Stormshield SAS (also known as, “Stormshield”, or “we” or “us”) appreciate your interest in our products, services and business lines and your use of our websites, portals and “apps” (“Websites”).
Your privacy is important to us and we want you to feel comfortable using our websites.
Stormshield is committed to protecting the rights of individuals in line with the General Data Protection Regulation (reference EU2016/679) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (hereinafter referred as : ‘GDPR’) as well as each applicable national Personal Data protection laws and regulations (collectively referred as “Data Protection Laws and Regulations”). The protection of your privacy and Personal Data is an important concern to which we pay special attention throughout our business processes.
However, the website will include links to other websites or applications which are not necessarily covered by this Privacy Notice. In this event, we encourage you to carefully read the privacy policies of such websites.
What is Personal Data?
Personal Data is information that can be used to identify a person either directly or indirectly (hereinafter referred as : ‘Personal Data’. A ‘personal identifier’ is a piece of information that can identify an individual. This definition covers a wide range of personal identifiers to constitute Personal Data, including name, address, email address, identification number, location data or online identifier.
Which sources and what Personal Data do we use?
In the course of the contractual or client relationship between you or your organisation and Stormshield and/or access and use of Stormshield Website(s), we will collect, use and process Personal Data you provide when relevant, such as the following categories of data:
- Identification data: Name, First name, Date of Birth, contact details (job title and function, professional phone number, employer name), images, videos, voice;
- Social circumstances;
- Professional Data: email address, phone number;
- Economic and Financial data: for processing payment/s and fraud prevention such as IBAN of your organisation, Bank ID Number, other billing information;
- Location data;
- IT data: IP address, user account, login, logs activities, date and length of your visit on our Websites, the pages you view;
- Special categories of personal data.
What are the purposes of the processing of your Personal Data?
By using the Website, Stormshield will collect and process your Personal Data in accordance with this Notice. Your Personal Data may be used for the following purposes (hereinafter referred as : the ‘Purposes’):
- Website Browsers / Administration. We use your Personal Data for administrative purposes, including to help us better understand how our customers access and use our websites and applications; to provide reports to prospective partners, service providers, regulators, and others; to implement and maintain security, anti-piracy, fraud prevention, and other services designed to protect our customers, partners and us; and to enforce our policies, directives and processes.
- Marketing. To the extent permitted by law, we may use your Personal Data for marketing and promotional purposes, including communications through email or equivalent electronic means. For example, we use your Personal Data, such as your email address, to send news and newsletters, special offers, promotions and competitions, or to otherwise contact you about services or information we think will interest you.
- Communication. We use your Personal Data to communicate with you, including responding to requests for assistance. We can communicate with you in a variety of ways, including email and via your social media accounts if you have agreed, and/or text message.
- Customer service. We use your Personal Data for customer service purposes, including providing services to you, for technical support or other similar purposes and to establish and maintain customer accounts.
- Research and development. We use your Personal Data for research and development purposes, including improving our websites, applications, services, and customer experience and for other research and analytical purposes dedicated to improving our products, services, businesses, operations and processes.
- Legal compliance. We use your Personal Data to comply with applicable legal obligations, including responding to an authority or court order or discovery request.
- To protect us and others. Where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of policies, terms, and other policies.
What is the basis for processing of your Personal Data?
As a responsible company, we need a lawful basis for collecting and/or processing your data. We generally rely on a number of grounds (reasons) for our business processing.
We process your Personal Data in accordance with the provisions set out in the GDPR and the relevant applicable Data Protection Laws and Regulations. The legal basis for processing your Personal Data are:
- To comply with contractual obligations. When you subscribe to a particular service through the Website, the purposes of processing your Personal Data are primarily determined by that service and we will process your information so that we can provide that service to you.
- As a result of your consent. When you have consented to the processing of your Personal Data by us for certain services through the Website, you can withdraw consent at any time by following the instructions provided in the application process or by contacting us at email@example.com. For further information on the right of withdrawal, please see below Section “Am I obliged to provide my Personal Data?”
- Within the scope of a legitimate interest. On occasion we may not need your consent to use your data, given our legitimate interest to do so but we must inform you that we do this; examples of this are:
- For the administration and management and performance of our business relationship including accounting, auditing, performance of the contract.
- For the analysis and optimisation of the Website.
- For ensuring IT security (to detect security threats, frauds or other malicious or criminal activities) and the IT operation of Stormshield.
- For prevention and investigation of criminal acts.
- For ensuring efficient communication and to keep you up-to-date on the latest information about our services, solution and/or business activities, events, marketing campaigns, market analysis or other promotional activities and for analysis and improving the quality of our services and communication with you.
- For monitoring the compliance with our policies and standards.
- On the basis of Stormshield’ legal obligations or in the public interest. Stormshield, as any other company, is subject to legal obligations and regulations. In some cases the processing of your Personal Data will be necessary for Stormshield in other to fulfil these obligations.
Who will receive your Personal Data?
- Authorised persons working for or on behalf of Stormshield; including our agents, service providers and advisers (e.g. Third party service providers and advisers providing the variety of products and services we need such as IT maintenance and support, procurement services, compliance and security services, etc.);
- Stormshield business partners in connection with our activities;
- Law enforcement or government authorities where necessary to comply with applicable law, or in response to any subpoenas, court orders, or to establish or exercise our legal rights or to defend against legal claims.
Which countries will Stormshield transfer Personal Data to?
Stormshield processes your Personal Data mostly in the EEA. On occasion Personal Data is transferred to the relevant recipients as described in Section “Who will receive your Personal Data?”, on a need-to-know basis, including entities outside the EEA.
This transfer is subject to appropriate safeguards, and through standard contractual clauses set out by the European Commission.
For Stormshield, EEA is where most of our processing of personal information takes place and below is a list of countries where Stormshield operates:
Algeria, Australia, Belgium, Brazil, Canada, Chile, China, Czech republic, Denmark, Egypt, Finland, France, French Guyana, Germany, Greece, Hong Kong, Hungary, India, Indonesia, Ireland, Italy, Japan, Kazakhstan, Libya, Malaysia, Mexico, Morocco, Netherlands, New Zealand, Norway, Oman, Philippines, Poland, Qatar, Romania, Russia, Saudi Arabia, Singapore, Slovakia, South Africa, South Korea, Spain, Sweden, Taiwan, Tanzania, Thailand, Tunisia, Turkey, United Kingdom, United States of America, Uruguay, United Arab Emirates, Vietnam.
For how long will your Personal Data be stored?
We process and store your Personal Data as long as it is required to meet our contractual and statutory obligations. If your Personal Data is no longer required for the performance of the contractual or statutory obligations, these will be erased on a regular basis unless further processing is necessary, for instance, for preserving particular evidence under the applicable Data Protection Laws and Regulations, or in the context of legal statutes of limitation.
We use technical and organisational security measures in order to protect the data we have under our control against accidental or intentional manipulation, loss, destruction and against access by unauthorised persons. Our security procedures are continually enhanced as new technology becomes available.
What are your rights and how to exercise them?
You may at any time exercise your data protection rights:
- Right to access/obtain a report detailing the information held about you: You have the right to obtain confirmation as to whether or not your Personal Data is being processed by Stormshield and if so, what specific data is being processed.
- Right to correct Personal Data: You have the right to change any inaccurate Personal Data concerning you.
- Right to be forgotten: In some cases, for instance, when the Personal Data is no longer necessary in relation to the Purposes for which they were collected, you have the right for your Personal Data to be erased.
- Right to stop the processing of your data: You have the right to restrict the processing of your Personal Data by Stormshield, for instance when the processing is unlawful and you oppose the erasure of your Personal Data. In such cases, your Personal Data will only be processed with your consent or for the exercise or defense of legal claims.
- Right to data portability: Under some circumstances provided by law, you have the right to receive the Personal Data concerning you in a structured, commonly used and machine-readable format and/or transmit those Personal Data to another data controller.
- Right to object and to withdraw consent: please see below section “Am I obliged to provide my Personal Data?”
To this effect, please contact Stormshield in writing either by e-mail at the following address: firstname.lastname@example.org or by writing to the addresses below, enclosing a copy of a document evidencing your identity.
Stormshield, Data Protection Officer,1 place VERRAZZANO, 69009 LYON, France
Am I obliged to provide my Personal Data?
You may at any time object to the processing of your Personal Data or where your consent is required, withdraw such consent by contacting us at email@example.com; However, please note that if you withdraw your consent, you may not be able to access and use certain information, features or services of the Website.
To what extent will decision-making be automated?
As a matter of principle, we do not use fully automated decision-making processes. In the event that we should use such processes in individual cases, we will if prescribed by law, specifically inform you of this and of your rights in this respect.
Will profiling take place?
As a matter of principle, your Personal Data will not be processed automatically with the objective of evaluating certain personal aspects (profiling). In the event that we should process your Personal Data with the objective of conducting profiling, we will, if prescribed by law, specifically inform you of this and of your rights in this respect.
How can I contact Stormshield in respect of my Personal Data?
If you are unhappy with the way in which your Personal Data has been processed or should you have questions regarding the processing of your Personal Data, you may refer in the first instance to the Stormshield Data Protection Officer, who is available for enquiries or complaints, at the following email address:
firstname.lastname@example.org or you can write to the address below:
Stormshield, Data Protection Officer, 1 place VERRAZZANO, 69009 LYON, France
Can I ask for assistance to the competent authorities?
If the supplied answers are unsatisfactory, you may then directly approach the French data protection authority: the Commission Nationale de l'Informatique et des Libertés (CNIL).
Modification of the Privacy Notice
Stormshield will update this Privacy Notice from time to time in order to reflect the changes in our practices and services and also to remain compliant to Data Protection Laws and Regulations. We will inform you of any substantial modification in how we process your Personal Data.
Last update: 29/03/2022