Privacy Policy

We specialize in data hosting, and we know that our clients, prospects, employees, suppliers, collaborators and various partners are concerned about the security and confidentiality of their personal data. We therefore wish to build a relationship of trust with them, particularly by being perfectly transparent regarding their personal data.

This is why with the entry into force on May 25, 2018 of European Regulation No. 2016/679 of April 27, 2016 on the protection of personal data (hereinafter the "GDPR"), we have redefined and formalized our personal data protection policy in this document called "Data Protection Policy".

This Data Protection Policy therefore aims to inform you about the commitments and technical and organizational measures we have put in place to ensure the protection of your personal data.

It complements ALWAYSDATA's General Terms and Conditions of Service (hereinafter the "GTC"), which encompass its contractual clauses regarding subcontracting.

This Data Protection Policy is not fixed; it may evolve according to regulations, both national and European, and will undergo adaptations that the doctrine of CNIL (National Commission for Information Technology and Civil Liberties) and the guidelines of G29 (Working group bringing together representatives of the independent supervisory authority of each member country of the European Union) will make necessary.

Article 1: Data collection and processing

As part of its activity, ALWAYSDATA collects and processes personal data necessary for managing relationships with its employees and collaborators, clients and prospects, suppliers and various partners.

To do this, ALWAYSDATA ensures to collect and process only adequate, relevant data limited to what is necessary with regard to the purposes for which it is processed. This is how we respect the principle of data minimization established by the GDPR.

Article 2: Purposes of processing

The data we collect has a specific purpose and is not used for other purposes. Our purposes are determined, legitimate, explicit and compatible with our missions, namely the management of activities related to data hosting as well as ancillary services and accessory activities.

The defined purpose makes it possible to determine the relevance of the data to be collected: only adequate data that is strictly necessary to achieve the defined purpose is collected and processed by ALWAYSDATA.

Article 3: Information to data subjects

In accordance with the GDPR, ALWAYSDATA informs and encourages its employees and collaborators, clients and prospects, suppliers and various partners to inform the person from whom personal data is collected:

The identity and contact details of the data controller and, where applicable, the representative of the data controller;
Where applicable, the contact details of the data protection officer;
The purposes of the processing for which the personal data is intended as well as the legal basis for the processing;
Where applicable, the legitimate interests pursued by the data controller or by a third party;
Recipients or categories of recipients of personal data, if they exist;
Where applicable, the fact that the data controller intends to transfer personal data to a third country or international organization;
The retention period of personal data or, when this is not possible, the criteria used to determine this period;
The existence of the right to request from the data controller access to personal data, rectification or erasure thereof, or limitation of processing relating to the data subject, or the right to object to processing and the right to data portability;
Where applicable, the existence of the right to withdraw consent at any time, without prejudice to the lawfulness of processing based on consent performed before its withdrawal;
The right to lodge a complaint with a supervisory authority;
Information on whether the requirement to provide personal data is regulatory or contractual in nature or whether it conditions the conclusion of a contract and whether the data subject is required to provide personal data, as well as the possible consequences of not providing such data;
The existence of automated decision-making, including profiling.

In the absence of individualized contact with the person concerned by the collection and processing, ALWAYSDATA encourages its employees and collaborators, clients and prospects, suppliers and various partners, to inform said person by all appropriate means according to the collection methods (display at the collection site; subsequent information, for example during the first individualized contact with the person concerned; etc.).

Article 4: Recipients of the data

ALWAYSDATA does not communicate the data of its employees and collaborators, clients and prospects, suppliers and various partners to third parties; ALWAYSDATA does not commercialize it.

Your personal data is therefore intended only for determined and authorized recipients, namely and as the case may be, ALWAYSDATA and its subcontractors, ALWAYSDATA's clients and their subcontractors as well as all other persons, organizations or entities to which these clients want to communicate or show this data (particularly in the context of demos and presentations of our products and services), and this only for needs related to data hosting as well as ancillary services and accessory activities.

Article 5: Data storage

ALWAYSDATA only retains personal data of its employees and collaborators, clients and prospects, suppliers and various partners for the time necessary for the operations for which they were collected and in compliance with applicable regulations.

This data is deleted after a maximum of 5 years after the end of the contractual relationship.

Data relating to prospects is retained for a maximum period of 3 years from the last contact between ALWAYSDATA and the prospect.

Article 6 : Data security

ALWAYSDATA determines and implements the necessary means to protect personal data to avoid risks resulting in particular from the destruction, loss, alteration, unauthorized disclosure of personal data transmitted, stored or otherwise processed, or unauthorized access to such data, accidentally or unlawfully.

These means consist of appropriate technical and organizational measures aimed at ensuring a level of security adapted to the risk, and include among others, as needed:

Pseudonymization and encryption of personal data;
Means to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
Means to restore the availability of personal data and access to it within appropriate time frames in the event of a physical or technical incident;
A procedure for regularly testing, analyzing and evaluating the effectiveness of technical and organizational measures to ensure processing security.

In particular, access to data is secured by strong security systems: certificate identification, double authentication and other processes implemented by ALWAYSDATA.

Thus, the policy for protecting personal data processed by ALWAYSDATA is organized around logical, physical or organizational measures.

Article 7: Restricted access to data

ALWAYSDATA defines and implements access and confidentiality rules applicable to processed personal data.

Access rights are updated in case of evolution or change of its beneficiary.

Article 8: Transfer of data outside the European Union

In principle, ALWAYSDATA does not transfer personal data outside the European Union.

If such a transfer were to prove necessary, it would be within the framework of the purpose pursued by the processing for which the data is intended.

In this case, data recipients would only have access to the categories of data necessary to achieve said purpose.

More generally, ALWAYSDATA would only proceed with data transfer in compliance with the provisions of articles 44 to 50 of the GDPR.

Article 9: Rights of data subjects with regard to the collection and processing of personal data

In application of the GDPR and non-contrary provisions of Law No. 78-17 of January 6, 1978 relating to data processing, files and freedoms (known as the "Data Protection and Freedom Act"), any natural person whose personal data is subject to processing has the right to object to the collection and processing of personal data concerning them, the right of access to said data, rectification or erasure thereof (right to be forgotten), the right not to be subject to a decision based exclusively on automated processing, including profiling, the right to limit processing concerning them, the right to have information about the people to whom the data controller has transmitted personal data concerning them, as well as the right to portability of said data as these rights are described in articles 15 to 22 of the GDPR. They can exercise these rights by sending their request to dpo@alwaysdata.com accompanied by documents proving in particular their identity and signature.

Article 10: Data protection actors

As part of the entry into force of GDPR on May 25, 2018, ALWAYSDATA company appointed a Data Protection Officer (DPD or DPO) directly attached to ALWAYSDATA Management.

In coordination with ALWAYSDATA Management, the DPO permanently ensures the compliance of all personal data processing taking place within ALWAYSDATA company.

Article 11: Maintenance of the non-contracting provisions of ALWAYSDATA’s GTCS

This Data Protection Policy complements ALWAYSDATA's GTC whose non-contrary provisions remain applicable.

Therefore, any service provision performed by ALWAYSDATA for the benefit of the client implies the client's unreserved adherence to this personal data protection policy.