This personal data protection policy (hereinafter the "Data Protection Policy"), informs you about the context and the methods of processing your personal data, while browsing the following website www.goldenbees.fr (hereafter, the « Website »).
Golden Bees, a public limited company, with a capital of 42,828€, registered at the Paris Registry of Commerce under the number 812 622 371 at the Paris RCS (hereinafter “Golden Bees”) is, in this Policy Data Protection Officer, considered as data controller within the meaning of EU Regulation 2016/679 in terms of the protection of individuals with regard to the processing of personal data and on the free flow of such data (hereinafter "GDPR»).
DPO contact: dpo@goldenbees.fr
2.1 The data we will directly collect from you
1) When you complete the form "Contact our experts" the data collected is as follows:
Last name
First name
Email address
Company name
2) When you make a demo request, the personal data collected is:
Compulsory:
Company name
First name
Email address
Optional:
Last name
Phone number
3) When your company signs a contract with Golden Bees, and you are mentioned as a representative of your company or as a contact:
Last name
First name
Sometimes either the email address or phone number
4) When you make a request to claim your rights:
Last name
First name
Email address
Proof of ID
2.2 The data that we collect during your participation in the Website’s activity
We collect data through the cookie deposit if you accept their deposit when you connect to the Website.
The categories of cookies and other trackers (tags, pixels, etc.) which are installed in your browser are defined more precisely in the cookies policy and in the CMP which allows you to consent or not to these deposits.
The data collected from the forms on the Website are collected for the purpose of responding to your contact or interview request but also for prospecting purposes. The legal basis is the legitimate interest of Golden Bees.
When your data is collected through the context of a contractual relationship, the purpose is to monitor this contractual relationship (invoicing, answering questions, litigation if applicable, etc.). The legal basis is the contract between Golden Bees and the customer.
Your data may also be processed as part of a request to exercise rights that you make to our DPO, whose purpose is to respond to your request. The legal basis is to remain with the legal obligation.
Golden Bees retains personal data for the duration of the contractual relationship. When the contract is terminated, your personal data is irreversibly erased or anonymised, with the exception of those that must be kept, in particular to be able, if need be, to defend or exercise legal rights.
Golden Bees only keeps your personal data for as long as it is required, for the purposes of the processing, carrying out of its legal obligations or in order to retain the possibility of defending legal claims:
Data from the prospect file
Contact and identification data => purpose: Response to the contact or interview request – Creating and management of the prospect file => retention periods: 3 years from the exercise of the right of opposition or the last contact with the prospect
Data generated by cookies
Data related to your browsing on online services => purpose: Operation and optimisation of services - Traffic measurements - Customised content and advertising => retention periods: 13 months maximum
Data processed during the exercise of rights
Identification data, data relating to the request and its processing => purpose: Exercise of rights => retention periods: 1 year for the copy of the identity document and 3 years for other documents and data
5.1. Transmission to the authorised services at Golden Bees
Employees of the marketing and sales department are likely to have access to the data they need, to carry out their prospecting or contractual relationship monitoring tasks.
Access to data leads to individual and limited authorisations.
5.2. Transmission to competent authorities
Golden Bees may be required to share personal data to competent authorities, such as public authorities and administrative authorities, or organisations fighting against money laundering and the financing of terrorism not to mention, more generally in all situations where law, regulations or an administrative or judicial decision are required.
5.3. Data transmission to Golden Bees subcontractors
To provide the service requested, Golden Bees uses subcontractors within the meaning of the GDPR. The subcontractors of Golden Bees carry out the data processing, transmitted only following the instructions of Golden Bees.
Pursuant to article 28 of the GDPR, Golden Bees requires all subcontractors to comply with security and confidentiality obligations and implement the suitable technical and organisational measures to guarantee the protection of your rights.
Please find below a list of the categories of subcontractors, excluding data collected via cookies, which take part in the processing of your data:
CRM
Data host
Your personal data is mainly processed within the European Economic Area (EEA). Data entered in the CRM may nevertheless be share with a third country.
In the event of transfer to a third country, the processing is carried out in accordance with this Data Protection Policy and is based on one of the instruments provided for in Articles 45 and seq. GDPR, so that the protection level guaranteed by the GDPR is not compromised.
As a data controller, Golden Bees implements appropriate technical and organisational measures in order to guarantee a level of security in accordance with the risk for the rights and freedoms of individuals and mainly:
Information system security monitoring by the IT department.
Management of authorisations and access rights;
Securing networks and workstations;
Employee awareness on the security of information systems.
8.1. YOUR RIGHTS
You have the right to get confirmation that personal data concerning you is or is not processed and, when it is the case, access to the so-called personal data not to mention the various information on the processing carried out, in application of the GDPR article 15.
8.2. Rectification right
You also have the right to obtain the rectification of personal data concerning you, when they are inaccurate.
8.3. Right to delete
You also have the right to obtain the removal of personal data concerning you when:
they are no longer necessary for the purposes for which they were collected,
you object to processing the application of Article 21 of the GDPR,
you are able to demonstrate that this personal data is subject to unlawful processing,
the data collected via the Website concerns an underaged user.
8.4. Right to processing restriction
You can obtain from the manager to restrict processing, for example by suspending it, when:
a dispute arises due to the accuracy of the data which is processed,
a dispute arises due to the lawfulness of the processing,
processing is no longer necessary for the manager, but the data is still necessary for you to establish, exercise or defend legal claims,
you have objected to the processing through Article 21 paragraph 1 of the GDPR; but there is a dispute as to whether the legitimate reasons pursued by Golden Bees prevail over yours.
8.5. Right to data transfer
When the processing is justified on consent or through the preparation or carrying out of a contract, by using automated processes, you have the right to receive the data you have provided to Golden Bees, in a structured format, which is commonly used and in computer-readable format, and to pass on this data to another controller.
8.6. Opposition right
You also have under the conditions defined in Article 21 of the GDPR:
the right to obtain, for reasons relating to your particular situation, that we no longer process personal data concerning you in certain cases (article 21.1. Of the GDPR);
the right to object to the processing of personal data concerning you for prospecting purposes (right to object to prospecting - Article 21.2. Of the GDPR).
8.7. Right to withdraw consent
You have the right to withdraw your consent as for the processing of your data at any given time, when it is based on a so-called consent, without affecting the lawfulness of the processing carried out before this withdrawal.
8.8. Guidelines for the retention, removal, and sharing of your personal data after your death
Last but not least, you have the right to define, modify and revoke directives relating to the retention, removal and sharing of your personal data after your death at any given time. These guidelines can be general or specific.
We can only be custodians of specific instructions regarding the data we process. General guidelines can be collected and stored by a trusted digital third party, certified by ICO. You also have the right to designate a third party to whom the data may concern, which may be communicated after your death, by informing this third party of your procedure and of the fact that data allowing the latter to be unambiguously identified will be passed on to us and to communicate the present to them. Data Protection Policy.
8.9. Exercise of rights
When you exercise your rights, we process your personal identification data but also the data related to your request for the purposes of managing it. This data is maintained for a period of three (3) years, with the exception of the copy of your identity document, which is kept for one (1) year.
You can exercise your rights by sending us a substantiated request specifying the right or rights you wish to exercise to the following e-mail address: dpo@goldenbees.fr.
In case of reasonable doubt in terms of the identity of the person making the request to Golden Bees, we may ask you for additional information and/or documents in order to check your identity and mostly a copy of an identity document.
8.10. Making a complaint at ICO
You also have the right to make a complaint with the competent supervisory authority (in the UK, Information Commissioner's Office, ICO).
Golden Bees may modify this Data Protection Policy at any given time. If applicable, Golden Bees may be required to obtain your consent due to modifications which need to be carried out.