PRIVACY POLICY
SILEX FRANCE – NOVEMBER 2022
SILEX FRANCE, a simplified joint-stock company with a capital of 154,563 Euros, registered with the RCS of Créteil under number 802 375 022, whose registered office is located at 54 avenue Lénine, 94250 Gentilly (hereinafter “SILEX”), pays particular attention to the protection of personal data and is commited to protect them in accordance with the applicable regulations and in particular Regulation (EU) n°2016/679 of April 27, 2016 known as the “General Data Protection Regulation” or “RGPD” and law n° 78-17 of January 6, 1978 modified, known as the modified “Data Protection Act” (the “Law Applicable to Data Protection”).
By “Personal Data” we mean any data that directly or indirectly identifies an individual (name, first name, identifier, location data, etc.).
When it collects the Personal Data of the users of its solution, made available in SaaS (Software as a Service) mode (the “Solution”), SILEX implements processing of these data for which it is qualified as a “data controller”, in the sense of the aforementioned texts.
The Solution offers various functionalities, including sourcing services, allowing buyers (the “Buyers”) to quickly identify suppliers (the “Suppliers”), (together the “Concerned Persons”) that best match their needs, within exhaustive databases updated in real time.
SILEX declares to comply at all times with the requirements of the Applicable Data Protection Law and to process Personal Data only in the conditions set out below.
ARTICLE 1. PERSONAL DATA PROCESSING
SILEX operates the following processing of Personal Data of the Data Subjects:
| Person concerned | Purpose | Legal basis | Categories of data processed | Shelf life |
|---|---|---|---|---|
| Person Concerned | Management of the opening and use of the account |
Execution of the general conditions of use |
First and last name Photography Professional e-mail address Business phone number Current company / position Professional history on the Solution (the ” Identifying Information “) |
3 years |
|
Buyer |
Research and identification of Suppliers |
Execution of the general conditions of use |
Identifying data Connection logs |
3 years |
| Person Concerned |
Management of written messaging between Buyers and Suppliers |
Consent |
Identifying data Connection logs |
3 years |
| Person Concerned | Newsletter | Consent | E-mail address | As long as the person has not unsubscribed from the newsletter, with a maximum of 3 years |
| Person Concerned | Subscription order and billing | Execution of the general conditions of sale |
Connection logs Identifying data |
Duration of the subscription |
| Person Concerned | Operational management of the solution (support and after-sales service in particular) | Execution of the general conditions of use |
Identifying data Any information that could be transmitted by the Person Concerned to the support service |
Length of time the account is active on the Solution |
| Person Concerned |
Communication with the Person Concerned by any means made available to him/her on the Solution (contact email, contact telephone, etc.) |
Consent |
First and last name Organization Email address professional Business phone Any information that will be communicated by the Person Concerned when making contact |
3 years |
| Person Concerned |
Improvement of the performance and functionality of the solution |
Legitimate interests of SILEX |
Statistical usage data (cookies) IP address Connection logs |
|
| Person Concerned | Litigation management | Legitimate interests of SILEX | All Personal Data | Length of time the account is active on the Solution |
| Person Concerned |
Fraud prevention and detection, malware and security incident management |
Legitimate interests of SILEX and legal obligation |
Connection logs IP address |
Length of time the account is active on the Solution |
The compulsory or optional nature of the Personal Data input is specified on the collection form. The compulsory communication of certain Personal Data is necessary for SILEX to implement the above-mentioned purposes. The optional data allow SILEX to better know the Person concerned in order to provide services more adapted to his/her needs.
ARTICLE 2. MAPPING OF PERSONAL DATA PROCESSING
The Personal Data of the Person Concerned is kept for the periods specified in the table above.
Beyond that, the Personal Data are subject to intermediate archiving by SILEX, in a secure environment in compliance with the requirements of the Law applicable to Data Protection, for the legal period of prescription applicable, for the purposes of proof for the establishment, exercise or defense of a right in justice. The Personal Data are then permanently deleted from the SILEX information system.
ARTICLE 3. RECIPIENTS OF PERSONAL DATA
Unless required to do so by law or court order, SILEX will never disclose, assign, rent or transmit the Personal Data it processes to third parties other than the following recipients:
- The SILEX staff, within the strict framework of their functions, for the sole purpose of ensuring the purposes of the processing as mentioned above;
- The following service providers, it being understood that they act as “subcontractors” of SILEX within the meaning of the Applicable Data Protection Law, on the instructions of SILEX, which communicates to them the data strictly necessary for the performance of their tasks, under the contractual conditions signed with SILEX which cannot derogate from the present article and which comply with the Applicable Data Protection Law:
The hosting provider of the Solution and its databases, including the Personal Data databases, the company OVH, in its datacenters located in France, for the purpose of performing technical services of hosting and management of databases. For any additional information on the processing of Personal Data by the host, the Person Concerned is invited to read the privacy policy of the company OVH visible at the following address https://www.ovhcloud.com/fr/personal-data-protection/;
The support and sales service provider, ZENDESK, in its data centers located within the European Union. ZENDESK may process the following Personal Data: email address, IP address of the user, for the purpose of providing support and sales services. For any additional information on the processing of Personal Data operated by this service provider, the Person Concerned is invited to read the confidentiality policy of the company ZENDESK visible at the following address https://www.zendesk.fr/company/agreements-and-terms/privacy-notice/ ;
Usage tracking and adoption support provider, PENDO, in its U.S.-based datacenters. PENDO may process the following Personal Data: IP address of the user, for the purpose of performing usage monitoring and adoption support services (statistics). For further information on the processing of Personal Data by this provider, the Data Subject is invited to read the privacy policy of the company PENDO, which can be found at the following address https://www.pendo.io/legal/privacy-policy/;
- Third-party cookie publishers, as provided below.
ARTICLE 4. SECURITY MEASURES IMPLEMENTED
SILEX agrees to use its best efforts to:
- Ensure the physical and logical security of the servers on which the Solution is hosted and, in particular, the integrity of the network and servers against any external malicious act or any known computer attack. The servers are protected against intrusions by a firewall. Security updates for operating systems and anti-virus software are installed regularly;
- To implement and maintain security and confidentiality measures for the Solution, which take into account the principles of Personal Data protection and the applicable banking security rules, and are adapted to the risk generated by their processing on the rights and freedoms of the Data Subjects, in accordance with the requirements of the Applicable Data Protection Law. SILEX implements strong authentication systems and user access controls on the Solution, traceability measures, an antivirus and antispyware system, robust database encryption, regular incremental and total backups, with triple replication and geo-redundancy. These measures aim to (i) protect Personal Data from destruction, loss, alteration, disclosure to unauthorized third parties and (ii) ensure the restoration of availability and access to Personal Data in a timely manner in the event of a physical or technical incident. SILEX also implements a procedure to regularly test, analyze and evaluate the effectiveness of the above security measures.
ARTICLE 5. RIGHTS OF THE PERSONS CONCERNED ON THEIR PERSONAL DATA
SILEX declares not to transfer Personal Data to countries outside the European Union that have not been recognized by the European Commission as providing an adequate level of protection (i) without having first obtained the customer’s express and written authorization and (ii) without the implementation of legal instruments recognized as appropriate by the Applicable Data Protection Law to govern the transfer(s) concerned
Certain partners and/or service providers of SILEX mentioned in Article 3 above are part of groups of companies whose holding entity is located outside the European Economic Area. As a result, Personal Data of the Persons Concerned may be transferred to third countries (in particular the United States of America). The Data Subject is advised that these companies may be subject to legal, governmental or judicial obligations to disclose data, including Personal Data, regardless of where such data is hosted.
SILEX ensures at all times that these transfers are carried out under appropriate and suitable security and confidentiality conditions so as to guarantee a level of protection of the Personal Data of the Data Subjects equivalent to the level required within the European Union, in accordance with the Law applicable to Data Protection, if necessary by concluding with them the standard contractual clauses adopted by the European Commission
ARTICLE 6. RIGHTS OF THE PERSONS CONCERNED ON THEIR PERSONAL DATA
Data Subjects have the following rights at any time with respect to their Personal Data:
- Right of access: to obtain confirmation of the processing of his Personal Data as well as a certain amount of information on the processing, it being understood that this information is in any case given in the present document;
- Right of rectification: to obtain rectification of Personal Data when they are inaccurate or incomplete;
- Right to erasure, also known as the “right to be forgotten”: to obtain the erasure of Personal Data when they are no longer necessary for the purposes for which they were collected or when the Data Subject objects to the processing of his/her Personal Data;
- Right to the limitation of the processing: to obtain the limitation of the processing of his/her Personal Data when the Person Concerned disputes the accuracy of the data, when the retention period of the Personal Data has expired but the Person Concerned still needs to retain the Personal Data for the establishment, exercise or defense of a legal claim, or if the Person Concerned has objected to the processing;
- Right to portability: to obtain the communication of the Personal Data that the Data Subject has communicated to SILEX in a readable format, or to request SILEX to transmit the Personal Data that the Data Subject has communicated to another controller;
- Right to object: to object at any time, for reasons relating to his or her personal situation, to the processing of his or her Personal Data, in particular in the event that such objection concerns commercial prospecting, including profiling;
- Withdrawal of consent: withdrawing consent to the future processing of one’s Personal Data by SILEX, when the processing is based on consent;
- Right to lodge a complaint: lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (“CNIL”) if the Person Concerned considers that the processing carried out by SILEX constitutes a violation of his/her Personal Data. The services of the CNIL can be contacted:
– By phone : 01 53 73 22 22 ;
– Via an online form available here: https: //www.cnil.fr/webform/nous-contacter
The rights of the Persons concerned on their Personal Data can be exercised at any time with SILEX by email at the following address: contact@silex-app.com or by mail at the following address SILEX FRANCE – 54 avenue Lénine, 94250 Gentilly, France.
ARTICLE 7. HYPERLINKS
The Solution may contain hyperlinks to third-party websites. SILEX has no control over the content of third-party websites referred to by hyperlinks. These websites are published by third-party companies independent of SILEX. Consequently, SILEX cannot assume any responsibility for the content, advertising, services or any other information or data available on or from these sites. Consequently, the Person Concerned acknowledges that he or she is solely responsible for accessing and using these sites. SILEX shall not be liable for any damage or loss, whether actual or alleged, arising out of or in connection with the use of or reliance on any content, goods or services available on these sites.
The Concerned Party is not authorized to create a hyperlink to the Solution. The creation of links to the Solution is only possible with the prior and express consent of SILEX.
ARTICLE 8. COOKIE MANAGEMENT
SILEX uses cookies for the proper functioning of the Solution. A “cookie” is a small data file sent to the Data Subject’s browser by a web server and stored on the hard drive of the Data Subject’s computer or other data storage device. There is no risk of damaging the said support.
The information collected through cookies is solely and strictly intended for SILEX, in compliance with the Law Applicable to Data Protection.
The Personal Data processed through cookies are kept by SILEX for the life of the corresponding cookies and, in any case, for a maximum of 13 months, after which the consent of the Person concerned is requested again.
SILEX uses the following cookies
Strictly necessary cookies
Some cookies used by SILEX are strictly necessary to make the Solution work properly. They are generally established only in response to actions performed by the Person Concerned on the Solution and which require a request for services or filling in forms. The Data Subject may set his or her web browser to block the use of these cookies, but certain features of the Solution will no longer be accessible. These cookies do not store any personally identifiable information about the Data Subject.
| Name of the cookie | Shelf life |
|---|---|
| XSFR-Token | Session |
| __zlcmid | 12 months |
| local_table | Session |
| workgroup_session_id | Session |
| JSESSIONID | Session |
The Data Subject may set his or her browser to accept or disable cookies, subject to the limitations set forth in this section.
Cookie instructions for the most commonly used browsers are available at the following links:
- Windows Internet Explorer®: https: //support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies
- Mozilla Firefox®: https: //support.mozilla.org/fr/kb/autoriser-bloquer-cookies-preferences-sites
- Google Chrome® : https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DiOS&hl=fr
- Apple Safari® (iPhone; iPad): https: //support.apple.com/fr-fr/HT201265
- Apple Safari® (Mac): https: //support.apple.com/fr-fr/guide/safari/sfri11471/mac
- Deactivation of Google Analytics: https: //tools.google.com/dlpage/gaoptout
ARTICLE 9. SOCIAL NETWORKS
The Solution uses the plug-ins of the following social networks:
- Facebook®, operated by Meta Platforms Inc;
- Twitter®, operated by Twitter Inc;
- LinkedIn®, operated by Microsoft Inc;
When the Data Subject interacts with these plug-ins, his/her browser establishes a direct connection with the servers of the corresponding social network. The content of the plug-in is immediately transmitted by the Data Subject’s browser to the social network and stored on its servers. By integrating this plug-in, the social network is informed that the Person concerned has consulted the Solution. It may thus associate the Data Subject’s browsing on the Solution with his or her user account on this social network, if applicable. If the Data Subject does not want the social network to collect data about him or her through the Solution and link it to his or her user account on the social network, the Data Subject must log out of the corresponding social network before visiting the Solution. If the Data Subject is not a member of the social network, it is nevertheless possible that the social network will retrieve and record his or her IP address.
In any case, SILEX has no control over the exact content of the data thus collected. The use of the plug-ins is operated exclusively by the respective social networks and is governed by their general terms of use, which can be found at the following addresses
- For Facebook: https://fr-fr.facebook.com/terms ;
- For Twitter: https://twitter.com/fr/tos ;
- For LinkedIn : https://fr.linkedin.com/legal/user-agreement
Facebook® is a registered trademark and is owned exclusively by Meta Platforms Inc. Twitter® is a registered trademark and is owned exclusively by Twitter Inc. LinkedIn® is a registered trademark and is owned exclusively by Microsoft Inc.
ARTICLE 10. EVOLUTION OF THE PRIVACY POLICY
This Privacy Policy may be modified, completed or updated at any time by SILEX, in particular in order to take into account any legal, regulatory, jurisprudential and/or technical evolution, with the aim of constantly guaranteeing the best protection of the Personal Data of the Persons concerned. The Data Subject is invited to regularly consult the Privacy Policy in order to be kept informed of the processing of his/her personal data by SILEX. If the Data Subject does not agree with the terms of the redrafted Privacy Policy, he or she is free to (i) request the closure of his account in accordance with the provisions of the general terms and conditions of use of the Solution, and (ii) request the deletion of his or her Personal Data under the terms and conditions set forth in Article 6 above.
