Privacy Policy

01.

Who is DPOption?

DPOPTION is a company specialised in the implementation of “DPO” services and offers its clients support services enabling them to comply with the rules of Personal Data Protection.

DPOption attaches great importance to the protection of personal data throughout its activities, and thus complies with all relevant laws and regulations.

All the terms mentioned below in capital letters correspond to those defined in the European Regulation on the protection of personal data, which came into application on 25 May 2018.

The purpose of this Privacy Policy is to describe all processing activities carried out by DPOption from the management of the dpoption.fr website.

02.

What personal informations are processed by DPOption?

DPOption implements all its Processing of Personal Data by applying the relevant rules, and in particular:

– the General Data Protection Regulation, n°2016/679 wich came in application on 25 May 2018, and,

– the Informatique et Liberté Law n°78-17 from 7 January 1978, in its modified version.

Within the framework of the activity carried out through the website dpoption.fr, DPOption acts as Data Controller in that the company determines the Purposes and the means of the Treatments described below.

The Processing of Personal Data carried out within the framework of the exploitation of the website dpoption.fr obey the principles of loyalty, legality, and transparency. DPOption is thus committed to providing clear, complete, and easily accessible information on the methods of execution of these processings.

The scope of the use and management of the website dpoption.fr leads DPOption to carry out the Processing of Personal Data detailed in the table below:

Purposes of the processing	Personal data sent to DPOption	Legal Basis of the processing
Management of initial contact requests from DPOPTION users	Name, first name, user’s company, email address, phone number	DPOption legitimate interest
Management of requests to perform services offered by DPOPTION	Name, first name, user’s company, email address, phone number	Execution of the pre-contractual phase and execution of the contract.
Management of recruitment requests within DPOPTION	Name, first name, postal and telephone contact details, employment status information	DPOption legitimate interest
Answers to enquiries about the offers and services provided by DPOPTION	Name, first name, user’s company, email address, phone number	Execution of pre-contractual measures at the initiative of the data subject
Communication on personal data protection news (not applicable currently)	Name, first name, user’s company, email address, phone number	User consent
Analysis of responses concerning individual rights requests	Name, first name, user’s company, email address, postal address, and user/company to which the user belongs	DPOption legal obligation
Management of the activity and traffic on the website	IP address, information about the user’s connections	DPOption legitimate interest

03.

Where are your personal data stored?

DPOption can proceed the storage of your personal Data (and thus transmit these to Processors) for purposes of hosting and management of its database relating to the use of the site dpoption.fr, or for the management of its data-processing resources dedicated to its daily activity.

In this case, DPOption is committed to the verification of their compliance with the rules of personal data protection, and to the establishment of a dedicated contractual framework, under the conditions required by the above rules.

DPOption can also submit certain information to persons and entities entitled to do so internally (employees, management, company employees) and externally, in particular to third parties authorised by virtue of legal, administrative or judicial prerogatives.
Apart from these cases,

DPOption does not proceed to any transmission of Personal Data without having obtained your prior consent in accordance with the applicable regulations.

In all the above cases, DPOption does not carry out any Transfer of Personal Data outside the European Union. Nevertheless, in the event of such an operation, DPOption will apply the necessary regulatory framework adapted to the situation of the said Transfer, by ensuring:

The transfer of Personal Data to a country with an adequate level of protection; or
The signature of the Standard Contractual Clauses (SCC) proposed by the European Commission; or
Any other guarantee that will be considered appropriate within the meaning of Article 46 of the GDPR.

04.

How long is Personal Data stored by DPOption?

Purpose of the processing	Retention period of the personal data
Management of initial contact requests from DPOPTION users	Retention for 3 years from the last contact with the user
Management of requests to perform services offered by DPOPTION	Retention for 3 years from the last contact with the user in case of “prospect”. Retention for the duration of the relation followed by a period of 5 years in case of “customer” status
Management of recruitment requests within DPOPTION	Retention for 2 years after a negative outcome of the recruitment process. Retention for the time of the employment relation followed by a period of 5 years after the end of the employment contract
Communication concerning the offers and services provided by DPOPTION	Retention for 3 years from the last contact with the user
Communication on personal data protection news	Retention until the user unsubscribes and deletion in case of inactivity after a period of 12 months
Responses and Processing concerning individual rights requests	Retention for a period of 10 years from the closure of the individual right request
Management of the activity and traffic on the website	Information on users’ connections kept for a maximum of 13 months

05.

How does DPOption ensure the security of your Personal Data?

DPOption is committed, within the scope of an obligation of means, to put all the actions in place to guarantee the security of your Personal Data.

For this, the commitments of DPOption relate to the application of all the technical and organisational Measures within the meaning of article 32 of the GDPR, which will make it possible to ensure the confidentiality, the integrity and the availability of the Personal Data, and thus a sufficient level of protection of the latter.

The DPOption team is also aware of and trained in the protection of personal data, including the consideration and application of such measures.

06.

What individual rights do you have?

You have the possibility to request, at any time, the exercise of your individual rights, and in particular:

Access to your Personal Data in a clear and understandable format so that you know what information is being processed about you,
Rectification leading to the modification of any Personal Data that is incomplete or erroneously processed by DPOption,
The erasure of your Personal Data under conditions predetermined by the applicable Regulation,
Limiting the processing of Personal Data under conditions predetermined by the applicable Regulation,
The possible opposition to the data processing by putting forward the legitimate reasons for which it must be met.
The portability of Personal Data in a clear and machine-readable format, with the possibility of transmitting such Data to another organisation.
The determination of the fate of your Personal Data in case of disappearance, with the transmission of the dedicated directives, to DPOption.
All these rights can be exercised using the contact form available in the “contact us” section, or by email to the following address: contact@dpoption.fr
DPOption will be able, in certain cases necessary to your identification, to condition the installation and the processing of your request with the transmission of a valid document of identity.
DPOption is committed to processing any request concerning the exercise of your individual rights within 30 days of its receipt; this period may be extended by an additional sixty (60) days in case of complexity in the investigation of the request. In this case, DPOption is committed to keep you informed and to make the follow-up of the aforementioned requests.
You can also exercise your right of withdrawal of consent concerning the processing of offers and services promoted by DPOption, under the same conditions as the rights listed above.
The Customer may also file a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL) online on the CNIL website, in the section dedicated to complaints.

All these rights can be exercised using the contact form available in the “contact us” section, or by email to the following address: contact@dpoption.fr

DPOption will be able, in certain cases necessary to your identification, to condition the installation and the processing of your request with the transmission of a valid document of identity.
DPOption is committed to processing any request concerning the exercise of your individual rights within 30 days of its receipt; this period may be extended by an additional sixty (60) days in case of complexity in the investigation of the request. In this case, DPOption is committed to keep you informed and to make the follow-up of the aforementioned requests.

You can also exercise your right of withdrawal of consent concerning the processing of offers and services promoted by DPOption, under the same conditions as the rights listed above.

The Customer may also file a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL) online on the CNIL website, in the section dedicated to complaints.

07.

Does DPOption use cookies?

A cookie is a text file that is inserted into the user’s terminal equipment, in particular the browser, when visiting a website.

As part of your navigation on the dpoption.fr website, DPOption may use cookies whose objectives are to allow:

The implementation of a functional navigation and the optimal use of all the pages and modules provided on the website, and thus satisfy the implementation of a satisfactory user experience during the Customer’s visit,
The monitoring of the performance of the website and the implementation of actions to improve its operation without the implementation of an identification action by DPOption.

The management of cookies can be done through the Axeptio module offered by DPOption, with a tool for managing preferences that allows the Customer to accept or reject all cookies implemented via the website dpoption.fr.

DPOption pays particular attention to the implementation of cookies and tracers able to store technical data of users, and will propose a regular update of its policy on the use of these tools, in order to ensure the transparency of related data processing, in compliance with the GDPR.

08.

Update of the Privacy Policy

This Privacy Policy is reviewed and updated on a regular basis, taking into consideration the changes that may occur in the processing of Personal Data by DPOption within the framework of the dpoption.fr website.

Current version as of 26 September 2023