DPO Consulting attaches the utmost importance and care to the protection of privacy and personal data and to compliance with the relevant legal provisions in force.
This policy covers data processing activities performed within the framework of:
- The management of the website https://mydposolution.com and the requests sent from the online forms on this website
- The management of clients, prospects, service providers and partners of DPO Consulting
- The management of our myDPO Solution at https://app.mydposolution.com and its demo version at https://mydpo-demo.com/
For all these data processing activities, DPO Consulting is the entity that determines the means and purposes and thus acts as data controller within the meaning of the applicable regulations on personal data and in particular EU Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereafter “GDPR”).
In this Policy, “DPO Consulting”, “we”, “us” and “our” refer to :
DPO Consulting, a simplified joint stock company with registered office at 1-3 rue de Caumartin, 75009 Paris, France, registered in the Paris Trade and Companies Register under number 817 754 138 and represented by Marine BROGLI in its capacity as President of DPO Consulting.
You can find all information about DPO Consulting on our legal notice page.
Within the framework of its audit, outsourced DPO and intra-companies training activities, DPO Consulting acts as a data processor within the meaning of the GDPR and only upon instructions from its clients, who act as data controllers. The implementation of the processing carried out within the framework of these activities are described in the Terms and Conditions and Sale of DPO Consulting or in the contract signed with the client and are not covered by this Policy.
2. General rules applicable to all data processing operations carried out by DPO Consulting
DPO Consulting ensures that the fundamental data protection principles are observed for each data processing operation. This section informs you about the general rules applicable to all data processing operations covered by this Policy. Section II details, for each data processing operation, the specific conditions and procedures for carrying out the operation.
a. Data minimisation
Each form on the website limits the collection of personal data to what is strictly necessary and indicates the purpose(s) for which the data is collected as well as the recipient(s) of the data.
The information required to manage your request is indicated by an asterisk on each form. If you do not fill in these mandatory fields, DPO Consulting will not be able to answer your requests and/or provide you with the requested services. Other information is optional and allows us to better manage your request and improve our communications and services to you.
b. Sharing your data with third parties and transferring your data outside the European Union
We never share your personal information with other companies for direct marketing purposes.
Each section dedicated to a data processing operation details the internal recipients responsible for accessing and processing the data concerned. The data may be transmitted to technical service providers chosen for their expertise and reliability who act on our behalf and according to our instructions (IT subcontractor, host of our servers, etc.).
We allow these providers to use your personal data only to the extent necessary to perform services on our behalf or to comply with legal requirements and we strive to ensure that your personal data is always protected.
DPO Consulting may also disclose your data to third parties when such disclosure is required by law, regulation or court order, or if such disclosure is necessary to protect and defend our rights.
All such third parties may come from countries inside or outside the European Union (“EU”), including countries that do not offer the same level of data protection as your country of residence. In such a case and to the extent required by applicable law, we will ensure that:
- either to obtain your express and unambiguous consent to share your personal data with these third parties;
- or to conclude data transfer contracts complying at least with the standard contractual clauses adopted by the European Commission;
- or to ensure that these third parties located in the United States are companies that have joined the EU-U.S. Privacy Shield and registered as such with the US administration.
c. Security of your data
DPO Consulting is committed to protecting your personal data from loss, destruction, alteration, unauthorised access or disclosure. To this end, DPO Consulting implements appropriate technical and organisational measures, with regard to the nature of the data and the risks involved in its processing, to preserve the security and confidentiality of your personal data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorised third parties.
These measures may include, but are not limited to, practices such as limited access to data by staff of the services authorised to access it because of their functions, contractual guarantees in the event of recourse to an external provider, privacy impact assessments, regular reviews of our privacy practices and policies and/or physical and/or logical security measures (secure access, authentication process, backups, antivirus software, firewall, etc.).
d. Data concerning minors
DPO Consulting services are not intended for minors. Therefore, we do not knowingly collect or process personal data relating to minors. In the event that we become aware of the collection of personal data from minors without the prior consent of the holder of parental responsibility, we will take appropriate measures to delete such personal data from our servers and/or those of our providers.
2. Data processing implemented by DPO Consulting
a. Management of the mydposolution.com website and requests sent from online forms
When you browse the mydposolution.com website, you may need to make a contact request via the “Contact us” or “Contact” form. This same form is also used when you click on “Support” at the bottom of the myDPO application.
Within the framework of these activities, and on the basis of your consent that you express by accepting and submitting the contact request, DPO Consulting processes and stores the following personal data concerning you to respond to your contact request: the information provided on the form, namely your identity, your contact details and, where applicable, the content of the message, as well as any information communicated subsequently during our exchanges. These data are processed by the department concerned by your request for the time necessary to answer you.
Depending on your request and the content of our exchanges, the data thus collected may be used for other purposes such as managing a request for a quote or a registration for a training course; these data processing operations are then subject to the terms and conditions relating thereto.
We also inform you that we make anonymous statistics about the number of visitors to the mydposolution.com website, which do not allow us to identify you.
b. Processing for prospect, customer, service provider and partner management purposes
DPO Consulting may also process personal data concerning you when:
- You request a quote for the myDPO solution via the online form on the website or directly by telephone with the commercial department;
- Your company concludes a contract with DPO Consulting as a client, service provider or partner.
- Your company concludes an online contract on the basis of one of the offers on the website to access the myDPO solution
In this context, DPO Consulting will collect information on:
- the contact(s) indicated to DPO Consulting such as the contact indicated on the form, the main contact for the contract, the contact for invoices and any other contact (name, first name, business e-mail address, business telephone number, function), all information contained in the exchanges (nature of the request, etc.);
- the signatory(ies) of the contract: surname, first name, function, signature.
This data is intended, where necessary, for employees responsible for monitoring the business relationship and/or partnership, accounting/invoicing and for employees of the departments involved in the request/contract.
They are collected and stored:
- For quotation requests that do not result in the conclusion of a contract: the time required to study and follow up the request + one (1) year after the request is closed (or the last contact has taken place if applicable)
- For contracts and in order to execute the contract: the duration of the contractual relationship
- In order to meet our legitimate interest in ensuring the protection and defence of our rights in the event of litigation, for five (5) years following the end of the contractual relationship.
As part of the payment of the order, the customer is redirected to the payment intermediary of DPO Consulting, namely the Société Générale, which collects and processes the data collected necessary for payment in its capacity as data controller, in compliance with its own policy relating to the protection of personal data. In order to organise payment, DPO Consulting only transmits the following data to the Société Générale: transaction reference, order number, merchant identifier and only receives acknowledgement of payment from the Société Générale.
c. Processing performed for the purposes of managing the myDPO Solution and client and/or associated user accounts
As the publisher of myDPO solution, DPO Consulting processes the personal data entered into myDPO. In this context, DPO Consulting acts as a processor of the clients using the solution and processes personal data for the following purposes:
- The creation and technical management of the user account(s);
- The management of the solution and the security of its information system;
- Information request management;
- The management of requests for access to personal data, requests for deletion, rectification, portability of personal data, as well as requests for limitation and opposition to the processing of personal data;
- The management of the data provided by the client in the context of the execution of the Services by DPO Consulting.
The provision of personal data by the user is necessary for the execution of the contract concluded with the cient, under whose authority the user is placed. The user is therefore obliged to provide his/her personal data. Otherwise, the user will not be able to use and access the myDPO solution, in particular because a user account cannot be created for his/her benefit.
Personal data collected and used by DPO Consulting are only kept for a period of five (5) years after the termination of the Contract between DPO Consulting and the Client, for proof purposes.
DPO Consulting is committed to protecting Users’ personal data from loss, destruction, alteration, unauthorised access or disclosure.
3. Exercise of your rights and contact details of our Data Protection Officer
In accordance with the regulations in force, you have a right of access and of correction of your personal data and the right to request the deletion (right to be forgotten), the right to oppose the processing of your personal data and the right to obtain the limitation or portability of your personal data to the extent that this is applicable, subject to urgent, legitimate grounds DPO Consulting may show to retain your Data.
When you exercise your rights, our Data Protection Officer processes your personal data for the purposes of managing your request (title, surname, first name, copy of identity document, nature of the request, response provided). This data is kept for a period of three (3) years, with the exception of a copy of your identity document, which is kept for one (1) year.
For any information or exercise of your rights on the processing of personal data managed by DPO Consulting, you can contact our Data Protection Officer (DPO) by accompanying your request with a copy of an identity document bearing your signature (identity card, passport):
- By email at: firstname.lastname@example.org
- By postal mail at:
A l’attention du délégué à la protection des données (DPO)
1-3 rue de Caumartin
You also have the right to complain to the Commission Nationale de l’Informatique et des Libertés (CNIL), 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07, about any complaint relating to the way in which DPO Consulting collects and processes your data.
4. List of subcontractors (data processors)
DPO Consulting is particularly attentive to the choice of the subcontractors to whom your personal data are entrusted in order to ensure a high level of security of the information systems as well as their respect of the legal provisions in force, in particular as regards the protection of personal data.
|OVH – 2 rue Kellerman – 59100 ROUBAIX||Website hosting https://mydposolution.com|
|Google Cloud Platform – 1600 Amphitheatre Pkwy, Mountain View, CA 94043, États-Unis||myDPO Solution application hosting|
|MongoDB – 229 W 43rd Street – 5th Floor – New York, NY 10036 – États-Unis||myDPO Solution application database hosting|
|Tawk.to – #6 – 8 Tirgoņu iela Rīga, Latvia, LV-1050 – Lettonie||Instant messaging with the myDPO customer support from the myDPO Solution application|
|Société Générale – 29 Boulevard Haussmann – 75009 Paris||For the e-commerce part of the mydposolution.com website, processing of the basket data for the purpose of making payments to DPO Consulting|
|Zoho Corporation – 4141 Hacienda Drive – Pleasanton, – California 94588, USA||Customer support ticket management for the myDPO Solution application|
|MailJet – 13-13 bis, rue de l’Aubrac – 75012 Paris||Sending of the administration emails for the myDPO Solution application|
|Cecurity – 75 rue Saint-Lazare – 75009 Paris||Electronic safe management of the Accountability module of myDPO Solution|
A « cookie » is a small text file that may be recorded in a dedicated space of the disk drive of your terminal (computer, tablet, smartphone, etc.) when you consult the Website. A cookie allows its issuer (us or our audience measurement providers) to identify and recognize the terminal on which it is recorded, for the entire period of the cookie’s validity or recording (max 13 months).
The mydposolution.com website uses the following cookies:
|Name of the cookie||Purpose||Data retention period|
|SERVERID31394||Cookie for processing the MySQL requests by the shared OVH servers||1 hour|
|cookie_notice_accepted||Allows us to check that the information notice concerning cookies has been read and accepted||expires at the end of the session|
|festi_cart_for_woocommerce_storage||For the e-commerce part, contains information on the basket and its modifications||expires at the end of the session|
|pll_language||Defines the language in which the pages are translated||1 day|
|woocommerce_cart_hash||For the e-commerce part, contains information on the basket and its modifications||expires at the end of the session|
|woocommerce_items_in_cart||For the e-commerce part, contains information on the basket and its modifications||expires at the end of the session|
|wp_woocommerce_session_||For the e-commerce part, allows WooCommerce to link the user to his/her cart||expires at the end of the session|
The myDPO solution at https://app.mydposolution.com and its demo version at https://mydpo-demo.com/ use the following cookies:
|Name of the cookie||Purpose||Data retention period|
|TawkConnectionTime||Support via instant messaging||expires at the end of the session|
|__cfduid||Support via instant messaging||expires at the end of the session|
|__tawkuuid||Support via instant messaging||180 days|
We collect and store only information related to traffic on the website, anonymously, via an analytical solution: the number of unique visitors, the number of pages viewed, the country of origin of the connection to the website, the service that provided access (live, through a search engine or a social network), the type of device used (computer, mobile or tablet), the most viewed and shared articles and the time and date of attendance.
The setting of cookies can be made directly via your Internet browser and, depending on the type of browser used, allows the choice of systematically refusing cookies during browsing or their authorisation on a case-by-case basis. To learn more about the configuration to follow, consult the dedicated page on the CNIL website (https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser).
- Links to third-party websites
The DPO Consulting website may contain links to social media platforms managed on third-party servers by persons or organisations over which the company has no control.
- Changes to this Policy