Ownership and responsibility of every data collected on Actility Software as a Service hosted platforms or websites through Actility Channel instance (Channel is defined as distributor, reseller, service provider…) remains with the Channel. Actility ‘s sole responsibility is to ensure that the data will not be used for any purpose such as commercial or marketing usage with the exception of support services. Actility shall provide all the tools and process to permit the Channel to manage User rights according to the law (right to access, Right to Rectification and Erasure, Right to restriction of processing, Right to data portability. The Channel shall be liable to ensure the management of the User data with the GDPR rules.
For instance, Actility shall ensure that the deletion feature will enable a proper deletion of the data of the core data base. Operator acknowledges that Back up of the data will be operated as follows: one back up per day and back up will be definitively erased after a period of twelve (12) months.
With regards to sensors log where the payload is encrypted and not accessible to Actility personnel, the policy will be as follows: log data will be definitively erased after a period of thirty-five (35) days.
3. Personal Data Collection
Following the Regulation on Data Protection, ACTILITY hereby informs its Customers and websites users (collectively, “Users”) that any personal data supplied shall be recorded in an automated file named “CUSTOMERS” for which ACTILITY is the Controller and also the Processor and located at ACTILITY´s registered address.
The Processor is the following:
OVH, in France (Strasbourg & Roubaix), Equinix, in France, Netsuite, in Ireland, only for the purpose of storing personal data and managing our data bases.
By filling any form in ACTILITY´s websites, Users consents: (i) to the processing of their personal data by ACTILITY for the purposes mentioned below; (ii) to receive promotional offers of ACTILITY´s and its suppliers and partners’ Products and Services; and (iii) to the fact that ACTILITY may make such data available to its partners or suppliers to the sole purpose of enabling service provision.
4. USER´s rights (Articles 12 to 22):
Any request by Users in connection with their rights mentioned below, shall be answered by ACTILITY´s Data Protection Officer within a month.
4.1. Transparency and Information (Articles 12-14):
a. What type of personal data do we collect? the forms in our websites only collect name, email address and country or origin. The forms in our marketplaces collect additional information, such as address, telephone and credit card number. Disclosure of these data is compulsory for making any purchase through our marketplaces. ACTILITY does not collect any sensitive data (Articles 9&10) from Users through the forms in its websites. ACTILITY may record any or all telephone conversations with USER and store them in the above-mentioned “Customers” file. By phoning to ACTILITY´s customer service telephone numbers, Users consents to the recording of these conversations.
c. What do we do with User personal data? Our processing shall be the following:
· Collection, always with User consent, either by filling our forms, by delivering User business card to our salesforce, or by entering a contractual relationship with ACTILITY by purchasing our products and/or services. ACTILITY shall not process any personal data not directly obtained from User. Any User feeling that his/her personal data have been disclosed to us without his/her consent, may contact our DPO to ascertain the source from which his/her personal data originate, and to exercise any of the rights mentioned below. ACTILITY reserves its right to exclude from any service for which prior registration is required, any User having provided false or inaccurate data, notwithstanding any other legal action to which ACTILITY may be entitled.
· Storage: OVH, in France (Strasbourg & Roubaix), Equinix, in France, Netsuite, in Ireland only for the purpose of storing personal data and managing our data bases.
· Structuring of Users data by market, product, service, etc.
· Recording: ACTILITY may record phone conversations with Users, to have an evidence of their requests (of info, services, assistance…).
· Pseudonymization meaning the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately.
Profiling: ACTILITY shall not make any profiling by using personal data.
· Disclosure by transmission to some of ACTILITY´s service providers or partners (Recipients), who help us provide the services User enjoy by using our websites or purchasing our products and services.
· Cross-border transfer: Cross-border transfer of data may exist, as ACTILITY´s service providers and partners may be either in the European Union or in third countries, always within a Privacy Shield Framework
· Consultation and use by ACTILITY, for the purposes explained above.
· Restriction, erasure or destruction, as per User request, or when the term of data processing, as explained below, comes to an end.
Personal data shall be processed by using the security measures requested by the Regulation to avoid any personal data breach (meaning a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed). Users may nevertheless be aware of the fact that the existing security measures for computer systems on the Internet are not entirely trustworthy.
d. For how long do we store User personal data? personal data will be stored for the period strictly needed to serve the purposes described above and in connection with each kind of processing, for instance: (i) for the term of the contractual relationship entered with ACTILITY and ten years following its termination; (ii) as long as USER do not exercise User right to erasure; (iii) for ten years after User last statement of interest.
e. How can USER exercise its rights? Please contact ACTILITY´s Data Protection Officer (DPO), by email (firstname.lastname@example.org) or at the following address: ACTILITY Attn. Data Protection Officer,. Users may request from the DPO at any time access to and rectification or erasure of personal data or restriction of processing concerning their data, as well as data portability; Users may, at any time, withdraw consent without affecting the lawfulness of processing based on consent before its withdrawal; Users may at any time lodge a complaint with the French Agency on Data Protection (CNIL) or with any other Supervisory Authority;
4.2. Right of Access (Article 15)
Users shall have the right to obtain from our DPO confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to their personal data. Our DPO shall provide a copy of the personal data undergoing processing. For any further copies requested by User, the DPO may charge a reasonable fee based on administrative costs. Where User makes the request by electronic means, the information shall be provided in a commonly used electronic form.
4.3. Right to Rectification and Erasure (‘right to be forgotten’, Articles 16-17)
Users shall have the right to obtain from the DPO without undue delay the rectification of inaccurate personal data concerning him or her, and to have incomplete personal data completed, including by means of providing a supplementary statement.
Users shall also have the right to obtain from the DPO the erasure of personal data concerning him or her without undue delay, in the circumstances set forth in Section 17 of the Regulation.
4.4. Right to restriction of processing (Articles 18-19)
Users shall have the right to obtain from the DPO restriction of processing in the circumstances set forth in section 18 of the Regulation.
4.5. Right to data portability (Article 20)
Subject to the restrictions in Section 20 of the Regulation, Users shall have the right to receive their personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(a) the processing is based on consent previously granted; and
(b) the processing is carried out by automated means.
In exercising his or her right to data portability Users shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
4.6. Right to object and automated individual decision-making (Articles 21-22)
Users shall have the right to object at any time to processing of personal data for direct marketing purposes, for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the Regulation.
Moreover, and subject to the limitation in Section 22 of the Regulation, Users hall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
5. Website navigation and Cookies
By navigating on ACTILITY´s websites User accept our using “Cookies”, unique identifiers that we transfer to User device to enable our systems to recognize User device and to:
· Identify User when User sign-in to our sites, allowing us to provide User with product recommendations and display personalized content;
· Deliver content, including advertisements, relevant to User interest on our sites;
· Keep track of items stored in User shopping basket;
· Conduct research and diagnostics to improve ACTILITY ‘s content, product and services;
· Prevent fraudulent activity;
· Improve security.
USER may visit ACTILITY´s websites without disclosing User identity or any personal data unless USER voluntarily choose to disclose such information by filling the forms in our websites. ACTILITY´s servers may only collect domain names and IP addresses but not email addresses of their visitors. This kind of information is used to elaborate reports on visit statistics, the time spent in our websites, websites accessed, the general origin of visitors (through “Favorites”, search engines, links from other websites, etc.) to the sole purposes of getting information on how our websites are used and improving their contents and services.
ACTILITY´s websites may provide links to other sites but ACTILITY assumes no liability on the privacy policies adopted by the linked sites, directly or indirectly. Links to other sites are provided as a suggestion only and do not imply ACTILITY´s warranty or liability concerning their quality, accuracy or contents of the information provided therein.
ACTILITY does not warrant the veracity or accuracy of the information disclosed by its suppliers, partners, developers or third parties whose products or services are offered through ACTILITY´s websites, their origin, ownership or the use or practical implementation made by Users.