background

Privacy policy

1.             Preamble

This privacy policy (hereinafter the "Policy) is established in accordance with the General Data Protection Regulation (hereinafter "GDPR") (EU Regulation 2016/679) applicable in all European Union Member States, as well as the specific national laws in force in each country where our subsidiaries operate.

This Policy reflects the Sewan Group's commitments with regard to the protection of Personal Data and constitutes a common reference for all our subsidiaries located in the European Union where we carry out our activities.

This Policy aims to ensure consistent and transparent management of Personal Data for all Data Subjects, customers and partners, regardless of their location.

SEWAN undertakes to comply with all obligations resulting from the application of applicable regulations on the protection of Personal Data.

This Policy describes the processing of Personal Data carried out by SEWAN as part of the provision of the Services, for which SEWAN acts as Data Controller. Where SEWAN acts as a Sub-Contractor, the obligations and commitments are specifically defined in the contracts concluded between the parties in this capacity.

2.             Definitions

Capitalized terms, whether singular or plural, are defined below or in the contractual documents binding the Parties:

  • Customer: Any individual or legal entity benefiting from SEWAN's Services either because they have subscribed directly or via one of its partners.
  • Personal Data: Refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the "Data Subject"); an "identifiable natural person" is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, Location Data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
  • Data Subject: Refers to the natural person to whom the Personal Data relates.
  • Regulation: Refers to all laws and regulations applicable to the protection of Personal Data, including in particular the General Data Protection Regulation ("GDPR") and any specific national legislation in force in the territory concerned. By way of example: In France, the Data Protection Act no. 78-17 of 6 January 1978 as amended ; In Belgium: the Act of 30 July 2018 on the protection of individuals with regard to the processing of personal data; In the Netherlands: the law implementing the AVG (Uitvoeringswet Algemene Verordening Gegevensbescherming) ; In Spain, Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights
  • Data Controller: Refers to the person who determines the purposes and means of a Processing operation, i.e. the objective and the way in which it is carried out.
  • Service: Refers to the service or services provided by SEWAN.
  • Sub-processor: The Sub-processor is the person who processes Data on behalf of another organisation ("the Controller"), as part of a Service or provision.
  • Processing: Refers to any operation or set of operations carried out or not using automated processes and applied to Personal Data or sets of Personal Data, such as collecting, recording, organising, structuring, storing, adapting or modifying, extracting, consulting, using, communicating by transmission, disseminating or otherwise making available, combining or interlinking, limiting, erasing or destroying.
  • Violation of Personal Data: Refers to a breach of security resulting in the accidental or unlawful destruction, loss, alteration or unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.

3.             What categories of Personal Data do we process?

In the context of its activity, SEWAN ensures that it only processes Personal Data that is adequate, relevant and limited to what is necessary for the performance of the Services subscribed to by the Customer in accordance with the principle of minimisation (article 5.1.c of the RGPD).

SEWAN processes the following categories of Personal Data:

  • Identification data/Contact data: title, surname, first names, company, position held, postal address, telephone number (fixed and/or mobile), e-mail address, technical identifiers of the Data Subject;
  • Data relating to connection to and use of the Services: connection logs, advertising identifiers, IP address, in particular ;
  • Data relating to the support provided as part of the provision of our Services: information appearing on incident tickets or in the telephone records of a Data Subject reporting an incident.
  • Data relating to interactions with our Services: reports of interventions, IP addresses used to visit our site, use our applications and consult our e-mails (operating system used, type of equipment, etc.);
  • Data relating to the transaction and monitoring of the commercial relationship: transaction number, details of the purchase, subscription, product or Service subscribed to, delivery address, history of purchases and Services, product returns, correspondence with the Customer and after-sales service, exchanges and comments from Customers and prospects, person(s) in charge of Customer relations, etc;
  • Data relating to the payment of invoices: in particular means of payment, invoicing data, invoice payment methods, discounts granted, balances and unpaid invoices;
  • Profile data: e.g. feedback and survey responses;
  • Communications traffic and routing data ;
  • Hosted Data : Personal Data of the Data Subject that may be recorded or stored (for example, directories), data that the Data Subject entrusts to Sewan in the context of the use of the Service (hosted data) ;
  • Cookies and other tracers deposited on our website and applications. For more information, please consult our cookies policy.

4.              Why do we process your Personal Data?

As part of its business, SEWAN ensures that Personal Data is processed lawfully for specified, explicit and legitimate purposes, in accordance with Article 5.1.a and 5.1.b of the GDPR. In particular, your Personal Data may be processed under the following conditions of lawfulness and for the following purposes:

  • Legal basis: performance of the contract
    Purpose :
    - Customer billing
    - Management of subscriptions and use of Services
    - Management of equipment - Management of orders
    - Interventions on the Customer's site
    - Tool training for the Customer
    - Network deployment
    - Authentication and identification on the SEWAN Customer portal
    - Customer communication for technical maintenance operations
    - Management of unpaid bills
    - Processing of complaints and cancellations
    - Hosting of Data Subjects
    - Communications necessary for the performance of the contract
  • Legal basis: Legitimate interests
    Purpose :
    - Fight against fraud
    - Management of outstanding payments
    - Deployment of Sewan products and services
    - Network deployment
    - Securing information technology
    - Responding to satisfaction surveys in order to identify areas for improvement in our Services
    - Carrying out statistical studies
    - Training of SEWAN employees using analysis grids and/or recordings for the educational benefit of the employee - Evaluation of SEWAN employees
  • Legal basis: Consent
    Purpose :
    - To improve the quality of Service on our networks by collecting terminal data
    - To identify prospects or Customers and their needs or offers
    - To make personalised recommendations to Customers
    - Propose targeted and tailored offers to Customers of SEWAN and its subsidiaries

·        Legal basis: Legal and regulatory obligation
Purpose :
- To archive accounting and legal data
- To respond to requests from third parties authorised by the regulations
- Respond to requests from the authorities
- To manage requests to exercise the rights of Data Subjects
- Managing pre-litigation and litigation cases
- Preventing fraud and applying related sanctions.

5.             Who processes your Personal Data?

In order to fulfil the purposes set out above, your Personal Data will only be passed on to authorised and competent recipients, in accordance with the regulations in force, namely :

  • SEWAN's internal services
  • Subcontractors and any service providers of SEWAN. SEWAN requires its Subcontractors to comply with obligations equivalent to those imposed on SEWAN under this Privacy Policy.
    The following table describes the legal entities acting as Sub-Contractors authorised by SEWAN: see table.
  • The competent authorities at their request in response to legal proceedings, judicial investigations, requests for information or in order to comply with other legal obligations.

6.             What about transfers outside the European Union?

The Personal Data collected may be processed outside the European Union. In this case, SEWAN takes the necessary steps with its Subcontractors and partners to ensure an adequate level of protection of Personal Data in full compliance with the GDPR and applicable laws on the protection of Personal Data. To this end, SEWAN ensures that these transfers are governed by appropriate legal mechanisms, such as Standard Contractual Clauses ("SCC"), the latter being made available by SEWAN to the Customer on request.

7.             How do we secure your Personal Data?

SEWAN has defined technical and organisational measures to ensure the protection of your Personal Data. These measures take into account the category of Personal Data and the level of risk presented by the processing.

To this end, we have set up :

  • An Information Security Policy (ISP), drawn up as part of our ISO 27001 certification process
  • Raising awareness among SEWAN employees of the issues and best practices surrounding the protection of Personal Data
  • Physical and logical access security
  • Operational safety
  • Asset security
  • Safety in relations with subcontractors

In the event of a Personal Data Breach, SEWAN will follow strict internal procedures, including notification to any relevant authorities and Data Subjects, where required by law or under our contractual obligations.

SEWAN will notify, where appropriate, depending on the assessment of the risk, the supervisory authorities such as the CNIL in France within the time limits set in accordance with Article 33 of the RGPD but also, if necessary, the Data Subjects, pursuant to Article 34 of the RGPD. SEWAN may, if appropriate, conduct an internal audit to identify the said breach, assess its impact and take all appropriate corrective measures. Corrective actions may include modifying existing processes, improving security measures or providing ongoing training to employees.

8.             How long is your Personal Data kept?

SEWAN retains your Personal Data for a period of time that enables it to fulfil the purposes set out in Article 4 hereof. The length of time we keep this Data depends on the purpose for which it is processed. When required by law, we retain certain information for a period necessary to comply with the legal and regulatory provisions applicable to our activity as a telecoms operator.

9.             What are your rights?

In accordance with the RGPD, you have various rights over your Personal Data.

In our capacity as Data Controller, you may ask us at any time to access, rectify or delete your Personal Data (insofar as this does not prevent the proper performance of our contractual relationship or compliance with legal obligations) and to limit the processing of one or more specific items of Personal Data concerning you, in accordance with the conditions set out in the Regulations.

You also have the right to object to the processing of your Personal Data under the conditions set out in the Regulations.

It is therefore important that the information you provide to SEWAN is accurate and up to date, and that you inform us without delay of any significant changes concerning you.

10. How can you exercise your rights?

You can exercise your rights in relation to your Personal Data by contacting the Data Protection Officer or the appropriate contact in your region:

For Sewan (France) and Sewan Belgium :

Postal address: Comité Délégué à la Protection des Données, 2 Cité Paradis, 75010 Paris
Email dpo@sewan.fr

For Sewan España, SL

Postal address: Comité Delegado de Protección de Datos, Avenida de Manoteras 22, naves 73-74, 28050 Madrid

Email : dpd@sewan.es

For Sewan Nederlands :

Postal address: Science Park Eindhoven 5218, 5692EG Son en Breugel   

Email : info@sewan.nl

 

SEWAN will provide you with information on the measures taken in response to your request within one month of receipt of the request in accordance with Article 12 of the GDPR. If your request is complex and/or if SEWAN is faced with a large number of requests, the response time may be extended by two months. In the latter case, SEWAN will provide you with the reasons for the extension within one month of receiving your request. Furthermore, in accordance with Article 12.5 of the GDPR, where requests are manifestly unfounded or excessive, in particular because of their repetitive nature, SEWAN may require payment of reasonable costs which take account of the administrative costs incurred in providing the information, making the communications or taking the measures requested, or refuse to comply with such requests.

11.  Making a complaint to the competent authority

You can also lodge a complaint with your competent authority (France: with the CNIL, Spain: with the AEPD, Belgium: with the ADP, Netherlands: with the Autoriteit Persoonsgegevens).

12. Reference language

In the event of any discrepancy or problem of interpretation relating to the translation of the Policy, the French version shall prevail over any other version.