www.theia.fr
THEIA SAS
Type of site: showcase
Last update: 03/05/2022
This Privacy Policy governs and informs you of the manner in which THEIA SAS (simplified joint-stock company, with capital of 106,386.00 euros, registered with the Grenoble Trade and Companies Register, under number RCS 501 843 015, whose head office is located at 3 rue Mably, 38000 Grenoble, France – hereinafter “we” or “THEIA”) processes and protects personal information that can directly or indirectly identify you (“Personal Data” or “Data”).
THEIA attaches great importance to the protection and respect of privacy and undertakes to comply with the provisions of Regulation 2016/79 known as “GDPR” and Law No. 78-17 known as the “Data Protection Act” in its latest version in force (hereinafter together the “Applicable Regulations”).
1. What personal data do we collect and why?
1.1. Data collected when you browse the THEIA Website
| Source of collection | Automatic collection of Data when you browse the THEIA.fr website (the “Site”) |
| Data Categories | IP address, browser type, Internet service provider, referring/exit pages, files viewed on our site, operating system, and/or system date and time |
| Purposes of processing | Automatically process your requests on our Site, fight against fraud on our SiteImprove our Site, produce statistics on the use of our Site |
| Legal basis of processing | Our legitimate interest or your consent where required by Applicable Law In the case of Data collected for analysis purposes, your consent. This collection requires the use of cookies. To find out more about the use of cookies, we invite you to consult our Cookies Charter |
| Data retention period | Your connection logs on our Site are kept for three (3) months; Data collected for analysis purposes is kept for fourteen (14) months. |
1.2. Data collected when you interact with us
| Source of collection | Contact form on our SiteDemo request form on our Site Registration form for webinars on our Site Download form of our white paper on our Site Requests for information sent by email, telephone or social mediaApplications for a position at THEIA |
| Data Categories | Surname, first name, company, position, email address, telephone number, social network identifier, CV if applicable. |
| Purposes of processing | Respond to your requests for information Inform and promote our platform specialized in digital education (“THEIA Platform”), including sending alerts and newsletters, invitations to our eventsSending commercial prospecting, within the limits of the Applicable RegulationsManaging our social networks (including, moderating comments on these networks)Reviewing and responding to your application |
| Legal basis of processing | Our legitimate interest or your consent where required by Applicable Regulations |
| Data retention period | We keep your Data until your contact request or application is processed and, where applicable, until you unsubscribe from webinars on our Site. Within the limits of the Applicable Regulations, THEIA may keep recordings and copies of all correspondence made with you, including such Personal Data. |
1.3. Data collected relating to our customers and prospects
| Source of collection | Contractual relationship with our customers Exchanges with our prospects and customers |
| Data Categories | Identification data (surname, first name, profession, company); contact data (postal address, email address, telephone number, login credentials); bank details if applicable. |
| Purposes of processing | Manage our customersManage our prospectsInform and promote the THEIA Platform, including sending alerts and newsletters, satisfaction surveys, invitations to our eventsSend commercial prospecting within the limits of the Applicable RegulationsRespond to requests for informationRespond to requests for supportManage disputes |
| Legal basis of processing | Our contractual and pre-contractual relationship, or our legitimate interest, or your consent, when required by Applicable Regulations |
| Data retention period | We keep your Data for five (5) years from the end of the contractual relationship or, where applicable, five (5) years after your last contact with us. |
1.4. Data collected relating to our suppliers, subcontractors and partners
| Source of collection | Contractual relationship with our partners, suppliers and subcontractors |
| Data Categories | Identification data (surname, first name, profession, company); contact data (postal address, email address, telephone number); bank details if applicable |
| Purposes of processing | Provide the THEIA PlatformManage the relationship with our partners, suppliers and subcontractorsManage disputes |
| Legal basis of processing | Our contractual and pre-contractual relationship, or our legitimate interest, or your consent, when required by Applicable Regulations |
| Data retention period | We keep your Data for five (5) years from the end of the contractual relationship or, where applicable, five (5) years after your last contact with us. |
1.5. Data collected from end users of our customers
As a subcontractor , we collect Personal Data from the end users of our clients, via the THEIA Platform, on behalf of and on the sole instruction of our clients (processing managers).. For any question relating to the collection of Data from the end users of our customers, we invite you to contact the data controller directly.
2. With whom do we share your Data?
Within THEIA, only strictly authorized personnel are required to process your Data.
We are likely to share your Data with some of our subcontractors, such as technical service providers for the functional needs of the Site, suppliers of analytical solutions in order to allow the proper use of our Site and to improve its performance, as well as advertising providers. We are also likely to share your Data with our advisers (such as our lawyers) as part of the management of any pre-litigation and litigation.
In particular, to date, THEIA uses the following subcontractors:
| Subcontracting | Data Category | Purpose of processing |
| Amazon Web Services | Browsing data and Customer data | Hosting of Data and the THEIA Platform: user accounts, learning traces, platform data |
| Google through Google Analytics | Browsing data | Analytics exclusively on website traffic |
| Mailchimp through Mandrill | Customer data | Sending transactional emails, verifying the identity of end users, sending prospect and customer newsletters |
| OVH SAS | Customer data | Data hosting: daily backups of THEIA platform and user data |
We may also share your Data with our business partners on the Site where we may possibly advertise for THEIA subject to obtaining your consent when the applicable Regulations so provide.
In addition, your Data may be communicated to any authority legally authorized to know them or to any third party to whom we would have the obligation to give access to your Data. In this case, THEIA is not responsible for the conditions under which the personnel of these authorities have access to and use your Data.
In the event of a change of control of THEIA, the transfer of all or part of its assets or any other operation involving the transfer of our activity to a third party, your Data may also, within the limits of the Applicable Regulations , to be shared with this third party.
3. Where are your Data processed?
We may transfer your Data outside the European Economic Area. Where applicable, these transfers are governed by appropriate safeguards within the meaning of Article 46 of the GDPR.
4. How do we ensure the security of your Data?
In accordance with the Applicable Regulations, we implement all appropriate technical and organizational security measures to protect your Personal Data. In particular, we implement the following measures:
- Strict administrator access control
- Reduction to the strict minimum of services exposed on the Internet with the establishment of a bastion
- Implementation of firewall rules limiting network flows to what is strictly necessary
- Annual infrastructure audit
- Keeping an incident log
- Backing up data to a different location than the database
- Review of each change, systematic automated tests
5. What are your rights and how to exercise them?
5.1. When we act as a controller
When THEIA acts as data controller, you can exercise the following rights, within the limits set by the Applicable Regulations:
- Right of access and post-mortem instructions: You have the option of asking THEIA to confirm whether or not Data concerning you is processed, as well as the communication of the Data concerning you that we hold. You also have the right to define directives relating to the fate of your Personal Data after your death;
- Rectification, limitation and erasure: You can ask THEIA to rectify any Personal Data concerning you that is inaccurate, as well as to complete any Personal Data that is incomplete. You can also ask THEIA to limit the processing or erase your Personal Data as soon as possible when THEIA no longer needs to keep them;
- Opposition and withdrawal of consent: You can oppose the processing of your Data for legitimate reasons. You can always and free of charge oppose the receipt of any commercial communication from us. You can also withdraw your consent when the processing of your Data is based on this consent;
- Portability: Upon request, THEIA will send you the Personal Data that you have sent to us and, as far as possible, will communicate this Data directly to another data controller of your choice, in a portable format if the processing is based on your consent or on a contract;
- Complaint: You also have the right to lodge a complaint with a competent supervisory authority, such as the Commission Nationale de l’Informatique et des Libertés in France via the website www.cnil.fr
If you have any questions about the Privacy Policy and to exercise your rights, we invite you to send your request in writing to dpo@theia.fr .
The request must come from the data subject himself, who must be able to prove his identity. If necessary, and in accordance with the Applicable Regulations, you may be asked for a copy of your identity document. THEIA will endeavor to respond to your request within a reasonable time and, in any event, within the time limits set by the Applicable Regulations.
5.2. When we act as a processor
When THEIA acts as a subcontractor of your Data, our customers are solely responsible for providing you with information on the processing of your Personal Data and on the exercise of your rights. For the exercise of computer rights and freedoms, we invite the end users of our customers using the THEIA Platform to formulate their requests directly with the appropriate customer (the data controller).
6. Coming into force
This Privacy Policy comes into effect on May 3, 2022. Please note that we may modify or update this Privacy Policy. We advise you to consult this page regularly to take note of any changes or updates to our Privacy Policy. In the event of a substantial modification to the Privacy Policy, THEIA undertakes to inform the persons concerned.