GDPR Policy
Preamble
This policy sets out the commitments made by EUNOIA, a simplified joint-stock company registered with the Paris Trade and Companies Register under number 929 421 139, whose registered office is located at 25 rue Jean-Jacques Rousseau, 75001 Paris, regarding the protection of personal data, in application of Regulation (EU) 2016/679 of April 27, 2016 (GDPR) and the amended Data Protection Act.
It complements the specific privacy policies applicable to certain EUNOIA services or communication channels (in particular its privacy policy relating to free services, prospecting, events, etc.), and is aimed at all persons concerned: customers, prospects, partners, participants in events, users of free resources or interviewees.
General principles
EUNOIA ensures that all processing of personal data is carried out in a lawful, fair and transparent manner, for specific and legitimate purposes, with a view to minimizing the data collected, with proportionate retention periods, and under conditions ensuring the security and confidentiality of the data processed.
Legal basis
The processing activities carried out by EUNOIA rely on one of the legal bases provided for in Article 6 of the GDPR (contract performance, legal obligation, consent, legitimate interest, etc.), depending on the relevant purpose.
Specific details applicable to certain services may be set out in the corresponding general terms and conditions or annexes.
Governance and documentation
EUNOIA has implemented internal governance in compliance with GDPR requirements. It maintains a register of processing operations, documents its impact assessments where necessary, formalizes its relationships with its subcontractors through clauses compliant with Article 28 of the GDPR, and maintains traceability of requests related to the exercise of data subjects' rights.
A Data Protection Officer (DPO) is appointed or mobilized as needed and can be contacted at the following address:
📧 dpo@eunoia-security.com
Treatment register
The processing register kept by EUNOIA accurately describes the purpose of each processing operation, the legal basis used, the categories of data concerned, the persons concerned, the internal or external recipients, the retention periods, any transfers, and the security guarantees put in place.
This register may be communicated to the supervisory authority on request, in accordance with Article 30 of the GDPR.
Data retention period
Personal data is retained for no longer than is necessary for the purposes for which it was collected. Accordingly:
-
Data relating to professional prospects, including those obtained through free services (white papers, online resources, etc.), is retained for a period of five (5) years from the last active contact or interaction, unless the data subject objects.
-
Data collected during product demonstrations is retained for the duration of the demonstration plus one (1) month, unless otherwise requested by the data subject.
-
Data collected during free assessments or diagnostics is retained for one (1) month following the delivery of the report, unless otherwise requested by the data subject.
-
Data related to contractual or commercial relationships (clients, partners, subcontractors) is retained for a period of five (5) years from the effective end of the relationship, unless a longer period is required by law or in the event of an ongoing dispute.
-
Data required for legal obligations, particularly accounting or tax purposes, is retained for a period of ten (10) years in accordance with applicable legal provisions.
-
Data resulting from audiovisual recordings (interviews, webinars, etc.) is retained without any time limit, unless the data subject withdraws their consent.
​
Some data may be subject to intermediate archiving when it is no longer actively used but must still be retained to comply with legal obligations or for evidentiary purposes.
Data security
EUNOIA undertakes to implement appropriate technical and organisational measures, taking into account the nature of the data, the purposes of the processing and the level of risk identified, in order to guarantee a level of security appropriate to the processing carried out.
The precise terms and conditions relating to the security of processing and data are set out in EUNOIA's confidentiality policy, which is available on its website or on request.
Subcontracting and transfers outside the EU
Personal data may be processed, strictly for the purposes intended, by service providers acting on behalf of EUNOIA. These service providers are subject to rigorous selection, are contractually bound to comply with the requirements of the RGPD, and may only act on formal instruction from EUNOIA.
No data transfers outside the European Union are carried out without prior legal safeguards ensuring an adequate level of protection, in accordance with Articles 44 et seq. of the GDPR. Please note that the host of this website is located in the United States but has been evaluated under the Data Privacy Framework (DPF) and is deemed to provide an “adequate” level of protection within the meaning of the GDPR.
Rights of the persons concerned
In accordance with the RGPD, any person concerned by data processing carried out by EUNOIA has a right of access to their personal data, a right of rectification in the event of error, a right to erasure in the cases provided for by the regulations, a right to limitation, portability, and a right of opposition, particularly in the event of canvassing.
You may also define post-mortem directives relating to the storage, deletion or communication of your data after your death.
These rights may be exercised at any time by sending an e-mail to the following address:
📧 dpo@eunoia-security.com
A response will be provided within a maximum of one month from receipt of the complete request. Proof of identity may be requested if there is any doubt about the applicant's identity.
Updating this policy
This policy may change to take account of regulatory developments, recommendations issued by the competent authorities, or changes in EUNOIA's processing practices.
The current version is the one available on EUNOIA's official website, or sent on request.
Users of the EUNOIA service should check whether a new version of this policy exists and take note of it.