DIGITAL GLOBAL PASS

Data Protection Policy B2B

1.   Purpose of the data protection policy

1. Given the relationship of trust that exists between Digital Virgo Group (Digital Virgo Group means Digital Virgo Entertainment companies, Digital Global Pass and Virgo Facilities), and its customers and partners, the Digital Virgo Group wanted to define its policy on the protection of personal data with regard to data protection regulations taking into account the European Union standards in this area and more particularly the Regulation on the protection of personal data (GDPR)[1].

2. By this data protection policy, the Digital Virgo Group undertakes in the framework of its activities and in accordance with the regulations in force, to protect in particular the privacy of its prospects, its customers, and its partners (the persons concerned, ensuring the protection, confidentiality and security of the personal data collected.

3. The Digital Virgo Group is committed to providing financial, human and technical resources to protect the human dignity, legitimate interests and fundamental rights of those concerned.

4. The main objective of this data protection policy is to concentrate in a single document clear, simple and precise information concerning the data processing operations carried out by the Digital Virgo Group, in order to enable the understanding of the information and the data, which personal data (hereinafter referred to as « personal data ») is collected, how it is used and what are the rights to such personal data.

5. The Digital Virgo Group reserves the right, at its sole discretion, to modify this data protection policy at any time, in accordance with the applicable data protection regulations.

2.   Governance of personal data

6. Digital Virgo Group has developed a personal data governance policy.

7. This policy includes all the guidelines, rules, procedures and practices put in place by the Digital Virgo Group to take into account the requirements of the regulations on the use and protection of personal data, the principles of which Directors are presented in this policy.

8. In this context, the Digital Virgo group has appointed a Data Protection Officer (DPO).

9. The mission of the DPO is to ensure compliance with data protection regulations and to liaise with the competent authorities and all those involved in the collection or processing of personal data.

10. The DPO can be contacted by anyone interested at the following mailing address: « RGPD Service – 350 rue Denis Papin 13594 Aix-en-Provence Cedex 3 » or at the email address hereafter « service-rgpd@digitalvirgo.com « .

3.   Definitions

        « anonymisation» means « the result of the processing of personal data in order to prevent, irreversibly, any identification [2]» ;

        « collect » means the collection of personal data. This collection can be done, in particular, using questionnaires or online forms;

        « consent» means any free, specific, enlightened and unequivocal expression of intent by which the data subject accepts, by a declaration or a clear positive act, that personal data concerning him / her can be collected and processed ;

        « service providers» refers in the broad sense to service providers, subcontractors, working with the Digital Virgo group;

        « profiling»[3] means « any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict elements relating to job performance » the economic situation, health, personal preferences, interests, reliability, behavior, location or movements of that natural person » ;

        « « products or services» refers to all products and services including digital (sites, applications and associated services) offered or to be offered by the Digital Virgo Group;

        « prospect » is the term given to any person who has entered into contact with the Digital Virgo Group to obtain information on a product or service offered by a Digital Virgo Group company,

 

        « controller» is the person or organization who, alone or jointly, determines the purposes and methods of processing your personal data;

 

        « online services» are digital services offered by a Digital Virgo group company such as websites, applications, or related services;

        « personal data processing» means any transaction or group of operations applied to the data, irrespective of the process used;

 

        « Digital Virgo Group» is the sum of Digital Virgo Entertainment, Digital Global Pass and Virgo Facilities.

4.   The context of collecting of personal data

11. Personal data may be collected primarily in the context of:

        coming into contact with the Digital Virgo group;

        the use by the customer of any products and services of the Digital Virgo Group, including digital services (websites, applications, and other related services);

        the relationship between the Digital Virgo Group, its prospects, its customers and its partners;

        the execution of contracts;

        the carrying out of legal obligations or regulations that are specific to the activities of the Digital Virgo Group and that have an impact on the protection of personal data such as tax, audit, fraud, etc .;

        as well as those relating to the management of the commercial relationship, particularly during complaints or satisfaction surveys; etc.

5.   Categories of data processed

12. Personal data refers to any information relating to a natural person that makes it possible to identify him directly or indirectly.

13. Among the data collected by the Digital Virgo group the following main categories exist: civil status, connection data, bank details.

14. Personal data collected may include: first and last name, telephone number, photograph, video recording, postal address, email address, function, IP address of the computer, the connection data to the applications of the Digital Virgo Group, banking data or any other documents necessary for the contractual relationship.

5.1  The declarative personal data

15. Personal data are those provided by data subjects and collected by the Digital Virgo Group in the context of commercial or contractual relationships.

16. The data comes mainly from the data subjects and persons authorized by the data subjects to transmit their to the Digital Virgo group.

17. For example, the data subject may be required to provide his surname, first name, contact details and possibly personal data relating to his professional situation. This data can be collected by forms that are dematerialized on a website or mobile application, paper or in response to questions asked for example by an employee of the Digital Virgo group.

18. Personal data may also be collected as part of administrative assistance.

5.2  The personal operating data of the products and services of the Digital Virgo Group

19. Personal data may come from the use by the persons concerned of products and services of the Digital Virgo Group or may relate to transactions carried out via the products and services offered by the Digital Virgo Group in the context of its relationship with the concerned person.

20. For example, information about the connection to the services offered or the use of online services (use of applications) is collected.

5.3  Personal data from third parties

21. The personal data processed may also come from:

        employers of the person concerned (contract undertaken);

        service providers;

        public or control authorities;

        subcontractors, service providers of the Digital Virgo group or third parties to the Digital Virgo group if their data protection policies permit;

        other products or services provided by third parties to which the data subjects have subscribed and / or for which it has authorized the sharing with the Digital Virgo group.

5.4  Public personal data

22. The Digital Virgo Group may collect public personal data concerning the data subjects

23. Public personal data is information or personal data produced or received by an administrative or public authority as part of its public service mission, published by an administrative authority or communicated to any person upon request.

24. Digital Virgo Group may use public information or personal data when permitted by law or regulation and in compliance with the specific rules of communication and reuse specified by said laws and regulations.

5.5  Calculated or inferred personal data

25. The Digital Virgo Group, from the declarative personal data or operating data of technological tools, may generate or calculate new personal data.

26. This is particularly the case in order to know its customers, to adapt its products and services, to customize the offers that can be made to customers, allowing the Digital Virgo Group to define profiles, sales or marketing segments.

5.6  Particular categories of data

27. Particular categories of personal data are data which reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic personal data, biometric personal data for the purpose of identifying a particular uniquely a natural person, personal data relating to health or personal data concerning the sexual life or sexual orientation of a natural person.

28. These categories of particular personal data, which must be subject to special attention, are not subject to treatment by the Digital Virgo Group, and in the event that their processing becomes necessary, the Digital Virgo Group commits itself to treat them under the conditions laid down by the regulations on the protection of personal data.

6.   Personal data processed by Digital Virgo Group

29. For customers, the following personal data is processed by the Digital Virgo Group:

        last name, first name ;

        gender;

        language ;

        Email adress;

        professional mailing address ;

        phone number;

        function ;

        employer ;

        connection and consultation data to electronic applications (IP, logs, plotters, dates …) ;

        bank details

7.   Recipients of the data collected by Digital Virgo Group

7.1  Digital Virgo Group as controller

30. The personal data collected, as well as those that will be collected later, is intended for the Digital Virgo group in its capacity as the controller.

31. The Digital Virgo Group ensures that only authorized persons can access the personal data of the persons concerned and when necessary for the performance of their tasks.

32. Certain personal data may be sent to third parties to satisfy legal, regulatory or contractual obligations or legally authorized authorities.

33. The categories of recipients of the data include: Digital Virgo group companies, financial and accounting services, legal department, sales department, internal customer relations department, technical service providers, service providers in charge of customer service.

7.2  The Digital Virgo Group as a subcontractor

34. Under its contracts with its partners, the Digital Virgo group may collect and process data on behalf of its partners, who in these cases are the data controllers and the final recipients of the data collected.

35. The Digital Virgo group ensures that the same security measures are put in place for these treatments and data, as are in place where the Digital Virgo group is the controller.

8.   Retention of personal data

36. Personal data is stored in the information systems of the Digital Virgo Group or its subcontractors or service providers. Subject to transmission to third parties, personal data is stored in a data center and processed in Europe.

37. As a matter of principle, the Digital Virgo Group has committed itself to selecting subcontractors and service providers that meet the best quality and safety criteria, and that offer sufficient guarantees, in terms of reliability, security, and resources, as well as with regards to the implementation of technical and organizational measures.

38. Lastly, the Digital Virgo group permanently localize the data hosting site in order to justify it to the supervisory authorities on which it depends.

9.   Guiding principles for the protection of personal data

39. The RGPD has reinforced the duty to provide information to those concerned with the collection of personal data.

9.1      Lawfulness, loyalty and transparency

9.1.1          Lawfulness

40. The Digital Virgo group is prohibited from carrying out a treatment that would be illegal, knowing that the lawfulness is assessed under one of the conditions described below.

41. Consent of the person concerned. The Digital Virgo Group may proceed with processing where the data subject has consented to the processing of his personal data for one or more specific purposes.

42. Such consent may be given by means of a written statement, including by electronic means, or an oral statement.

43. Execution of the contract or pre-contractual measures. The processing is implemented when it is necessary for the execution of the contract.

44. For example, a processing is implemented during the maintenance and management of contracts.

45. Statutory and regulatory obligations. The processing is necessary for compliance with the legal or regulatory obligations of the Digital Virgo Group

46. These legal or regulatory obligations are, for example, those relating to control and supervision related to the internal control to which the Digital Virgo group is subject, and more particularly to banking and tax obligations.

47. As such, it may be required to request specific information concerning certain operations if it is required by law or regulation and to transmit information and personal data to third parties.

48. Legitimate Interests of the Digital Virgo Group The legitimate interests of the Digital Virgo Group or a third party may be such as to warrant the Digital Virgo Group’s processing of the data of the data subject.

49. The legitimate interests pursued by the Digital Virgo group are varied but may include:

        improvement of the marketing knowledge of the people concerned;

        improvement of products and services;

        segmentation, profiling, prospecting, marketing segmentation;

 

50. These treatments are implemented taking into account the interests and fundamental rights of the persons concerned. As such, they are accompanied by measures and guarantees to ensure the protection of the interests and rights of the persons concerned that allow a balance with the legitimate interests pursued by the Digital Virgo group.

9.1.2          Loyalty and transparency

51. The Digital Virgo Group is committed to providing information that is fair, clear and transparent.

52. The Digital Virgo Group therefore undertakes to inform the persons concerned of each treatment that it implements with information notices.

9.2      Determined, explicit and legitimate purposes

53. Personal data is collected and processed by the Digital Virgo Group for specific, explicit, and legitimate purposes.

54. The Digital Virgo Group uses personal data in accordance with the terms of this data protection policy in a constant concern for the ethics and security of the personal data of its customers.

55. The Digital Virgo Group uses all or part of the personal data for the following main purposes:

        the execution of pre-contractual measures taken at the request of the persons concerned;

        the management of contracts and relations with its customers, suppliers and other partners of the Digital Virgo group;

        management of exchanges with partners, service providers, customers and / or suppliers of the Digital Virgo group;

        management of its activities (eg internal and external audit) and compliance with legal obligations;

        the management, protection and security of tools, websites and applications;

        measurement of quality and satisfaction;

        improvement of the services provided;

        service innovation;

        the realization of soliciting operation;

        the development of trade statistics;

        the management of claims under the law of persons;

        management of unpaid bills, litigation, the fight against fraud, money laundering and the financing of terrorism, and tax misappropriation;

        customer knowledge.

9.3      Suitability, relevance and limitation

56. For each treatment, the Digital Virgo Group undertakes to ensure that the treatments are adequate, and to collect and process only data strictly necessary for its intended purpose.

9.4  Accuracy of the data

57. The Digital Virgo Group is committed to ensuring the collection of complete and up-to-date data as circumstances permit.

58. The persons concerned have the right to implement their right to rectification, under the conditions given above, if they become aware of the existence of inaccurate data.

9.5      Shelf life and limitation of data

59. The Digital Virgo Group undertakes not to store personal data for longer than is necessary for the purposes for which it is stored or for longer than the duration provided for by the data protection regulations. staff.

Categories of personal data

Active conservation rules

1.      

Video surveillance

1 month from registration except in case of litigation where the records are kept for the duration of the litigation procedure

2.      

Management of customer and prospect files

For customers during the contractual relationship increased by 3 years
For prospects 3 years from the last contact from the prospect

3.      

Contract management

During the contractual relationship increased by 5 years.
For contracts concluded electronically during the contractual relationship increased by 10 years

4.      

Order management

10 years

5.      

Delivery management

10 years

6.      

Billing Management

10 years

7.      

Accounting and in particular the management of accounts receivable

10 years

8.      

Audience Measurement Statistics

6 months

9.      

Newsletter management

Until unsubscription

10.          

Keeping bank card numbers

Until the transaction is completed

11.          

Supplier and provider management

Concerning contracts and purchase orders: duration of the contractual relationship increased by the duration of the legal prescriptions ie 5 years
Invoices: 10 years from the end of the accounting year

60. After the expiration of the retention period, the data is destroyed in the Digital Virgo Group’s information system.

9.6      Commitment to security and confidentiality

61. The Digital Virgo group is committed to implementing security measures tailored to the degree of sensitivity of personal data to protect them against malicious intrusion, loss, alteration, or disclosure to unauthorized third parties.

62. All Groupe Digital Virgo premises in which personal data are processed are protected electronically and / or manually against the intrusion of unauthorized third parties.

63. The Digital Virgo Group has adopted internal policies and processes implementing measures that respect the principles of personal data protection from the moment of conception and the protection of personal data by default.

64. For example, it may pseudonymise personal data as soon as it is possible and necessary.

9.7      Right of persons

65. The persons whose data is processed enjoy the following rights, unless the Digital Virgo group has a legal obligation:

        the right to information;

        the right of access;

        the right of rectification;

        the right to erasure or the right to be forgotten;

        the right to portability;

        the rights of opposition;

        the right to limit treatment;

        the right of interrogation;

        the right to set guidelines for the storage, deletion and communication of personal data after death.

9.7.1                                                  How to exercise these rights

66. In the event of a question or request related to the processing of personal data by the Digital Virgo Group, data subjects are invited to contact: rgpd@digitalvirgo.com

9.7.2                                                  Right to appeal

67. The persons concerned have the right to file a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy.

68. The persons concerned may appeal to the competent authority.

9.8      Automated Decision

69. Data subjects are informed of the possibility of using their personal data during automated processing, including for profiling purposes.

70. Profiling is defined as « any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict elements relating to job performance. , the economic situation, health, personal preferences, interests, reliability, behavior, location or movements of that natural person» [4].

71. Data subjects have the right not to be the subject of a decision based exclusively on automated processing, including profiling, where that decision has legal effects or significantly affects the subject it in a similar way. This right does not apply where the decision is necessary for the conclusion or performance of a contract between the data subject and the Digital Virgo Group or where the processing in question is based on the explicit consent of the data subjects.

72. Automated personal data processing, performed in the circumstances described above, may only be implemented by the Digital Virgo Group if appropriate measures have been taken by it to safeguard the rights and freedoms as well as the legitimate interests of the persons concerned.

73. Moreover, the persons concerned have the right to demand human intervention or to express their point of view or to challenge the decision taken in an automated manner.

9.9      Profiling

74. The Digital Virgo Group may use personal data, in particular personal contact data as well as other indications and data transmitted for commercial and advertising purposes, in particular for internal analyzes and statistics, to improve its products and services and to send to the persons concerned information and offers relating to the products and services of the Digital Virgo Group, such as prospectuses, newsletters and other advertising messages.

75. The agreement of the persons concerned is always required for this type of treatment.

9.10  Supervision of transfers outside the European Union

76. The personal data that European citizens have transmitted to the Digital Virgo Group in accordance with the agreed purposes is transferred to a country of the European Union or outside the European Union.

77. As part of a transfer to a country outside the European Union, rules ensuring the protection and security of this information have been put in place.

78. The Digital Virgo Group takes all the necessary and adequate measures to ensure the security of personal data.

79. Such personal data may be communicated, at the request of the persons concerned, to official bodies and authorized administrative or judicial authorities, or to third parties.

10.         Special treatments

10.1                  Video Surveillance

80. As part of the implementation of the security measures, the Digital Virgo Group uses video surveillance systems in some of its premises and applicable regulations.

81. The data subjects are informed that these images are recorded and kept and that they can lead to the identification of the persons filmed either by the systems implemented or by the agents having access to said images.

82. Signs in filmed locations indicate to the persons concerned the existence of this type of device, the person in charge and the methods of exercise of their right of access to the visual recordings concerning them.

10.2  Cookies and other tracers

83. Cookies or other tracers are understood to mean tracers deposited and read, for example, when consulting a website, reading an electronic mail, installing or using software or a mobile application, regardless of the type of terminal used.

84. In order to improve the use and functionality of the Digital Virgo group’s websites, the company uses different types of « cookies » or other cookies, such as « pixel tags », some of which may be automatically registered and transmitted to websites of the companies of the group Digital Virgo personal data.

 

85. The Digital Virgo Entertainment group has set up a cookies policy to present on its websites. For more information please refer to the Cookies policy available on the site during your visit.

10.3   « Plug-in » and social modules

86. The access and use by the persons concerned of the websites or applications of the companies of the Digital Virgo group may give access of personal data to third-party service providers.

87. These features are not activated automatically but require the express authorization of the users. For example, the websites of Digital Virgo group companies can connect and transmit personal data to social networks such as Facebook, Twitter or Instagram, if the user uses certain features.

88. As these social networks use the data for tracing and advertising purposes, the Digital Virgo Group recommends consulting the data usage policies of the networks and taking measures to increase the confidentiality of the data.


[1] Reg. (EU) 2016/679 of 27 April 2016

[2] G29 opinion 05/2014 of April 10, 2014 on the Techniques of anonymisation (WP216)

[3] Reg. (EU) 2016/679 of 27-4-2016: OJ 2016 L 119 p.1 s., Art. 4 §4..

[4] Reg. (EU) 2016/679 of 27-4-2016: OJ 2016 L 119 p.1 s., Art. 4 §4.

t