GDPR

Personal data protection policy applicable from 25 May 2018

This personal data protection policy has been applicable since 25 May 2018.

TAIGA builds strong and lasting relationships with clients and users, based on mutual trust. Therefore, ensuring the security and confidentiality of its users’ personal data is a fundamental priority for TAIGA.

TAIGA complies with all French and European laws and regulations on personal data protection.

TAIGA implements an extremely strict policy to guarantee the protection of its users’ personal data:

– Each TAIGA user remains in full control of his or her data. TAIGA does not have control over the use of that data.

– Data is processed in a transparent, confidential and secure manner.

– TAIGA is committed to ensuring the continued protection of its users’ data, in accordance with the French Data Protection Act of 6 January 1978 as amended (hereinafter “Computing and Freedoms Act”) and with Regulation (EU) 2016/679 of 27 April 2016 on Data Protection (hereinafter “GDPR”).

– TAIGA has a dedicated team responsible for ensuring the protection of personal data, comprising the Chairman, the General Manager and specialist engineers.

– Users’ personal data is hosted by an external provider, which also satisfies these protection requirements and which processes stored data in accordance with TAIGA’s instructions only.

PURPOSE OF THIS POLICY

TAIGA wishes to inform you how and for what purpose we collect your personal data and how we update, manage, export and delete your data.

This policy describes how TAIGA collects and processes the personal data of users (hereinafter “User(s)”) when they browse the websites https://xxxxxx.taiga-cm.com (hereinafter the “Website”) and when they use TAIGA’s services.

This policy may be modified, supplemented or updated in order to comply with any legal, regulatory and technical developments and developments in case law. However, Users’ Personal Data will always be processed in accordance with the policy in force at the time of collection, unless a binding legal provision specifies otherwise and applies retrospectively.

This policy forms an integral part of the general terms and conditions of use for TAIGA applications.

IDENTITY AND CONTACT DETAILS OF CONTROLLERS

Legal reminder: The controller is, within the meaning of the Computing and Freedoms Act, the person who determines the means and purposes of the processing. The processor is a person who processes personal data on behalf of the controller. The processor acts under the authority of and on instructions from the controller.

The Personal Data controller is:

For Personal Data collected at the time of creation of the User’s personal account and while the User is browsing the Website: TAGIA-CM, a société par actions simplifiée with a share capital of €70,035, entered in the Nanterre Trade and Companies Register under number 512 149 105, with registered office at 114 Avenue Charles de Gaulle 92200 Neuilly-sur-Seine, France, and VAT number FR16512149105 (hereinafter “TAIGA”). TAIGA is represented by its President, SARL McDeer, itself represented by its manager, Etienne Téqui.

Whether acting as the controller or processor, TAIGA takes appropriate steps to ensure the protection and confidentiality of the personal information that it holds or processes in accordance with the provisions of the Computing and Freedoms Act and the GDPR. For more information about the services offered by TAIGA, please refer to the General Terms and Conditions of Use of TAIGA applications.

COLLECTION & ORIGIN OF DATA

All data concerning Users is collected directly from their manager or from Users themselves.

Data can also be collected through the accounting statements provided by Clients using TAIGA applications.

TAIGA undertakes to obtain the consent of its Users and/or to enable them to object to the use of their data for certain purposes, whenever this is necessary.

In all cases, Users are informed of the purposes for which their data is collected through this charter.

PURPOSE OF DATA COLLECTION

  1. Need to collect data.

Certain data is required for identifying users when connecting and using TAIGA applications. In this case, TAIGA acts as the Controller.

Other data is collected through the integration of accounting and/or financial data operated by TAIGA or directly by its clients in TAIGA applications. In this latter case, TAIGA acts as the Processor.

  1. Purposes

Users’ Personal Data is collected so as to enable them to connect to TAIGA applications. Data will also be collected so as to enable Users to use TAIGA solutions, to carry out dunning activities in relation to unpaid invoices, or to process a company’s accounting data in order to draw up actual or projected financial statements or financial analyses.

TAIGA Users are informed of the mandatory or optional nature of the personal data requested and the possible consequences of a failure to reply at the time their data is collected.

TYPES OF DATA PROCESSED

As Processor, TAIGA is required to process personal data to enable the drawing up of financial or accounting statements, accounting or financial analyses, or to carry out dunning activities in relation to unpaid debts.

TAIGA is required to process personal data, in its capacity as Controller, to allow browsing on its software applications, connection data and use of the Website or to prevent and combat computer fraud (spamming, hacking, etc.).

TAIGA may also process personal data:

-for the creation of databases for direct marketing purposes, but the source of which is only professional data published by the author in public social networks,

-by the hardware used for browsing, the IP address, password (hashed) — to improve browsing on software applications,

-by professional email addresses — to run communication campaigns (email): telephone number, email address,

The data processed is mainly professional data (email address, telephone, accounting data, where applicable).

NON-DISCLOSURE OF PERSONAL DATA

The User’s Personal Data will not be transmitted to commercial parties or advertisers.

The User’s Personal Data may be processed by TAIGA’s subsidiaries and subcontractors (service providers), which are themselves compliant with current data protection regulations, while fully observing the principle established above, exclusively in order to achieve the purposes of this policy.

Within the limits of their respective powers and for the purposes mentioned above, the main persons having access to the data of TAIGA Users are solely clients falling within the category of “users”.

In addition, TAIGA uses a data host in accordance with the General Data Protection Regulation.

PERIOD FOR WHICH DATA IS STORED

We keep your data only for as long as is necessary for the purposes for which it was collected, in accordance with legal requirements.

USER RIGHTS

Whenever TAIGA processes Personal Data, TAIGA takes all reasonable steps to ensure that Personal Data is accurate having regard to the purposes for which it is processed by TAIGA.

In accordance with current European regulations, TAIGA Users enjoy the following rights: right of access (Article 15 of the GDPR); right to rectification (Article 16 of the GDPR); right to have data updated and incomplete data completed; right of blocking or erasure of personal data (Article 17 of the GDPR), where it is inaccurate, incomplete, ambiguous or out of date or where the collection, use, communication or storage of such data is prohibited; right to withdraw consent at any time (Article 13(2)(c) of the GDPR); right to restriction of processing of data (Article 18 of the GDPR); right to object to the processing of data (Article 21 of the GDPR); right to the portability of data provided by Users, where such data is subject to automated processing based on their consent or on a contract (Article 20 of the GDPR); right to define what happens to their data after their death and to stipulate that TAIGA must (or must not) communicate their data to a third party whom they have previously designated.

As soon as TAIGA becomes aware of a User’s death and in the absence of instructions from that User, TAIGA undertakes to destroy his or her data, unless the retention of such data is necessary for evidential purposes or to fulfil a legal obligation.

If Users want to know how TAIGA uses their Personal Data, or to ask TAIGA to rectify their data or to object to the processing of their data, they may contact TAIGA in writing at the following address: TAIGA – DPD, 114 Avenue Charles De Gaulle, 92200 Neuilly-sur-Seine, France, or by email at dataprivacy@taiga-cm.com. In this case, Users must indicate the Personal Data that they would like TAIGA to correct, update or delete and identify themselves by furnishing a copy of an identity document (identity card or passport). Any requests for erasure of Personal Data will be subject to the obligations imposed on TAIGA by law, particularly with respect to the retention or archiving of documents. Finally, TAIGA Users may lodge a complaint with the supervisory authorities and, specifically, with the CNIL (https://www.cnil.fr/fr/plaintes).

SOCIAL MEDIA

TAIGA Users can click on the icons corresponding to the social networks Twitter, Facebook, LinkedIn and Google Plus on the TAIGA Website.

Social networks help to improve interaction on the Website and to promote the Website through sharing. Video sharing services enrich the TAIGA Website with video content and increase its visibility.

When Users click on these buttons, TAIGA will be able to access the personal information that the User has indicated as public and accessible from their Twitter, Facebook, LinkedIn and Google Plus profiles. However, TAIGA does not create or use any database independent from

Twitter, Facebook, LinkedIn and Google Plus using the personal information that Users may publish on those networks and TAIGA will not process any data relating to their private life in this way.

If Users do not wish TAIGA to have access to personal information published on the public space of their profiles or social media accounts, they must use the functionalities provided by Twitter, Facebook, LinkedIn and Google Plus to restrict access to their data.

SECURITY

TAIGA adopts all technical and organisational measures necessary to ensure the security of personal data processing and the confidentiality of Personal Data.

Accordingly, TAIGA takes all useful precautions, having regard to the nature of the data and to the risks presented by the processing, in order to preserve the security of data and, in particular, to prevent data from being distorted or damaged or to prevent unauthorised third parties from accessing that data (physical protection of the premises, authentication procedures involving personal and secure access via confidential IDs and passwords, logging of connections, encryption of certain data, etc.).

PERSONAL INFORMATION AND MINORS

In principle, the Website and the Software Applications are intended for adults capable of assuming legal obligations in accordance with the legislation of the country in which the User is located.

As the Processor, personal information is provided to TAIGA through TAIGA’s Client Manager, and the latter alone is responsible for any personal information concerning minors that may have been transmitted to TAIGA.

CONTACT US – DPO’S CONTACT DETAILS

The Data Protection Officer is: Mr Oussama Alhamoutie.

If Users have any questions or complaints regarding TAIGA’s compliance with this Policy, or if they wish to make comments or recommendations aimed at improving the quality of this Policy, they may contact TAIGA in writing at the following address: TAIGA CM – 114 Avenue Charles de Gaulle 92200 Neuilly-sur-Seine, France, or dataprivacy@taiga-cm.com.