Legal Terms.
2. Who We Are
Etix Everywhere, a simplified joint-stock company with a single shareholder, headquartered at 2 Impasse Joséphine Baker, 44800 Saint-Herblain, owns high-end data centers for hosting critical IT and telecom infrastructures for businesses and communities. Our business activities are organized around four major areas: data center hosting, data center management, IT outsourcing, and telecom services.
3. Privacy Context and Objectives
At Etix Everywhere, we are committed to protecting the privacy of our prospects, clients, and service providers’ employees, visitors to our physical sites, and users navigating our websites (https://www.etixeverywhere.com) and our client portal (our “Website”).
To this end, we have established this Privacy Policy (the “Policy”), which outlines how we, as the Data Controller, will use the data concerning you that we have collected through the Website or in the context of our business relationship.
The Policy informs you, in particular, with whom we may share your data and the usual retention period. The Policy also informs you of your rights under applicable data protection laws and regulations (the “Applicable Regulations”), including the General Data Protection Regulation No. 2016/679 of April 27, 2016 (the “GDPR”).
This Policy does not apply to personal data that we receive and process on behalf of our clients (as a data processor) in the context of our service offerings.
Our affiliated companies may apply specific privacy policies for the products or services they provide, which will complement this Privacy Policy.
4. Policy Updates
The Policy may be subject to modifications due to legal and regulatory developments as well as recommendations from the French Data Protection Authority (CNIL) or changes in our practices. These updates will be published on our website at least 30 days before they come into effect and communicated to our clients in case of significant changes.
Please read the information contained in this Policy carefully and feel free to contact us for any questions using the contact details provided in section 10.
5. Definitions
5.1 Personal Data
Data is considered “personal” when it relates to any identified or identifiable person. A person is deemed identifiable if they can be identified, directly or indirectly, particularly by reference to an identifier, an identification number, location data, an online identifier, or one or more factors specific to their physical, physiological, genetic, psychological, economic, cultural, or social identity.
For example, if a name and surname identify a person, the same applies to a postal address, which can, by cross-referencing with a reverse directory, help identify the individual residing at that address.
5.2 Data Processing
Data processing is an operation performed on personal data, which can include various processes such as collection, recording, organization, storage, adaptation, modification, extraction, consultation, use, interconnection, restriction, erasure, or destruction.
Data processing does not necessarily have to be computerized; paper files are also concerned and must be protected under the same conditions. Data processing must have a specific, predetermined purpose.
We inform you that the personal data processing we operate does not involve any automated decision-making.
6. Categories of Data Collected
We may collect your personal data directly or indirectly, including the following categories of personal data:
- Personal identification data such as your name, surname, contact details;
- Professional life data (company, position, access rights);
- Your internet connection location (“IP”) to the Websites;
- Your browsing data;
- Your communication preferences, including by phone or email;
- Your purchase history;
- If applicable, biometric data;
- Data center access logs (including date, time, location, and badge information) and video surveillance recordings;
- Internet activity or other similar network activity, such as your browsing history from Etix Everywhere networks;
- Data communicated when exercising your rights under the GDPR.
7. How We Collect Your Data
We may collect data about you through your interactions with us, namely:
- When you browse our Website,
- When you contact us as a prospect,
- When we interact in a business relationship, whether you are our client, our service provider,
- When you visit one of our physical Sites as a client or a client’s service provider.
7.1 Collection via Cookies
A “cookie” is a small file that can be stored on browsers or devices by websites or placed on your computer’s hard drive and collects data about you during your navigation on our Site, transmitting this data to us.
We use cookies and similar technologies to collect information to:
- Authenticate users,
- Analyze website traffic as indicated below,
- Evaluate the effectiveness of our Website content and advertising campaigns,
- Better understand and remember your preferences and settings online when using our services.
For more information on cookies, please refer to our cookie policy [provide link].
7.2 Collection in the Context of Managing Our Business Relationships
We may collect your personal data when you request to use or use our services, when we interact regarding service usage, and when you report an issue with our services.
We specifically collect your data to provide the following services:
- Managing interactions with a prospect
- Sending newsletters
- Managing contracts;
- Managing billing and accounting
- Client relationship tracking through after-sales service;
- Improving and monitoring our services;
- Handling your requests to exercise your rights.
7.3 Collection in the Context of Security Management at Our Sites
We collect your data to manage access to our data centers and ensure their security, particularly by implementing video surveillance systems on-site in each of our data centers.
The recordings may contain video sequences and images captured by the cameras at our premises.
These systems aim to control access to our data centers; secure assets and data located or stored in our premises; ensure the safety of our personnel, clients, and visitors; and prevent, detect, deter, and investigate (if necessary) any unauthorized physical access to our premises, theft of equipment, assets, or property of Etix Everywhere or its personnel, clients, or visitors, or any threats to the safety of our personnel, clients, or visitors when they are on our premises.
8. Use of Personal Data
The data we collect from you may be used in one or more of the following ways:
| Purpose (Objective) | Legal Basis (Legitimacy) | Data Used |
|---|---|---|
| WEBSITE | ||
| Respond to a contact request from you via a Site (mandatory data is indicated with an asterisk) | Consent | Name and surname, email address, phone number, company, region, questions, comments, suggestions, and any other information you provide in the free field provided for this purpose; |
| Send Newsletter (Website form) | Consent | Your email address |
| COOKIES | ||
| Server load management (hubspot) | N/A | TO BE DEFINED |
| Security (recaptcha) | Consent | TO BE DEFINED |
| Site usage statistics (Google analytics) to improve Site content | Consent | IP address, date and time of connection, pages visited, originating site, methods used to view our website (device, search engine, OS). |
| BUSINESS RELATIONSHIP MANAGEMENT | ||
| Respond to contact requests from prospects | Consent | Name and surname, email address, phone number, company, position. |
| Connect you to your user account on a Site | Legitimate interest | Email address and password |
| Manage the service provision contract | Legitimate interest | Name and surname, email address, phone number, company, position. |
| Manage client billing and accounting | Legitimate interest / legal obligation | Name and surname, email address, phone number, company, position. |
| Client relationship management (after-sales service, complaint handling) | Legitimate interest | Name and surname, email address, phone number, company, position + content of the request |
| Manage unpaid invoices and disputes | Legitimate interest | Name and surname, email address, phone number, company, position. |
| SERVICE IMPROVEMENT | ||
| Improve products and services | Legitimate interest | Name and surname, email address, phone number, company, title, function, content of the service request, complaint, or satisfaction survey |
| Improve customer relations | Legitimate interest | Name and surname, email address, phone number, company, title, function, content of the service request, complaint, or satisfaction survey |
| Improve security | Legitimate interest | TO BE DEFINED |
| SITE SECURITY | ||
| Manage access to data centers | Legitimate interest | Name, surname, company, office location, title and function; a record of any correspondence between you and us; details of your use of our systems and data centers, and resources accessed. |
| Manage incidents | Legitimate interest | Name, surname, company, title, function, data transmitted in case of reporting an issue in a data center or on our systems; video surveillance recordings, access logs, video conferences, and teleconferences, fingerprint scans, and optical scanner use. |
| Video surveillance | Legitimate interest | Images |
| Retain web connection logs | Legitimate interest | Connection logs. A record of all access requests you have made on our systems. |
- To personalize your experience: your information helps us better respond to your individual needs, including facilitating navigation on our Website and managing and tracking the services offered to you.
- To discuss the provision of our products and services or to provide them to you.
Video surveillance recordings are only accessible to security personnel with certain authorizations, and this access is very limited.
Please note that you can have your name removed from our direct marketing lists by email at any time by contacting us via email at unsubscribe@etixeverywhere.com and specifying “Please remove me from all mailing lists.”
9. Legal Basis for Use
To collect, use, store, process, or share your personal data, we rely on a legal basis governed by the Applicable Regulations, which generally includes one of the following reasons:
9.1 Legal Obligation
Data may also be requested to fulfill our legal or regulatory responsibilities, such as disclosures to relevant government authorities or regulatory bodies.
9.2 Your Consent
If consent is the legal basis, we will always seek your explicit consent for the collection and processing of your data. Transparent information about our use of your data will be provided when your consent is obtained.
9.3 Legitimate Interest
If processing specific personal data is in our legitimate interest and this outweighs any impact on your rights and freedoms, then this legitimate interest will be the legal reason for our processing.
10. Your Data Rights
In accordance with the provisions of the Applicable Regulations, you have the ability to exercise the following rights:
- Access to your personal data: This allows you to receive a copy of the personal data we hold about you.
- Correction of your personal data: This allows you to correct any incomplete or inaccurate information we hold about you.
- Erasure of your personal data: This allows you to ask us to delete or remove personal data when there is no valid reason for us to continue using it. You also have the right to ask us to delete or remove your personal data when you have exercised your right to object to processing (see below).
- Restriction of the collection and use of your personal data: This allows you to ask us to suspend the use of personal data about you, for example, if you want us to establish their accuracy or the reason for processing them.
- Portability of your personal data to another party.
- Withdraw your consent, where processing is based on your consent.
- Object to the processing of your personal data: When we rely on a legitimate interest (or that of a third party) and your particular situation presents particularities, you can inform us if you wish to object to the processing.
- Define directives regarding the use of your data after your death.
To respond to your request, we may need to ask you for specific information to help us confirm your identity. This is another appropriate security measure to ensure that personal data is not disclosed to anyone who has no right to receive it.
To exercise your request, we invite you to contact us:
- By mail at: Etix Everywhere France – 2 Impasse Joséphine Baker – 44800 – France, or
- By email at: compliance@etixeverywhere.com
We will review all requests and respond within one (1) month of receipt, unless extended by two months under the conditions of Article 12 of the GDPR.
For additional information or complaints, you can contact the French Data Protection Authority (CNIL):
- On its website: https://www.cnil.fr/fr/plaintes;
- By mail at: CNIL – Complaints Service – 3 place de Fontenoy –TSA 80715 – 75334 PARIS CEDEX 07.
For more information on exercising your rights: https://www.cnil.fr/fr/comprendre-vos-droits
11. Information Protection Measures
We are committed to protecting your personal data against unauthorized access, use, or disclosure. We use various security measures and procedures to protect the data we collect from you, including firewalls, cybersecurity tools such as anti-spam and anti-malware, encryption means, and restricted access controls.
We apply an information security management approach based on the ISO 27001 standard. An Information System Security Manager (“RSSI”) is appointed to govern and monitor the protection of these data.
12. Data Location
We store the data you provide to us on computer systems located in a controlled facility based in the European Union, with limited access.
However, we inform you that some of our subcontractors who are recipients of your personal data may be located outside the European Economic Area.
We guarantee the same level of protection for your data processed by these service providers located outside the European Economic Area. To this end, we ensure that our service providers have committed to respecting guarantees in accordance with the Applicable Regulations for such transfers or benefit from an adequacy decision issued by the European Commission.
13. Storage Duration
We only keep your personal data for as long as reasonably necessary to achieve the purposes for which we collected it, including to meet any commercial, legal, accounting, or reporting requirements. We may retain your data as an archive to provide evidence in case of litigation.
We will specifically retain your data:
- When you are associated with a contract with one of our clients, we will retain your data during the provision of the service in an active database, and for a period of five years corresponding to the limitation period in commercial matters in an archive database at the end of our business relationship. By way of derogation from the above, invoices and any personal data contained therein will be retained for ten years from the end of the financial year, in accordance with our accounting obligations.
- Regarding video surveillance recordings, we will retain images for the legal period of thirty (30) days. After this period, any video surveillance recording is automatically deleted unless it constitutes evidence in an ongoing investigation or if the law requires it to be retained.
- Various non-contractual correspondence (information requests, internships, applications, etc.) is retained for the time necessary to process the request in an active database.
- Data of a prospect will be retained for three years from the last contact from them.
For Websites:
- Connection logs are set to a one-year retention period. After this period, data is deleted unless a requisition or legal procedure decides otherwise.
- Our own cookies are retained for the duration of the session.
- Third-party cookies are retained according to the duration set by the concerned intermediary.
14. Sharing Your Data
14.1 Sharing with Our Affiliates
We share your personal data with our affiliates in the context of our regular reporting activities on company performance, business supervision and control, in the context of a reorganization or restructuring of the company, for system maintenance support, and for data hosting.
14.2 Sharing with Authorities or Insurance Companies
We share your personal data with various authorities, institutions, or government agencies (or similar) when necessary to comply with the law.
We may also disclose your personal data to insurers in the context of our insurance agreements, which are otherwise legitimate.
14.3 Sharing with Other Third Parties
We may share your personal data with third-party service providers who provide services on behalf of Etix Everywhere (such as third-party marketing service providers). In such cases, we always control your personal data and will take steps to ensure their proper protection by obtaining commitments from service providers to process your data for specific purposes and according to our instructions, and to implement appropriate security measures to protect your personal data in accordance with our policies.
The categories of third-party service providers who process personal data on our behalf, and the nature of the work they perform for us, include marketing services such as email support and analytics service providers, third-party security services (assigning on-site staff responsible for physical patrols on the sites, reviewing video surveillance images and badge access, and similar measures to ensure physical security), and website hosting and cloud computing services.
Data center users can obtain a more detailed list of service providers processing clients’ personal data by accessing their customer service.
We may share your personal data with other third parties and their advisors in the context of a potential sale, merger, or restructuring of our business.