The present Vialink and E-cautions Sites, hereinafter referred to as “Vialink Sites”, are the property of Vialink, a simplified joint-stock company with a capital of 40,000 euros, whose head office is located at Paris 12ème, 18 quai de la Râpée, registered with the Paris Trade and Companies Registry under number 428 668 545, and whose individual intra-community identification number is VAT FR 17 428 668 545.
The Director of the publication of Vialink’s Sites is Mr. Philippe Sanchis, in his capacity as Managing Director of Vialink.
Vialink’s postal address is 18 Quai de la Râpée, 75012 Paris, it’s telephone number is +33(0)1.40.02.91.12 (price of a local call) from Monday to Friday from 9:00 am to 6:00 pm, it’s fax number is +33 (0)1 40 04 95 22, it’s e-mail address is firstname.lastname@example.org.
The definitions below are taken from the text of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation : GDPR), and repealing Directive 95/46/EC.
- Personal data
Any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”) ; an “identifiable natural person” is deemed to be a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more elements specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
Any operation or set of operations carried out or not using automated processes and applied to personal data or sets of data, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, approximation or interconnection, limitation, erasure or destruction.
- Data controller
The natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing; where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller may be designated or the specific criteria for it’s designation may be laid down by Union law or the law of a Member State.
The natural or legal person, public authority, service or other body that processes personal data on behalf of the controller.
- Carriers of personal data
Any natural person who can be identified through one or more personal data.
Data and processing
- Personal data collected
Vialink is likely to collect, in particular, your surname, first name, postal address, email address, telephone numbers, IP address, connection data and navigation data. If you apply online for job offers, you will be asked for information on your diplomas and experience.
Vialink may also, if necessary, ask you for billing information (name and billing address). Your credit card number, if requested by our online payment service provider, will only be kept for the time necessary to complete the transaction.
When you are a Vialink customer and in accordance with the amended French Data Protection Act and the GDPR, you have permanent rights of access, rectification, deletion, opposition or portability of information concerning you that you can exercise free of charge directly to Vialink, the Data Controller, by contacting the Data Protection Officer (DPO) of Vialink: DPO Vialink, Vialink, 18 Quai de la Râpée, 75012 Paris or by e-mail at email@example.com.
The request must be accompanied by a copy of the identity document of the person concerned and countersigned by this person.
You may also, for legitimate reasons, oppose the processing of data concerning you.
In order for us to process your request, you must send by e-mail the elements necessary for your identification : surname, first name, e-mail, a copy of your valid identity document and possibly your postal address.
When you are the customer of a company that is also the customer of Vialink, Vialink is a subcontractor. In accordance with the amended French Data Protection Act, you may exercise your rights directly with Vialink’s client, the Data Controller, since Vialink is a subcontractor.
The user acknowledges being informed that, when accessing the Vialink Sites, information concerning the frequency of access, the personalization of pages as well as the operations performed and the information consulted may be collected by Vialink through computerized processes. The user acknowledges having been informed of this practice and authorizes Vialink to use it.
What is a cookie?
A cookie is a text file deposited and stored on the Internet user’s hard disk, subject to the user’s choices, by the server of the site visited or by a third party server (analytical web tool, advertising sales house, partners, etc.). A cookie thus makes it possible to recognize the User’s terminal when he returns to a website. Indeed it’s not the User who is recognized but the terminal from which he visits a website.
What is the purpose of the cookies issued on our Vialink Sites ?
Only the issuer of a cookie is likely to read or modify the information contained therein.
The cookies that we issue on Vialink Sites are used to recognize the User’s terminal when he connects to Vialink Sites in order to :
– Optimize the presentation of the Vialink Sites according to the display preferences of your terminal (display resolution, operating system used, etc.) during your visits according to the hardware and viewing or reading software on your terminal,
– Allow the User to access reserved and personal spaces on the Vialink Sites, such as his personal account on the basis of the information he provided when he created his account. The User thus accesses personalized content or content that is reserved for him or her,
– Memorize information relating to a form that you have filled out on the Vialink Sites (access to your account / and to your subscription),
– Establish statistics and volumes of frequentation and use of the Vialink Sites,
– Implementing security measures, for example when the User is asked to log in after a certain period of time,
– Adapt the advertising content of the Vialink Sites to the User’s centers of interest that result from the User’s browsing data.
Your choices regarding cookies
You may at any time express and modify your wishes with respect to cookies by configuring your navigation software so that cookies are recorded in your terminal or, on the contrary, so that they are rejected, either systematically or according to their issuer.
You can also configure your browser software so that the acceptance or rejection of cookies is offered to you from time to time, before a cookie is likely to be stored on your device.
- The cookie agreement
The recording of a cookie in a terminal is essentially subject to the will of the terminal user, which the latter can express and modify at any time and free of charge through the choices offered by his browser software.
If you have accepted in your browser software the recording of cookies in your terminal, the cookies embedded in the pages and content that you have consulted may be stored temporarily in a dedicated area of your terminal. They will be readable there only by their transmitter.
- The refusal of cookies
If you refuse to save cookies on your terminal, or if you delete those saved on your terminal, you will no longer be able to benefit from a some number of functionalities that are nevertheless necessary to navigate in some areas of the Vialink Sites. This would be the case if you tried to access your account or your subscription, which require you to identify yourself. This would also be the case when Vialink, or it’s service providers, are unable to recognize, for technical compatibility purposes, the type of browser used by your terminal, it’s language and display settings or the country from which your terminal appears to be connected to the Internet.
Where applicable, Vialink declines all responsibility for the consequences related to the degraded operation of our services resulting from the impossibility for us to record or consult the cookies necessary for their operation and that you have refused or deleted.
To find out the options offered by any other browser software and the methods for deleting cookie files stored in your terminal, depending on the browser(s) installed in your terminal, we invite you to consult the help menu of your browser.
- Purpose of the processing of personal data collected
In accordance with Article 4 of Law No. 2018-493 of June 20, 2018 amending the Data Protection Act of January 6, 1978, the purpose of collection and the conditions for processing personal data are specified below:
The information communicated by subscribers and prospects at the time of any subscription or request is intended for Vialink as well as it’s partners and subcontractors. The information identified by an asterisk collected and entered on the Vialink Sites is mandatory for the processing of your request, the proper functioning and improvement of the services implemented by Vialink. The said information is intended for Vialink as well as it’s partners and subcontractors for management and processing purposes within the framework of the services set up by Vialink and will only be the subject of external communication to meet legal and regulatory obligations. The said information may not be retained for longer than the duration necessary for it’s purpose in compliance with the legal provisions in force. The individual user has the right to access, rectify, delete, oppose or even carry the information communicated via the Vialink Sites. These rights may be exercised, free of charge, directly to Vialink, the data controller, when you are a Vialink customer, by contacting the Data Protection Officer (DPO) of Vialink: DPO Vialink, Vialink, 18 Quai de la Râpée, 75012 Paris or by e-mail at firstname.lastname@example.org.
When you are the client of a company that is Vialink’s client, Vialink is a subcontractor. In accordance with the amended French Data Protection Act, you may exercise your rights directly with Vialink’s client, the Data Controller, since Vialink is a subcontractor.
- Person responsible for processing
Personal data is collected by Vialink for itself and on behalf of it’s partners and subcontractors.
Security of personal data
Vialink has appointed a DPO to carry out projects concerning the processing of personal data.
The DPO leads a monitoring committee chaired by Vialink’s General Management which demonstrates its commitment to the protection of the data collected.
The DPO has set up an information security risk analysis methodology based on the main lines of the ISO 27005 standard. Personal data has been identified as a primary asset to be protected, and Vialink differentiates between personal data and other data belonging to it’s clients (files, etc.).
To achieve it’s objectives regarding the protection of personal data collected, Vialink has set up several monitoring registers such as :
– The processing and data register,
– The register of subcontractors,
– The personal data security breach log.
In the event of a security breach of the personal data collected, Vialink has set up an organization enabling it to inform the supervisory authority (CNIL in France) and the persons concerned of the breach of their personal data.
In some cases, the data controllers designated by Vialink’s clients are informed.
- Rights of holders of personal data
The controller must ensure that the rights of the holders of personal data are respected in accordance with the requirements of the GDPR.
When Vialink is not the data controller, it’s at the disposal of the data controller to help it fulfill it’s obligations to the holders of personal data and in particular :
– The right to access,
– The right to modification,
– The right of deletion or,
– The right to portability.
- Staff Awareness
Vialink personnel receive information security awareness training that includes a section on the processing of personal data.
- Privacy by Design
Personal data protection rules are integrated into the security rules taken into account when Vialink’s applications are designed.
- Data encryption (pseudonymization)
Personal data in databases are encrypted with AES-256, the encryption system is based on hardware security modules or HSM : Hardware Security Module.
The data stored on the archiving system is also encrypted with the same mechanisms even if this data does not necessarily contain personal data.
Anonymization is used when personal data must be duplicated.
- Security of communications
Communications are carried out using secure protocols that ensure data confidentiality such as TLS, version 1.2 is strongly encouraged by Vialink.
- Access control
Physical and logical access controls are put in place, these controls are based on the following principles:
When “password” type authenticators are used, usage rules are defined.
- Integrity control
Fingerprint calculation mechanisms are used to control unauthorized data changes.
- Data availability
Vialink’s systems are deployed as Active/Active on a primary site and replication on a secondary backup site.
Backup policies have been defined to ensure the availability of personal data.
Vialink reserves the right to modify, if necessary, the information in this document to make it comply with new legislation or regulations, for example.
After a modification, the new revised version will be posted online on the Vialink Sites, specifying the last date of update.
Reporting security incidents
As a user of the Vialink Sites, you have the possibility of reporting any security incident that you notice on the Vialink Sites by contacting Vialink’s Information Systems Security Manager (RSSI) : RSSI Vialink, Vialink, 18 Quai de la Râpée, 75012 Paris or by e-mail at email@example.com.