KOMPASS General Policy for the Protection of Personal Data
KOMPASS INTERNATIONAL, SASU, registered with the NANTERRE Registry of Trade and Companies under number 823 374 137, domiciled at 6/10 rue TROYON 92310 SEVRES (hereinafter referred to as “Kompass”) carries out the processing of personal data (as defined below) in the framework of its activity, which includes the Personal Data of persons who browse KOMPASS websites (the “Site(s)”).
This “Personal Data Protection Policy” (the “Policy”) is intended to inform all individuals concerned (“You” or “Your”) of how KOMPASS collects and uses such Personal Data and the means you have to control this use.
It is essential to specify that KOMPASS never processes sensitive data such as personal data that reveal your racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data for the purpose of uniquely identifying an individual, data on the health, sexual life or sexual orientation of an individual, or personal data concerning convictions and offences as it does not fall within the activity of KOMPASS, and does not fulfil any purpose of the company’s processing operations.
1. SCOPE OF THIS PERSONAL DATA PROTECTION POLICY
The General Data Protection Regulation (“GDPR”) applicable from May 25, 2018 is intended to apply to all companies that collect, store or process personal data. KOMPASS has put in place a strategy aimed at complying with this regulation (training of its employees, network information, reporting procedures, etc.); it is within this framework that this Policy has been drawn up.
KOMPASS collects or processes Personal Data online or offline; this Policy applies regardless of the method of collection or processing, as long as the processing is done through the KOMPASS Sites, or within the framework of the services provided to KOMPASS customers.
The concept of Personal Data (“Personal Data”) means any information relating to an identified or identifiable natural person (hereinafter referred to as “the data subject”). An “identifiable person” is an individual who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, online identifier, or one or more elements specific to his physical, physiological, genetic, psychic, economic, cultural or social identity.
“Non-personal data” refers to information that does not identify a person.
2. DATA COLLECTED
Personal Data may include the following:
First name and surname;
Any other Personal Data that may be relevant for the purpose of optimising commercial prospecting or other purposes set out below.
In any case, the Personal Data collected will, however, be limited to the data necessary for the purposes set out in Article 4 below.
Personal Data may be collected via the Sites, it may also come from publicly available sources or, where appropriate, from KOMPASS partners subject to appropriate contractual safeguards.
Note to Visitors and Users of the Sites: Certain characteristics and features of the Site may only be used if you provide KOMPASS with certain Personal Data when you visit or use the Site, these Personal Data fields will be indicated by an asterisk. You are free to provide or not all or part of your Personal Data. However, if you choose not to provide it, such a decision could prevent the achievement or satisfactory fulfilment of the objectives described in Article 4 below, certain services and features of the Sites may not work properly and/or You will be denied access to certain pages of the Site. In particular, You will not be allowed to purchase software licences or other products or services through the Site.
3. PROTECTION OF THE PERSONAL DATA OF CHILDREN
KOMPASS products and services are not intended to be marketed to children under the age of 16 and KOMPASS does not voluntarily collect or store Personal Data of children under the age of 16.
KOMPASS products and services cannot be used by children. If the parents discover that their child has submitted Personal Data to KOMPASS, they may ask KOMPASS to delete the Personal Data and terminate the child’s account by sending an email to: Compliance.firstname.lastname@example.org.
If KOMPASS discovers that Personal Data of children under 16 has nevertheless been collected, it will take the necessary measures to delete such Personal Data and delete the child’s account.
4. PURPOSES OF THE COLLECTION OF PERSONAL DATA
Personal Data is collected for the needs of KOMPASS’s activity such as the provision of services by KOMPASS to its customers, improvement of the marketing and advertising efforts of KOMPASS, its customers and businesses that it publishes free of charge, better adaptation of KOMPASS products and services to the needs of customers or compliance with the statutory reporting obligations, and other similar activities.
KOMPASS processes and uses your Personal Data for the needs of its activity and in particular the for the following purposes:
To allow your company to benefit from an international exposure by being published in all the global portals of Kompass: our experience shows that for a business listing to be read, it must be very detailed, especially at the level of operational managers.
To allow you to access all the features and options offered by the Sites.
To offer you services to optimise your commercial prospecting, your international visibility, or more broadly, any type of resource related to your commercial, domestic or international development.
To allow you to purchase software licences, products or services, to download software and/or register software licences;
To identify your needs and interests and provide you with the most appropriate products and/or services;
To allow you an interactive and personalised use of the Sites;
To request and obtain information about KOMPASS and KOMPASS products and services;
To enable KOMPASS to manage its marketing activities;
To enable KOMPASS to manage its commercial relations: commercial opportunities, commercial offers, contracts, orders, invoices, etc.
To process applications and manage recruitment sources;
To manage Your training and/or certification on KOMPASS products and services;
The use of Your Personal Data for a purpose other than those for which such Personal Data was originally collected, such other purpose being determined explicitly and legitimately to the extent that it relates to the activity of KOMPASS, and
Any other purpose in connection with the activity of KOMPASS.
Subject to the applicable local law, You are hereby informed that KOMPASS and its affiliates may use the email address that you have provided us with as well as your personal data (function, job description, interests, occupations, etc.) to send you commercial or marketing messages or carry out processing to improve the quality of the legitimate prospecting of all its customers or members, or for its own legitimate prospecting.
KOMPASS is also likely to use your email address for administrative or other non-marketing purposes (for example, to inform You of important changes to the Sites). For all intents and purposes, we recall that the processing of personal data for the purposes of prospecting may be considered as being carried out to respond to a legitimate interest. (See (47) REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL)
To improve Your user experience, in particular by:
Allowing a service to recognise Your equipment, so you will not have to provide the same information multiple times in order to perform the same task,
Analysing the traffic and the data on the Sites to:
Measure the number of users of the services, thus making them easier to use and ensure their ability to respond quickly to Your requests,
Helping KOMPASS to understand how users interact with services to improve them.
KOMPASS may also use the services of third-party service providers to perform the services on its behalf and in particular to:
Analyse Your browsing habits and measure Site audiences,
Analyse Your centres of interest and propose targeted marketing or advertising offers,
Allow you to share the content of the Sites with other persons on the social networks or inform other people of what You are watching or what You think (e.g. the “Like” or “Share” button).
In this case, web beacons and cookies provided by these third-party providers could be used and stored. When transmitting the information generated by these cookies, the cookie settings ensure that the IP address is made anonymous before geolocation and before storage. Our service providers will use this information to evaluate Your use of the Sites, to prepare reports on the activity of the Sites for KOMPASS, and to offer You better services and advertisements targeted to Your needs. They will not associate your IP address with any other of their data.
When you browse the Sites, cookies are enabled by default and data can be read or stored locally on your device. You will be notified the first time that You receive a cookie and You will be able to decide whether to accept it or not. By continuing to use the Sites, You expressly agree to KOMPASS’s use of such cookies.
6. CONDITIONS AND DURATION OF THEPROCESSING OF PERSONAL DATA
“Processing” of Personal Data includes the use, retention, registration, transfer subject to appropriate safeguards, adaptation, analysis, modification, declaration, sharing and destruction of Personal data according to what is necessary in view of the circumstances or the legal requirements.
All Personal Data collected is kept for a limited period depending on the purpose of the processing, respecting any durations provided for by the applicable legislation.
7. LINKS TO WEB SITES NOT CONTROLLED BY KOMPASS OR ITS SUBSIDIARIES
The Sites may offer links to third-party websites that may be of interest to You.
KOMPASS has no control over the content of third-party sites or the practices of these third parties with regard to the protection of Personal Data they may collect. Consequently, KOMPASS disclaims all responsibility regarding the processing of Your Personal Data by these third parties. It is Your responsibility to inquire about the privacy policies of these third parties.
8. TRANSFER AND RECIPIENTS OF PERSONAL DATA
In case of access to the Sites from a non-EU country whose legislation relating to the collection, use and transfer of data differs from that of the European Union, we draw your attention to the fact that by continuing to use the Sites, you transfer Your Personal Data to the European Union and consent to such transfer.
Your Personal Data may be disclosed to affiliates or subsidiaries of KOMPASS (“KOMPASS Group Companies”) for the purposes set out in Article 4 of this Policy.
KOMPASS may transfer Your Personal Data outside the European Union, provided that it ensures, before transferring it, that entities outside the European Union, including affiliated companies and members of the KOMPASS distribution network, offer an adequate level of protection or are subject to appropriate safeguards, in accordance with European legislation.
If KOMPASS discovers that a third party to whom KOMPASS has disclosed Personal Data for the purposes set forth in Article 4 above uses or discloses Personal Data without complying with this Policy or in violation of applicable law, it shall take reasonable steps to prevent or put an end to such use or disclosure. KOMPASS may also be required to transfer Your Personal Data to third parties if it considers that such transfer is necessary for technical reasons (for example, for third-party hosting services) or to protect its legal interests (for example, in case of the sale of assets to a third-party company, change of control or total or partial liquidation of KOMPASS).
KOMPASS may also share your Personal Data with business partners when KOMPASS and the Business Partner jointly sponsor an event or participate together in a marketing promotion in which You engage.
KOMPASS may disclose Your Personal Data if required to do so by law or if it believes in good faith that such disclosure is reasonably necessary to comply with a legal procedure or to protect the rights, property or personal safety of KOMPASS, its customers or the public.
If permitted by the applicable law, KOMPASS may also share Your Personal Data with third parties in order to provide you with targeted marketing or advertising offers.
Such transfers may be made via the Internet or any other method deemed appropriate by KOMPASS in accordance with the applicable law.
9. RIGHTS OF DATA SUBJECTS ON THEIR PERSONAL DATA
KOMPASS has implemented appropriate Personal Data protection measures to ensure that Personal Data is used for the purposes described above and to ensure that it is accurate and up-to-date.
Pursuant to the GDPR, you have a right of access, rectification or erasure (right to be forgotten) on your Personal Data and, if necessary, a right to the portability of your data. You can request the limitation or oppose the processing of your data or, if necessary, withdraw your consent. You also have the right to obtain a copy of Your Personal Data kept by KOMPASS, as well as the right not to be the subject of an automated individual decision.
You have the legal right to lodge any complaint with the competent supervisory authority, such as the CNIL in France [https://www.cnil.fr/] or any other competent supervisory authority.
If You have an account, You can exercise Your rights by logging into Your account. Otherwise, You can exercise Your rights by sending an email to the following address: Compliance.email@example.com.
In the event of a request to exercise Your Rights which is clearly unfounded or excessive, KOMPASS reserves the right: (i) to charge the person making the request a reasonable amount to cover the costs related to the access, rectification or deletion operations, (ii) or to refuse to comply with the request, the refusal being motivated.
10. DATA SECURITY
KOMPASS shall protect and secure the Personal Data that You have chosen to provide it with, to ensure its confidentiality and prevent it from being deformed, destroyed or disclosed to unauthorised third parties, including when certain operations are carried out by subcontractors.
In view of the state of the art, KOMPASS has taken physical, electronic, organisational and technical protective measures to prevent any loss, misuse, unauthorised access or dissemination, alteration or possible destruction of such Personal Data. Among these protective measures, KOMPASS integrates technologies specifically designed to protect Personal Data during its transfer. However, despite its efforts to protect Your Personal Data, KOMPASS cannot guarantee the infallibility of this protection due to the inevitable risks that may arise when transmitting Personal Data.
All Personal Data is confidential and access is limited to KOMPASS employees, service providers and agents who need it for the performance of their assignment. All persons having access to Your Personal Data are bound by a confidentiality obligation.
However, you should exercise caution to prevent unauthorised access to Your Personal Data. In particular, you are responsible for the confidentiality of Your password and the information contained in Your account. Therefore, you must ensure that you close your session in case of shared use of the same computer. We inform you that unauthorised access to or misuse of Personal Data may be an offence under local law.
11. REPORTING OF INCIDENTS RELATING TO PERSONAL DATA
Although KOMPASS has taken reasonable steps to protect Personal Data, no transmission or storage technology is entirely infallible.
However, KOMPASS is anxious to guarantee the protection of Personal Data. If You have reason to believe that the security of Your Personal Data has been compromised or that it has been misused, You are invited to contact KOMPASS promptly at the following address: Compliance.firstname.lastname@example.org.
KOMPASS will investigate the reports and will endeavour to resolve them as best as possible in accordance with the principles set forth in this Policy.
For any questions regarding this Policy, or for a request to exercise Your rights on Your Personal Data, You may send an email to the following address: Compliance.email@example.com.
13. DATE OF ENTRY INTO FORCE AND REVISIONS OF THE PERSONAL DATA PROTECTION POLICY
This Policy may be updated according to the needs of KOMPASS and circumstances or as required by law. We therefore invite you to regularly check for updates.
Date of the last update: 25/05/2018