Updated on December 17th 2020
In order to provide its services, PENTALOG needs to collect its Clients’ personal data.
Similarly, in order to receive the services of a Supplier, PENTALOG and the Supplier need to share personal data.
1. Data subjects concerned
1.1. Clients, Prospects and Contacts
“Client” means any entity receiving PENTALOG’s (or PENTALOG GROUP ‘affiliates) services against payment based on a contractual document or a gentleman agreement. “Clients” also includes Prospects (meaning a potential CLIENT of PENTALOG or to an affiliated company of the PENTALOG GROUP), collaborators of Clients, authorised person of Client or a Client’s representatives.
The preparatory steps for signing a contract requires the collection of personal data from the Client including, Client’s collaborators participating to the negotiation until the signature of the contract. Likewise, the execution of a contract also requires an exchange of personal data between the parties to the contract. It applies to PENTALOG and its Clients.
Next to the Prospects category, we can also count the Contacts when creating an account on the Website (e.g. MyPentalog, a request for information sent to PENTALOG via its Website or a request for a price list).
“Supplier” means any entity which usually or punctually provides services and/or goods or a set of services and/goods to PENTALOG or an affiliate of PENTALOG GROUP. “Suppliers” also includes all employees of a services provider or a potential services provider of PENTLOG or to an affiliate of PENTALOG GROUP.
2. How does PENTALOG collect data?
2.1. Direct sources
Data may be provided directly through contact with the Client or Supplier as part of their business relationship with PENTALOG.
Data may also be collected directly by PENTALOG:
- when registering on the PENTALOG Website (e.g. request for a price list);
- from any Contact when creating an account on the Website (e.g. MyPentalog);
- by posting a message on the PENTALOG Blog;
- by filling in a contact form on the Website;
- through direct contact via a contact address published on the Website;
- during a direct conversation between a Prospect, a Client and a PENTALOG’s employee at a meeting or event.
2.2. Indirect sources
Data may be provided indirectly to PENTALOG in several ways:
- If it is publicly and directly accessible;
- via a website or a third party;
- through an employee of a Prospect, Client or Supplier;
- from a recommendation made by a PENTALOG’s Client or internally;
- from a link via a third-party platform of professionals (e.g. LinkedIn);
- When requesting an information through pop-ups on social networks (ex: LinkedIn, Facebook, etc.) and/or internet browsers.
3. Legal basis for processing
PENTALOG complies with the GDPR for all kinds of processing. Indeed, a processing may be carried out with or without the consent of the data subject in accordance with the GDPR.
According to article 6 of the GDPR, the legal basis for processing must be clearly established. For the purpose of this requirement, the main legal bases for PENTALOG’s processing of its Suppliers’ and Clients’ personal data are described below:
- Preparation of a contract: The preparatory steps for signing a contract allow the processing of personal data without the consent of the individual concerned. PENTALOG may therefore process its Suppliers’ or Prospects’ data.
- Legal requirement: PENTALOG shall process a Client’s or Supplier’s personal data if legally required to do so (e.g. duty to pay a tax, etc.)
- Processing is necessary for the purpose of legitimate interests pursued by PENTALOG: PENTALOG shall use the legitimate interests when the consent has not been obtained and when the data has been collected indirectly. PENTALOG can confirm that the usage of the legitimate interests does not take priority over the interests or fundamental rights and freedoms of its Clients and Suppliers, and that interested parties can expect PENTALOG to process their personal data. However, Clients and Suppliers may oppose this kind of processing at any time.
- Consent: This is obtained when, for example, the Contact (Client or Supplier) creates an account on the PENTALOG website (e.g. MyPentalog), requests a contact form or contacts PENTALOG via a contact form, or leaves a comment on PENTALOG blog. If the consent is not obtained, PENTALOG will use another legal basis for processing.
- Protecting the vital interests of the individual concerned or another individual: this legal basis for processing shall be used on rare occasions by PENTALOG.
For non-EU or non-EEA based Suppliers, PENTALOG will implement his best efforts not to provide less legal ground for processing of their personal data according to their local applicable regulation.
4. How PENTALOG uses Clients’ or Suppliers’ data
PENTALOG uses its Clients’ or Suppliers’ personal data (professional email addresses) in a manner consistent with the principles set out in the GDPR. PENTALOG also wants to be clear about this type of processing in order to improve its relationships with its Suppliers and Clients.
PENTALOG Clients’ and Suppliers’ personal data is therefore used mainly in the following cases: business development, marketing, administrative, financial and legal services, provision of services.
4.1. Business development
PENTALOG targets Prospects in order to offer them services that meets their needs. To this end, PENTALOG uses its Prospects’ personal data in order to:
- Keep them informed of relevant offers and services;
- Invite them to events;
- Build supplier/customer relationships;
- Create a Client file on its internal system and include the necessary information on the company’s structure and trade. This enables us to get to know our partners better;
- Prepare a contract when a business deal is concluded with PENTALOG.
One of PENTALOG’s priorities is to provide only relevant information in marketing campaigns targeted at its Prospects or Clients, so that they expect to receive such information from PENTALOG.
Therefore, its Prospects’ or Clients’ personal data is used to send them:
- Personalised and targeted marketing information;
- Information likely to interest them;
- Aggregation of data used to assess the market;
- Follow-up Prospect /Client reports;
- Invitations to events (webinars, etc.);
- Requests for views on PENTALOG products or services;
- Information on changes made on the Website and new services.
4.3. Administrative, financial and legal service
PENTALOG uses its Clients’ or Suppliers’ personal data in order to receive or make payment.
This allows us to use the PENTALOG internal system to create for example quotes, invoices, purchase orders, and payment orders.
It also allows us to provide Clients and Suppliers with all the necessary payment information.
4.4. Provision of computer services and information systems
PENTALOG constantly learns from its experiences in order to offer even better services to its Clients. Similarly, the continuous improvement of its information system allows PENTALOG to improve its relationships with its Clients and Suppliers.
Therefore, the data collected is used to:
- Optimise products and services;
- Offer personalised products and services that meet expectations;
- Develop new products based on lessons learned;
- Identify Clients’ future needs in order to offer them more intuitive and tailored products.
5. Information collected by PENTALOG
5.1. Client contact details
These include mainly surnames, first names, telephone numbers, email addresses, company names, positions held, customer feedback, the latest information in PENTALOG’s possession and follow-up of communications.
This data is used mainly for business development, marketing, administrative and financial services, and the provision of IT services and for the information systems.
5.2. Supplier contact details
These include mainly surnames, first names, telephone numbers, email addresses, company names and positions held.
This data is used mainly for administrative and financial services, and the provision of computer services and information systems.
6. Confidentiality of your password
For every account created on the Site (e.g. MyPentalog), the user is responsible for the confidentiality of the password they chose when creating their account.
PENTALOG reminds users that they are solely responsible for keeping this password safe and not disclosing it to anyone. PENTALOG also advises users to change their password regularly.
7.1. PENTALOG does not intend to store its Clients’ or Suppliers’ personal data any longer than is necessary. PENTALOG’s key objective is to maintain some strong ties with its Clients and Suppliers while complying with the law and according to its own data retention policy.
7.2. Therefore, when data is collected for a specific purpose, once this has been achieved, PENTALOG shall not store the data on its systems. The only exceptions to this are where data retention is required by law or in the case of legitimate interests that would not call into question the rights and responsibilities of the individuals concerned.
7.3. When an account is closed (e.g. MyPentalog), the user’s personal data is usually removed within 24 hours. All information on the user’s account shall be removed within 30 days, with a few exceptions:
7.4. If a user account has been suspended or blocked as a result of a malicious post on the PENTALOG blog, data shall be stored from the suspension for a period of between 1 and 10 years in order to avoid any attacks on the integrity of PENTALOG.
Return to Chapter "GENERALITIES".