Privacy policy
1. WHAT IS THE PURPOSE OF THIS PRIVACY POLICY?
The purpose of this policy is to meet the information obligations of SOGITEC INDUSTRIES, located at SOGITEC INDUSTRIES, registered with the French RCS of Nanterre under the company number 652011867 (hereinafter “SOGITEC” or “we”) governed by the European Union’s GDPR (Article 12) and any applicable regulations, to document the rights and obligations of customers and prospects with regard to the processing of their personal data.
This policy sets out the conditions under which we process the personal data to which we have access in the context of our pre-commercial and commercial relations.
2. WHAT DATA DO WE PROCESS?
The data is mainly collected directly from SOGITEC’s customers and prospects.
As a result, we only collect and use the data necessary for the conclusion or execution of contracts, namely:
- identity of the contact person (s) (e.g. title, surname, first name);
- professional contact details of the contact person (s) (e.g. professional email address, professional postal address, professional land or mobile phone number, fax number);
- professional information of the contact person (s) (e.g. position, grade, function);
- technical data depending on the use case (identification or connection data such as IP address or logs).
3. HOW DO WE COLLECT YOUR DATA?
Data may be collected by the direct collection of your data as part of pre-contractual and contractual relationships. We may also receive this data about you indirectly, via the company Dassault Aviation, SOGITEC’s parent company.
4. WHAT PROCESSING DO WE PERFORM?
SOGITEC undertakes the following processing:
| Main purposes | Sub-aim | Legal basis | Retention timeline |
| Prospect management | Entering into a commercial relationship, contractual negotiation, responding to requests. | Legitimate interest | For prospects: 3 years from their collection or the last contact from the prospect (request for documentation, click on a link contained in an email, etc.). For customers: 3 years from the end of the commercial relationship (from the end of a contract) or the last contact from the customer. |
| Customer management | KYC procedure, drafting, signing and monitoring contracts. Billing and payment management. Customer support. Invitation to events and trade shows. | Pre-contractual measures and fulfilling the contract | 5 years from the end of the contractual relationship. 10 years for contracts of more than 120 euros (€), concluded electronically.10 years from the end of the accounting year for commercial correspondence. |
| Risk management | Creating access management and video protection | Legal obligation | For a maximum period of one month – Sogitec reserves the right to keep the data for a shorter period. |
| Digital analytics | Cookies and other trackers: | Legitimate interest (excluding consent for possible advertising cookies) | View the cookie policy |
5. HOW LONG IS YOUR DATA KEPT?
We define the retention period of the data between our contact person(s) with our customers and prospects with regard to our legal and contractual constraints and our sector of activity; failing that, according to our needs, set out in the diagram above.
After the deadlines set, the data is either deleted or retained after having been anonymised, in particular for reasons of statistical use. The data be retained in the event of pre-litigation and litigation.
Please note that deletion or anonymisation are irreversible operations and SOGITEC is no longer able to restore this information.
6. WHO HAS ACCESS TO YOUR PERSONAL DATA?
The internal recipients are the operational departments concerned and authorised. Each internal staff member who handles information regarding national defense secrecy has the appropriate security clearance.
External recipients are SOGITEC’s subcontractors and service providers that we need to fulfil pre-contractual and contractual relations.
SOGITEC does not, as a matter of principle, transfer said data outside the European Union. In the exceptional event that SOGITEC or its subcontractors do so, we will ensure that this transfer is governed by special measures as imposed by the European Union’s GDPR. You can contact our Data Protection Officer if you require access to the documents authorising the transfers, if such transfers take place.
7. WHAT RIGHTS DO YOU HAVE?
As a data subject, any employee of a prospect or client of SOGITEC may exercise their rights in accordance with the European Union’s GDPR and the French Data Protection Act, directly with SOGITEC, subject to verifying that this request does not harm the interests of the client or prospect. This right may also be exercised directly by the customer or prospect or by the data subject.
To exercise your rights, or for any questions concerning the processing of your personal data by SOGITEC, you can write directly to the DPO, Mr Eric Barbry, whose email address is dpo-sogitec@racine.eu.
You have the right to lodge a complaint with the French CNIL if you believe that your rights have been infringed. The contact details are Service des plaintes, CNIL, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07, or by phone at +33 1 53 73 22 22
8. DATA SECURITY AND PROTECTION
SOGITEC defines and implements security measures to prevent the unauthorised destruction, loss, alteration or disclosure of data. The computer systems and paper media used are organised and protected to ensure the security and confidentiality of your information.
9. UPDATES
We reserve the right to change the layout and content of this policy. We therefore recommend you consult it regularly.
