Who are we?
Name: Dialog ("we", "us/our")
Located at: 9 rue Ambroise Thomas, 75009 Paris
Company number: Dialog SAS (922 195 300 R.C.S. Paris)
Website: www.askdialog.com
Contact details for data protection matters: contact@askdialog.com
Who are the data subjects?
our customers' representatives;
our suppliers' representatives;
visitors to our Website;
other data subjects, (the "data subjects", "you/your").
This privacy policy (the "Policy") applies to any processing of your personal data by us.
We undertake to bring our personal data processing activities into compliance with applicable data protection law including Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation (the "GDPR")) and the French Data Protection Act of 6 January 1978, as amended, supplemented or replaced (the "Applicable French Data Protection Law").
If you are a representative of one of our customers, we process:
If you are a representative of one of our suppliers, we process your personal identification data, professional identification data and contact data for the management of our commercial relationship with our suppliers.
If you are a candidate for employment with us, we process your personal identification data, professional identification data, contact data, data relating to your professional life (skills, qualifications, experience, etc.) and personal data contained in your curriculum vitae to assess your profile in relation to our recruitment needs.
If you visit our Website, we may process your electronic identification data in aggregate form to measure the frequency of visits on our Website, improve your browsing experience and to detect and prevent fraud and computer security breaches.
We may also process some of your personal data for the following purposes:
We do not subject the data subjects to decisions based exclusively on automated processing that produces legal effects concerning them or that affect them in a similarly significant way.
We process your personal data as controller. In this context, we determine the purposes and means of the processing of your personal data.
On which basis do we process your personal data?
The provision of your personal data may be necessary:
We ask for your prior, free and informed consent before processing some of your personal data (for example, whenever the processing of your data involves a transfer of your image rights).
The provision of some of your personal data (e.g. your personal identification data, etc.) may be a condition to enable us to provide you with our services or perform our activities.
The possible consequences of not providing your personal data may include our inability to provide you with our services or perform our activities or a breach by us of one or more obligations under applicable laws (e.g. accounting and tax laws).
Where do we source your personal data from?
The personal data we process come from the following sources:
Who has access to your personal data?
The following recipients may receive or have access to some of your personal data (only if necessary for the performance of their tasks):
We entrust the processing of some of your personal data to third party processors only to the extent necessary to carry out their tasks and in accordance with our written instructions and with Applicable Data Protection Law.
In the case of a restructuring of our activities (e.g. a financing operation), we may transfer certain personal data concerning a limited number of data subjects to a third party involved in the operation (e.g. a bank) in accordance with Applicable Data Protection Law.
How do we manage our third party processors?
We take appropriate measures to ensure that our third party processors process your personal data in accordance with Applicable Data Protection Law.
Amongst which, we ensure that our third party processors undertake to process personal data only on our instructions, not to hire subprocessors without our prior authorisation, to take appropriate technical and organizational measures to guarantee the security of personal data, to ensure that persons authorized to access personal data are subject to adequate obligations of confidentiality, to return and/or delete the personal data they process at the end of their services, to comply with audits and to provide us with assistance in follow up requests from data subjects for the exercise of their rights regarding their personal data.
Where do we process your personal data?
In the event that certain of your personal data are transferred to countries outside the EEA, we will ensure that we take the following safeguards:
What are the applicable retention periods?
We ensure that your personal data are only kept for as long as necessary for the purposes for which they are processed.
We keep invoices and other accounting documents (which may include some of your personal data) for a period of seven (7) years from the end date of the accounting year when they were issued in accordance with accounting laws. These accounting documents may, where applicable, contain certain personal identification data, professional identification data and contact data.
We also use the following criteria to determine the retention periods of personal data according to the context and purposes of each processing activity:
What are your rights?
Subject to Applicable Data Protection Law, you have the right to be informed, the rights of access, rectification and erasure of your personal data, the right to object to or limit the processing of your personal data, the right to data portability and the right to withdraw your consent.
Please see below a table describing each of your rights in more detail:
Please forward any request relating to the exercise of your rights regarding our processing of your personal data as controller to our contact person for data protection matters using his or her contact details as set out in the Policy. We undertake to respond to your request as soon as practically possible and always within the timeframes set forth by Applicable Data Protection Law. Please note that we may retain your personal data for certain purposes when required or permitted by law. Finally, please note that we may, in the event of doubt as to your identity, ask you for proof of identity in order to prevent any unauthorised access to your personal data.
What level of security do we ensure?
We take appropriate technical and organizational measures to ensure a level of security appropriate to the risks associated with the processing of your personal data.
We follow industry best practices to ensure that personal data are not accidentally or unlawfully destroyed, lost, altered, disclosed or accessed in an unauthorized manner.
Do you have any questions or complaints?
If you have any questions or complaints about the way we process your personal data, please contact our contact person for any data protection questions in advance using the contact details provided in the Policy.
You have the right to lodge a complaint with the competent supervisory authority. The competent authority for France is: Commission Nationale de l'Informatique et des Libertés, 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07, France, phone: +33 (0)1.53.73.22.22.
Anything else?
We reserve the right to update the Policy from time to time. We will inform you of any changes we may make to the Policy.
In the event of a conflict or inconsistency between a provision of the Policy and a provision of another policy or document relating to the processing of personal data, the latest provision of the Policy prevails.