Privacy Policy

Updated on 27 May 2024

I. Preamble

Smart Privacy Consulting (hereinafter referred to as “Smart Privacy Consulting” or “We”) registered with the Nanterre Trade and Companies Register under number 880 744 610, whose registered office is located at 1-7 Cours Valmy, 92800 Puteaux, France collects and processes Your Personal Data, as a visitor to www.smartprivacyconsulting.com

The purpose of our Site is to introduce Smart Privacy Consulting services. We are sure that we can help your entity to find the best solution to reach full compliance and make grow your business.

We want also to provide you with:

  • The latest news on digital matters, including data protection and security; cybersecurity and artificial intelligence.
  • The case law of the supervisory authorities and of the European Court of Justice

We know that the protection of your privacy and of the data processing of your data is essential to you. Therefore, Smart Privacy Consulting, the Data Controller of Your personal data, processes your data securely, protects and respects Your privacy.

In this “Privacy Policy” (hereinafter “the Policy”) We explain to You why and how We collect and process Your Data on Our Corporate Site, with whom and how We may share it and, above all, your GDPR rights regarding and how You can exercise them.

The use of the Site means that You accept that Smart Privacy Consulting and Processors process your personal data in accordance with what is indicated in this Policy and in the Terms and Conditions of Use (TCU), which can be consulted here.

The French version of this Policy is authentic and prevails over any translation.

Smart Privacy Consulting reserves the right to modify this Privacy Policy to consider legal and technological developments. We will notify to you any modification the next time You connect to the Site.

II. Definitions

In this Policy, capitalized words or expressions refer to terms as defined in Article 4 of the General Data Protection Regulation No. 2016/679 (hereinafter “GDPR”) or refer to the TCU definitions.

Applicable regulations: Refers to Law No. 78-17 of 6 January 1978 relating to information technology, files and freedoms as amended by Law No. 2018-493 of 20 June 2018, Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”),  and repealing Directive 95/46/EC, as well as any other applicable Data Protection Regulation.

Consent: Refers to any free, specific, informed and unequivocal indication of the data subject’s wishes by which he or she accepts, by a clear affirmative action, that he/she accepts its Personal Data concerning to be processed.

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing. In this case, Smart Privacy Consulting is the Data Controller of Your Data.

Data Processing: Means any operation or set of operations which is performed on Personal Data or sets of Personal Data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, the rapprochement or interconnection, the limitation, the erasure, the destruction.

Data Processing Addendum (“DPA”): refers to the contract governing data processing between the Data Processor and the Data Controller, between joint controllers or between the Independent Controllers.

Personal data (“Data”): Any information relating to an identified or identifiable natural person. An “identifiable natural person” is one who can be identified, directly or indirectly, by reference to an identifier, such as a name, an identification number, a business card number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic identity, psychological, economic, cultural or social.

Processor: Refers to the natural or legal person, public authority, agency or any other body that processes Personal Data on behalf of the Data Controller.

Recipient: Refers to the natural or legal person, public authority, agency or other body that receives communication of Personal Data, whether it is a third party.

User: You, the public or private organization, visitor of the Site.

III. Which Data do we process and for which purposes?

When You wish to be contacted by Smart Privacy Consulting, we need to ask You for a certain amount of data through a contact form. We only ask you for mandatory data, without which we would not be able to process your request.

A. When You fill out the contact form

All the data you are required to fill in in the contact form are mandatory. That is why they are followed by an asterisk (*). We need this data to:

  • Understanding Your Request and Your Expectations
  • Discuss with you about the most suitable solution for your specific needs.

We will therefore ask You, before sending your message, for your identification data: last name, first name, email.

We will ask You to tick the respective box to give us your consent at the bottom of the contact form.

B. Cookies

We only deposit Cookies that are essential to Your browsing on the Site and that We use, by analyzing anonymous data, to know how Our Site works and to optimize it. You can find all the information about Cookies in our Cookie Policy, accessible here.

IV. Legal grounds for processing Your Data: consent and contract, as the case may be

A. Consent

We will always ask You to give us your consent to:

  • Process your contact data to be able to respond to your request.
  • Deposit certain cookies, if we share a video on our site.

B. The Contract

If You sign a contract with Smart Privacy Consulting, you become our customer. The legal ground of this data processing will be the contract.

V. Whom do we share your data with?

We share Your data with:

  • Our Data Processors, for the purposes of developing and hosting the Site.
  • Our Partners: experts in digital matters, mostly in cybersecurity, data protection and data privacy.
  • The Professional network: LinkedIn

1. Our Processors:

a. TechMyBiz: The website developer

Smart Privacy Consulting has entrusted TechMyBiz to develop our corporate website.

TechMyBiz is a French agency, specialized in creating and redesigning websites.

TechMyBiz’s headquarters are located:

76 av. du Général de Gaulle

92250 La Garenne-Colombes.

TechMyBiz has guaranteed Smart Privacy Consulting the protection and security of data through the security measures implemented:

  • the protection measures associated with the website and the messaging systems used by TechMyBiz: complex passwords and devices set up on the servers.
  • Built-in safety features:
    • in the website’s content management system (WordPress) in charge of securing access to its control panel, verifying the integrity of its files, and operating a firewall.
    • to the host of the Site.
    • the theme and extensions connected to the website.
  • the HTTPS secure hypertext transfer protocol which ensures the integrity of the Data sent by the User of our website and received from the server.
  • the daily backup process of the website and its database.

b. Ionos: Cloud hosting the Site

Ionos, the cloud hosting our Site, is located within the European Economic Area and more specifically in Germany:

1&1 IONOS Cloud GmbH7,

Greifswalder Station Square Str. 207

BP 70109

10405 Berlin,

Germany

Smart Privacy Consulting has ensured that Ionos has all the appropriate security and data protection measures, including ISO 27001 certification, the IONOS Group’s ISMS Applicability Policy, data replication to another data center, etc. If you wish, you can consult the Ionos Privacy Policy at: https://www.ionos.fr/terms-gtc/terms-privacy/

You can also consult the DPA of Ionos as a Processor, published at: https://www.ionos.fr/terms-gtc/data-processing-agreement-dpa/

c. Automattic Inc.: WordPress

Smart Privacy Consulting shares Your Data with Automattic Inc., publisher of the WordPress content management system, used by TechMyBiz to develop our corporate website.

Automattic Inc. is Data Privacy Framework certified, legalizing the transfer of data between the European Union and the United States of America, as provided for in the Data Privacy Framework Adequacy Decision, which came into force on July 10, 2024.

d. Google: Script and Font Library

To optimize the graphic quality of the Site on all browsers, we use the Google Fonts script and font libraries: https://www.google.com/webfonts. Google Fonts are transferred to your browser’s cache to prevent multiple loads. If your browser does not support Google Fonts or blocks access to them, the contents will be displayed using the default font.

Any request to a script or font library automatically triggers a connection with the library operator. While it is theoretically possible for library operators to collect data, the existence of this practice and, if so, the purposes pursued have not yet been established.

If you like you can review the Google Library Operator’s Privacy Policy, accessible at https://www.google.com/policies/privacy.

Google is Data Privacy Framework certified, thus legalizing the transfer of data between the European Union and the United States of America, as provided for in the Data Privacy Framework Adequacy Decision, which came into force on July 10, 2024.

2. Our Partners

Smart Privacy Consulting collaborates with professionals’ experts in data protection, cybersecurity, as well as in the compliant development of websites, both corporate and e-commerce.

Depending on Your requests, we will share Your data with our Partners who will support Us in Our missions. Smart Privacy Consulting’s Partners offer strong guarantees in terms of data protection and security.

3. The professional network: LinkedIn

You can follow Smart Privacy Consulting as well as its news through the corporate LinkedIn page of its founder, Patricia del Carmen and, through the corporate page of Smart Privacy Consulting.

In these cases, you must log in to Your LinkedIn account to follow Us. Smart Privacy Consulting cannot control the use of Your Data by LinkedIn when You are redirected to their professional network and therefore cannot be held responsible for any misuse on their part.

We have no control over the process used by LinkedIn to collect information relating to Your browsing on the Site and associated with Your personal data held by LinkedIn. We invite You to read carefully their Privacy and Cookies Policy to learn about the purposes of use, in particular advertising, of the browsing information collected by them. Their Policies should enlighten You on Your rights, how to exercise them and how to set Your consent: https://www.linkedin.com/legal/privacy-policy

We, Our Processors and Partners retain Your Data for a period of 3 years after Your last activity on the Site, unless You request it from us before.

If You have signed a contract with Smart Privacy Consulting, your data will be kept for the duration of our contractual relationship and will then be securely archived for a period of five (5) years, corresponding to the contractual prescription.

VI. Your rights and how can You exercise them

1. Your rights

In compliance with the Applicable Regulations on the Protection of Personal Data, and in particular Law No. 78/17 on Information Technology, Data Files and Civil Liberties, as amended, and Regulation (EU) 2016/679, You have the rights of access, deletion, limitation of processing, opposition and portability of Your Data, in accordance with Articles 15 to 21 of the GDPR.

We do not carry out profiling or make automated decisions about you.

1.1. Definitions of Your rights:

Post-mortem right: Gives you the opportunity to define general or specific directives relating to the retention, deletion and communication of Your Data after Your death, in accordance with Article 40-1 of the French Data Protection Act.

Right of access: You may request access to Your Data and obtain communication of the Data concerning You that We hold, in an accessible and readable form.

Right to rectification: You have the right to ask us to rectify your data, if you notice that the data we have in our possession is no longer accurate.

Right to be forgotten: You may request the deletion of all or part of Your Data free of charge, within the limits of the obligations to which We are subject in compliance with the applicable regulations.

Please note that we will not be able to delete your data if you are still in a contractual relationship with us.

Right to portability: You may obtain communication of all the Data processed by Us in an automated manner concerning You, in an accessible and machine-readable form, if you have provided this data to us under the legal grounds of consent or contract.

Right to restriction: You can ask us to freeze the processing of your data if you contest the accuracy of the data used by us or if you object to your data being processed during the verification period. We will not be able to process your data in this case, but we will have to keep it.

Right to object: You can object to your data being used by us for a specific purpose. You must put forward “reasons relating to your particular situation”, except in the case of commercial prospecting, which you can object to without reason.

Right not to be subject to an automated individual decision: You may refuse to be subject to an automated individual decision taken based on Your Data when it produces legal effects or significantly or similarly affects You.

You also have the right to object to an automated individual decision taken based on Your Data, in accordance with Article 22 of the GDPR.

1.2 How can You exercise your rights?

You can exercise Your rights by sending an email to p.delcarmen@smartprivacyconsulting.com

Please note that we may, depending on the case, ask you for a copy of a document allowing us to verify that your identity has not been usurped: an invoice for example. Whatever document you send us, we ask you to send it to us after securing it through the https://filigrane.beta.gouv.fr/ site set up by the French government to prevent identity theft. In any case, the documents that you wish to send us will be destroyed after we have verified your identity, if necessary.

If You consider that we are not respecting your rights, You may lodge a complaint with the CNIL in France, or with the supervisory authority of the country in which You have contracted with Smart Privacy Consulting.

VII. How do we protect your data?

Smart Privacy Consulting implements and maintains all technical and organizational measures necessary to guarantee the security of Data, in accordance with Article 32 of the GDPR, including the hosting of our site and your data in a German Cloud and data center and the minimization of the data collected and processed by us.

These measures are subject to technical progress and development, and We may need to take appropriate alternative measures to ensure the security of the Processing. In such a case, these measures comply with the legal provisions laid down in Article 32 of the GDPR and are not lower than the level of security provided for by the measures available in the applicable Data Protection Law.

Smart Privacy Consulting has ensured that all its Processors and Partners have given us all the guarantees to protect Your Data in compliance with any applicable Regulations regarding the protection of Personal Data and cybersecurity.

VIII. Contact

For any request relating to this Privacy Policy, we invite You to write to p.delcarmen@smartprivacyconsulting.com

You can use our contact form for this or send us an email directly.