SAGESS Member Data Protection Policy
SAGESS is committed to building strong and sustainable relationships based on trust and mutual benefit with its members.
As such, SAGESS is committed to protecting your personal data and your privacy and ensuring that the information it receives is kept safe and confidential.
This personal data protection policy (hereinafter the “Policy”) describes the commitments SAGESS has made as a data controller to ensure your personal data is respected. SAGESS would also like to use this Policy to provide you with clear information on how your personal data is collected and used when you register as a member on its Website to take advantage of the services it offers.
SAGESS may make changes to this Policy. The latest version will be available on its Website and SAGESS will inform you of any changes, through its Website or other means.
1. What data is processed?
SAGESS only collects data that is required for the purposes for which it is processed.
When collecting your data through a questionnaire, information that must be provided will be indicated with an asterisk or other equivalent method. SAGESS will be unable to process your request if this required information is not provided.
When collecting your data through a questionnaire, SAGESS is required to collect the following personal information:
- Identifying information, such as your first and last name, gender, etc.;
- Email address;
- Professional information, such as your position and the field in which you work (finance, logistics, etc.);
- Information obtained with your consent or gathered as permitted or required by law. The sharing and processing of the information requested by SAGESS is required to provide services and/or comply with the legal and regulatory requirements under which it operates. In all other cases, SAGESS will not collect information without prior consent.
SAGESS automatically collects certain information about which browser and hardware you are using (computer, mobile device) for system administration purposes, to comply with its legal and regulatory obligations, to maintain the quality of its services, and to obtain general statistics about how these services are being used.
2. Why does SAGESS process personal data?
SAGESS processes personal data for explicit, specified, and legitimate purposes based either on fulfilling a contractual, legal, or regulatory obligation, or your consent.
- Provision of Services
SAGESS collects and uses your personal data as part of your access to its Website and the various services it offers, including:
- Managing and processing your Website registration request;
- Allowing you to take advantage of all the Services offered on the Website;
- Ensuring Service quality and security;
- Collecting general statistics to improve these Services;
- Ensuring that potential disputes are resolved.
- Transmitting Members’ Information by Email for Marketing Purposes
Your data will never be used for marketing purposes.
- Complying with Legal and Regulatory Requirements
SAGESS must comply with the legal and regulatory requirements under which it operates, especially those related to its status as a hosting provider, in accordance with the French law regarding confidence in the digital economy.
- Computer Network Security
SAGESS uses security data to validate, monitor, and secure the communications channels (Website, applications, etc.) that you use when interacting with SAGESS. SAGESS uses data to help detect malicious computer and software viruses on the hardware and software you use in order to combat fraudulent use.
3. With whom is my personal data shared?
SAGESS uses the utmost care when processing your data. Only data that is required for processing will be shared with third parties.
SAGESS may be required to share certain data with public authorities when requested to do so or as part of its legal and regulatory obligations. In such cases, only the data that has been specifically requested will be shared.
Your personal data will only be disclosed to third parties when required by law or if SAGESS believes in good faith that such disclosure is necessary to comply with the regulations in effect or an order regarding SAGESS or its Website delivered by a competent authority (specifically, a judicial authority or the police), to protect and defend its rights, or take urgent action to protect the personal safety of other Members or, more generally, of third parties.
SAGESS may share your personal data with its technical service providers whose involvement is required to perform one of the aforementioned tasks. SAGESS makes sure that these third parties guarantee the integrity, confidentiality, and security of your data while processing it.
Your data will not be transferred for any purpose other than those listed in this Policy without first obtaining your consent, which may be withdrawn at any time.
4. How does SAGESS secure my data?
SAGESS ensures the security of your data by implementing protective measures enhanced by both physical and logical data security techniques to guarantee data integrity as well as confidential and secure data processing.
5. How long does SAGESS store my personal data?
Your personal data may be stored for as long as necessary to complete the tasks for which it was collected, as mentioned above. The data will then be deleted. As an exception to the preceding, SAGESS may archive this data to manage ongoing complaints or disputes and to fulfil its legal and regulatory obligations or fulfil requests from authorities authorised to make such requests.
SAGESS stores data related to the management and use of its services for three (3) years after a user cancels his or her registration to the Website, unless it is legally required to store the data for a shorter period.
SAGESS stores bids for various requests for proposals for three (3) years after the date the request is closed.
Some data may be anonymised and stored for statistical analysis.
7. Does SAGESS transfer data outside of the European Union?
The processing performed by SAGESS as part of the provision of Services occurs entirely within the European Union.
8. What are my rights and how do I exercise them?
In accordance with amended law no. 78-17 of 6 January 1978 regarding data processing and privacy and the General Data Protection Regulation, which took effect on 25 May 2018, you have a right of access, right to rectification, right to erasure, right to restriction of processing, and a right to define what happens to your data after your death. You may exercise these rights under the conditions and within the limits set forth by the regulations in effect. You are advised that exercising some of these rights may make it impossible for SAGESS to provide its product or service on a case-by-case basis.
You must provide proof of your identity to be able to exercise these rights. SAGESS will not process incomplete requests.
A right-of-access request may be made by contacting the Data Protection Officer by email at the following address: firstname.lastname@example.org.
You have the right to file a complaint with the French Data Protection Authority (CNIL), which is responsible for ensuring that personal data obligations are met, either by mail at CNIL, 3, place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07 or by email on the CNIL’s website: https://www.CNIL.fr/
Effective date of this Policy: 25 May 2018.