Personal Data Protection Policy
Mise à jour le 01/04/2022
PERSONAL DATA PROTECTION CHARTER FOR B TO B DIGITAL SOLUTIONS FROM DAESIGN
DAESIGN Company
Simplified joint stock company with capital of 87 470 euros, 441 064 193 RCS Annecy, intracommunity VAT: FR71441064193
Registered office : 7 Impasse des Prairies, 74940 Annecy, Etablissement secondaire : 92 avenue de France, 75013 Paris
DAESIGN attaches great importance to the protection of your personal data, whether you are a prospect, customer and/or professional user of our digital solutions.
DAESIGN would like to inform you of the purpose pursued, the data collected and the means implemented to ensure the security of personal data in accordance with the laws and regulations in force in France and the European regulatory provisions.
1. Commercial prospecting
a. Data collected and purposes of processing
DAESIGN collects personal data when the referent (HR, tutor, etc.) registers directly on one of its websites, when he/she enters only a professional e-mail address to receive communications related to his/her professional activities, in order to obtain information as part of an information resquest or to receive a quote following an initial contact.
As a professional, the referrer’s consent is not required. However, they have the right to object to use of their personal data at any time.
The main data collected may be :
- First name, surname, company, telephone number, business e-mail address, job title, business sector.
b. Retention of personal data
This data is kept for the duration of the processing and up to a maximum of 3 years after the prospect’s last activity.
2. Professional customers
- Data collected and purpose of processing
DAESIGN collects personal data when acquiring user licences for a digital product in the catalogue.
The legal basis for this processing is the execution of the contract (the order).
The data collected is generally :
- Title
- First name
- Name
- No., street, postcode, town, country
- Telephone
- Company
- VAT number
- Bank details (payment mangement outsourced to payment and invoicing service providers)
The data is necessary for DAESIGN and/or its subcontractors to create the customer account, to ensure the follow-up of the order (invoicing, delivery, follow-up of the customer relationship) and to ensure the follow-up of the commercial relationship.
- Retention of personal data
Data is kept for the duration of the processing (contractual relationship) plus a maximum of 3 years from the end of the contractual relationship for the purposes of commercial canvassing.
This period may be extended for purposes of proof or to meet tax or social obligations.
3. Administrators and users of one of our digital solutions on our platforms
a. Digital solutions and training for certification
For the digital solutions in the Daesign catalogue* (digital solutions to date in the appendix), DAESIGN collects and processes the personal data of its customers via its platforms Daesign Academy, Serious Game Store, Savvy Learner and Savvy Author.
The information collected on these platforms is recorded in a computer file processed by and on behalf of Daesign acting as a subcontractor for its customers.
The personal data collected following user registration on the platform is necessary for :
- Create and manage user accounts
- Enable users to benefit from the platform’s features
- Provide users with after-sales service
The personal data transmitted by the referees following user registration on the platform are the connection identifiers, surname, first name and e-mail address.
The personal data of DAESIGN administrators and users is stored at AWS in Europe.
Users’ personal data is kept for the duration of the licence, plus a period of 3 months to enable Daesign to respond to users’ requests for the transmission of their data and the history of their training.
Within the framework of the execution of a contract concluded between DAESIGN and an organization (employer, local authority) for the benefit of its users (employees, citizens), the client company provides DAESIGN with the data of its users.
The user information is :
- Name
- First name
- Dates and times of connection to the platform
- Follow-up of educational activities
Using this data, DAESIGN allocates licences to users by providing them with a user ID and password to be personalised by the user, for the following purposes :
- Create and manage user accounts ;
- To enable users to benefit from the platform’s monitoring functionalities or to give access to administrators designated by the employer within the company or within an OPCO ;
- Enable users to find their progress, answers and score each time they log on ;
- Enable users to benefit from new content without having to change their login and password if they are issued with a new licence.
This data is necessary and indispensable to DAESIGN to enable the creation and management of user accounts and to enable them to track their progress.
DAESIGN may produce anonymous statistics on the use of the platform content by users.
DAESIGN prohibits itself from transmitting the personal data of the client and users of the platform to third parties for commercial prospecting and any other use outside of subcontractors authorized to know it.
Only administrators from the OPCOs designated by the organization can have access to the information of the information of the users they follow as part of their mission and in accordance with the execution of their contract. Their role is to verify the proper execution of user training.
4. Exercise of personal rights
In accordance with the “Data Protection Act” of January 6, 1978, as amended, the Law for a Digital Republic of October 7, 2016, and the European Regulation known as GDPR of April 8, 2016, you have the rights of access, rectification, limitation, opposition, deletion, and portability of your data, which can be exercised at any time by sending an email to : referent-rgpd@daesign.com, and specifying the name of the legal entity to which you are attached.
It is specified that the right of access may apply to all data concerning you, while the right to portability may only apply to data expressly provided by you (e-mail address, username, etc.) and to data generated by your activity during our business relationship (purchase history, exchanges, complaints, etc.)
In order to allow us to identify you and if we deem it necessary, particularly in the context of a request for access to your data or the portability of your data, we may be required to ask you to prove your identity.
We undertake to process your request within one month of your request and to notify you by return e-mail or post.
Finally, you have the option of organizing the fate of your personal data after your death.
All you need to do is designate a person who will be responsible for exercising your rights. Failing this, your heirs may exercise certain rights such as the right of access if it is necessary for the settlement of your estate or the right of opposition to close your user account and oppose the processing of your data.
In the event of a breach of our obligations, you may also file a complaint with the CNIL.
5. Security of personal data
The security and confidentiality of the personal data that you entrust to us is a priority for us.
Indeed, we make our best efforts to take all the technical, organizational measures and useful precautions with regard to the nature of ther personal data that you communicate to us and the risks presented by their processing. This is in order to preserve the security of your personal data and, in particular, to prevent them from being distorted, destroyed, damaged, or that unauthorized third parties have access to them.
To this end, we have implemented technical measures such as firewalls, and organizational measures such as an identifier and password system, physical protection means, etc.
The security and confidentiality of personal data also depends on everyone’s best practices. Therefore, in order to keep your personalised login details and passwords confidential, we invite you to secure them in particular by the following means :
- Choose password of 8 characters with lowercase, uppercase, numbers, letters and special characters
- Choose a password not linked to your identity (password composed of a last name, a date of birth, etc.)
- Do not communicate your login details and passwords to third parties
- Systematically log out of your profile and your customer account (in particular in the case of linked accounts)
- Close your browser window at the end of your session, particularly if you access the Internet from a computer shared with other people, and do not save your login details and password for them
- Do not store your password in a file on a computer or on easily accessible paper
- Do not send your password to yourself via e-mail personal
- Configure sotfware, including web browsers, so that they do not save the password
This will prevent other users from accessing your personal information.
*Password policy depending on the platform
On Serious game store : 8 characters minimum including at least 1 number(s), at least 1 symbol(s) ,at least 1 uppercase letter, at least 1 lowercase letter.
On Academy / Savvy Learner / Savvy Author : 8 characters minimum including at least 1 number(s), at least 1 uppercase letter, at least 1 lowercase letter.
6. COOKIES AND TRACKERS
a. Definition
A cookie is a file that will be placed on your device (computer, smartphone, or e-reader) when you visit one of our sites, or when installing and using software or a mobile application.
A cookie is used to store various technical data allowing general control of public access to our sites (number of visits, frequency of exposure to an advertising banner, connection to other sites, etc.) or the personalization of the pages displayed for your next interactions with a site (you account, your journey, etc.)
The term “cookie” covers, for example, http cookies, flash cookies, the result of the fingerprinting calculation, plugins, etc.
b. So-called “technical” cookies exempt from consent
- Session cookies (SSO)
- Cookies allowing the storage of a shopping cart
c. Cookies requiring your consent
- Connection persistance cookies
- Cookies subject to consent management entrusted to our service provider DIDOMI
In order to inform you as best as possible about our cookie management and respect your rights regarding cookies, we have called upon a service provider specializing in cookie management called DIDOMI.
As soon as you visit one of our sites and as long as you do not log out or change browsers, an information banner is displayed briefly mentioning the purposes pursued by cookies while offering you the possibility to accept all cookies, to continue without accepting cookies or to personalize your preferences.
Information banner :
“With your consent, our partners and we use cookies or similar techologies to store access personal information such as your visit to this site. You can withdraw your consent or object to processing based on legitimate interest at any time by clicking on “Learn more” or in our privacy policy on this site.”
With our parnters, we process the following data based on your consent and/or our legitimate interest :
Personalized content, content performance measurement, audience data, and product development, Site audience measurement, Customer journey optimization, Personalized advertising.
→ Learn more
→ Accept and close
→ Continue without accepting
By clicking on the “Learn more” button, you will access the preference center below to make your choices.
Preference Center
“We and our partners place cookies and use non-sensitive information from your device to improve our products and display personalized ads and content. You can accept or refuse these different operations. To learn more about cookies, the data we use, the processing we carry out and the partners we work with, you can consult our privacy policy.”
- Siet audience measurement
Audience measurement cookies allow us to track site usage statistics. By authorizing these cookies, you help us optimize the site and improve our services.
- Performance cookies
These cookies collect information on how visitors use the site, for exaple the most frequently viewed pages and the error messages that are displayed. These cookies do not collect information that identifies a visitor. It is only used to improve the operation of the site.
- Optimization of the customer journey
These cookies allow us to understand your preferences on the site and to provide you with a personalized experience as well as optimized navigation.
- Analysis and optimization of the customer experience
- Select personalized content
- Actively analyse the characteristics of the device for identification
- Create a profile to display personalized content
- Use precise geolocation data
- Store and/or access information on a device
- Develop and improve products
- Measure content performance
- Analysis and optimization of the customer experience
This solutions used allow us to better understand our users’ browsing in order to better meet their expectations. Better understanding allows us to optimize the user experience and offer personalized browsing. These solutions help us adapt the content of the site for a journey more suited to your needs.
- Personalized Advertising
Personalized advertisements that may interest you may be presented to you and their performance may be measured.
- Social Networks
“These cookies allow users to share pages and content via third-party social networks and to targer the advertising that will be offered to you by them.”
7. Updating the Charter
We reserve the right to modify this Charter, at any time, in whole or in part, taking into account changers and developments in our internal practices and procedures. The latter will ensure that they are always in compliance with any changes to French and European legislative and regulatory provisions.
We invite you to consult this Charter regularly, before collecting any of your data, for a better knowledge and understanding of the use of your personal data by our company.
ANNEX
List of websites
List of training platforms
- https://www.seriousgamestore.com (url générique)
- https://-academy.daesign.com (url créée pour chaque client)
- https://-adminacademy.daesign.com (url créée pour chaque client)
- https://.savvy-learner.com (url créée pour chaque client)
- https://super-adminacademy.daesign.com (uniquement utilisé par Daesign)
- https://daesign.savvy-author.com
- https://daesign-admin.savvy-author.com (uniquement utilisé par Daesign)