DQE Software DATA PROTECTION POLICY
DQE specializes in providing data quality management solutions.
The purpose of DQE’s Data Protection Policy is to inform you about (2) the processing of Personal Data carried out by DQE with regard to its Customers, Prospects, and Suppliers, whether on its own behalf and under its own responsibility or, (3) within the framework of the solutions and Services offered to its Customers, on the basis of the instructions of the latter.
The terms “you” and “your” refer to Visitors to our Website, as well as Customers and Prospects who have subscribed to Services or are likely to be interested in our Services.
The terms “we”, “us” and “our” refer to DQE.
TABLE OF CONTENTS
Definitions
“Customer” refers to any individual or legal entity who has subscribed to Services directly with DQE or through our Partners and/or has an account at https://new.mydqe.com/.
“Personal Data” refers to personal data within the meaning of the Applicable Regulations, i.e. any information relating to an identified or identifiable individual, such as a name, telephone number, email address or postal address.
“Partners” refers to DQE’s partner companies, integrators, vendors of software solutions or consulting firms that use our Services in their own solutions or service offerings.
“Data Subject” means any identified or identifiable individual whose Personal Data has been through Processing.
“Applicable Regulations” means any laws or regulations applicable to Personal Data Processing activities performed by DQE, including, (i) Regulation EU 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“GDPR”), (ii) e-privacy laws, rules or regulations relating to privacy and the protection of Personal Data in electronic communications and/or any applicable or equivalent national laws, such as the general data protection regulation in the United Kingdom, the UK Data Protection Act 2018.
“Data Controller” means the individual or legal entity who, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. Depending on the Processing, the Data Controller may be DQE or its Customers, users of the proposed Services.
“Services” refers to the range of products and services offered by DQE, as described on our Website.
“Website” refers to the https://dqe.tech/en/ website.
“Subcontractor” means any person who processes Personal Data on behalf of the Data Controller in accordance with instructions given by the Data Controller.
“Processing” means any operation or set of operations performed on Personal Data or sets of Personal Data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, reconciliation or interconnection, limitation, erasure or destruction.
“Visitor” refers to any individual or legal entity who accesses our Website or fills in a contact form.
Any other terminology in relation to the protection of Personal Data has the meaning given in Article 4 of the GDPR.
Processing carried out by DQE (Data Controller)
On what legal basis do we process your Personal Data?
When we process your Personal Data, we rely on one of the following legal bases:
a) Performance of a contract: where the processing of your Personal Data is necessary in order to comply with our obligations under a contract to which you are a party;
b) Obligation imposed by law: where we are required to process your Personal Data in order to comply with a legal obligation, in particular for the purposes of providing information to a public entity or law enforcement authority;
c) Legitimate interests: we process your Personal Data if it is in our legitimate interest to do so, in order to manage DQE’s business as best we can in accordance with the law, and insofar as this interest does not override your own interests;
d) Your consent: in some cases, we ask you for specific authorization to process certain elements of your Personal Data, and we process them only for the purposes to which you have consented. You may withdraw your consent at any time by contacting us at the following address: dpo@dqe-software.com.
What categories of Personal Data do we collect, for what purposes, on what legal basis, and for how long is your Data processed?
We may need to collect various categories of Personal Data about you in order to manage our business activities. In all cases, we undertake to collect only the Data strictly necessary for these purposes and to keep it only for a period that is necessary and proportionate.
Management of contact requests via the Website
Data processed: We only collect your last name, first name, professional email address and, optionally, your professional telephone number.
Purpose: processing of responses to contact requests from Visitors, Customers, or Prospects.
Managing sales activities
Data processed:
- Data identifying the Data Subject (title, last name, first name(s), postal address (including billing address), telephone number, email address, accounting identification code)
- Professional data (title, position, company details)
- Billing and payment data (payer’s banking details, billing postal address, company registration number, VAT number)
- Sales relationship follow-up data (origin of contact, date of last contact (if applicable), exchanges and comments from Customers and Prospects, person(s) in charge of Customer relations, orders, invoices, correspondence with the Customer and sales support and follow-up)
- Service connection data (connection logs)
- Support data (incident tickets, complaint/incident management information).
PURPOSE | LEGAL BASIS | DATA RETENTION TIME FRAME | |
---|---|---|---|
Contract management | Management of orders, delivery, performance of the Service or supply of the good, etc. | Contract execution | Duration of the contractual relationship |
Accounting | Accounting and tax obligations, etc. | Compliance with a legal obligation to retain data (for example, the obligation to ensure the identity of the person by requesting proof of identity) | As an intermediate archive: legal retention period (e.g. 10-year accounting obligation). |
Customer relations and support | Follow-up and satisfaction surveys | Legitimate interest | Length of time required to achieve the purpose of the survey or until exercise of the right to object or withdrawal of consent |
Monitoring use of the Services | Contract execution | Duration of the contractual relationship | |
Claims management / support requests | Contract execution | Duration of the contractual relationship | |
Choosing Customers / Studies / Proof of Concept (POC) | Studies on service quality, improving the offer | Legitimate interest or consent | Length of time required to achieve the goal of the study or until exercise of the right to object or withdrawal of consent |
Testing DQE solutions | Contract execution | ||
Sales statistics | Legitimate interest of the organization or consent | Length of time required to achieve the goal set by the statistics or until exercise of the right to object or withdrawal of consent | |
Sales prospecting | For professionals (by email, postal contact or telephone) | Legitimate interest | Until withdrawal of consent or 3 years from last contact with DQE |
Electronically, for similar goods and services already purchased/subscribed from the Data Controller | Legitimate interest | ||
Updating and checking the reliability of our Customer database, using DQE solutions | Verification of the accuracy of contact details entered, data deduplication | Legitimate interest | Duration of verification operation |
Who will receive your Personal Data?
Your Personal Data are processed by authorized persons and are not transferred to unauthorized third parties within the meaning of the Applicable Regulations. We take care to respect the principle of Data minimization and to share only Data that is strictly useful or necessary with the recipients concerned.
Within DQE: authorized persons in the sales and marketing department and in the support department are required to process your Personal Data and have access only to the Data they need in the course of their duties. Our employees have signed a specific confidentiality agreement to ensure the protection of your Personal Data.
Our Partners: when you use our Services through a Partner, authorized persons in the Partner’s sales and support department are required to process your Personal Data and have access only to the Data they need to perform their duties.
Other recipients: your Data may also be communicated to authorized third parties (auditors, consultants, lawyers, chartered accountants, etc.) and reliable subcontractors (IT system providers, etc.) who may access, host and/or process your Personal Data on our behalf, in accordance with our instructions, as well as any authority legally empowered to have knowledge thereof, in particular judicial, police or administrative authorities.
DQE will not disclose or provide access to any Personal Data to any competent authorities except as required by applicable law. If the competent authorities contact DQE to obtain Personal Data, DQE will redirect them to the Customer so that they can contact the Customer directly. If DQE is compelled to disclose or provide access to Personal Data to law enforcement, we will promptly notify the Customer and provide a copy of the request, unless prohibited by applicable law.
What are your rights regarding your Personal Data?
- A right of access: you may submit a request for access and obtain a copy of your Data;
- A right of rectification: you have the possibility of correcting the Data concerning you if elements are erroneous or incomplete;
- A right to the deletion of your Data, subject to compliance with our legal obligations;
- A right to obtain a copy of the Personal Data we hold in a structured electronic format (right to portability).
You also have the right to object, on legitimate grounds, to your personal Data being processed, and to such Data being used for commercial prospecting purposes.
If you have any questions, require further information, or wish to make a complaint, you can contact us by sending an email to the following address:
Person responsible for personal data protection: dpo@dqe-software.com
The exercise of your rights (in particular your right to object to or delete Data) must also be reconciled with legal obligations and the legitimate interests pursued by DQE.
We will respond to your requests within one (1) month of receipt, on the understanding that this period may be extended by two (2) months depending on the complexity of your request or in the event of a parallel influx of requests, provided that we inform you accordingly.
In the absence of a response from us within three (3) months of your initial request, or in the event of a dispute concerning the exercise of your rights, you may lodge a complaint with the Commission Nationale de l’Informatique et des Libertés.
Processing carried out by DQE on behalf of its Customers, when the latter use the services of DQE (Subcontractor)
DQE is entrusted with access to Customer Personal Data databases and/or the Processing of Personal Data as part of the Services offered by DQE, either directly or through Partners. In this case, DQE always acts in the name and on behalf of Customers, on the basis of their contractually defined instructions.
The Customer is the “Data Controller” and DQE acts as a “Subcontractor” or, when acting through its Partner, as a “Subsequent Subcontractor”, within the meaning of the Applicable Regulations.
The following elements describe the characteristics of the Processing entrusted to DQE by Customers and the way in which they are contractually governed.
Characteristics of the Processing carried out by Customers using our Services
In accordance with the principles relating to the Processing of Personal Data set out in the Applicable Regulations, Personal Data must be “accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)”.
The solutions we develop enable our Customers to comply with this obligation under Article 5 (d) of the GDPR.
DQE One enables data quality to be processed in real time on all customer data entry forms, as well as validating the integrity of Customer data in existing databases of DQE Customers. The DQE One offer comprises two solutions: DataQ controls the quality of Customer data, while Unify handles duplicates and merges contacts and accounts in the Customer’s database.
The characteristics of Processing carried out according to the type of Service are described here.
Compliance with Applicable Regulations
DQE and Customers must each comply with the provisions of the Applicable Regulations for their respective areas of responsibility.
The Customer determines the means and purposes of the Processing it carries out and for which it has requested our Services, ensures that it provides clear and fair information to the Data Subjects and, where necessary, obtains their consent to the Processing of their Personal Data. Customers must ensure that any Processing carried out has a legitimate legal basis.
Compliance with Customer instructions
DQE will only act on the basis of instructions from the Customer, which specify in particular the categories of Personal Data processed, the Processing operations we are authorized to carry out, the length of time Personal Data will be kept depending on the categories of Personal Data we are required to process, and the specific security measures to be implemented, depending on the nature of the Data and the associated risks. We do not exploit or use the Personal Data entrusted to us by our Customers for our own purposes or on behalf of third parties not expressly authorized by our Customers.
Technical protection measures - Security
For its part, DQE ensures:
- implementing technical and organizational security measures in line with the state of the art and contractual instructions;
- where possible, helping our Customers meet their obligations to respond to requests to exercise the rights of Data Subjects;
- all data storage media containing Personal Data and all copies or reproductions thereof are carefully stored without allowing access to third parties except to our authorized (subsequent) subcontractors; and
- having our employees and any subcontractors involved in the Processing of Personal Data sign an undertaking to maintain the confidentiality of Personal Data and to comply with Applicable Regulations.
Customers must verify that the technical and organizational security measures we implement meet their security constraints and, failing that, give DQE precise written instructions on the additional security measures to be implemented. In the absence of specific instructions, the safety measures in place within DQE are presumed to be sufficient.
Cooperation and assistance - Audits
We endeavor to deal appropriately with all reasonable requests from our Customers concerning the Processing of Personal Data that we carry out on their behalf. We modify or delete, on the instructions of our Customers and at their expense, the Personal Data of a Data Subject, in particular following the exercise of his/her right of access and rectification or deletion, so that the Personal Data processed is accurate and up to date.
We may provide reasonable assistance to our Customers, upon quotation, if our help is required to respond to requests from the CNIL, carry out risk assessments (Privacy Impact Assessments – PIAs), investigations, inspections or audits relating to the Processing of Personal Data.
Subsequent subcontractors - Transfers outside the EU
DQE does not transfer Personal Data to countries outside the EU that do not ensure an adequate level of protection within the meaning of the Applicable Regulations without the Customer’s consent and without first implementing one or the other of the appropriate guarantees provided for by said Regulations to govern said transfer, in particular by using standard contractual clauses approved by the European Commission.
Retention time frame - End of contract
DQE undertakes, at the Customer’s option, to return and/or destroy any Personal Data still in its possession within the agreed time frame, once the Services have been completed. At the Customer’s request, DQE can provide a certificate of destruction for personal data processed under the contract.
Transfer of Personal Data to other countries
DQE does not transfer any Personal Data from the European Union to another country that does not have an adequate level of protection (as defined by the European Commission) without implementing the appropriate safeguards required by the GDPR.
Security
- the means to guarantee the confidentiality, completeness, availability, and resilience of processing systems and services;
- the means to restore availability and access to Personal Data within an appropriate time frame in the event of a physical or technical incident;
- a procedure for regularly testing, analyzing, and evaluating the effectiveness of technical and organizational measures to ensure the security of Data Processing.
As we are aware of the stakes involved in the Processing of the Personal Data we process on our own behalf or on behalf of our Customers, we have decided to implement an Information Security Management System to comply with the requirements of the ISO/IEC 27001 international standard.
Changes to this privacy policy
This version of the privacy policy was updated on 19/08/2024.
We may update or adapt this privacy policy in the future. If necessary, we will inform you of changes to this privacy policy through the usual means of communication.
DQE cookie policy
The purpose of this policy is to provide you with clear and comprehensive information about how we use cookies on our Website.
Visitors may decide to deactivate cookies on their first visit to our Website. If they decide against deactivating cookies, the Visitor accepts the installation of cookies and their use under the following conditions.
What is a cookie?
Cookies are small text files, often encrypted, which are stored on your browser or on your device’s hard disk.
When the Visitor navigates to the Website, information relating to the navigation of the Visitor’s terminal may be recorded in cookies and installed on the Visitor’s browser. Cookies are used to enable our systems to recognize your device.
What types of cookies do we use?
- Necessary cookies: These cookies are strictly necessary for the operation of our Website. They enable you to browse our Website and use its features.
If you have chosen to deactivate these cookies via your web browser, access to and/or use of our Website may be impaired. We advise you to leave them activated in order to take full advantage of our Services and your browsing on our Website.
- Audience cookies: These cookies enable us to compile audience statistics and measure the number of visitors to our Website. These statistics are necessary to ensure the proper functioning of our Website. They enable us to assess the number of visitors to our content. The information collected by these cookies is anonymous, and in no way allows us to know your browsing habits.
We also use cookies for other purposes, such as preventing fraudulent activity and improving security.
What categories of Personal Data are collected by cookies?
To ensure the proper functioning and administration of our Website, we use the following solutions:
Axeptio
Hubspot
Google Analytics
Google Ads
GetQuanty
What is the legal basis?
The deposit of cookies on your terminal is based on our legitimate interest in providing an optimized browsing experience for Visitors to our Website and tracking traffic.
For any cookies that are not strictly necessary for the proper functioning of our Website, we obtain your consent before they are deposited on your terminal via the information banner on our Website, allowing you to refuse the deposit of these cookies and to manage your preferences.
How to manage your cookies
You can change your cookie preferences at any time by clicking on the information banner (pop-up) appearing on all pages of the Website at the bottom left.
You can also prevent the use of cookies by configuring your browser. The Help/Settings section of most browsers tells you how to refuse new cookies, how to obtain a message notifying you of their receipt, or how to disable all cookies.
You can also choose to deactivate or delete similar data used by software ancillary to your browser, such as Flash cookies, by modifying the settings of this software or by visiting the website of the publisher of this software.
How long do we keep your Personal Data collected by cookies?
Personal Data collected by cookies is kept for a maximum of thirteen (13) months after it is deposited on your terminal.
As an exception, information collected by cookies for the strict purpose of audience measurement may be kept for a maximum of twenty-five (25) months. This Data is aggregated and IP addresses are deleted or anonymized once localization has been completed.
You can also choose to delete cookies before the end of these periods in your browser settings by following the instructions above.
Update of this cookie policy
This cookie policy was last updated on 19/08/2024.
We may update this cookie policy from time to time. If necessary, we will inform you of changes to this privacy policy through the usual means of communication.