Privacy Policy

V 1.1 Applicable as of January 30^th 2022

Avisa Partners values your privacy and the protection of your personal data and takes all reasonable precautions to ensure their protection.

The purpose of this Policy is to inform you about the procedures and processing of personal data that are put in place in connection with the organisation of the Cybersecurity Forum (CIF) and related events. The purpose of this Policy is to inform you of the measures taken regarding the protection of your personal data in accordance with the European Union's General Data Protection Regulation or "GDPR" of 27 April 2016 (n°2016/679).

We have drafted two documents with the aim of informing you about how we collect, use and protect your personal data in the context of our various services:

• a policy dedicated to the data collected via our website and in the context of registration to the CIF (this policy).
• a specific document about the cookies we use (the cookie policy).

The term "we", "us" or "our" used in this Privacy Policy refers to Avisa Partners.

In the remainder of this document, we use the terms "personal data", "personal data" and "personal information" to refer to information that identifies you personally (such as your name, surname, business address, etc.) or, as in this case, data that is linked to you (such as answers to questions on our forms), as well as data about your connection to or browsing of our site (such as your IP address and the date and time of your connection).

You will find the answers to your questions classified by theme in the following sections:

1. Who are we?
2. Scope of application
3. Type of personal data collected and retention periods?
4. Confidentiality and security measures
5. Recipients of the data
6. International data transfer
7. Sharing of social networks with which you have an account
8. Rights of access, rectification and deletion
9. Contact us
10. Changes to the group's scope
11. Changes to our Privacy Policy
12. Use of cookies

1 – Who are you?

Avisa Partners is a simplified joint stock company with a capital of €31,576,704, registered in the Paris Trade and Companies Register under number 835004094 and whose registered office is located at 17 Avenue Hoche, 75008 PARIS.

We are the data controller within the meaning of Regulation (EU) 2016/679 of the General Data Protection Regulation (hereinafter "GDPR"), for the procedures and processing of personal data that are implemented on the occasion of the organisation of the Cybersecurity Forum

(FIC) and related events.

As such, we undertake to comply with the framework of the legal provisions in force and in particular to take all reasonable steps to ensure the accuracy and relevance of the Personal Data with regard to the purposes for which Avisa Partners processes them.

2 – Scope of application

This Policy is specific to the organisation of the FIC event and related events (breakfasts, ID Forum, etc.) and concerns only those activities for which the Organiser is a Data Controller within the meaning of the GDPR.

3 – Type of personal data collected and retention periods?

Concerning the collection of personal data linked to your Internet navigation (cookies), we invite you to read our dedicated Cookie Management Policy We also collect the data you specifically send us for each purpose:

• Data enabling you to be identified (surname, first name, position, company, telephone, professional email) in order to proceed with any registration (newsletters, publications), in the context of a BtoB relationship. The legal basis is therefore our legitimate interest;
• Professional data enabling you to register for our various events (name, first name, position, company, telephone, email, etc.) in order to facilitate access, to enable you to receive the information necessary for your participation and to enable us to properly organise the events for which you have registered. The legal bases are your consent for registration and our legitimate interest in taking into account and managing this registration. This also includes registration for the various workshops, symposia, competitions, challenges, roundtables, etc. organised within the FIC and related events. We may use this information to invite you to future events that we or some of our partners will organise on similar themes;
• Depending on the venues in which the events will take place and the personalities present, which may require special security procedures for access, official data and documents allowing the verification of your identity (identity card, etc.) and access control. The legal basis for processing is our legitimate interest, or in some specific cases, the existence of a regulatory obligation.

This data is kept for a period of three years after the last contact we had with you.

Please note: the information marked with an asterisk (*) is essential for the processing of your request.

4 – Confidentiality and security measures

We take all reasonable measures (physical, logistical, organisational) to protect your data at the time of transmission on the service, in particular against loss, misuse, unauthorised access, disclosure, alteration or destruction, through security measures such as vulnerability scanning, deployment of HTTPS protocol, implementation of pseudonymisation and anonymisation processes etc.

Depending on the type of data collected and its purpose, processing is only carried out by authorised personnel in accordance with our confidentiality and security requirements in the constitution of files, exchanges with our partners and subcontractors, and the transfer of this data (see below).

5 – Recipients of the data

The personal information that you may provide may be consulted by the staff of our company, as well as by all the subsidiaries of the group, the departments responsible for control and our subcontractors within the strict framework of the purposes that we have presented to you (including the provision of premises, etc.).

In this respect, we would like to point out that we have signed strict security clauses with our subcontractors, in accordance with Article 28 of the RGPD, specifying in particular the security objectives that must be achieved.

We may also communicate your professional data to four types of entities

• The managers of the venues hosting the events, insofar as they are not considered as subcontractors or organising partners. As indicated above, these managers may also be recipients of your identity verification data in accordance with their own Privacy Policy which they will make available to you;
• Partners who finance, within the FIC or related events, conferences, workshops, competitions, challenges, round tables, etc., where you have registered. The use of your data, whether commercial or not, is carried out in accordance with their own Privacy Policy which they will make available to you. During events such as the FIC, you may be asked to provide your business contact details when you visit the stands of speakers and exhibitors, or when you participate in the talks they sponsor. You may be contacted by the exhibitor in question following the FIC, who acts as the data controller. If you do not wish to receive any communication from the exhibitor, you can simply inform them directly, either at the time of the event or at a later date.
• We would also like to point out that, if you use social modules or your Facebook or LinkedIn account, the social networks in question may have access to some of the information.
• Finally, we may be required to disclose personal information at the request of any Public Authority in the context of a mandatory legal procedure, or in the event of a proven risk that may affect our information system and impact our activities or the conduct thereof, or the fundamental rights of third parties concerned.

6 – International data transfer

We may transfer your personal data to service providers outside the European Economic Area (EEA). In this case, please be assured that they are bound by specific rules and measures to ensure the appropriate level of security for the protection of your personal data. This means that we will base our transfers on the applicable regulations (standard contractual clauses approved by the European Commission in our contracts with third parties outside the EEA, transfer to countries with protection recognised as adequate by the European Commission, etc).

For more information, you can contact our Data Protection Officer at dpo@avisa-partners.com.

7 – Sharing of social networks with which you have an account

From our websites, we have provided you with the ability to easily share the pages you visit on your favorite social networks. The use of buttons allowing access to social networks is likely to lead to the collection and exchange of certain data between the social networks and the group's sites.

Our site uses "plug-ins" or social modules on its various pages ("share" buttons on social networks such as Facebook, Twitter, LinkedIn, etc.). When you visit a page on one of our sites containing such social modules, a connection is automatically established with the servers of the social networks (Facebook, Twitter, etc.), which may then be informed that you have accessed the corresponding page on our site.

If you wish to limit the information published or known by these social networks, we advise you to disconnect before visiting our site. Furthermore, it is your responsibility to make the appropriate settings regarding access to your personal data on these social networks and to inform yourself about their Privacy Policy.

8 – Rights of access, rectification and deletion

We remind you that you have the right:

• To be informed about the way your data is processed;
• To access your data;
• To object on legitimate grounds to your data being processed and in particular to your data being used for commercial prospecting purposes;
• To limit certain uses of your data;
• To rectify incorrect information, as well as to ask us to delete certain information;
• To challenge the way in which your personal data is processed;
• To withdraw your consent at any time (where we rely on your consent as a legal basis for processing);
• To benefit from a right to portability of your data (where we rely on your consent or contract as the legal basis for processing);
• To define directives relating to the fate of your personal data after your death in application of article 32 of the law of 6 January 1978.

9 – Contact us

The protection of personal data is a fundamental right, and you may at any time contact our Data Protection Officer by email (dpo@avisa-partners.com) or, failing that, by post addressed to our DPO and sent to the following address: 17 Avenue Hoche, 75008 PARIS. However, we reserve the right to ask you to prove your identitý and the relevance of your request.

If, despite our reply, you are not satisfied, you may contact the Commission Nationale Informatique et Liberté (CNIL) directly at the following address https://www.cnil.fr/en/contact-cnil.

10 – Changes to the group's scope

If we are acquired by or merge with another company, or if there is a restructuring of the group, your personal data will be transferred to the new entity. If this happens, we will apply the same rules as set out in this Policy to your personal data and your rights in relation to its use.

11 – Changes to our Privacy Policy

If a significant change in our Privacy Policy is required, we will inform you by any means necessary, reminding you of the possibility of deleting your data if the changes made are unfortunately not able to satisfy you.

12 – Use of cookies

We remind you that it is in our dedicated Cookie Management Policy that you will find the details of your rights on your personal data and their management within the framework of the functionalities of our site and its mode of operation.