1. Personal Data Protection Policy

Iguane Solutions may collect personal data and use it in various automated or non-automated processes.

Personal data (hereinafter “personal data”) refers to any information that can be related to an identified or identifiable natural person, either directly or indirectly.

The implementation of automated processing of personal data is governed, in particular, by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, hereinafter referred to as the “GDPR.” The GDPR requires the data controller (Iguane Solutions) to provide the concerned person with certain information. All of this information is included in this Policy. This Policy applies to any natural person connected with Iguane Solutions (hereinafter referred to as “the Person”), particularly in the capacity of Client, prospect, representative, candidate, event participant, legal representative, shareholder, or beneficial owner of a legal entity.

Identity and Contact Information of the Data Controller:

The data controller is Iguane Solutions, located at 17 rue de Surène, 75008 Paris.

Contact Information of the Data Protection Officer:

Iguane Solutions has appointed a Data Protection Officer, whose contact details are as follows:

Data Protection Officer – Iguane Solutions, 17 rue de Surène, 75008 Paris.

The Data Protection Officer can also be contacted via email at: dpo@ig1.com.

Purpose of the Implemented Data Processing:

The purpose of data processing corresponds to the objective pursued, meaning the need it addresses for the data controller.

Personal data is subject to computerized processing for the purposes and under the conditions specified below:

Before Establishing a Relationship with Iguane Solutions:

• Request for Information about the Company’s Activities: Iguane Solutions uses the contact details provided by the Person to get in touch and assist with their inquiry.
• Job Application: Submission of a job application.
• Participation in an Event Organized or Sponsored by Iguane Solutions.

When Establishing a Relationship with Iguane Solutions:

The information collected during the establishment of the relationship allows Iguane Solutions to identify the Person within the IT system and link all interactions conducted with other individuals from the same company.

After Establishing a Relationship with Iguane Solutions:

• Customer Relationship Management: This includes billing, support and maintenance, scheduling appointments, electronic communications, conducting meeting reports, and debt collection.
• Updating Customer Information: Keeping customer information current.
• Human Resources Management: Applicable when the candidate has signed an employment contract with Iguane Solutions.
• Management of Commercial and Marketing Campaigns: This includes event invitations, participation in webinars, and informational campaigns about products and services.
• Provision of Goods and Services: This includes the sale of physical or digital goods, such as IT equipment and software licenses.
• Service Offering: Service delivery may involve processing personal data on behalf of the Client, who remains the data controller in such cases.

In the Context of Certain Services, Iguane Solutions May Need to Access Personal Data:

• To Process a Specific Request from You: This may involve a ticket submitted through our ticketing system.
• To Perform Preventive, Corrective, or Developmental Maintenance: This is done strictly within the scope of the tasks entrusted to us for your platform.

In accordance with the GDPR, we are committed to:

• Accessing Only Data That is Strictly Necessary: We will only access data that is essential for the specific operation justifying such access.
• Processing Your Data Only for the Intended Purpose: Iguane Solutions will never use your data for any purpose other than those specified in your instructions.
• Ensuring Technicians Access Your Data Only with Personal Passwords: Access by our technicians is tracked in a log available to you.
• Subjecting Technicians to Strict Confidentiality Clauses: Our technicians are bound by extremely strict confidentiality agreements.
• Seeking Your Consent Before Engaging Any Subcontractor: We will obtain your approval before involving any subcontractor who may access your personal data.
• Providing High Levels of Server Security: We offer some of the highest levels of server security and will clearly communicate the security measures in place.
• Notifying You Promptly of Any Data Breach: We will inform you as soon as possible of any breach affecting your data due to a security flaw.
• Assisting You in Meeting Your Obligations: We will help you comply with your obligations under our services (including requests for access, modification, deletion, or portability of data).
• Not Storing Your Data Outside the European Union: We will not store your data outside the EU unless expressly requested or agreed to by you in writing. If the specific service you request involves transferring data outside the EU to a country not recognized by the European Commission as providing adequate protection, we will inform you beforehand and assist in exploring appropriate solutions.
• Deleting All Your Data Upon Contract Termination: We will delete all your data at the end of our contractual relationship and retain no copies in any form.

Pour ces prestations, un Accord de Protection de Données personnelles adjoint au contrat de Service définit le périmètre, les finalités et les modalités des traitements confiés lors de la Sous-traitance.

• Gestion des requêtes du législateur : en tant qu’organisme soumis à Loi n° 2004-575 du 21 juin 2004 pour la confiance dans l’économie numérique;
• Gestion du risque : calcul des indicateurs de risque, élaboration des modèles de risque ; reporting des risques opérationnels, déclarations réglementaires;
• Réalisation des opérations de contrôle interne.

Specific Processing:

• Other specific personal data processing activities by Iguane Solutions are implemented as follows: Surveillance and Video Protection Systems: These systems are deployed in the premises of Iguane Solutions and its service providers for the security of people and property, prevention of misconduct, and protection of employees. When such systems are in place, specific information is displayed on-site.

• Recording of Telephone Conversations: As part of managing commercial relationships or support for our service offerings, the Person may interact with Iguane Solutions via electronic communication or telephone. Iguane Solutions may record these interactions for purposes such as evidence, staff training, service quality improvement, and, if applicable, compliance with data hosting obligations. The Person is informed of the recording at the beginning of the call.

Legality of the Processing Activities:

Each personal data processing activity carried out by Iguane Solutions is based on a specific legal ground:

• The Processing is Necessary to Comply with a Legal or Regulatory Obligation: This includes all activities related to customer knowledge, in compliance with Law No. 2004-575 of June 21, 2004, for confidence in the digital economy.
• The Processing is Necessary for the Management and Execution of Contracts to which the Person is a Party: This includes processing needed to fulfill contractual obligations.
• The Processing is Necessary for the Legitimate Interests Pursued by Iguane Solutions: This must be done while respecting the fundamental rights and freedoms of the Person concerned. For example, this includes risk prevention, managing and developing Iguane Solutions’ activities (such as commercial prospecting), staff training, and improving customer relationship quality.
• The Person Has Specifically Authorized the Processing: Certain processing activities not covered by the three grounds detailed above may be implemented. In such cases, the Person will be asked to authorize the specific processing activity at the time of data collection or when implementing the processing.

Recipients:

The Person is informed that their personal data may be transmitted to the following third parties and for the following purposes:

a. Administrative and Judicial Authorities: As required to fulfill their legal duties.

b. Entities Within Iguane Solutions: For purposes such as commercial prospecting, entering into additional contracts, fulfilling legal or regulatory obligations, or for shared resources or company groupings.

c. Entities Within Iguane Solutions Responsible for Risk Management or Prevention: This includes risk assessment, security, and prevention of unpaid debts, benefiting all entities of Iguane Solutions.

The list of Iguane Solutions entities that may receive information about the Person can be provided upon request to the Data Protection Officer.

d. Subcontractors or Partners of Iguane Solutions: Involved in managing customer relationships and offering products and services, solely for the purposes of these activities.

e. Survey or Polling Institutes: Acting exclusively on behalf of Iguane Solutions for statistical purposes.

f. Partners of Iguane Solutions: To allow the Person to benefit from partnership advantages, within the framework of partnership agreements.

g. Experts: Including accountants and auditors of Iguane Solutions, in the context of their mission.

h. Any Recipient Requesting Data Necessary to Identify and Contact the Person: Particularly in a public health crisis, provided that such data transmission aims to protect the vital interests of the Person or another individual, and only to the extent necessary for this purpose.

Transfer of Personal Data Outside the European Union:

Personal data may, during operations, be communicated to subcontractors established in countries outside the European Union. These entities perform certain essential material and technical tasks on behalf of Iguane Solutions related to commercial relationships, the functioning of our services, payment methods, associated services, and other processing purposes as described above. Such transfers are subject to appropriate security and control measures.

In some cases, these subcontractors may be located in countries that do not have an adequacy decision from the European Commission; data transfers to these subcontractors are governed by standard contractual clauses in line with the models developed by the European Commission. Details of these rules and information regarding the transfer are available upon request to the Data Protection Officer of Iguane Solutions.

Note Regarding Services Where We Act as a Data Processor on Behalf of Our Clients:

We are committed to not storing your data outside the European Union unless explicitly requested or agreed to by you in writing. If the specific service you request involves transferring data outside the EU to a country not recognized as providing adequate protection by the European Commission, we will inform you in advance and assist in exploring appropriate solutions.

Data Retention Period:

When the Person whose data is collected is not a client of Iguane Solutions, their personal data may be retained for a maximum period of 18 months from the last contact with Iguane Solutions, unless a shorter period is specified in the communication channel used.

When the Person whose data is collected is a party to a contract with Iguane Solutions, their personal data is retained for the duration necessary to fulfill the service, comply with regulatory obligations, and preserve evidence in contractual matters until the rights of the parties or third parties (including insurance matters) are extinguished. Consequently, unless specified otherwise, data may be retained for the maximum statutory limitation period.

The main retention periods are as follows:

• Contract-Related Data: Can be retained for up to 10 years from the end of the relationship.
• Data Required for Legal Claims: Retained until the end of the legal proceedings and then archived according to legal prescription periods.
• Accounting Information: Retained for 10 years.
• Video Surveillance Recordings: Retained for 30 days.
• Telephone Conversation Recordings: Retained for 6 months.

The Rights of the Person:

The Person may, at any time and in accordance with legal provisions, exercise the following rights regarding their personal data:

• Access: Request access to their personal data.
• Opposition: Object to the processing of their data for reasons related to their specific situation or, without reason, object to the processing of their data for commercial prospecting purposes, including the transmission of their data to any Iguane Solutions entity for the same purposes.
• Rectification: Request correction of their personal data.
• Erasure: Request deletion of their personal data.
• Restriction: Request restriction of the processing of their personal data.
• Portability: Request the portability of their personal data.

The Person may register free of charge on the BLOCTEL telephone marketing opposition list at www.bloctel.gouv.fr. Consumers registered on this list cannot be contacted by phone by a professional, except when the solicitation is related to the execution of an ongoing contract and pertains to the contract’s subject matter. This includes offering products or services related to or complementary to the ongoing contract or designed to enhance its performance or quality. In such cases, Iguane Solutions may use the telephone contact details provided by the Person to offer Iguane Solutions’ products and services, subject to the exercise of their right to object.

The Person can also file a complaint with the CNIL at: 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07.

2. Cookies policy

When you visit our websites and apps, we may, subject to your choices, place various cookies, including advertising and statistical cookies.

What is a Cookie?

A cookie is a small file placed by a website on a user’s device that records the user’s internet settings. It is downloaded via a browser when you first visit a website. When you return to the site using the same computer, the browser can check if a corresponding cookie is present and use the data contained in that cookie to communicate with the site.

Cookies are important for the proper functioning of a site. They help retain login information and provide a secure connection, collect statistics to optimize site features, and tailor content to your interests.

Which Cookies Do We Use?

Strictly Necessary Cookies:

These cookies are essential for the operation of our site. They enable you to use the main features of our site, such as personalizing navigation or accessing your account.

These cookies cannot be configured because without them, you would not be able to use our site normally.

Audience Measurement Cookies Exempt from Consent:

Certain cookies may be placed to analyze, anonymously, the visits to our site pages. This allows us to measure the performance and functionality of our site. These cookies cannot identify you personally.

Audience Measurement Cookies:

Also known as analytical cookies, these cookies provide us with information about the traffic to our websites, how they are used by users, and measure their performance.

Statistics on site traffic are gathered through these cookies, enabling us to detect navigation issues and improve site functionality, or highlight content that is particularly requested by users.

Advertising Cookies:

These cookies are collected during your browsing on our sites and/or external sites where we advertise. They are used to present you with advertisements or information tailored to your interests on our site or outside of our site as you browse the internet.

Refusing these advertising cookies will not affect your use of our site. However, refusing advertising cookies will not stop advertising on our site or the internet. It will only result in displaying advertisements that do not account for your interests or preferences.

Social Media Cookies:

These cookies are generated by “social media sharing buttons” that enable users to share content from our site on social media platforms (e.g., Twitter, Facebook, etc.).

Tracking Pixels:

Tracking pixels allow us to monitor the activity of the emails we send to clients and prospects who have provided their email addresses and consented to receive marketing emails. They help us determine if the emails have been opened and/or clicked, which allows us to optimize our commercial communication campaigns.

List of Data Controllers Using Cookies on the Iguane Solutions Site

Iguane Solutions collaborates with data controllers to enhance user experience and for the legitimate interests pursued by Iguane Solutions while respecting the fundamental rights and freedoms of the Person concerned. This includes, for example, risk prevention, managing and developing Iguane Solutions’ activities (such as commercial prospecting). In this context, the following companies may place cookies on Iguane Solutions’ various sites for specific purposes:

• Audience Measurement Cookies:

  • Google Analytics
  • HubSpot

• Advertising Cookies:

  • Google Ads

• Social Media Cookies:

  • Twitter
  • LinkedIn
  • Facebook