Stormshield SAS (also known as “Stormshield”, or “we” or “our”) appreciates your interest in our products, services and business sectors and your use of our websites, portals and “applications”. Your privacy is important to us and we want you to feel comfortable using our websites. The protection of your privacy and your personal data is an important concern to which we pay particular attention throughout our business processes. Personal data collected when using our encryption service for Google Workspace, also called SDS encryption service for Google Workspace or Stormshield Data Security encryption service for Google Workspace, are processed by us, in accordance with the legal regulations in the European Union.
Stormshield is committed to protecting the rights of individuals in accordance with the General Data Protection Regulation (reference EU2016/679) of the European Parliament and of the Council of April 27, 2016 relating to the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as: “GDPR”) as well as each of the national laws and regulations applicable to the protection of personal data (collectively referred to as “Data protection laws and regulations”).
This privacy notice will inform you of the personal data we collect when you complete the test form; when you access/use the service; how we use and disclose your data; how you can control the use and disclosure of your data; and how we protect your personal data.
Personal data is information that can be used to identify a person directly or indirectly (hereinafter referred to as: "personal data". A "personal identifier" is information that can identify a person. This definition covers a wide range, personal identifiers can consist of personal data including name, address, email address, identification number, location data or online identifier.
In the context of our contractual or commercial relationship, or in the context of access to and use of the Stormshield Site(s), we collect, use and process the Personal Data you provide where relevant, which may include the following categories of data:
We use your personal data for administrative purposes, including to help us better understand how our customers access and use our websites and applications; to provide reports to potential partners, service providers, regulators and others; to implement and maintain security, anti-piracy, fraud prevention, and other services designed to protect our customers, partners, and us; and to enforce our policies, guidelines and processes.
To the extent permitted by law, we may use your personal data for marketing and promotional purposes, including communications by email or other equivalent electronic means. For example, we use your personal data to send you news and newsletters, special offers, promotions and competitions or to contact you in order to inform you of our services or to send you information which we believe may of interest to you.
We use your personal data to communicate with you. We may communicate with you in a variety of ways, including by email and through your social media accounts if you have consented, and/or by text message.
We use your personal data for customer service purposes, including to provide you with services, for technical support or other similar purposes and to provide you with tailored and personalized content and information based on your Stormshield product purchases; provide you with new updates; monitor the registration of your products; generate statistics on the deployment and use of our solutions...
We use your personal data for research and development purposes, including improving our websites, applications, services and customer experience and for other research and analytical purposes dedicated to improving our products and services.
We use your personal data to comply with applicable legal obligations, including to respond to an authority or court order or discovery request.
When we deem it necessary to investigate, prevent or take action in relation to illegal activities, suspected fraud, a situation involving potential threats to the safety of persons, or breaches of regulations, guidelines and other procedures.
What is the legal basis for processing your personal data?
As a responsible company, we need a legal basis to collect and/or process your data. We generally rely on a number of grounds (reasons) for our business processing.
We process your personal data in accordance with the provisions set out in the GDPR and applicable data protection laws and regulations. The legal basis for the processing of your Personal Data is:
When you subscribe to a particular service through the Website, the purposes of processing your personal data are primarily determined by that service and we will process your information in order to be able to provide that service to you.
Where you consent to the processing of your personal data by us for the service, you may withdraw this consent at any time by contacting us at the following address: firstname.lastname@example.org. For more information on your right of withdrawal, please see below the chapter "Am I obliged to provide my personal data?"
In some cases, we may not need your consent to use your data, given our legitimate interest in doing so, but we must inform you of this; by way of example, this is particularly the case:
Stormshield, like any other company, is subject to legal and regulatory obligations. In some cases, the processing of your Personal Data will be necessary for Stormshield to fulfill these obligations.
Stormshield processes your Personal Data in the EEA.
Stormshield is based in Europe, we process and host personal information in Europe, more specifically in France and Germany.
If your personal data is no longer necessary for the performance of contractual or legal obligations, it will be regularly erased, unless further processing is necessary, for example, to preserve specific evidence under laws and regulations applicable in terms of data protection, or within the framework of the statutory limitation periods.
Operational logs can be kept for a maximum of 1 year.
We use technical and organizational security measures to protect the data under our control against accidental or intentional manipulation, loss, destruction and against access by unauthorized persons. Our security procedures are continuously improved as new technologies become available.
You can exercise your data protection rights at any time:
To exercise your data protection rights, please contact Stormshield in writing or by e-mail at the following address: email@example.com or by writing to the address below, enclosing a copy of a document attesting to your identity.
Stormshield, Data Protection Officer, 1 Place VERRAZZANO, 69009 LYON, France
You can object to the processing of your Personal Data at any time or, where your consent is required, withdraw this consent by contacting us at firstname.lastname@example.org. However, please note that if you withdraw your consent, you may not be able to access and use certain information or features of the Service.
As a matter of principle, we do not use fully automated decision-making processes. In the event that we resort to such procedures in individual cases, we will inform you specifically, if this is prescribed by law, as well as your rights in this respect.
As a matter of principle, your Personal Data will not be processed automatically for the purpose of evaluating certain personal aspects (profiling). In the event that we process your Personal Data for the purpose of profiling, we will specifically inform you of this, if required by law, and of your rights in this regard.
If you are not satisfied with the way your Personal Data has been processed or if you have any questions regarding the processing of your Personal Data, you can first contact Stormshield's Data Protection Officer, available with any request or complaint, to the following email address: email@example.com or you can write to the address below:
Stormshield, Data Protection Officer, 1 Place VERRAZZANO, 69009 LYON, France
If the answers provided are not satisfactory, you can then contact the French data protection authority directly: the Commission Nationale de l'Informatique et des Libertés (CNIL).
Last update: 12/07/2022