Last revised: 28 January 2021
This Privacy Statement explains what personal data Valtech SE and its subsidiaries (also referred to below as “Valtech”, “we”) process about you, how we process it and for what purposes. It also gives information on the rights you have in relation to the processing of your personal data. This Privacy Statement gives an oversight of the main processing activities we do relating to your personal data in connection with Valtech websites and all related services we may provide to you.
Processing activities regarding Valtech’s employees, clients and service providers are covered by a separate policy or specific contracts. Clients and service providers’ contact details might however be concerned by this Privacy Statement to the extent they are registered on the Valtech websites or for marketing purposes.
In the event of a conflict between the English and other language versions of this Privacy Statement, the English version shall prevail.
This Privacy Statement may be amended from time to time to take into account changes in applicable laws or in the way we handle your personal data. Certain areas of Valtech websites (e.g., recruitment) may link to third parties’ privacy statements or policies.
Information about Valtech
Valtech SE is the holding company of the Valtech group, registered in the Grand Duchy of Luxembourg, under the Trade and Companies Register number B238451, having its registered office at 28/30 bd Joseph II, L1840 Luxembourg, Grand Duchy of Luxembourg and having offices in Paris registered in the Paris Trade and Companies Register under number B 389 665 167, based at 148 rue de Courcelles, 75017 Paris.
As used in this Privacy Statement, “Valtech Network” means Valtech SE’s member entities (100% owned by Valtech SE directly or indirectly except Valtech Mobility GmbH (51%)), whose structure and details can be found here.
Role of Valtech regarding processing of personal data
According to the General Data Protection Regulation (GDPR), Valtech is a “data controller” when deciding how personal data are processed in connection with our websites or services, and Valtech is a “data processor” when processing personal data on behalf of and according to the instructions of another company (e.g. a client).
You will find at the bottom of this Privacy Statement all the details for (i) the Data Protection Managers in each country where Valtech SE has a subsidiary and (ii) the Group Data Protection Officer.
For the purposes of compliance with data privacy laws, Valtech entities located outside the European Union are represented by Valtech SE. If you are using Valtech services through one of our clients, please address your privacy-related issues or questions directly to them.
Collection of personal data
We may collect or obtain your personal data if you are a job applicant, a website user, a business partner or a shareholder.
The type of personal data we obtain depend on how you interact with us and the services you use. Some personal data are collected (i) directly from you (e.g. data provided when you apply for a job, when you sign up for a newsletter or complete a contact form or survey) or (ii) indirectly from your use of Valtech websites (e.g. data collected through cookies or other similar technologies) or (iii) when you provide consent through one of our partners (e.g. Valtech may sponsor the partner and/or the partner offers “Valtech content”) or (iv) from publicly available sources.
Regarding personal data we collect directly from you, such information may consist of, but is not limited to, your name, current job title, company address, email address, telephone number and other contact information. Where appropriate, you will be informed if certain data are required for a proper service or if their provision is optional (e.g. information identified with an asterisk in the registration form is mandatory).
We do not usually seek sensitive information (e.g., data relating to race or ethnic origin, religious beliefs, criminal record, physical or mental health or sexual orientation) from you, and you are prohibited from posting or sending such data, except if such sensitive information are requested by local law.
Regarding publicly available sources, Valtech websites may host various blogs, forums, wikis and other social media applications or services that allow you to share content with other users (collectively “Social Media Applications”). Please note that any personal data or other information that you contribute to any Social Media Application can be read, collected and used by other users of that Social Media Application over whom we have little or no control. Therefore, we are not responsible for any other user's use, misuse or misappropriation of any personal data or other information that you contribute to any Social Media Application.
Use of personal data
This section provides details on the legal basis we rely on to process your personal data and the purposes for which we process them.
In compliance with GDPR, we process your personal data:
- because you have given your consent to the processing of your personal data for a determined purpose;
- to perform a contract to which you are party or in order to take steps at your request prior to entering into a contract;
- to comply with a legal obligation to which we are subject;
- when the processing is necessary for the purposes of the legitimate interests pursued by us or a third party (e.g. partners, service providers), except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data;
Depending on how you interact with us, we may process your personal data in connection with our services or for other business purposes to:
- administer accounts or profiles related to you or your organisation, which may include registration, subscription, purchase, billing events, and/or payments;
- answer your questions and requests;
- enable you to access to certain restricted part of our websites;
- enable you to download specific documentation (e.g. White Papers);
- enable you to attend a hosted event or a webinar;
- enable us to manage and secure our website or service;
- compile aggregate statistics regarding the use of the websites;
- for marketing or research purposes and development purposes for new content, services and/or products aiming at improving, testing, and enhancing features of current services;
- send you offers and promotional materials or communications regarding our services that we feel may be of interest to you, provided that you have given us your express consent by any means;
- provide you with personalized advertising;
- manage the forums to which you may take part;
- conduct satisfaction surveys and feedback on our services;
- for recruitment purposes when you submit a resume or a job application online;
- fulfill our contractual obligations towards you;
- comply with your instructions or to fulfill other, specified purposes for which you have given your consent;
- comply with the law and legal obligations;
- respond to a request or order from a court, regulator, or authority;
- exercise our rights and protect our own and others’ rights and/or property;
Disclosure of personal data
Valtech is a global organisation having separate legal entities (subsidiaries or branch) in many parts of the world and whose internal processes and infrastructures are international in scope and nature and usually cross borders. Accordingly, we may share your personal data with other Valtech entities and transfer it to countries around the world where we have offices or where we conduct business, which include those located outside the European Union (EU).
On a case-by-case basis, we may also share your personal data with business partners (e.g. to provide or improve products/services or to host events), with service providers (e.g. to pass your requests to them or for data security and storage services), with social media providers (e.g. to share our content with you through them) and with other third parties where we believe that such disclosure is reasonably necessary to comply with an applicable law or regulation or if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.
All of these disclosures may involve the transfer of personal data to countries with different data protection rules from those in effect in your area of residence.
When relying on such third parties located outside the EU, we implement appropriate means to safeguard these transfers in accordance with applicable data protection regulation and we make sure that they provide an adequate level of protection to the personal data they process on our behalf. When such third parties are located outside the European Union, we make sure that we enter into Standard Contractual Clauses as adopted and updated by the European Commission. In the near future, we plan to obtain Binding Corporate Rules (BCR).
Security of personal data
The security of your personal data is our priority. Taking into account the nature, scope, context, and purposes of each data processing, as well as the risks of varying likelihood and severity for your rights and freedoms, we implement all appropriate technical and organisational measures and policies to ensure the protection of your personal data and prevent any accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Regarding Valtech websites, we have in place reasonable commercial standards of technology and implement technical and organisational security measures to protect all information you may provide to us from unauthorized access, disclosure, alteration or destruction. If you registered to our websites, it is important you maintain the confidentiality of your identifiers in order to prevent illicit use of your account.
Rights on your personal data
There are some cases in which local data protection laws may give you rights regarding your personal data, especially if you are located or reside in certain countries (e.g. within the EU). In such cases, the below mentioned rights may be available to you.
In accordance with applicable data protection regulation (i.e. the GDPR), you can exercise your rights of access, rectification and erasure of your personal data, your right to restriction of processing related to your personal data, and your right to data portability. You may also, for legitimate reasons, object to the processing of your personal data. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. You can exercise these rights at any time by sending a proof of identity to Valtech’s relevant local Data Protection Manager and/or to the Data Protection Officer as listed below.
Nevertheless, insofar as the collection and processing of your personal data is strictly necessary for the provision of the service you requested, you acknowledge that you don’t have an absolute right of erasure or restriction of the processing and to oppose the processing of such personal data. There may be circumstances under which Valtech could have grounds to refuse to grant your request to exercise your data protection rights.
When the processing of your personal data is based on the collection of your consent, you may withdraw this consent at any time, in particular by clicking on the unsubscription link contained in communications sent by Valtech Network and generated in response to your registration on the Valtech websites.
In accordance with applicable data protection regulation, if you have any concerns about our use of your personal data, you also have the right to lodge a complaint with a supervisory authority.
Retention of personal data
Your personal data are retained by us for the time strictly necessary to fulfill the pursued purposes as set forth herein, in accordance with the applicable data protection regulation or timelines recommended by supervisory authorities and/or to comply with our legal or contractual obligations.
The personal data used for marketing purposes may be retained for a maximum of 2 years from the closure of your account or from the last contact with you. This duration may be reduced in compliance with local regulation.
The personal data used for recruitment purposes may be retained for a maximum of 2 years from the last contact with you ; this duration can be reduced in compliance with local regulation ; if you want to have your personal dataerased, please let us know at the relevant email address (depending on your country) you can find at the end of this document.
Your information is deleted when the above retention period expires. Nevertheless, the personal data may be archived beyond the retention period for research purpose or for the sole purpose of allowing their provision to the judicial authorities. In addition, we are likely to retain your personal data (including your contributions on blogs and forums) anonymously, for the purpose of producing statistical studies.
Cookies and web beacons are retained for 13 months maximum. This duration is not automatically extended on new visits. Information collected via cookies and web beacons are retained for a maximum period of 25 months. This duration may be reduced in compliance with local regulation.
Changes to our Privacy Statement
We may modify or amend this Privacy Statement from time to time at our discretion. When we make changes to this statement, we will amend the revision date at the top of this page.
Children's privacy protection
We understand the importance of protecting children's privacy in the interactive online world. This Website is not designed for or intentionally targeted at children 16 years of age or younger. It is not our policy to intentionally collect or maintain information about anyone under the age of 16. Therefore, if you are under 16, please do not attempt to register for the Services or send any personal data about yourself to us.
You can contact Valtech as data controller of your personal data by writing an email or post to the concerned Valtech’s Data Protection Manager or Officer indicated below:
Alexandra de la Martinière
Valtech SE – 148 rue de Courcelles - 75017 Paris - France
Tel : +33 1 76 21 15 00