Privacy Statement
Last revised: February 15, 2023
Introduction
This Privacy Statement explains what personal data Valtech SE, its affiliates under common control and its subsidiaries operating in its offices (collectively referred to below as “ Valtech”, “we”) process about you, how we process it and for what purposes. It also gives information on the rights you have in relation to the processing of your personal data. Finally, this Privacy Statement gives an overview of the main processing activities we do in relation to your personal data that may be collected when you are browsing Valtech websites including valtech.com and accessing our services.
Processing activities regarding Valtech’s employees, clients and service providers are covered by a separate policy or specific contracts. Clients and service providers’ contact details might however be concerned by this Privacy Statement to the extent they are registered on the Valtech websites or for marketing purposes.
Arising a conflict between the English and other language versions of this Privacy Statement, the English version shall prevail.
This Privacy Statement may be amended from time to time to take into account changes in applicable laws or in the way we handle your personal data. Certain areas of Valtech websites (e.g. recruitment) may link to third parties’ privacy statements or policies.
The General Data Protection Regulation (GDPR) is considered to be the global leading standard where it comes to privacy regulation. Valtech has decided to abide by the GDPR standard in all the countries where it carries business with possible additional measures depending on applicable local laws, such as the UK Data Protection Act 2018 (“UK DPA”), the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (“CCPA”), and the Canadian Privacy Act and the Quebec Act Respecting the Protection of Personal Information in the Private Sector (the two latter hereinafter referred to as the “Canadian Laws”; and all collectively, the “Other Applicable Laws”).
For California residents only: please note that Valtech does not sell personal information. However, if you wish to formally exercise your right to opt-out, please send an email to US.privacy@valtech.com.
Information about Valtech
Valtech SE is the leading company of the Valtech group, registered in the Grand Duchy of Luxembourg, under the Trade and Companies Register number B238451, having its registered office at 18 rue Erasme, L-1468 Luxembourg, Grand Duchy of Luxembourg and having offices in Paris registered in the Paris Trade and Companies Register under number B 389 665 167, based at 38 rue des Jeûneurs, 75002 Paris - France.
Role of Valtech regarding processing of Personal Data
According to the GDPR, Valtech is a “data controller” when deciding how personal data are processed in connection with our websites or services, and Valtech is a “data processor” when processing personal data on behalf of and according to the instructions of another company (e.g. a client).
You will find at the bottom of this Privacy Statement all the details for (i) the Data Protection Managers in each country where Valtech SE has a subsidiary and (ii) the Group Data Protection Officer.
For the purposes of compliance with the GDPR, Valtech entities located outside the European Union are represented by Valtech SE in the European Union. If you are using Valtech services through one of our clients, please address your privacy-related issues or questions directly to them.
Collection of Personal Data
We may collect or obtain your personal data if you are a job applicant, a website user, a business partner or a shareholder.
The type of personal data we obtain depend on how you interact with us and the services you use. Some personal data are collected (i) directly from you (e.g. data provided when you apply for a job, enter into a business relationship with us, when you sign up for a newsletter or complete a contact form or survey) or (ii) indirectly from your use of Valtech websites (e.g. data collected through cookies or other similar technologies) or (iii) when you provide consent through one of our partners (e.g. Valtech may sponsor the partner and/or the partner offers “Valtech content”) or (iv) from publicly available sources.
Regarding personal data we collect directly from you, such information may consist of, but is not limited to, your name, current job title, company address, email address, telephone number and other contact information. Where appropriate, you will be informed if certain data are required for a proper service or if their provision is optional (e.g. information identified with an asterisk in the registration form is mandatory).
We do not seek sensitive information (e.g., data relating to race or ethnic origin, religious beliefs, criminal record, physical or mental health or sexual orientation) from you, and you are prohibited from posting or sending such data, except if such sensitive information are requested by local law.
Regarding personal data that we obtain indirectly through your use of our websites and services, such information may consist of, but is not limited to, standard Internet log information including your IP address, browser type and language, geolocation, access times and referring website addresses. To ensure that our websites are well managed and to facilitate improved navigation, we or our service provider(s) may also use cookies (small text files stored in a user's browser) or web beacons (electronic images that allow the website to count visitors who have accessed a particular page and to access certain cookies) to collect aggregated data. Additional information on how we use cookies and other tracking technologies and how you can control these can be found in our Cookie Statement.
Valtech websites may host various publicly available sources and third-party social media, including blogs, forums, wikis and other social media applications or services, such as LinkedIn, YouTube, Facebook, Instagram, Twitter, Google Podcasts, Sound Cloud, Apple Podcasts or Spotify, that allow you to share content with other users (collectively “Social Media Applications”). Please note that any personal data or other information that you contribute to any Social Media Application can be read, collected and used (i) by us to build a file for marketing purposes and/or (ii) byother users or data controllers of that Social Media Application over whom we have little or no control. Therefore, we are not responsible for any other user's use, misuse or misappropriation of any personal data or other information that you contribute to any Social Media Application. We invite you to consult the privacy policy of Social Media Application for more information on their privacy practices.
Use of Personal Data
This section provides details on the legal basis we rely on to process your personal data and the purposes for which we process them.
In compliance with GDPR and Other Applicable Laws, we process your personal data:
-
because you have given your consent to the processing of your personal data for a determined purpose;
-
to perform a contract to which you are party or in order to take steps at your request prior to entering into a contract;
-
to comply with a legal obligation to which we are subject;
-
when the processing is necessary for the purposes of the legitimate interests pursued by us or a third party (e.g. partners, service providers), except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, unless the country law does not accept legitimate interest as a legal ground;
Depending on how you interact with us, we may process your personal data in connection with our services or for other business purposes to:
-
administer accounts or profiles related to you or your organisation, which may include registration, subscription, purchase, billing events, and/or payments;
-
answer your questions and requests;
-
enable you to access to certain restricted part of our websites;
-
enable you to download specific documentation (e.g. White Papers);
-
enable you to attend a hosted event or a webinar;
-
enable us to manage and secure our website or service;
-
compile aggregate statistics regarding the use of the websites;
-
for marketing or research purposes and development purposes for new content, services and/or products aiming at improving, testing, and enhancing features of current services;
-
send you offers and promotional materials or communications regarding our services that we feel may be of interest to you, provided that you have given us your express consent by any means;
-
perform matched audience with third-party social media (i.e., LinkedIn, Facebook and Instagram) to share our content with you through them;
-
provide you with personalized advertising;
-
manage the forums to which you may take part;
-
conduct satisfaction surveys and feedback on our services;
-
for recruitment purposes when you submit a resume or a job application online;
-
fulfill our contractual obligations towards you;
-
comply with your instructions or to fulfill other, specified purposes for which you have given your consent;
-
comply with the law and legal obligations;
-
respond to a request or order from a court, regulator, or authority when required by law;
-
exercise our rights and protect our own and others’ rights and/or property;
Disclosure of Personal Data
Valtech is a global organisation having separate legal entities (subsidiaries or branch) in many parts of the world and whose internal processes and infrastructures are international in scope and nature and usually cross borders. Accordingly, we may share your personal data with other Valtech entities and transfer it to countries around the world where we have offices or where we conduct business, which include those located outside the European Economic Area, Switzerland, Québec and/or United Kingdom.
On a case-by-case basis, we may also share your personal data with business partners (e.g. to provide or improve products/services or to host events), with service providers (e.g. to pass your requests to them or for data security and storage services), with social media providers (e.g. to share our content with you through them) and with other third parties where we believe that such disclosure is reasonably necessary to comply with an applicable law or regulation or if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is lawful, necessary or appropriate.
All of these disclosures may involve the transfer of personal data to countries with different data protection rules from those in effect in your area of residence.
When relying on such third parties located outside the European Economic Area, Switzerland, Québec and/or United Kingdom, we implement appropriate means to safeguard these transfers in accordance with applicable data protection regulation and we make sure that they provide an adequate level of protection to the personal data they process on our behalf. When such third parties are located outside the European Economic Area, Switzerland, Québec and/or United Kingdom, we make sure that we enter into the relevant appropriate safeguards, such as (i) Standard Contractual Clauses (SCC) as adopted and updated by the European Commission; (ii) an International Data Transfer Agreement (IDTA) or an International Data Transfer Addendum to the European Commission's Standard Contractual Clauses for International Data Transfers (Addendum) as issued by the UK Information Commissioner’s Office (ICO); and/or (iii) similar clauses as may be required under Other Applicable Laws.
Security of Personal Data
The security of your personal data is our priority. Taking into account the nature, scope, context, and purposes of each data processing, as well as the risks of varying likelihood and severity for your rights and freedoms, we implement all appropriate technical and organisational measures and policies to ensure the protection of your personal data and prevent any accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed by Valtech.
Regarding Valtech websites, we have in place reasonable commercial standards of technology and implement technical and organisational security measures to protect all information you may provide to us from unauthorized access, disclosure, alteration or destruction. If you registered to our websites, it is important you maintain the confidentiality of your identifiers in order to prevent illicit use of your account.
Rights on your Personal Data
There are some cases in which local data privacy laws may give you rights regarding your personal data, especially if you are located or reside in certain countries (e.g. within the EU, UK, Canada or in California). In such cases, the below mentioned rights may be available to you.
- For European Economic Area, Switzerland and United Kingdom residents:
In accordance with the GDPR and the UK DPA, you can exercise your rights of access, rectification and erasure of your personal data, your right to restriction of processing related to your personal data, and your right to data portability. You may also, for legitimate reasons, object to the processing of your personal data. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. You can exercise these rights at any time by sending a proof of identity to Valtech’s relevant local Data Protection Manager and/or to the Data Protection Officer as listed below (Contact us section).
- For California residents:
In accordance with the CCPA, you can exercise your rights of access, your right of correction or deletion of your personal data, and your right to opt-out, i.e. your right to request Valtech not to “sell” personal information to third parties or stop sharing your personal information for cross-context behavioral advertising, and limit the use or disclosure or your sensitive personal information, which can be found at the top of this Privacy Statement (Introduction section). If you make a request, we will respond to you within forty-five days of receipt.
- For Canadian residents:
In accordance with the Canadian Laws, you can exercise your right of access, your right of correction of your personal data where you believe there is an error or omission in the data, erasure, deindexation and cease dissemination. If you make a request, Valtech will respond to you within thirty days of receipt. You can exercise these rights at any time by writting to Valtech’s relevant local Data Protection Manager and/or to the Data Protection Officer as listed below (Contact us section)
Nevertheless, insofar as the collection and processing of your personal data is strictly necessary for the provision of the service you requested, you acknowledge that you don’t have an absolute right of erasure or restriction of the processing and to oppose the processing of such personal data. There may be circumstances under which Valtech could have grounds to refuse to grant your request to exercise your data protection rights.
When the processing of your personal data is based on the collection of your consent, you may withdraw this consent at any time, in particular by clicking on the unsubscription link contained in communications sent by Valtech and generated in response to your registration on the Valtech websites.
In accordance with applicable data protection regulation, if you have any concerns about our use of your personal data, you also have the right to lodge a complaint with a supervisory authority.
Retention of Personal Data
Your personal data are retained by us for the time strictly necessary to fulfill the pursued purposes as set forth herein, in accordance with the applicable data protection regulation or timelines recommended by supervisory authorities and/or to comply with our legal or contractual obligations.
The personal data used for marketing purposes may be retained for a maximum of 2 years from the last interaction you had with our content. This duration may be reduced in compliance with local regulation.
The personal data used for recruitment purposes may be retained for a maximum of 2 years from the last contact with you this duration can be reduced in compliance with local regulation if you want to have your personal data erased, please let us know at the relevant email address (depending on your country) you can find at the end of this document.
Your information is deleted when the above retention period expires. Nevertheless, the personal data may be archived beyond the retention period for research purpose or for the sole purpose of allowing their provision to the judicial authorities. In addition, we are likely to retain your personal data (including your contributions on blogs and forums) anonymously, for the purpose of producing statistical studies.
Cookies and web beacons are retained for 13 months maximum. This duration is not automatically extended on new visits. Information collected via cookies and web beacons are retained for a maximum period of 25 months. This duration may be reduced in compliance with local regulation.
Changes to our Privacy Statement
We may modify or amend this Privacy Statement from time to time at our discretion. When we make changes to this statement, we will amend the revision date at the top of this page. We encourage you to refer to this Privacy Statement often to get the latest information about our personal information practices.
Children's Privacy Protection
We understand the importance of protecting children's privacy in the interactive online world. This Website is not designed for or intentionally targeted at children 16 years of age or younger. It is not our policy to intentionally collect or maintain information about anyone under the age of 16. Therefore, if you are under 16, please do not attempt to register for the Services or send any personal data about yourself to us.
Contact us
Any questions, comments, or concerns you may have regarding Valtech practices and compliance with local data privacy laws, our Privacy Statement or regarding Valtech web presence may be directed to our Group Data Protection Officer, Alexandra de la Martinière, in writing at Valtech SE, 38 rue des Jeûneurs, 75002 Paris, France or at GL.privacy@valtech.com.
You can contact Valtech as data controller of your personal data by writing an email or post to the concerned Valtech’s Data Protection Manager or Officer indicated below:
COUNTRY |
EMAIL ADDRESS OF DATA PROTECTION MANAGER/OFFICER |
Argentina |
|
Brazil |
|
Bulgaria |
|
Canada |
Designated individual responsible for personal information: Marc André Audet, Information Security Expert |
China |
|
Denmark |
|
France |
|
Germany |
|
|
|
India |
|
Mexico |
|
Netherlands |
|
North Macedonia |
|
Poland |
|
Portugal |
|
Romania |
|
Singapore |
|
Switzerland |
|
Sweden |
|
United Kingdom |
|
Ukraine |
|
United Arab Emirates |
|
United States of America |
|
VALTECH GROUP |