07/14

Athesya Privacy Policy

Athesya would like to thank you for visiting our website and having interest in our products, solutions and services. As a cybersecurity organization, Athesya takes the respect of your privacy very seriously and ensures that while you are exploring our websites sections, you are safe and so is your personal data. Athesya is committed to enforcing the strong data privacy protections enabled by GDPR compliance.

In 2016, the European Commission approved and adopted the General Data Protection Regulation (GDPR), a new framework for European data protection law. It replaces the EU data protection regime under Directive 95/46/EC. It is binding through all Member States of EU. Under the General Data Protection Regulation (“GDPR”) EU 2016/679, personal data is defined as:

“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

The GDPR has been effective since May 25th,2018, and applies to companies that process Personal Information of individuals in the EU.

The GDPR applies to all organizations (including Athesya) established in the EU.
It also applies to organizations not established in the EU in two cases:

__When the organization offers products and services to data subjects in the EU
__When the organization monitors behavior of data subjects in the EU, when this behavior takes place within the EU.

The GDPR applies to Athesya because it is established in France, a member State of the European Union. Athesya markets cyber solutions in EU Member States through its website as well as outside of the EU.

The present Policy intends to provide you all relevant information in relation to the collection and processing of personal data which may be collected through Athesya websites (hereinafter, the “Websites”).

ATHESYA SAS (hereinafter “we”, “us”, “our”, or “Athesya”) may collect and process personal data relating to you when you visit the Websites, www.athesya.com, www.atheysa-marketplace.com, and www. xitild.com.

This privacy policy will occasionally be updated. When changes are made, the date at the top of this Privacy Policy will be reviewed. While we are communicating our Private Policy changes to people whose data is in our database, please check Athesya’s website from time to time to inform yourself of any changes in this Privacy Policy.

Why do we collect some of your personal data?

While visiting Athesya’s website you don’t need to share any personal details except for the reserved and restricted areas dedicated to partners, purchasing, trials and few others delivering sensitive information about our solutions. In order to access these parts of our websites and/or to request specific information or services, we may need to collect personal data from you which we will process for the purposes described hereunder.
Athesya respects the data minimization principle and therefore limits the collection of personal data to its strict minimum, even when services are delivered online or online forms need to be filled up. Any information collected serves a specific purpose directly related to either your questions, requirements, trials or purchasing.
Athesya is committed to being transparent about the kind of information it collects, the reasons it collects it, and how it is used.

Athesya collects the following data:

__Personal identification information (Name, phone number, email address)

Athesya collects data and processes it when you:

__Use or view its website(s) via your browser’s cookies
__Require a trial or proof of concept of one or more of Athesya solutions & services
__Place an order for any of its products or services

Athesya generally processes Personal Information for the following purposes:

__Processing of orders,
__Processing provisioning and activation of trials and Proof of concept.
__Account managing,
__Market and advertise its products,
__Promotions,
__Perform website maintenance, usage, and analytics,
__Network and infrastructure security.

As part of pre-sales process (demonstration requests, information on our Services, recruitment, etc.) and/or contractual obligations (partner portal, order management etc.) we may process your personal data for:

__Answering requests or inquires you may submit on our websites
__Managing orders, customer relations (telephone / email), order tracking, after-sales service
__Enabling you to log on certain restricted parts of our website
__Sending newsletters
__Athesya events attendance management
__Managing recruitment when you apply online for jobs or internships. (This is the only case where Athesya accepts and stores personal email addresses)

Athesya, as a cybersecurity company, ensures that any personal data collected doesn’t represent a threat for its own websites. These are completely separated from the actual Athesya technical infrastructure.

Some personal data you share with us is used to:

__Conduct customer satisfaction surveys.
__Maintain and improve our website and to ensure its security.
__Produce statistics regarding the use of our website.

These processing and purposes are based on our legitimate interest in ensuring that you enjoy your visit to our websites.

Athesya directly conducts most data processing activities required, to provide its Services to you. As such, it does engage some third-party service providers to assist in supporting these Services, including in the following areas:

__Cyberinsurance
__Customer Care
__Marketing and analytics
__IT and Security

Athesya ensures that each third-party service provider complies with the GDPR and can deliver the appropriate level of security and data protection.
If and when Personal Information is transferred out of the European Economic Area, United Kingdom, and Switzerland, Athesya uses appropriate safeguards and controls to protect your Personal Information in accordance with applicable laws. Athesya does not have legal entities neither storage entities located in countries that have implemented extra-territorial laws rendering the confidentiality of your data fragile.

Personal data storage & retention

Athesya collects and uses Personal Information you have provided for marketing purposes as well as trials and proof of concept purposes. Athesya securely stores your data across up to 256 locations within the E.U. and complies with certification standards. Athesya uses its quantum resistant zero trust data encryption solution to encrypt and protect your data.
Athesya has designed its data retention policy according to your level of interest into Athesya activities:

__ Customers and partners: Your personal data remains in our active storage during the whole business relationship between your company and Athesya. Once the contract has ended, the data will be parked in archives for three (3) years.
__ Prospective customer or partner: As a prospect, your date will be retained no longer than eighteen (18) months when no activity has occurred during this period, and no longer than three (3) years after the first exchange between you and Athesya.
__ Newsletter subscriber: Your data is stored as long as your subscription is active and automatically deleted in case you unsubscribe.
__ Athesya’s on-site and online events attendants: When you have registered to an Athesya event, your data will be deleted two (2) years after the last event was held.
__ Interns & job seeking candidates: In case you have not qualified for a position with us, Athesya retains your data for a duration of two (2) years after your application submission.
__ Support ticket: Any support ticket sent by one of our customer or partner personnel is stored for the duration specified in your SLA or contract.
__ Connection information: when you visit our websites pages, we collect several data points: IP Address(es), date and time of your visit. The purpose of this collection process is meant for security, maintenance and improvements of Athesya’ websites. The data is retained for a maximum period of six (6) months after collection.

Because you have rights over your data

The GDPR enables individuals to find out what Personal Information the company holds about them, why it holds it, and whom it discloses it to.

__ Access to data: As a customer of Athesya, you can access and download your data. Specifically, you can:

_Access and download every kind of Personal Information at any time within your account.

_Request a copy of your Personal Information processed by Athesya’s third party service providers.
Athesya works with these third-party service providers to provide, analyze, and improve their Service.

A copy of your personal data should be provided free in a commonly used and machine-readable format. Nevertheless, Athesya may charge a fee for additional copies if the request is manifestly unfounded or excessive.
__ Deletion of data:
You can delete your Athesya account and data from within your account settings at any time. Once you submit and confirm your request, Athesya will delete your data. Data deletion is permanent and irreversible.
__ Other rights under GDPR:
Athesya’s customers in the EU have additional rights under the GDPR, including the right:

_To object to the processing of their Personal Information,

_To restrict the processing of their Personal Information,

_To rectify inaccurate or incomplete Personal information.

You may withdraw your consent at any time and exercise your rights to data processing and freedom by contacting our DPO (DPO contact).

For more information

If you feel something is not addressed in this Privacy Policy or have further questions, please contact dataprivacy@athesya.com
If you are not satisfied with the content of Athesya’s privacy policy or the way it processes your data, you have the right to lodge a complaint before a supervisory authority. (CNIL in France)