Privacy Policy

Last updated February 11, 2022.

 

  • This Policy covers the Data Processing carried out in the context of :

    • The management of the website strive-privacy.com and the online forms

    • The distribution of newsletters and promotion of our services.

    • The management of the customers, providers and partners

    • The provision of training services

    For the above activities, Strive Privacy acts as a Data Controller within the meaning of the EU Regulation 2016/679 on the protection of individuals with regard to the processing of personal data ("GDPR").

    In this Policy, "Strive Privacy", "we", "us" and "our" refer to:

    Strive Privacy, under SIRET number 83049221100024 and represented by Léa Richard.

    Note that within the framework of the activities of consulting, outsourced DPO and training, Strive Privacy acts as a Subcontractor within the meaning of the GDPR and on the sole instructions of its clients, who act as Data Controllers. The conditions of execution of the Processing activities are described in the contract signed with the customer and are not covered by this Policy.

  • 1.Running strive-privacy.com and handling request forms.

    When you browse the Strive Privacy website, you may be prompted to:

    • Formulate a request for information, for a quote or for a brochure.

    • Download documents

    On the basis of your Consent which you express when you fill out and send the forms, Strive Privacy processes and stores the following personal Data about you in order to answer and fulfill your requests:

    • Name and Surname

    • Email address

    • Your role

    • Your organisation

    • Content of your message, as well as any information communicated subsequently at the time of our exchanges

    Depending on the nature of your request and the content of our exchanges, your Data may be used for other purposes such as the management of a request for a quotation or registration for a training course; these Processing operations are then subject to the relevant terms of this Privacy Policy.

    2. Promoting Strive Privacy’s services and events.

    Strive Privacy collects and uses identification and professional contact information of the prospects and clients’ representatives, including public Data available on the internet, for the purpose of promoting the services and events of Strive Privacy.

    This Processing is based on the legitimate interest of Strive Privacy to promote its activities to professionals likely to be interested. You may object to receiving our newsletter at any time and without justification, by clicking here or on the unsubscribe link integrated in the email or by notifying Strive Privacy directly at privacy@striveprivacy.com.

    For this purpose, and subject to a request of unsubscription, the Data is retained:

    • for prospects: during 3 years as from the last contact

    • for the customers: duration of the commercial relation and then during 3 years as from the end of the commercial relation

    In the event your data is collected for purposes of marketing communication, in particular of public Data on Internet, Strive Privacy will make sure to inform you as of the first communication, and in any event in the month following the collection of the Data, of the contemplated use and of your right to oppose the Processing of your Data to commercial purposes.

    3. Managing prospects, customers, service providers and partners.

    Strive Privacy may process Personal Data about you when:

    • you request a quote for consulting services, outsourced DPO or training services, via the online form on the site or directly by telephone;

    • your company concludes a contract with Strive Privacy as a customer, provider or partner.

    In this context, Strive Privacy will collect information relating to :

    • contact(s) submitted through the form, point of contact for the contract, for invoicing and any other contact person: name, first name, professional email address, professional telephone, function, and all the information contained in the exchanges (nature of the request, etc.) ;

    • to the signatory(ies) of the contract: surname, first name, role, signature.

    This Data is intended, as necessary, for employees in charge of monitoring the commercial relationship and/or partnership, accounting/billing and employees of the departments involved in the request/contract. It is collected and stored:

    • for requests for quotations that do not lead to the conclusion of a contract: the time required to study and follow up the request + 1 year after the request is closed (or the last contact, if applicable);

    • for contracts and in order to perform the contract: the duration of the contractual relationship and then during 3 years as from the end of the commercial relationship;

    • for the legitimate purposes of ensuring the protection and defense of our rights in the event of litigation, for 5 years following the end of the contractual relationship.

    4. Providing and promoting training and masterclasses.

    When you register for a training or a masterclass organised by Strive Privacy, via our online forms or via telephone.

    In this context, Strive Privacy will collect information relating to :

    • Training attendants: name, first name, email and postal addresses, telephone number, level of knowledge in personal data; training needs.

    • Company representatives: surname, first name, title, email and postal addresses, telephone number.

    This Data is collected and processed by Strive privacy in order to register the attendants for the training courses corresponding to their level and needs, to send them training materials, and to invoice the training services.

    They are kept for the duration of the training contract and, in order to meet our legitimate interest to ensure the protection and defense of our rights in the event of litigation, for 5 years following the end of the contractual relationship.

    We also use this Data in order to promote the services and events of Strive Privacy, under the conditions of section 2.

  • In accordance with GDPR, you have the right to access and rectify your Personal Data, as well as the right to request its deletion (right to be forgotten), the right to object to its Processing and to obtain its limitation or portability insofar as this is applicable, subject to the compelling legitimate reasons that Strive Privacy may have for keeping your Data.

    Furthermore, you may, at any time and without justification, request to no longer receive our newsletter and, more generally, communications relating to our services, news and events by using the hypertext link provided for this purpose in each email we send you.

    When you exercise your rights, we use your Personal Data for the purpose of managing your request (title, surname, first name, copy of identity document, nature of the request, response given). This Data is kept for a period of 3 years. We may, if necessary, ask for a copy of your identity document, which is then kept for 1 year.

    You can exercise these rights or ask any question relating to the management of your personal data by Strive Privacy to:

    By email to the following address: privacy@striveprivacy.com

    Proof of identity may be requested by Strive Privacy in case of reasonable doubt about the identity of the applicant.

    You also have the right to contact the National Commission of Data processing and Freedoms (CNIL), 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07, of any complaint relating to the way in which Strive Privacy collects and treats your data.

  • Our website www.strive-privacy.com uses cookies.

    A "cookie" is a small text file that may be stored in a dedicated space on the hard drive of your terminal device (computer, tablet, smartphone, etc.) when you visit a website and will be deposited on the navigation page when you first connect. A cookie allows its issuer (Us or our audience measurement providers) to identify and recognise the terminal on which it is stored, for the duration of the cookie's validity or storage (13 months maximum).

    Our site uses 3 types of cookies:

    • Internal cookies necessary for the functioning of the website: these cookies allow the website to function optimally. They allow you to navigate from one page to another. Their deposit is functional and essential for the total optimisation of the website. You cannot object to them.

    • Cookies to measure the website’s audience: in order to adapt the website to the visitors' requests, we measure the traffic on our site, in an anonymous way, via an analytical solution. This solution measures the number of unique visitors, the number of pages viewed, the country of origin of the connection to the website, the access service (live, via a search engine or a social network), the type of device used (computer, mobile or tablet), the most consulted and shared articles as well as the time and date of visit. You can opt out of these cookies via our cookies banner on your first visit or by clicking on "Only accept strictly necessary cookies" at the bottom of your browser.

    • Advertising cookies: the social networks we use to promote our Services may place cookies in your browser to enable you to navigate from these networks to our website. You can opt out of these cookies by clicking on our cookies banner on your first visit or by clicking on "Only accept strictly necessary cookies" at the bottom of your browser.

    We do not use cookies for commercial purposes such as retargeting. You can follow our offers and news by signing up for our newsletter by clicking here.

    The setting of cookies can be reviewed and modified directly via your Internet browser and allows, depending on the type of browser used, to systematically refuse cookies during navigation or to authorize them on a case-by-case basis.

  • Consent: any free, specific, informed and unambiguous expression of will by which the Data Subject accepts, by a declaration or by a clear positive act, that Personal Data concerning him or her may be processed.

    Data Protection Officer (or "DPO"): the person appointed in charge of the protection of Personal Data within Strive Privacy.

    Recipient: natural or legal person, public authority, service or any other body that receives of Personal Data, whether or not a Third Party.

    Personal Data/Data: any information relating to a Data Subject, in particular by reference to an identifier such as a name, an identification number, an identity card number, a salary, health records, bank account information, driving or consumption habits, location Data, an online identifier, etc. The term "Personal Data" includes Sensitive Personal Data.

    Sensitive Personal Data: means Personal Data revealing or based on :

    • racial or ethnic origin, political, religious or philosophical opinions ;

    • membership of a trade union organisation

    • physical or mental health;

    • sexual orientation or sex life;

    • genetic and biometric Data;

    • Data relating to criminal convictions, offences or related security measures.

    Applicable legislation: set of regulation related to the protection of the personal Data and applicable to the processing activities carried out by Strive Privacy, namely the European Regulation n°2016/679 relative to the protection of the Data in personal matter (GDPR), the French data protection act, and any other regulation which may apply to Strive Privacy.

    Data Subject/Person: the natural person to whom the Personal Data relates and who can be identified or identifiable, directly or indirectly, through such Personal Data. This includes clients, prospects, and former and current employees.

    Controller: the natural or legal person who, individually or jointly, decides what Personal Data is collected, why and how it is collected and processed.

    Sub-processor: any natural or legal person, public authority, department or other body that processes Personal Data on behalf of the Controller and according to its instructions (e.g. service providers or suppliers).

    Third party: any natural or legal person, public authority, agency or other body other than the Data Subject, the Controller, the Processor and those persons who, under the direct authority of the Controller or the Processor, are entitled or authorised to process the Data.

    Processing: any operation or set of operations carried out or not by means of automated processes and applied to Personal Data, such as collecting, accessing, recording, copying, transferring, keeping, storing, cross-referencing, modifying, structuring, making available, communicating, recording, destroying, whether automatically, semi-automatically or otherwise. This list is not exhaustive.

    Transfer: any communication, copy or movement of Data over a network, or any communication, copy or movement of such Data from one medium to another, irrespective of the medium, of Personal Data to a country outside the European Union or to an international organisation which is or is intended to be Processed after such Transfer.