREA
Due to the international dimension of HYPERSPREAD’s activities and in order to optimise the quality of service, the above-mentioned communications may involve transfers of Personal Data to countries which are not members of the European Economic Area and whose legislation on the protection of Personal Data differs from that of the European Union.
In this case, contractual, organisational and procedural measures relating to the personnel or companies involved ensure an adequate level of protection, security and confidentiality of Personal Data.
In the event of Data Transfers to a country whose legislation has not been recognised by the European Commission as providing an adequate level of protection under the applicable Data protection legislation, HYPERSPREAD undertakes to enter into a data transfer agreement which includes the EU Standard Contractual Clauses as set out in the European Commission Decision 2010/87/ EU.
Version dated 14th of september 2021