Updated on May 7th 2021
In order to provide its services, PENTALOG needs to collect its Clients’ personal data.
Similarly, in order to receive the services of a Supplier, PENTALOG and the Supplier need to share personal data.
1. Data subjects concerned
1.1. Clients, Prospects and Contacts
“Client” means any entity receiving PENTALOG’s (or PENTALOG GROUP ‘affiliates) services against payment based on a contractual document or a gentleman agreement. “Clients” also includes Prospects (meaning a potential CLIENT of PENTALOG or to an affiliated company of the PENTALOG GROUP), collaborators of Clients, authorised person of Client or a Client’s representatives.
The preparatory steps for signing a contract requires the collection of personal data from the Client including, Client’s collaborators participating to the negotiation until the signature of the contract. Likewise, the execution of a contract also requires an exchange of personal data between the parties to the contract. It applies to PENTALOG and its Clients.
Besides the Prospects category, we can also count the Contacts when creating an account on our Website (e.g. to request for about an information available on our Website or to request for a price list, to obtain further information about our services, receive specific information or interact with PENTALOG, etc.)
“Supplier” means any entity which usually or punctually provides services and/or goods or a set of services and/goods to PENTALOG or an affiliate of PENTALOG GROUP. “Suppliers” also includes all employees of a services provider or a potential services provider of PENTLOG or to an affiliate of PENTALOG GROUP.
2. How does PENTALOG collect data?
2.1. Direct sources
Data may be provided directly through contact with the Client or Supplier as part of their business relationship with PENTALOG.
Data may also be collected directly by PENTALOG:
- when registering on the PENTALOG Website (e.g. request for a price list);
- from any Contact when creating an account on the Website;
- by posting a message on the PENTALOG Blog;
- by filling in a contact form on the Website;
- through direct contact via a contact address published on the Website;
- during a direct conversation between a Prospect, a Client and a PENTALOG’s employee at a meeting or event.
2.2. Indirect sources
Data may be provided indirectly to PENTALOG in several ways:
- If it is publicly and directly accessible;
- via a website or a third party;
- through an employee of a Prospect, Client or Supplier;
- from a recommendation made by a PENTALOG’s Client or internally;
- from a link via a third-party platform of professionals (e.g. LinkedIn);
- When requesting an information through pop-ups on social networks (ex: LinkedIn, Facebook, etc.) and/or internet browsers.
3. Legal basis for processing
PENTALOG complies with the GDPR for all kinds of processing. Indeed, a processing may be carried out with or without the consent of the data subject in accordance with the GDPR.
According to article 6 of the GDPR, the legal basis for processing must be clearly established. For the purpose of this requirement, the main legal bases for PENTALOG’s processing of its Suppliers’ and Clients’ personal data are described below:
- Preparation of a contract : The preparatory steps for signing a contract allow the processing of personal data without the consent of the individual concerned. PENTALOG may therefore process its Suppliers’ or Prospects’ data.
- Legal requirement : PENTALOG shall process a Client’s or Supplier’s personal data if legally required to do so (e.g. duty to pay a tax, etc.)
- Processing is necessary for the purpose of legitimate interests pursued by PENTALOG : PENTALOG shall use the legitimate interests when the consent has not been obtained and when the data has been collected indirectly. PENTALOG can confirm that the usage of the legitimate interests does not take priority over the interests or fundamental rights and freedoms of its Clients and Suppliers, and that interested parties can expect PENTALOG to process their personal data. However, Clients and Suppliers may oppose this kind of processing at any time.
- Consent : This is obtained when, for example, the Contact (Client or Supplier) creates an account on the Website, requests a contact form or contacts PENTALOG via a contact form, or leaves a comment on PENTALOG blog. If the consent is not obtained, PENTALOG will use another legal basis for processing.
- Protecting the vital interests of the individual concerned or another individual : this legal basis for processing shall be used on rare occasions by PENTALOG.
For non-EU or non-EEA based Suppliers, PENTALOG will implement his best efforts not to provide less legal ground for processing of their personal data according to their local applicable regulation.
4. How PENTALOG uses Clients’ or Suppliers’ data
PENTALOG uses its Clients’ or Suppliers’ personal data (professional email addresses) in a manner consistent with the principles set out in the GDPR. PENTALOG also wants to be clear about this type of processing in order to improve its relationships with its Suppliers and Clients.
PENTALOG Clients’ and Suppliers’ personal data is therefore used mainly in the following cases: business development, marketing, administrative, financial, and legal services, provision of services for a Client or from a Supplier.
4.1. Business development
PENTALOG targets Prospects in order to offer them services that meets their needs. To this end, PENTALOG uses its Prospects’ personal data in order to:
- Keep them informed of relevant offers and services;
- Invite them to events;
- Build supplier/customer relationships;
- Create a Client file on its internal system and include the necessary information on the company’s structure and trade. This enables us to get to know our partners better;
- Prepare a contract when a business deal is concluded with PENTALOG.
One of PENTALOG’s priorities is to provide only relevant information in marketing campaigns targeted at its Prospects or Clients, so that they expect to receive such information from PENTALOG.
Therefore, its Prospects’ or Clients’ personal data is used to send them:
- Personalised and targeted marketing information;
- Information likely to interest them;
- Aggregation of data used to assess the market;
- Follow-up Prospect /Client reports;
- Invitations to events (webinars, etc.);
- Requests for views on PENTALOG products or services;
- Information on changes made on the Website and new services.
4.3. Administrative, financial and legal service
PENTALOG uses its Clients’ or Suppliers’ personal data in order to receive or make payment.
This allows us to use the PENTALOG internal system to create for example quotes, invoices, purchase orders, and payment orders.
It also allows us to provide Clients and Suppliers with all the necessary payment information.
4.4. Provision of computer services and information systems
PENTALOG constantly learns from its experiences in order to offer even better services to its Clients. Similarly, the continuous improvement of its information system allows PENTALOG to improve its relationships with its Clients and Suppliers.
Therefore, the data collected is used to:
- Optimise products and services;
- Offer personalised products and services that meet expectations;
- Develop new products based on lessons learned;
- Identify Clients’ future needs in order to offer them more intuitive and tailored products.
5. Information collected by PENTALOG
5.1. Client contact details
These include mainly surnames, first names, telephone numbers, email addresses, company names, positions held, customer feedback, the latest information in PENTALOG’s possession and follow-up of communications.
This data is used mainly for business development, marketing, administrative and financial services, and the provision of IT services and for the information systems.
5.2. Supplier contact details
These include mainly surnames, first names, telephone numbers, email addresses, company names and positions held.
This data is used mainly for administrative and financial services, and the provision of computer services and information systems.
6. Confidentiality of your password
For every account created on the Website, the Contact is responsible for the confidentiality of the password he chooses when creating the account.
PENTALOG reminds to Contacts that they are solely responsible for keeping their password safe and not disclosing it to anyone. PENTALOG also advises Contacts to change their password regularly.
7. Data storage
7.1. PENTALOG does not intend to store its Clients’ or Suppliers’ personal data any longer than is necessary. PENTALOG’s key objective is to maintain some strong ties with its Clients and Suppliers while complying with the law and according to its own data retention policy.
7.2. Therefore, when data is collected for a specific purpose, once this has been achieved, PENTALOG shall not store the data on its systems. The only exceptions to this are where data retention is required by law or in the case of legitimate interests that would not call into question the rights and responsibilities of the individuals concerned.
7.3. When a Contact’s account is closed, the Contact’s personal data is usually removed within 24 hours. All information on the Contact’s account shall be removed within 30 days, with a few exceptions:
- If PENTALOG has to comply with legal requirements under applicable law;
- PENTALOG shall store some anonymised data for statistical purposes.
7.4. If a Contact’s account has been suspended or blocked as a result of a malicious post on the PENTALOG blog, data shall be stored from the suspension for a period of between 1 and 10 years in order to avoid any attacks on the integrity of PENTALOG.
8. Integration of third-party services
8.1. When creating an account on the Website, PENTALOG uses reCaptcha provided by Google Ireland Limited, a company incorporated and operated under Irish law (registered number: 368047), with registered office at Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google")
8.2. According to Google , reCAPTCHA, uses an advanced risk analysis engine and adaptive challenges to keep malicious software from engaging in abusive activities on our Website, “meanwhile, legitimate users will be able to login, make purchases, view pages, or create accounts and fake users will be blocked ”.
8.3. In other words, the primary purpose of this function is to decide whether the filling of a contact form is carried out by a natural person or in an abusive manner by means of mechanical and automated processing.
8.4. The service includes sending Google the IP address and any additional data requested by Google as part of the reCAPTCHA service and, in accordance with Art.6 para.1 lit.f GDPR is based on PENTALOG legitimate interest in determining the personal intention of Internet activity as well as in avoiding abuse and unwanted manipulation and prevention of undesired mailing (spam).
8.5. The reCAPTCHA algorithm checks to see if there is a Google cookie placed on the computer being used. An additional reCAPTCHA-specific cookie will then be added to the Contacts browser allowing a complete snapshot of the Contact’s browser window at that moment in time.
8.6. Information gathered includes:
- All cookies placed by Google over the last 6 months
- How many mouse clicks a Contact have made on that screen (or touches on a touch device)
- The CSS information for that page
- The date
- The language a Contact’s browser is set to
- Any plugins a Contact have installed on the browser
8.7. The reCAPTCHA analyzes are performed entirely in the background. When using our Website, Contacts are not notified when an analysis is performed. To obtain more information, Contacts can read Google’s terms and privacy.
Return to Chapter "GENERALITIES".