Personal Data: Any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable person is one who can be directly or indirectly identified in particular by reference to an identifier.
Data Controller: Any natural or legal person or organisation, who which alone, jointly or in common with other persons, determines the purposes and means of processing Personal Data.
Data Protection Law: GDPR and all member states data protection laws and regulations.
Data Processing: Manual or electronic execution of any operation or set of operations upon personal data or sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction.
Data Subject: Any identified or identifiable natural person the personal data is relating to.
Exclusive: Any company or entity that falls under or belongs to Exclusive Group or Exclusive France Holdings SAS.
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
This policy is applicable to all parties (job candidates, customers, suppliers etc.) who provide any amount of information to us. Employees of our company and its subsidiaries must follow this policy, the guidelines and principles therein. Contractors, consultants, partners and any other external entity are also covered. Generally, our policy refers to anyone we collaborate with or acts on our behalf and may need occasional or periodic access to data.
Using this policy, we ensure that we gather, store and handle data fairly, transparently and with respect towards the rights of Data Subjects and Data Controllers.
© 2019 Exclusive Networks – Global IT Services – Confidential. Page | 2
As part of our operations, we may need to obtain and process information. This information may include any offline or online data that makes a person identifiable such as names, addresses, telephone numbers, digital footprints, experience of our service, contact preferences, meeting information etc.
Exclusive may also collect certain information about your computer/electronic hardware or software when our websites are visited. They may include:
• Your IP address;
• Browser type; and
• Operating system.
Exclusive has adopted the following principles to govern its collection, use, retention, transfer, disclosure and destruction of Personal Data:
• Principle 1: Lawfulness, Fairness and Transparency
Personal Data shall be processed lawfully, fairly and in a transparent manner in relation to the Data Subject. This means, Exclusive must tell the Data Subject what Processing will occur (transparency), the Processing must match the description given to the Data Subject (fairness), and it must be for one of the purposes specified in the applicable Data Protection regulation (lawfulness).
• Principle 2: Purpose Limitation
Personal Data shall be collected for specified, explicit and legitimate purposes and not further Processed in a manner that is incompatible with those purposes. This means Exclusive must specify exactly what the Personal Data collected will be used for and limit the processing of that Personal Data to only what is necessary to meet the specified purpose.
• Principle 3: Data Minimisation
Personal Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are Processed. This means Exclusive must not store any Personal Data beyond what is strictly required.
• Principle 4: Accuracy
Personal Data shall be accurate and, kept up to date. This means Exclusive must have in place processes for identifying and addressing out-of-date, incorrect and redundant Personal Data.
• Principle 5: Storage Limitation
Personal Data shall be kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data is Processed. This means Exclusive must, wherever possible, store Personal Data in a way that limits or prevents identification of the Data Subject.
• Principle 6: Integrity and Confidentiality
Personal Data shall be Processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful Processing, and against accidental loss, destruction or damage. Exclusive must use appropriate technical and organisational measures to ensure the integrity and confidentiality of Personal Data is maintained at all times.
• Principle 7: Accountability
The Data Controller shall be responsible for, and be able to demonstrate compliance. This means Exclusive must demonstrate that the six Data Protection Principles (outlined above) are met for all Personal Data for which it is responsible.
In addition, data will not be:
• Communicated informally;
• Transferred to organisations, states or countries that do not have adequate data protection policies;
• Distributed to any party other than the ones agreed upon by the data’s owner (exempting legitimate requests from law enforcement authorities).
Exclusive is committed to the below for data protection:
• Restrict and monitor access to sensitive data;
• Develop transparent data collection procedures;
• Train employees in online privacy and security measures;
• Build secure networks to protect data from cyberattacks;
• Establish clear procedures for reporting privacy breaches or data misuse;
• Include contract clauses or communicate statements on how we handle data;
• Use established data protection practices (document shredding, secure locks, data encryption, frequent backups, access authorization etc.).
Exclusive, its subsidiaries and partners (where approved with the data controller e.g. as data sub-processors) may use your information for or towards the below:
• Ongoing administration, management and requested service provision;
• The general running and business administration of Exclusive;
• To contact you for market research or marketing purposes where you have given us permission to do so;
• To contact you to answer any queries you may have;
• To develop and improve our products and services;
• To ensure that the content on our websites is presented in the most effective manner for your device;
• Where you have purchased items from us, to contact you in respect of any service actions, warranty, product recalls or any similar relevant notifications.
You are entitled to the below rights:
• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Rights in relation to automated decision making and profiling.
You can exercise or query any of the above rights in relation to the data that Exclusive processes about you or on your behalf. This request can be sent via e-mail or post to:
Post: Data Protection Officer
ARCS DE SEINE – BAT A
20, Quai du Point du Jour – CS40099
92659 Boulogne Billancourt Cedex
• Any department specific query should be sent to the respective department or department contact first as it may expedite the process e.g. payment verifications.
• Deletion of the data we process for you may impact or prevent us from supplying certain services.
© 2019 Exclusive Networks