Privacy Policy

Internet users and prospects

Classification: Public

23 March 2021 | V1

Documentary references

ISO 27001 :
7.2.1 Identify and document purpose
7.3.2 Determining information for PII principals
7.3.3 Providing information to PII principals

Directive Personal Data Protection Management System (Data controller)
Article 9.4 "Privacy Policies
Article 6.3 "Information to data subjects

RGPD :
Article 12. Transparency of information and communications and arrangements for the exercise of the data subject's rights
Article 13. Information to be provided where personal data are collected from the data subject
Article 14. Information to be provided where personal data have not been obtained from the data subject

Bylaw SAS only processes personal data that is strictly necessary to achieve the specified and legitimate purposes defined in the following sections.

Bylaw SAS does not process any sensitive data such as the racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership of the persons concerned. The same applies to any information on the life or sexual orientation, genetic, biometric or health data of the persons concerned.

2 . Why and how do we process your personal data?

Commercial prospecting

Objectives and basis for legality	To respond to requests for information, documentation or demonstration (pre-contractual obligation) To issue sales offers and sales contracts (pre-contractual obligation) To invite customers to events and organise them (contractual obligation) To carry out emailing and phoning actions (BtoB canvassing) (legitimate interest) To carry out technical operations allowing the selection of canvassed persons, to enrich the quality of the prospecting database (e.g.: standardisation, enrichment, de-duplication) (Legitimate interest) For the creation of commercial profiles (e.g. maturity scoring) (legitimate interest) To draw up commercial statistics (Legitimate interest) To have a website presenting the company's offers and services (legitimate interest) To monitor the visits and behaviour of visitors to the company's website (legitimate interest) To display videos on the company's website (Legitimate interest) To retain your choices in terms of consent to cookies - Axeptio (Legitimate interest) To provide behavioural information to our CRM (Hubspot) (Consent) To identify the origin of visitors - Google Analytics & Google Ads, Facebook, Linkedin, Capterra - (Consent) To carry out remarketing campaigns - Google Analytics & Google Ads - (Consent) To measure the effectiveness of advertising campaigns - Google Analytics & Google Ads - (Consent) To measure the audience and analyse the behaviour of visitors to the site - Google Analytics & Google Ads, Hubspot - (Consent) To have evidence in case of litigation or administrative control (Legitimate interest)
Shelf life	Until right of objection is exercised 5 years from right of objection
Categories of recipients	Sales and Marketing Department Legal Department
Data sources	People involved
Mandatory or optional nature of the data collection and consequences of not providing the data	Necessary for the commercial management of the company and its development

RGPD

Objectives and basis of lawfulnesś	Responding to RGPD rights exercises (legal obligation)
Shelf life	3 years after the closure of a request for opposition (Statute of limitations for an offence) 1 year after the closure of a request for access, deletion or rectification (Statute of limitations for an offence)
Categories of recipients	CNIL Service in charge of RGPD rights requests Service in charge of litigation
Data sources	People involved
Mandatory or optional nature of the data collection and consequences of not providing the data	Necessary for the fulfilment of legal obligations regarding the declaration of violations and the exercise of rights

In view of the purpose of each processing operation, Bylaw SAS implements the necessary means to ensure that personal data can only be accessed by its internal departments that need to know it, third party recipients designated by the Law or sub-processors required to carry out the processing operations (Cf. 3).

Bylaw SAS retains the data collected for the time strictly necessary to achieve the purpose of each processing operation, unless otherwise provided for by the Law. These retention periods are set out in the table opposite. In application of the RGPD, it is possible that your data may be kept by us until the time limit for legal action has been reached. In this case, only the persons in charge of the litigation within the company have access to it. At the end of these periods, your data is either deleted or irreversibly anonymised.

3. To whom are your personal data transmitted outside the company?

Bylaw SAS may communicate your personal data to organisations within the framework provided by the Law. These recipients are indicated in the table (see 2.).

Bylaw SAS uses subcontractors selected by it to carry out all or part of the processing operations indicated. Exceptionally, Bylaw SAS may have recourse to service providers located outside the European Union. Where applicable, Bylaw SAS ensures that the transfer of data outside the European Union benefits from the protection guarantees provided by the RGPD.

Subcontractor	Category	Country	Type of guarantee (if outside EU)
Typeform	Proper functioning and use of IT and sales management resources: Customer survey	United States	DPA and CCT
CNIL	RGPD: Declaration France DPA and CCT DPO and violations	France	DPA and CCT
Axeptio	CNIL: Management of cookies and collection of consents	Luxembourg	DPA and CCT
Hubspot	Sales management and commercial prospecting: Collection, contact, scoring, automation of database construction and contacts	United States	DPA and CCT
Google more	Good functioning and use of IT facilities	European Union	DPA and CCT
Google Analytics	Good functioning and use of IT facilities	United States	DPA and CCT

To obtain a copy or the location of the guarantees related to data transfers outside the European Union, please contact

dpo@bylaw.fr

Bylaw SAS
DPO
123 rue Victor Hugo - 92300 Levallois-Perret

4. What security measures do we put in place to protect your data?

Bylaw SAS implements all organisational and technical measures to ensure an appropriate level of security for your personal data, and in particular to avoid any loss of confidentiality, integrity or accessibility.

5. What are your rights to your personal data?

You can exercise the following rights with Bylaw SAS regarding your personal data:

• You can give your consent to the deposit of a cookie or withdraw it on our site, by clicking on Cookie at the bottom right of the screen.

• A right of rectification: you have the right to have inaccurate data about yourself rectified. You also have the right to complete incomplete data concerning you by providing a supplementary declaration. If you exercise this right, we undertake to communicate any rectification to all recipients of your data as far as possible.

• A right to erasure: In some cases, you have the right to have your data erased. However, this is not an absolute right and we may for legal or legitimate reasons retain this data.

• A right to restrict processing: in certain cases, you have the right to have the processing of your data restricted.

• A right to portability of your personal data: you have the right to receive your data provided to us in a structured, commonly used and machine-readable format for your personal use or to pass it on to a third party of your choice. This right only applies where the processing of your data is based on your consent, on a contract or where such processing is carried out by automated means. Furthermore, Bylaw SAS may refuse the exercise of this right if it would require technical means deemed excessive.

• A right to object to processing: you have the right to object at any time to the processing of your data for processing based on our legitimate interest, a public interest task. This is not an absolute right and we may for legal or legitimate reasons refuse your request to object.

• The right to withdraw your consent at any time: you may withdraw your consent to the processing of your data where the processing is based on your consent. Withdrawal of consent does not affect the lawfulness of processing based on consent carried out prior to that withdrawal.

• The right to complain to a supervisory authority: You have the right to contact your data protection authority to complain about our personal data protection practices,

• The right to give instructions about what to do with your data after your death.

Bylaw SAS will respond to any exercise of rights as soon as possible and in any event within 30 days of receipt of the request. Bylaw SAS reserves the right:

• To request proof of the applicant's identity if there is reasonable doubt about it, in order to comply with its obligation of confidentiality,

• Extend the deadline for a response by two months, informing the applicant of the extension and the reasons for the postponement within one month of receipt of the request,

• To refuse to respond to an exercise of rights if it was considered abusive (in view of their number, repetitive or systematic nature).

6. How to exercise your rights to your personal data?

To exercise your rights, you can contact us:

BYLAW SAS

123 rue Victor Hugo - 92300 Levallois-Perret

dpo@bylaw.fr

If, despite our efforts and commitments, you feel that your rights concerning your personal data have not been respected, you may submit a complaint to the Commission Nationale Informatique et Libertés :

CNIL
3 Place de Fontenoy TSA 80715 75334 Paris Cedex 07
On-line complaint