Personal Data Protection Policy
The Open Group and its subsidiaries as defined by Article L.233-3 of the French Commercial Code (hereafter “Open”) process Personal Data (as defined hereafter) in the context of their professional activity, which includes the Personal Data of people who browse the Websites of Open (the “Websites”).
The purpose of this “Personal Data Protection Policy” (the “Policy”) is to inform all the natural persons in question (“You” or “Your”) about the manner in which Open collects and uses such Personal Data and about the means that You have at Your disposal to control this use.
Scope of this Personal Data Protection Policy
This Policy sets out the principles and guidelines for the protection of Your Personal Data, which include the Personal Data collected on—or by means of—the Websites.
Open collects Personal Data online (including by e-mail) or offline; this Policy is applicable regardless of the means of collection or processing.
The notion of personal data (the “Personal Data”) refers to all information relating to an identified or identifiable natural person. An “identifiable” person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to them.
“Non-Personal Data” correspond to information that do not allow a person to be identified.
Note for Website visitors and users: each Website is subject to the specific Conditions of Use available on each of the Websites and which are part of this Policy. Your use of the Websites and the Personal Data that You agree to communicate on the Websites are subject to the provisions of this Policy and to the applicable Conditions of Use.
Personal Data may include the following:
• First name and surname;
• Postal address;
• E-mail address;
• Telephone number(s);
• Log-in and password;
• University, qualification and course taken;
• Type of organisation (company, school, university, etc.), name of organisation, size of organisation, department and job title;
• Industry and industrial sub-sectors;
• Delivery method and person to whom purchases should be shipped;
• Financial data (credit card number and expiry date, name and address of cardholder);
• IP address; and
• Any other Personal Data that may be relevant for the purposes set forth hereafter.
In any event, the Personal Data collected shall however be limited to the data necessary for the purposes set forth in Article 4 hereafter.
Note for Website visitors and users: certain features and characteristic of the Website can only be used if You communicate certain Personal Data to Open when You visit or use the Website. You are free to decide whether or not You provide all or part of Your Personal Data. However, if You choose not to provide them, such a decision could impede the achievement or the satisfactory achievement of the goals described in Article 4 hereafter, certain services and certain features of the Websites may not function correctly and/or You shall be refused access to certain pages of the Website. In particular, You shall not be authorised to purchase software licences or other products or services via the Website.
Purposes of Personal Data Collection
As indicated above, You provide Your Personal Data on a voluntary basis.
The Personal Data are generally collected for the requirements of Open’s professional activity such as the improvement of Open’s marketing and advertising efforts, a greater adaptation of Open’s products and services to client requirements or compliance with reporting obligations set out by law, and other similar activities.
Open collects and uses Personal Data about You for the requirements of its professional activity and for the following purposes in particular:
• To enable You to request and obtain information about Open and Open’s products and services;
• To offer You interactive and personalised use of the Websites;
• To ascertain Your requirements and interests and to provide You with the most appropriate products and/or services;
• To enable You to open and manage an account to obtain specialised documentation and technical assistance;
• To access all of the features and options offered by the Websites;
• To enable You to communicate with the other users of the Websites;
• To enable You to participate in competitions;
• To enable Open to handle inquiries;
• To enable Open to manage its marketing activities;
• To enable Open to manage its commercial relationships: commercial opportunities, commercial offers, purchases, contracts, orders, invoices, etc.;
• To offer commercial or support services to You;
• To enable You to buy software licences, products or services, to download software and/or to register software licences;
• To enable You to register for seminars, webinars or event;
• To enable Open to manage its Research and Development activities: development requests, incidents, quality issues, tests, etc.;
• To process applications and manage recruitment sources;
• To manage Your training and/or certification on Open products and services;
Subject to the local applicable legislation, by supplying Your e-mail address, You expressly authorise Open to use it with other useful Personal Data to send You sales or marketing messages.
Open is also likely to use Your e-mail address for administrative purposes or for other goals not related to marketing (for example, in order to inform You of important changes made to the Websites).
• Improve Your user experience, particularly by:
– enabling a service to recognise Your hardware, so You shall not have to provide the same information several times in order to carry out the same task,
– recognising the user name and password that You have already provided so that You don’t have to enter them again on each web page that asks for them
• Analyse traffic and data on the Websites in order to:
– measure the number of users of services, thus allowing them to be made easier to use and to ensure their capacity to respond quickly to Your requests,
– help Open to understand the way in which users interact with the services in order to improve them.
Open may also use the services of third-party providers (such as Adobe Analytics, Google Analytics, LinkedIn, etc.) for the purpose of undertaking services on its behalf, particularly for:
• Analysing Your browsing habits and measuring the audience of the Websites,
• Analysing Your interests and proposing targeted marketing or advertising offers to You,
• Enabling You to share the content of the Websites with other persons on social networks or informing these persons about what You are looking at or what You think (for example, the ‘Like’ button on Facebook)
In this case, invisible pixels and cookies provided by these third-party providers could be used and stored. During the transmission of the information generated by these cookies, the parameters of the cookies ensure that the IP address is made anonymous before geo-location and before archiving. Our service providers shall use this information for the purpose of assessing Your use of the Websites, writing reports on the activity of the Websites for Open, and offering the best services and advertising targeted to Your needs. They shall not associate Your IP address with any of their data.
When You browse on the Websites, the cookies are activated by default and the data can be read or stored locally on Your hardware. You shall be alerted the first time You receive a cookie and You shall thus be able to decide whether to accept or refuse it. By continuing to use the Websites, You are expressly agreeing to Open’s use of such cookies.
If You wish to modify or delete Your information, You can send a request to email@example.com
Conditions of processing and storing Personal Data
The “processing” of Personal Data includes in particular the use, storage, recording, transfer, adaptation, analysis, modification, reporting, sharing and destruction of Personal Data depending on what is necessary with regard to the circumstances or legal requirements.
All the Personal Data collected are stored for a limited duration depending on the purpose of the processing and only for the duration intended by the applicable legislation.
Hyperlinks to Websites not controlled by Open
The Websites may suggest hyperlinks to Websites of third parties that may be of interest to You.
Open exercises no control over the contents of third-party Websites or over the practices of these third parties in terms of the protection of the Personal Data that they may collect. Accordingly, Open does not accept any liability concerning the processing of Your Personal Data by these third parties. It is Your responsibility to find out about the Personal Data protection policies of these third parties.
Transfer of Personal Data
In the event You access the Websites from a State that is not a member of the European Union in which the legislation relating to the collection, use and transfer of data differs from that of the European Union, we draw Your attention to the fact that by continuing to use the Websites, which are governed by French law, the corresponding Conditions of Use and this Policy, You transfer Your Personal Data to the European Union and consent to this transfer.
Your Personal Data may be divulged within Open for the purposes laid out in Article 4 of this Policy.
Open may transfer Your Personal Data outside the European Union, on the condition that it ensures, before transfer, that the entities outside the European Union offer an appropriate level of protection, in accordance with existing European legislation.
If Open learns that a third party to which Open has communicated Personal Data for the purposes laid out in Article 4 above is using or disclosing Personal Data without complying with this Policy or in violation of the applicable legislation, Open shall take every reasonable measure to prevent or bring an end to such use or disclosure.
You also have the right to decide whether or not to authorise Open to use Your Personal Data for a purpose other than those for which these Personal Data were initially collected. You can object to this use by writing to the following address: firstname.lastname@example.org
Open may also have cause to transfer Your Personal Data to third parties if Open believes that such a transfer is necessary for technical reasons (for example, for third-party hosting services) or to protect its legal interests (for example, in the event of the sale of assets to a third-party company, a change in control or a total or partial liquidation of Open).
Furthermore, Open may share Your Personal Data with Your local reseller or the reseller responsible for the area in which You are located for the requirements of Open’s professional activity. Open may also share Your Personal Data with commercial partners when Open and the commercial partner jointly sponsor an event or take part in a marketing promotion in which You are involved.
Open may communicate Your Personal Data if the law obliges it to do so or if Open believes in good faith that such disclosure is reasonably necessary in order to comply with a legal procedure (for example, a warrant, subpoena or any other court order) or to protect its rights, assets or the personal safety of the Open Group, our clients or the public.
If the applicable legislation allows it, Open may also share Your Personal Data with third parties in order to offer You targeted marketing or advertising.
These transfers may be performed via the Internet or by any other method deemed appropriate by Open in accordance with the applicable legislation and the internal security policies of the Open Group.
Right to access and rectify data
Open has implemented the appropriate Personal Data protection systems to ensure that the Personal Data are used in accordance with the purposes above and to ensure their accuracy and updating.
You have the right to access Your Personal Data. Furthermore, You have the right to ask for the rectification, updating or removal of Your Personal Data.
You also have the right to obtain the communication of Your Personal Data stored by Open.
Your right to access and rectify your data
You have the right to access your personal data and to have them rectified.
You may ask us to rectify or complete your personal data, whichever applies, if they are inaccurate, incomplete, ambiguous, or obsolete.
Your right to erasure
You may ask us to erase your personal data should one of the following grounds apply:
- the personal data are no longer necessary to the purposes for which they were collected or otherwise processed;
- you withdraw your prior consent;
- you object to the processing of your personal data on legitimate grounds;
- the personal data processing does not comply with the provisions of the applicable legislation and regulations.
Nevertheless, it will not be possible to exercise this right if it is deemed necessary to keep your personal data in order to comply with legislation and regulations and particularly for the establishment, exercise or defence of legal claims.
Your right to restrict data processing
You may ask that the processing of your personal data be restricted in the cases provided for by legislation and regulations.
Your right to object to data processing
You have the right to object to the processing of personal data that concern you if said processing is based on the legitimate interest of the data controller.
Your right to data portability
Since 25 May 2018, you have the right to personal data portability.
This right applies to:
- your personal data only and therefore excludes anonymised personal data or data that do not concern you;
- declarative personal data and, as previously mentioned, any personal data required to comply with the law;
- personal data that do not infringe upon third-party rights and freedoms such as those protected by an obligation of professional secrecy.
This right is limited to processing based on consent or on a contract as well as to the personal data that you have personally generated.
This right does not include derived data or inferred data, these being personal data created by Open.
Your right to withdraw your consent
When the data processing that we undertake is based upon your consent, you may withdraw said consent any time. We will then stop processing your personal data, without the previous operations for which you had given consent being challenged.
Your right to lodge a complaint
You have the right to lodge a complaint with the CNIL (the French Data Protection Authority) on French territory and to do so without prejudice to any other administrative or judicial remedy.
Your right to provide post-mortem instructions
You have the possibility of providing instructions related to the storage, deletion and communication of your personal data following your death and of doing so with a trusted third-party who is qualified and entrusted with enforcing the will of the deceased in compliance with the requirements of the applicable legal provisions.
Procedures for exercising your right
All of the rights listed above may be exercised by contacting Open’s Data Protection Officer (DPO) either via email at email@example.com or by a letter, including a copy of an identification document, to the following address 28 rue Jacques Ibert, 92300 Levallois-Perret.
If you have an account, you may exercise your rights to access and rectify data by logging in to your account.
Nevertheless, as far as exercising the right to information is concerned, we may not be obliged to follow through if:
- you already have this information;
- the saving or communication of your personal data are expressly provided for by the law;
- communication of the information proves impossible;
- communication of the information would require disproportionate efforts.
If You have an account, You may exercise Your rights to access and rectify data by logging in to Your account. Otherwise, You may exercise Your rights to access and rectify data by sending an e-mail to the following address: firstname.lastname@example.org
Depending on the scale of the request, Open reserves the right to invoice the requester a reasonable amount in order to cover the costs linked to the operations of access, rectification or removal. Open reserves the right to refuse access to Personal Data in specific cases provided for by the applicable legislation and regulations.
Security and recipients of the data
Open is careful to protect and secure the Personal Data that You have chosen to communicate to it, to ensure their confidentiality and prevent them from being distorted, damaged, destroyed or disclosed to non-authorised third parties.
Open has taken physical, electronic and organisational protective measures in order to prevent any loss, improper use, unauthorised access or dissemination, alteration or potential destruction of these Personal Data. Among these protective measures, Open has incorporated technologies that are specially designed to protect the Personal Data during their transfer. However, despite Open’s efforts to protect Your Personal Data, Open cannot guarantee the infallibility of this protection because of the inevitable risks that can arise during the transmission of Personal Data.
As all Personal Data are confidential, access to them is limited to Open employees and service providers who need them in order to carry out their duty. All persons having access to Your Personal Data are bound by an obligation of confidentiality and face disciplinary action and/or other sanctions if they do not comply with these obligations.
However, it is important that You exercise caution in order to prevent any unauthorised access to Your Personal Data. You are responsible for the confidentiality of Your password and the information in Your account. Accordingly, You should ensure that You close Your session in the event of the shared use of a single computer.
Although Open has taken reasonable measures to protect the Personal Data, no transmission or storage technology is completely infallible.
However, Open is committed to guaranteeing the protection of the Personal Data. If You have reason to believe that the security of Your Personal Data has been compromised or that they are subject to misuse, You are invited to contact Open at the following address: email@example.com
Open shall examine any complaints regarding the use and disclosure of Personal Data and shall attempt to resolve them in accordance with the principles set out in this Policy.
Any unauthorised access to Personal Data or their improper use may constitute an offence under local legislation.
For any question concerning this Policy, to no longer receive information from Open or for any request for rectification, addition, update or removal of Your Personal Data, You can send an e-mail to the following e-mail address: firstname.lastname@example.org
Date of entry in force and revisions of the Personal Data Protection Policy
This Policy may be updated depending on the requirements of Open and the circumstances or if the law demands it. Accordingly, we invite You to frequently review updates.