logo Sparlann loading...

Personnal data use policy

Version dated October 14th, 2019

ARTICLE 1. PURPOSE

The purpose of this data use policy is to set out in a transparent and clear way how SPARLANN (*), in its capacity as data controller, collects, stores, retains and communicates the personal data of the natural persons with whom it interacts as part of its activity, and in particular prospects, customers, and partners (hereinafter referred to as the “Data subjects” or the “Data subject”).

SPARLANN undertakes to ensure that this policy, as well as its application in practice, comply with the personal data protection system (hereinafter the “Regulations in force”), in particular:

  • The General Data Protection Regulation No. 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter the “GDPR”);
  • The Computer and Freedoms Act No. 78-17 of 6 January 1978 as amended by Act No. 2018-493 of 20 June 2018;
  • Decree No. 2019-536 of 29 May 2019 issued for implementation of Act No. 78-17 of 6 January 1978 relating to computing, files and freedoms.

This policy may change according to the legal and regulatory context, and in accordance with the doctrine of the Commission nationale de l’informatique et des libertés (French Data Protection Authority) (hereinafter the “CNIL”).

(*) SPARLANN
1 rue Raoul PONCHON - Parc d’affaires « Oberthür » - 35000 RENNES - France
Phone: +33 2 23 20 29 20 
Email: sparlann@sparlann.com
Full details of the information relating to SPARLANN are available in its Legal Notices.

ARTICLE 2. POINT OF CONTACT

SPARLANN specifically entrusted one member of its staff with ensuring that its practices comply with the Regulations in force.

Said member is the preferred point of contact of the Data subjects with SPARLANN regarding personal data protection.

The Data subject may contact him at the following email address, for all issues relating to the processing of their personal data as well as to exercise their rights on such (see Article 8):

ARTICLE 3. PERSONAL DATA COLLECTION

  1. The term “personal data” (hereinafter the “data”) means any information relating to a natural person that allows them to be identified, either directly or indirectly.
    In concrete terms this is their last name and first name as well as their email address, IP address, mobile number, address, identifiers, business and financial data, etc.
  2. SPARLANN collects and processes personal data to fulfil a specific, explicit and legitimate purpose.
  3. SPARLANN is careful however, to limit the collection of these data, to what is strictly necessary given the purpose pursued.
    However, although SPARLANN invites the Data subjects to communicate only the personal data which are strictly necessary for processing their request, they are free to communicate the personal data that they choose.
    Therefore, SPARLANN may not be criticised for collecting data whose communication it has not requested.
  4. Personal data may be collected by SPARLANN, depending on the case:
    • Directly from the Data subjects, whether at business meetings (trade fairs, conferences, events), as part of face-to-face or phone appointments, or via email exchanges;
    • On the Internet, through the Data subject’s website or institutional websites such as www.infogreffe.fr;
    • Via the collection forms completed by the Data subject, in particular the “NEWSLETTER REGISTRATION” form on the www.sparlann.com website;
    • When concluding or signing fee agreements;
    • Through its customers and partners.
  5. ​It is specified that certain data must be communicated, without which SPARLANN will be unable to process the Data subject’s request.
    Failure to provide information not marked by an asterisk does not prevent SPARLANN processing the Data subject’s request.
  6. Finally, in any event, and in accordance with the Regulations in force, each data processing operation carried out by SPARLANN has for its legal basis, one or more of the following bases (see Article 6):
    • The Data subject’s consent;
    • The performance of an agreement (such as for example a fees agreement) or pre-contractual measures taken at the Data subject’s request (thus for example a quotation or the examination of an applicant’s file for a position at SPARLANN);
    • Compliance with a legal obligation imposing the data processing;
    • SPARLANN’s legitimate interest, in particular, as regards the improvement of its services.

ARTICLE 4. PERSONAL DATA COLLECTION RECIPIENTS

  1. The data collected by SPARLANN are processed internally by the firm.
  2. SPARLANN does not communicate in any case, nor sell, either for commercial prospecting or another purpose, the Data subjects’ personal data.
    Therefore, the only recipients from outside SPARLANN to which the Data subjects’ data may be communicated, are providers of trusted services, chosen by SPARLANN, and which process such data specifically in the latter’s name and on its behalf.
    As an example, SPARLANN may use the following service providers:
    • Suppliers of computer services (email box, business software, audience analysis solutions, hosting, maintenance of computer tools);
    • Marketing providers (supplier of an electronic communications platform);
    • Other service providers (translation agencies, etc.).
    SPARLANN ensures that all providers whose services it uses offer sufficient guarantees with regard to data protection, in particular with regard to their privacy and their security.
    SPARLANN may moreover communicate the Data subjects’ data to professional institutions such as for example:
    • Courts;
    • Judicial auxiliaries (bailiffs, notaries and lawyers);
    • Industrial property advisers;
    • Intellectual Property offices (INPI, EUIPO, national offices other than the INPI etc.)
    • Domain name registration offices;
    • The CNIL;
    • Mediation centres.
  3. The Data subject’s personal data may be transferred outside of the European Union, to third countries for which the European Commission has not adopted any decision regarding their adequacy, even in the absence of appropriate safeguards within the meaning of Article 46 of the GDPR (e.g. as part of an opposition procedure before a foreign intellectual property office).
    Such transfers are, however made legitimate, according to the case, by:
    • ​​The explicit consent of the Data subject who has been informed of the risks involved for their data in the absence of a decision of adequacy and appropriate safeguards;
    • The performance of a contract between the Data subject and SPARLANN;
    • The recognition, exercise or defence of their rights in court.

ARTICLE 5. RETENTION PERIOD

SPARLANN retains the data of the Data subjects for the time strictly necessary to achieve the purpose pursued on collection and in compliance with the Regulations in force.

ARTICLE 6. PROCESSING DETAILS

Processing goals
(purposes)
Data subjects Data collected Origin of the collection Legal basis Data recipients Data retention period
Sending commercial communications (newsletter) Persons registered via the online form Email address Online registration form Consent SPARLANN and its service providers Until the data subjects withdraws their consent
Customers Business relationship SPARLANN’s legitimate interest (promotion of its services) Until the data subject objects
Management of newsletter opposition list

Persons registered via the online form

Customers

Email address, opposition to sending the newsletter Directly from the Data subject Legal obligation SPARLANN and its service providers 5 years from withdrawal of the consent / from the objection
Recruitment Applicants for a position at SPARLANN Identification data, contact information, cover letter, curriculum vitae Paper/ by email

Constitution of a CV library: SPARLANN’s legitimate interest

Recruitment management: consent/ pre-contractual performance

SPARLANN and its service providers

Applicant not selected: 2 years after the last contact

Successful applicant: 5 years following the ending of the employment relationship

Preparation of quotations Prospects

Identification data

Contact information

Professional data

Purpose of the request

See Art. 3. 4 PDUP Pre-contractual performance SPARLANN and its service providers Prospects: 3 years from last contact
Customers Customers: period of the business relationship
Appraisal and management of the customer request Customers

Identification data

Contact information

Professional data

Purpose of the request

See Art. 3. 4 PDUP SPARLANN’s legitimate interest

SPARLANN and its service providers

Professional institutions

Customer record: period of the business relationship

Data required to establish evidence of a right / contracts: 5 years

Other (e.g. opponents, partners, etc.) SPARLANN’s legitimate interest
Monitoring of the portfolio of intellectual property titles (e.g. trademarks) Customers

Identification data

Contact information

Professional data

Intellectual property titles held

See Art. 3. 4 PDUP Contractual performancee

SPARLANN and its service providers

Professional institutions

5 years from non-renewal of the title.
Former customers SPARLANN’s legitimate interest
Management of partners Partners (lawyers, notaries, bailiffs, etc.)

Identification data

Contact information

Professional data

See Art. 3. 4 PDUP Contractual performance SPARLANN and its service providers

Partner record: period of the business relationship

Data required to establish evidence of a right / contracts: 5 years

Management of invoicing and arrears

Customers

Partners

Identification data

Contact information

Professional data

Economic and financial data (bank account identification details, cheque No., data relating to the settlement of invoices)

See Art. 3. 4 PDUP Contractual performance SPARLANN and its service providers

Data related to invoicing: 10 years

Accounting: 10 years

Management of Data subjects’ requests to exercise their rights

Natural persons whose data are processed by SPARLANN (prospects, customers, applicants, partners)

Identification data

Contact information

Data relating to the request:

Photocopy of the identity document if applicable

Directly from the Data subject, at the time of the request Legal obligation SPARLANN and its service providers

5 years from the request date (intermediate archiving in the event of a dispute)

ARTICLE 7. PERSONAL DATA SECURITY

SPARLANN puts in place organisational and technical measures to keep the Data subjects’ data secure, by, in particular, protecting them against any loss, tampering or disclosure and against any unauthorised access.

In particular, each SPARLANN employee is bound by a non-disclosure obligation and made aware of personal data protection, in particular through training courses.

ARTICLE 8. DATA SUBJECTS’ RIGHTS

  1. In compliance with the Regulations in force, the Data subject has the following rights to their data:
    • The right to know whether their personal data are processed by SPARLANN and if this is the case, the right to access these data and any information relating thereto;
    • The right to request the rectification of any personal data that are incorrect;
    • When the processing is based on their consent, the right to withdraw the latter at any time; otherwise, the right to object, under the conditions of Article 21 of the GDPR to the processing that they have not permitted;
    • The right to request erasure of the processed data under the conditions laid down in Article 17 of the GDPR (in particular in the event of objection to the data processing);
    • The right to limit the processing under the conditions of Article 18 of the GDPR;
    • The right to give instructions setting out the way their rights to their personal data should be exercised after their death;
    • When the processing is based on a contract or on their consent, the right to receive the personal data that they have provided to SPARLANN, in a structured format, commonly used and machine-readable, in particular so that it can send them to another data controller or the right to have SPARLANN communicate their data directly to the new controller;
    • The right to lodge a complaint with the CNIL (www.cnil.fr/fr/plaintes), as well as a judicial remedy.
  2. If a request is made relating to exercise of their rights, the Data subject must necessarily provide their identity to SPARLANN.
    Thus, in the event of reasonable doubt as to the identity of the Data subject and if it cannot be verified otherwise, SPARLANN may require the Data subject to present it with a copy of their identity document.
  3. For more information about their rights, the Data subject may peruse the CNIL website: www.cnil.fr/fr/les-droits-pour-maitriser-vos-donnees-personnelles.