PENTALOG PRIVACY POLICY FOR CLIENTS AND SUPPLIERS

Updated on  May 7th 2021

 

In order to provide its services, PENTALOG needs to collect its Clients’ personal data.

Similarly, in order to receive the services of a Supplier, PENTALOG and the Supplier need to share personal data.

The terms used in the presents shall have the meanings set forth herein or in the GENERALITIES chapter of the PENTALOG’s Privacy Policy.

Capitalized
terms not otherwise defined herein shall have the meaning given to them
in the “GENERALITES” chapter of the PENTALOG’s Privacy Policy.

Except as modified below, the terms of the “ GENERALITIES” chapter of the PENTALOG’s Privacy Policy shall remain in full force and effect.

1. Data subjects concerned

1.1. Clients, Prospects and Contacts

Client
means any entity receiving PENTALOG’s (or PENTALOG GROUP ‘affiliates)
services against payment based on a contractual document or a gentleman
agreement. “Clients” also includes Prospects (meaning a potential CLIENT
of PENTALOG or to an affiliated company of the PENTALOG GROUP),
collaborators of Clients, authorised person of Client or a Client’s
representatives.

The preparatory steps for signing a contract
requires the collection of personal data from the Client including,
Client’s collaborators participating to the negotiation until the
signature of the contract. Likewise, the execution of a contract also
requires an exchange of personal data between the parties to the
contract. It applies to PENTALOG and its Clients.

Besides the
Prospects category, we can also count the Contacts when creating an
account on our Website (e.g. to request for about an information
available on our Website or to request for a price list, to obtain
further information about our services, receive specific information or
interact with PENTALOG, etc.)

1.2. Suppliers

Supplier
means any entity which usually or punctually provides services and/or
goods or a set of services and/goods to PENTALOG or an affiliate of
PENTALOG GROUP. “Suppliers” also includes all employees of a services
provider or a potential services provider of PENTLOG or to an affiliate
of PENTALOG GROUP.

2. How does PENTALOG collect data?

2.1. Direct sources

Data may be provided directly through contact with the Client or Supplier as part of their business relationship with PENTALOG.

Data may also be collected directly by PENTALOG:

  • when registering on the PENTALOG Website (e.g. request for a price list);
  • from any Contact when creating an account on the Website;
  • by posting a message on the PENTALOG Blog;
  • by filling in a contact form on the Website;
  • through direct contact via a contact address published on the Website;
  • during a direct conversation between a Prospect, a Client and a PENTALOG’s employee at a meeting or event.

2.2. Indirect sources

Data may be provided indirectly to PENTALOG in several ways:

  • If it is publicly and directly accessible;
  • via a website or a third party;
  • through an employee of a Prospect, Client or Supplier;
  • from a recommendation made by a PENTALOG’s Client or internally;
  • from a link via a third-party platform of professionals (e.g. LinkedIn);
  • When requesting an information through pop-ups on social networks (ex: LinkedIn, Facebook, etc.) and/or internet browsers.

3. Legal basis for processing

PENTALOG
complies with the GDPR for all kinds of processing. Indeed, a
processing may be carried out with or without the consent of the data
subject in accordance with the GDPR.

According to article 6 of the
GDPR, the legal basis for processing must be clearly established. For
the purpose of this requirement, the main legal bases for PENTALOG’s
processing of its Suppliers’ and Clients’ personal data are described
below:

  • Preparation of a contract : The
    preparatory steps for signing a contract allow the processing of
    personal data without the consent of the individual concerned. PENTALOG
    may therefore process its Suppliers’ or Prospects’ data.
  • Legal requirement : PENTALOG shall process a Client’s or Supplier’s personal data if legally required to do so (e.g. duty to pay a tax, etc.)
  • Processing is necessary for the purpose of legitimate interests pursued by PENTALOG :
    PENTALOG shall use the legitimate interests when the consent has not
    been obtained and when the data has been collected indirectly. PENTALOG
    can confirm that the usage of the legitimate interests does not take
    priority over the interests or fundamental rights and freedoms of its
    Clients and Suppliers, and that interested parties can expect PENTALOG
    to process their personal data. However, Clients and Suppliers may
    oppose this kind of processing at any time.
  • Consent :
    This is obtained when, for example, the Contact (Client or Supplier)
    creates an account on the Website, requests a contact form or contacts
    PENTALOG via a contact form, or leaves a comment on PENTALOG blog. If
    the consent is not obtained, PENTALOG will use another legal basis for
    processing.
  • Protecting the vital interests of the individual concerned or another individual : this legal basis for processing shall be used on rare occasions by PENTALOG.

For
non-EU or non-EEA based Suppliers, PENTALOG will implement his best
efforts not to provide less legal ground for processing of their
personal data according to their local applicable regulation.

4. How PENTALOG uses Clients’ or Suppliers’ data

PENTALOG
uses its Clients’ or Suppliers’ personal data (professional email
addresses) in a manner consistent with the principles set out in the
GDPR. PENTALOG also wants to be clear about this type of processing in
order to improve its relationships with its Suppliers and Clients.

PENTALOG
Clients’ and Suppliers’ personal data is therefore used mainly in the
following cases: business development, marketing, administrative,
financial, and legal services, provision of services for a Client or
from a Supplier.

4.1. Business development

PENTALOG
targets Prospects in order to offer them services that meets their
needs. To this end, PENTALOG uses its Prospects’ personal data in order
to:

  • Keep them informed of relevant offers and services;
  • Invite them to events;
  • Build supplier/customer relationships;
  • Create
    a Client file on its internal system and include the necessary
    information on the company’s structure and trade. This enables us to get
    to know our partners better;
  • Prepare a contract when a business deal is concluded with PENTALOG.

4.2. Marketing

One
of PENTALOG’s priorities is to provide only relevant information in
marketing campaigns targeted at its Prospects or Clients, so that they
expect to receive such information from PENTALOG.

Therefore, its Prospects’ or Clients’ personal data is used to send them:

  • Personalised and targeted marketing information;
  • Information likely to interest them;
  • Aggregation of data used to assess the market;
  • Follow-up Prospect /Client reports;
  • Invitations to events (webinars, etc.);
  • Requests for views on PENTALOG products or services;
  • Information on changes made on the Website and new services.

4.3. Administrative, financial and legal service

PENTALOG uses its Clients’ or Suppliers’ personal data in order to receive or make payment.
This allows us to use the PENTALOG internal system to create for example quotes, invoices, purchase orders, and payment orders.

It also allows us to provide Clients and Suppliers with all the necessary payment information.

4.4. Provision of computer services and information systems

PENTALOG
constantly learns from its experiences in order to offer even better
services to its Clients. Similarly, the continuous improvement of its
information system allows PENTALOG to improve its relationships with its
Clients and Suppliers.

Therefore, the data collected is used to:

  • Optimise products and services;
  • Offer personalised products and services that meet expectations;
  • Develop new products based on lessons learned;
  • Identify Clients’ future needs in order to offer them more intuitive and tailored products.

5. Information collected by PENTALOG

5.1. Client contact details

These
include mainly surnames, first names, telephone numbers, email
addresses, company names, positions held, customer feedback, the latest
information in PENTALOG’s possession and follow-up of communications.

This
data is used mainly for business development, marketing, administrative
and financial services, and the provision of IT services and for the
information systems.

5.2. Supplier contact details

These include mainly surnames, first names, telephone numbers, email addresses, company names and positions held.

This
data is used mainly for administrative and financial services, and the
provision of computer services and information systems.

6. Confidentiality of your password

For
every account created on the Website, the Contact is responsible for
the confidentiality of the password he chooses when creating the
account.

PENTALOG reminds to Contacts that they are solely
responsible for keeping their password safe and not disclosing it to
anyone. PENTALOG also advises Contacts to change their password
regularly.

7. Data storage

7.1. PENTALOG
does not intend to store its Clients’ or Suppliers’ personal data any
longer than is necessary. PENTALOG’s key objective is to maintain some
strong ties with its Clients and Suppliers while complying with the law
and according to its own data retention policy.

7.2. Therefore,
when data is collected for a specific purpose, once this has been
achieved, PENTALOG shall not store the data on its systems. The only
exceptions to this are where data retention is required by law or in the
case of legitimate interests that would not call into question the
rights and responsibilities of the individuals concerned.

7.3.
When a Contact’s account is closed, the Contact’s personal data is
usually removed within 24 hours. All information on the Contact’s
account shall be removed within 30 days, with a few exceptions:

  • If PENTALOG has to comply with legal requirements under applicable law;
  • PENTALOG shall store some anonymised data for statistical purposes.

7.4.
If a Contact’s account has been suspended or blocked as a result of a
malicious post on the PENTALOG blog, data shall be stored from the
suspension for a period of between 1 and 10 years in order to avoid any
attacks on the integrity of PENTALOG.

8. Integration of third-party services

8.1.
When creating an account on the Website, PENTALOG uses reCaptcha
provided by Google Ireland Limited, a company incorporated and operated
under Irish law (registered number: 368047), with registered office at
Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to
as "Google")

8.2. According to Google , reCAPTCHA,
uses an advanced risk analysis engine and adaptive challenges to keep
malicious software from engaging in abusive activities 
on our Website, “meanwhile, legitimate users will be able to login, make purchases, view pages, or create accounts and fake users will be blocked ”.

8.3.
In other words, the primary purpose of this function is to decide
whether the filling of a contact form is carried out by a natural person
or in an abusive manner by means of mechanical and automated
processing.

8.4. The service includes sending Google the IP
address and any additional data requested by Google as part of the
reCAPTCHA service and, in accordance with Art.6 para.1 lit.f GDPR is
based on PENTALOG legitimate interest in determining the personal
intention of Internet activity as well as in avoiding abuse and unwanted
manipulation and prevention of undesired mailing (spam).

8.5. The
reCAPTCHA algorithm checks to see if there is a Google cookie placed on
the computer being used. An additional reCAPTCHA-specific cookie will
then be added to the Contacts browser allowing a complete snapshot of
the Contact’s browser window at that moment in time.

8.6. Information gathered includes:

  • All cookies placed by Google over the last 6 months
  • How many mouse clicks a Contact have made on that screen (or touches on a touch device)
  • The CSS information for that page
  • The date
  • The language a Contact’s browser is set to
  • Any plugins a Contact have installed on the browser
  • All Javascript objects 

8.7.
The reCAPTCHA analyzes are performed entirely in the background. When
using our Website, Contacts are not notified when an analysis is
performed. To obtain more information, Contacts can read Google’s terms and privacy.
 

Return to Chapter "GENERALITIES".