1. Objective of this policy

This document sets out the “Privacy Policy” implemented by WDK GROUPE PARTNER (as follows “WDK”/ “we”/ “us” / “our”) within the framework of its activities.

The protection of your privacy and personal data is of utmost importance to WDK GROUPE PARTNER.

This “Privacy Policy” is written to ensure compliance with European Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, or GDPR).

This “Privacy Policy” is intended to provide you with comprehensive information on the subject and explains how we collect, use and store your personal data.

2. What is the scope of this policy?

What does “processing your data” mean and who is responsible for it?

We collect and use only the personal data that is necessary for our activities and that allows us to offer you quality products and services.

WDK GROUPE PARTNER, having its registered office at NODE PARK TOURAINE 90 rue Guglielmo Marconi 37310 Tauxigny, France is responsible for the processing of the personal data it is led to handle.

We are therefore your point of contact as well as that of the regulatory authorities for any queries relating to the use of your data by our company or its subsidiaries.

For certain services, we use specialized third parties who, in some cases, act as subcontractors. In such cases, they must follow our guidelines and respect our “Privacy Policy”. In other cases, these third parties are also co-responsible for the processing and must, for their part, comply with their legal obligations in this respect.

We ensure that subcontractors receive only the data that is strictly necessary for the execution of the object of the contract that binds us to them.

We also act as a subcontractor for other entities belonging or not to WDK GROUPE PARTNER. In this case, it is these entities that are responsible for the processing of personal data. We then ensure we comply with their instructions.

3. What data is covered by our privacy policy?

The data covered by this policy are the personal data of physical persons, i.e. data which allow directly or indirectly the identification of an individual.

In the context of your relations and interactions with WDK GROUPE PARTNER, we may collect various personal data such as:

• identification and contact data (e.g. title, name, address, date and place of birth, account number, telephone number, e-mail address, etc.);
• family situation (e.g. marital status, number of children);
• banking, financial and transactional data (examples: bank details, account numbers, data relating to transfers including communication, and, in general, any data recorded during your bank transfers);
• data relating to your behaviour and habits regarding the use of our channels;
• data relating to your preferences and interests, which you communicate to us directly or indirectly, for example through participation in our contests or events, your hobbies;
• data from your interactions on our dedicated social network pages.

We never process data relating to your racial or ethnic origins, political opinions, religion, philosophical beliefs or trade union membership, genetic data, sex life or sexual orientation unless we are required to do so by law or it results of your performance you make of our products and services (e.g. you submit your personal details through our website).

4. Guiding principles for processing personal data

WDK GROUPE PARTNER respects, among others, the following principles when processing personal data in the context of management and execution of its commitments:

• Legitimate data processing: WDK GROUPE PARTNER processes personal data in a lawful manner within the framework of its activities;
• Identified purposes and purpose limitation: WDK GROUPE PARTNER collects and processes personal data for the lawful purposes set out below;
• Minimization of data processing: WDK GROUPE PARTNER limits the processing of personal data to what is necessary in the context of its activities;
• Accuracy of personal data: WDK GROUPE PARTNER takes all reasonable steps to ensure that personal data is accurate and that it is corrected and/or erased without delay if it no longer appears to be accurate;
• Limitation for processing and the time limit for keeping data: WDK GROUPE PARTNER does not process and keep personal data longer than necessary for the performance of its activities;
• Security measures: WDK GROUPE PARTNER takes the necessary and adequate technical and/or organisational measures for the security of personal data.

5. When is your personal data collected?

The data we use may be collected directly from you or obtained from the following sources in order to verify or enrich our databases:

• publications/databases made available by the official authorities;
• our client companies or our service providers;
• website/social networking pages containing information that you have made public;
• databases made public by third parties.

Some of your data may also be collected by WDK GROUPE PARTNER:

• when you become customers or suppliers;
• when you register to use our online services (each time you log in or use our services);
• when you fill out the forms and contracts, we submit to you;
• when you subscribe to our newsletters, enter our contests;
• when you contact us through the various channels available to you;
• when your data is published or transmitted by authorised third parties or professional data providers.

6. On what basis and why do we use your personal data?

We process your personal data for various purposes. For each processing operation, only data relevant to the intended purpose is processed.

In general, we use your personal data:

• within the framework of the execution of orders/sales or the taking of pre-contractual measures;
• in order to comply with the legal and regulatory provisions to which we are subject;
• for reasons that fall within the legitimate interest of the company (see examples below). When we carry out this type of processing, we strive to maintain a careful balance between this legitimate interest and respect for your privacy;
• to respect your choice when we have obtained your consent for a particular service.

Personal data is processed by WDK GROUPE PARTNER for purposes that include, but are not limited to:

• provide you with information about our products and services;
• assist you and respond to your requests;
• enable the proper execution of the agreements concluded;
• ensure the financial and accounting management of WDK GROUPE PARTNER;
• ensure good customer, material and supplier management;
• carry out market research and establish user profiles, provided that you have given your consent; to carry out information and/or promotional operations on the products and services, those of the companies in our group and/or our commercial partners;
• improve existing products and services (or those under development) through surveys of existing or potential customers, statistics, tests, comments that you send to us directly or that you publish on our websites;
• comply with legal obligations, including responding to official requests from duly authorised public or judicial authorities;
• detect and prevent abuse and fraud: we process and manage contact and security data to validate, track and ensure the security of transactions and communications through our remote channels;
• ensure the provision of services and products through the use of subcontractors;
• follow up on our activities (measurement of sales, number of appointments, number of calls, visits to our website…);
• improve the quality of individual service to our customers;
• ensure the prospection relating to products and services of WDK GROUPE PARTNER, or to other products that we promote or that are promoted by companies belonging to the WDK GROUPE PARTNER group;
• ensure the security of our premises and infrastructures, as well as the people on these premises.

7. Who has access to your data and to whom is it transferred?

Only authorized users have access to your personal data in order to accomplish the above-mentioned purposes. Authorized users are persons who, in the course of their duties within WDK GROUPE PARTNER, are authorized to process personal data on the basis of WDK GROUPE PARTNER’s guidelines.

In order to fulfil the aforementioned purposes, WDK GROUPE PARTNER discloses your personal data to:

WDK GROUPE PARTNER’s entities;

• an actuary;
• an external auditor;
• a registered commissioner;
• a legal advisor;
• a financial consultant;
• another professional and/or service provider/consultant;
• a social secretariat, banking organisations, insurers/funds;
• our call centers;
• customer service providers (installers, trouble-shooters, etc.);
• IT companies or service providers for software programs and electronic data storage (servers, etc.);
• Network Managers;
• judicial, administrative or police authorities;
• monitoring agencies.

8. How long do we keep your data? 

We keep your personal data for as long as is necessary to comply with applicable laws and regulations or for any other length of time in light of operational constraints such as proper bookkeeping, effective customer relationship management and responding to legal or regulatory requests.

Customer data is retained for the life of the contract and for a period of ten years in principle after the end of the contractual relationship.

Data relating to potential clients are thus kept for a maximum of one year, depending on the life cycle of the project for which they were identified and when the individual has expressed an interest.

9. Security and Confidentiality

WDK GROUPE PARTNER undertakes to adopt the necessary and adequate technical, physical and organizational measures to protect personal data against unauthorized access, unlawful and unauthorized processing, accidental loss or damage, and unauthorized destruction. These measures shall be regularly evaluated and, where necessary, updated with a view to ensuring maximum protection of the personal data of the persons concerned.

In the event of a computer breach or leak, as described below, WDK GROUPE PARTNER takes the necessary/adequate measures to ascertain the extent and consequences, to put an end to it as quickly as possible and, if necessary, to limit its impact on the persons concerned.

10.What are your rights and how do you exercise them?

        10.1 Rights of the persons concerned

In accordance with the applicable regulations, you have various rights:

• the right to request access to personal data (A)
• the right to rectification (A)
• the right to erasure of data (A)
• the right to object to the processing (B)
• the right to withdraw consent (B)
• the right to request a limitation of the processing (B)
• the right to data portability (C)

A. Right of access, rectification and erasure

Any person concerned has the right to make a request for access. If a data subject exercises this right, WDK GROUPE PARTNER is obliged to provide him/her with information on the subject, including:

• give a description and a copy of the personal data;
• to inform the data subject of the purposes for which WDK GROUPE PARTNER processes this data.

If data is inaccurate or incomplete, the data subject may ask for them to be rectified.

In certain circumstances, the data subject may, in accordance with data protection regulations, request the erasure of personal data concerning him or her, amongst others, if the personal data is no longer necessary for the purposes for which it was collected or processed. WDK GROUPE PARTNER may, however, refuse to erase such data, for example for the introduction, implementation or proof of a legal claim.

In order to keep your data perfectly up to date, please inform us of any changes (e.g. change of marital status, change of residence).

B. Right to object to and limit the processing of your data and right to withdraw your consent

You have the right to object to certain processing of your personal data that we may wish to carry out. In particular, you have the right to oppose, without justification, the use of your data for marketing purposes. You may also request the limitation of the processing of your data.

However, this right can only be exercised under certain conditions:

1. your request must be dated and signed;
2. for cases other than opposition for marketing purposes, you must have serious and legitimate reasons relating to your particular situation for objecting to the processing taking place. In the event of a justified objection, the processing in question may no longer involve this data.

On the other hand, you may not object to any processing necessary for the performance of a contract concluded with you or for the execution of pre-contractual measures taken at your request; nor may you object to compliance with any legal or regulatory provisions to which we are subject.

If you have given your consent to the processing of your personal data, you have the right to withdraw this consent at any time.

C. The right to portability

Where necessary and insofar as applicable, the data subject may request to receive certain personal data that he/she has provided to WDK GROUPE PARTNER in the context of the management and performance of its activities, and to transfer such data to another Data Controller. Where technically possible, the data subject may ask WDK GROUPE PARTNER to transfer this data directly to another Data Controller.

10.2 Who are you addressing?

• If the data subject wishes to exercise his or her rights with regard to his or her personal data, he or she may notify:
• by email: privacy@wdkpartner.com
• by post: WDK GROUPE PARTNER NODE PARK TOURAINE 90 rue Guglielmo Marconi 37310 Tauxigny, France – addressed to the Data Processing Officer (DPO)

In this context, your request must be sent to us dated and signed, accompanied by a copy/scan of your identity card.

Via the contact tab on wdkpartner.com/privacy.

In accordance with the regulations, you are entitled to lodge a complaint with the competent monitoring authority.

11. Transfer of data outside the EEA

In the event of international transfers from the EEA to a third-party country for which the European Commission has issued an adequacy decision recognising a level of protection for personal data equivalent to that provided by EEA law, your personal data will be transferred on that basis.

For transfers to countries outside the EEA for which the European Commission has not issued an adequacy decision, we rely either on a derogation applicable to the situation (e.g. in the case of international payments, the transfer is necessary for the performance of the contract) or on the fact that the data recipient has agreed to process the personal data in accordance with the “Standard Contractual Clauses” established by the European Commission for data controllers or subcontractors.

To obtain a copy of these texts or to find out how to access them, you can send a written request as indicated in Section 10.2.

12. Violation of personal data

A. Reference to personal data breaches

Authorized users must take care, in the exercise of their function, to avoid incidents (voluntary or involuntary) that may infringe on the privacy of the persons concerned.

In case of violation of personal data, adequate measures are taken as soon as possible to minimize the risk of damage for the persons concerned as well as for WDK GROUPE PARTNER (damage to reputation, sanctions imposed, …).

In any case, all authorized users, as well as all other persons who consult, use or manage WDK GROUPE PARTNER information must immediately report any breach of security and incidents related to information security to the DPO so that an analysis can immediately be made, the necessary measures taken and whether the breach should be reported to the Data Protection Authority and/or the persons concerned.

When the alert is made by email, it is important that it is sent to the DPO (see Section 10.2) and that it is expressly stated in the subject line of the email that it is a message of high urgency about a possible personal data breach.

The information must contain a full and detailed description of the incident, including the identity of the person making the report (full name, address, email (if applicable) and telephone number), what type of incident it is, and how many people are involved.

B. Survey and risk analysis

In principle, within 24 hours after the incident or violation has been discovered by WDK GROUPE PARTNER or reported by a subcontractor, authorized user, recipient, affected person or third party, an investigation will be initiated by WDK GROUPE PARTNER.

The investigation will indicate the nature of the incident, the type of data involved and whether specifically personal data is impacted (and if so, who are the data subjects and how much personal data is affected). The investigation will determine whether or not there is a personal data breach.

In the case of a violation, a risk analysis will be carried out to find out what the possible consequences of the violation are (may be), and in particular the (possible) impacts on the persons concerned.

WDK GROUPE PARTNER will then decide, based on the nature of the violation, whether or not there is an obligation to notify the Data Protection Authority and/or the data subject.

C. Documentation of violations

All violations will be documented in a logbook. The logbook will detail the main cause of the incident and contributing factors, chronology of events, response actions, recommendations and lessons learned to identify areas for improvement. Recommended changes to systems and procedures will be documented and implemented as quickly as possible.

As part of its task of monitoring compliance with data protection regulations, the DPO will also examine the follow-up given to the handling of the violation recorded in the report.

13. Data Protection Officer (“DPO”)

WDK GROUPE PARTNER has appointed a Data Protection Officer who can be contacted by post or email (privacy@wdkpartner.com).

This Data Protection Officer shall:

• inform and advise WDK GROUPE PARTNER, as well as members of staff, directors and management on their obligations under the Data Protection Laws and Regulations;
• monitor compliance with data protection legislation and regulations and with the policy on the processing and protection of personal data in the context of the activities of WDK GROUPE PARTNER as set out in this policy, including with regard to the allocation of responsibilities, the awareness and training of persons involved in processing operations, and the related audits;
• provide advice, upon request, on the impact assessment relating to the protection of personal data and to verify its execution;
• cooperate with the Data Protection Authority;
• act as a point of contact for:
• data subjects who may contact the Data Protection Officer for all matters relating to the processing of their personal data and the exercise of their rights;
• any person who notices an incident or violation related to the processing of personal data within the framework of the activities of WDK GROUPE PARTNER and who must, among other things, inform the Data Protection Officer;
• the Data Protection Authority in matters relating to the processing of personal data;
• take due account of the risk associated with processing operations, taking into account the nature, scope, context and purposes of the processing;
• for any other mission or task he may be entrusted with.

14. How do I become aware of this policy and any changes to it?

In a world of constant technological change, we will regularly update the “Privacy Policy”.

We invite you to read the latest version of this document on our sites and we will inform you of any substantial changes through our sites or through our usual means of communication.