Introduction

Stormshield SAS (also referred to as "Stormshield", "we" or “us”) appreciates your interest in our products and services and your use of our web pages, portals and applications (hereinafter “websites”). Protecting your privacy and personal data is important to us and we therefore take special care with it throughout our business processes. The personal data that we collect when you visit our websites is processed in compliance with the regulations currently in force in the European Union. However, a website may contain a link to other websites or applications that are not necessarily subject to this privacy notice. In such cases, we recommend you take the time to read the applicable privacy regulations on those sites.

Stormshield is committed to protecting the rights of individuals in compliance with the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”), as well as all national laws and regulations relating to the protection of personal data (referred to collectively as “data protection laws and regulations”).

Contents of this data privacy notice

This privacy notice explains what information we collect when you access our website, how the information is used and disclosed, how you can control the use and disclosure of your personal information and how we protect it.

• Definition of personal data
• The personal data we use and how we collect it
• The purposes for which your personal data is processed
• The basis on which your personal data is processed
• Who receives your personal data
• Disclosure of your personal data to countries outside the European Economic Area (EEA)
• How long your personal data is stored
• Security
• Your rights and how to exercise them
• Obligation to provide personal data
• Automated decision-making
• Using data for profiling purposes
• How to contact the data controller in charge of processing your personal data
• Obtaining assistance from data protection supervisory authorities
• Cookies
• Changes to this privacy policy

Definition of personal data

Personal data is information that can be used to identify a natural person, either directly or indirectly (hereinafter “personal data”). A "personal identifier" is a piece of information that can identify an individual. This definition covers a wide range of personal identifiers which make up personal data, such as names, addresses, email addresses, identification numbers, location data and online logins.

The personal data we use and how we collect it

When you visit this website, Stormshield will collect, use and process any personal data that you provide (such as your name, date of birth, company name, etc.) and any information generated as a result of your visit, such as IP address, date and length of your visit, pages you view, etc.

The purposes for which your personal data is processed

When you visit this website, Stormshield will collect, use and process your personal data in accordance with the terms set out in this privacy notice. Your personal data may be used for the following purposes (hereinafter “purposes”):

1. Web browsers/administration. We may use your personal data for administrative purposes, including to help us better understand how our customers access and use our websites and applications; to provide our prospective partners, service providers, regulatory bodies or other entities with reports; to set up and maintain security, anti-piracy and fraud-prevention measures, along with other services designed to protect our customers, partners and ourselves; and to enforce our regulations, directives and procedures.
2. Marketing. We may, within the confines of the law, use your personal data for marketing and promotional purposes, including for email communications and other means of electronic communication. For example, we use your personal data to send you information you’ve subscribed to, such as notifications or newsletters, or information that we think may interest you, such as special offers, promotions, contests or invitations to events organised by Stormshield.
3. Communication. We may use your personal data to communicate with you, including responding to requests for assistance. We may communicate with you in a variety of ways, including via email, your social media accounts and/or text message. You can change your communication preferences at any time by following the instructions given in each of our emails, or by filling out this online form.
4. Customer service. We may use your personal data for customer service purposes, including suggesting services and offering you technical support. Similarly, we may use your personal data to provide you with adapted, personalised content and information based on your purchases of Stormshield products; offer you new updates; monitor the registration of your products; generate statistics on the roll-out and use of our solutions; manage the exchange of faulty products; and determine the efficiency of our marketing campaigns.
5. Research and development. We may use your personal data for research and development purposes, in particular to improve our websites, applications, services and the customer experience. We may also use it for research and analysis purposes to improve our products, services, business activities, operations and processes.
6. Legal obligations. We may use your personal data to comply with legal obligations, including responding to an authority, a court order or a preliminary disclosure request.
7. Protection for ourselves and others. We may use your personal data where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of policies, directives and other policies.

The basis on which your personal data is processed

As a responsible company, we need a lawful basis for collecting and/or processing your data. We generally rely on a number of grounds (reasons) for this processing within our business activities.

We process your personal data in accordance with the provisions set out in the GDPR and the relevant applicable data protection laws and regulations. The legal bases for processing your personal data are:

1. To comply with contractual obligations. When you subscribe to a particular service through the website, the purposes of processing your personal data are primarily determined by that service and we will process your information so that we can provide that service to you.
2. As a result of your consent. When you have consented to the processing of your personal data by us for certain services through the website, you can withdraw this consent at any time by following the instructions provided in the subscription process or by contacting us at dpo@stormshield.eu. For further information on the right of withdrawal, please refer to the “Obligation to provide personal data” section below.
3. There is a legitimate interest. In certain situations, we may not need your consent to use your data as we will have a legitimate interest to do so, but we must inform you of this. Examples of such situations are:
   1. To analyse and optimise our website;
   2. To guarantee IT security and safeguard Stormshield’s IT operations;
   3. To prevent and investigate criminal acts.
4. Stormshield has legal obligations it must follow or there is a general public interest. As any other company, Stormshield is subject to legal obligations and regulations. In some cases, the processing of your personal data will be necessary for Stormshield to fulfil these obligations.

Who receives your personal data

• Authorised persons working for or on behalf of Stormshield;
• Stormshield SAS, on a need-to-know basis for the purposes outlined in this privacy notice;
• Our agents, service providers and advisers (e.g. third-party service providers and advisers providing the variety of products and services we need, such as IT maintenance and support, procurement services, logistic services, etc.);
• Law enforcement or government authorities where necessary to comply with applicable law.

Disclosure of your personal data to countries outside the European Economic Area (EEA)

Stormshield processes your personal data mostly in the EEA. Your personal data may occasionally be transferred to entities outside the EEA. This transfer is subject to appropriate safeguards based on model contract clauses approved by the European Commission.

Countries to which Stormshield may transfer your personal data

We will transfer your personal data to our nearest Stormshield partner Distributor or Trader, which will depend on your location when you visit our site.

How long your personal data is stored

We process and store your personal data for as long as it is required to fulfil our contractual and regulatory obligations. If your personal data is no longer required for the performance of contractual or regulatory obligations, it will be erased on a regular basis unless further processing is necessary, for instance, for preserving particular evidence under the applicable data protection laws and regulations or in the context of legal statutes of limitation.

Security

We use technical and organisational security measures to protect the data we have under our control against accidental or intentional manipulation, loss or destruction and against access by unauthorised persons. Our security procedures are continually enhanced as new technology becomes available.

Your rights and how to exercise them

You may exercise your data protection rights at any time:

• Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed by Stormshield and, where that is the case, you have the right to know what specific data is being processed.
• Right to rectification: You have the right to obtain the rectification of any inaccurate personal data concerning you.
• Right to erasure ("right to be forgotten"): In certain cases, such as where the personal data is no longer necessary in relation to the purposes for which they were collected, you have the right to obtain the erasure of your personal data.
• Right to restriction of processing: You have the right to restrict the processing of your personal data where, for example, the processing is unlawful. You can also oppose its use by requesting it be erased. Where processing has been restricted, such personal data shall only be processed with your consent or for the exercise or defence of legal claims.
• Right to data portability: Under some circumstances provided by law, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and have the right to transmit such data to another (data) controller.
• Right to object and withdrawal of consent: Please refer to the “Obligation to provide personal data” section below.

To exercise any of these rights, please contact Stormshield either via email at dpo@stormshield.eu, or by writing to the address below, enclosing a copy of a document proving your identity:

Stormshield, Data Protection Officer, 1 Place Verrazzano, 69009 LYON, France

Obligation to provide personal data

You may object at any time to the processing of your personal data or, where your consent is required, withdraw such consent by contacting us at dpo@stormshield.eu. However, please note that if you withdraw your consent, you may not be able to access or use certain information, features or services of the website.

Automated decision-making

As a matter of principle, we do not use fully automated decision-making processes. In the event that we should use such processes in individual cases, we will, if required by law, specifically inform you of this and of your rights in this respect.

Using data for profiling purposes

As a matter of principle, your personal data will not be processed automatically with the objective of evaluating certain personal aspects (profiling). In the event that we should process your personal data with the objective of conducting profiling, we will, if required by law, specifically inform you of this and of your rights in this respect.

How to contact the data controller in charge of processing your personal data

If you are unhappy with the way in which your personal data has been processed or should you have questions regarding the processing of your personal data, you may refer in the first instance to the Stormshield Data Protection Officer, who is available for enquiries or complaints, at the following email address: dpo@stormshield.eu, or you can write to the address below:

Stormshield, Data Protection Officer, 1 Place Verrazzano, 69009 LYON, France

Obtaining assistance from data protection supervisory authorities

If the supplied answers are unsatisfactory, you may then directly approach the French data protection authority: the Commission Nationale de l'Informatique et des Libertés (CNIL).

Cookies

WHAT ARE COOKIES?

Cookies are small text files that may be downloaded on to your device when you access and use our website. They allow the website to recognise your device and store information about your preferences or past actions. We use cookies to record our users’ preferences, which then enables us to optimise the design of our website. They increase the user-friendliness of websites and applications, making them easier to browse. Cookies also help us to identify the most popular sections of our website. This enables us to provide content that is better suited to your needs and thereby improve our services. Cookies can be used to determine whether there has already been any contact between us and your device in the past.

Personal details can be saved in cookies, provided that you have consented. For example, cookies may be used to facilitate secure online access so that you do not need to enter your user ID and password every time you log in.

WHICH COOKIES DO WE USE?

Below is a table containing specific information on each cookie that we may use on our website:

If you continue browsing this website, we understand that you accept the use of cookies. You can revoke this consent at any time. You can also manage and control the cookies we use through the use of cookie tools.

HOW CAN YOU DISABLE OR DELETE COOKIES?

If you continue browsing this website, we understand that you accept the use of cookies. You can revoke this consent at any time. You can also manage and control the cookies we use through the use of cookie tools.

If you choose not to accept cookies, you can still access and use our website. Most browsers automatically accept cookies. You can prevent cookies from being stored on your device by setting your browser to not accept cookies. The exact instructions for this can be found in your browser’s user manual. You can delete cookies from your device at any time. However, if you choose not to accept cookies that are strictly necessary for the provision of services offered on our website, it may result in the reduced availability of such services.

For the purpose of statistical analysis, we use analytics tools such as Google Analytics and Google Tag Manager. You may object at any time to the collection and analysis of statistical data regarding your access to and use of our website by refusing related cookies.

To learn more about cookies, including how to find out what cookies have been installed on your device and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

Changes to this privacy policy

Stormshield will update this privacy notice from time to time in order to reflect the changes in our practices and services and to remain compliant with data protection laws and regulations. We will inform you of any substantial change in how we process your personal data.

Last update: 13.05.2020