DATA PROTECTION POLICY
Concerned about respecting your privacy and protecting the personal data you provide, Board of Cyber complies with current legislation on the protection of privacy and personal data. Your personal data is collected and processed in compliance with current legislation and the General Data Protection Regulation (GDPR), which came into force on May 25, 2018.
In a desire for total transparency we wish to inform you of the purposes for which the data collected via the website is processed, how this information is used and to inform you of your rights. We would also like to inform you about the devices put in place to guarantee you maximum security.
The Board of Cyber website is totally secure: from the home page onwards, you will be able to navigate securely using an https address. The https is a "secure hypertext transfer protocol". It guarantees the confidentiality and integrity of data sent by the user.
Board of Cyber is a hyper-growth French startup with 1 mission: to create an ecosystem of trust by encouraging organizations to continuously improve their cyber performance.
Board of Cyber is a Société par Actions Simplifiées (SAS), whose registered office is located at 7 avenue de la Cristallerie, 92310 Sèvres, registered in the Nanterre Trade and Companies Register under number 908 185 424.
Board of Cyber collects your personal data directly from you. In accordance with the RGPD principle of minimization, we only collect data that is necessary for the purposes for which it is processed.
Your personal data are collected and processed solely on the basis of the following legal grounds provided by the GDPR.
The processing operations carried out on the legal basis of contract performance or pre-contractual measures are as follows:
The processing operations carried out on the legal basis of consent are as follows:
The processing operations carried out on the legal basis of the legal obligation are as follows:
Your data will only be used for the above-mentioned purposes, in a relevant and proportionate manner. It relates to your identification and your contracts.
Finally, the collection of your data enables us to get to know you better and to improve our services by offering you products or services that are best suited to your needs.
In the strict context of the stated purposes, the recipients of your data are our employees in charge of the human resources department, the people in charge of the marketing department, the sales department and the back office.
Your data is hosted by Microsoft Azure, located in Central France. The back-up servers are also located in France.
The length of time your personal data is kept corresponds to the length of time required to implement the stated purposes, plus the statute of limitations.
In the absence of a contract or in the context of commercial prospecting, data may be kept for a period of 3 years from the end of the last contact.
Data processed as part of platform access management are deleted at the end of the service. Platform connection logs are deleted every 3 months.
A cookie is a simple text file stored temporarily or permanently on your fixed or mobile device, or in some cases in your browser.
Cookies are useful, even essential, for Internet browsing, as they enable website publishers to:
Deactivate cookies: when you first visit the site, a banner informs you of the presence of cookies and invites you to indicate your choice.
If you would like to know more about cookies, how they work and how they are used, please visit the [CNIL] website (https://www.cnil.fr/fr/cookies-et-autres-traceurs).
✅ Right to information: data subjects have a right of access to their own data; consequently, anyone setting up a file or processing personal data is obliged to inform data subjects of his or her identity, the purpose of the data collection and whether it is mandatory or optional, the recipients of the information, the rights granted to the data subject, and any data transfers to countries outside the European Union.
✅Right to object: if your personal data is not required or is no longer required for our contractual relationship, you may request that it no longer be processed. To exercise this right, please send your request to the address indicated in the paragraph "Your Contacts".
✅Access and rectification rights: you may request access to and rectification of your personal data at any time.
✅Right to erasure: once the retention period for your personal data has expired, you may request that it be erased.
✅Right to restriction of processing: the right to restriction of your data is a right that supplements your other rights. During the time we need to verify or examine your other rights, you can ask us to freeze the use of your data.
✅Right to data portability: at any time, you can request a copy of the data we have collected for the performance of your contract or with your consent. You can also ask us to pass on your data to a person of your choice.
✅Right to withdraw your consent: for all processing requiring your explicit consent, you have the right to withdraw it at any time, in particular for commercial prospecting.
✅The possibility of organizing the fate of your personal data after your death: you can give instructions concerning the retention, deletion and communication of your data after your death. To do this, you appoint a person to carry out your instructions. After your death, this person will be informed of your instructions and will ask for them to be implemented.
If you wish to exercise your rights or find out more, you can send your request to the address given in the paragraph entitled "Your Contacts".
To find out more about your rights, please visit the [CNIL] website (https://www.cnil.fr/fr/les-droits-pour-maitriser-vos-donnees-personnelles).
You can make a complaint as described in the section "Your contacts".
If you are not satisfied with the response you receive, you can contact the CNIL in the manner described on its website.
To exercise your rights or to contact the personal data manager for any additional information or complaint, you can contact the Board of Cyber Personal Data Officer at any time at the following address: [email protected].
You can also write to us at the following address: Board of Cyber, Bâtiment Crisco Duo, 7 avenue de la Cristallerie, 92310 Sèvres, France.
