Privacy policy | Com&Co Group

Personal Data Protection Policy

Use of this policy

This policy is available on our website for both clients and employees.

OUR PERSONAL DATA PROTECTION POLICY

At Com&Co, we are highly committed to respecting your privacy and protecting your Personal Data.

During the use of our services, we may need to collect and process your data of a personal nature (hereinafter “Personal Data”)

Definition of Personal Data
Personal data are defined as information in a format that can be used to identify a natural person, whether directly via their first name and surname or indirectly via a telephone number, e-mail address or other identifier.
Data processing
Data processing may involve collecting, recording, organising, archiving, modifying, deleting, supplementing, exporting, consulting, processing or communicating personal data, as defined above.

Com&Co is committed to a continuous personal data protection process. We comply with all French and European regulatory provisions and legislation pertaining to the protection of these data. To this end, we comply with the the French Data Protection Act of January 6, 1978, as amended, and the EU General Data Protection Regulation of April 27, 2016 pertaining to personal data and their free circulation (hereafter called the “GDPR”).

For the purposes of transparency of processing, this policy describes and informs the way in which Com&Co, as data controller, undertakes to collect, use and protect your personal data with all necessary care and solely for the legitimate purposes for which they were collected.

By accessing and/or using our services, you accept that your Personal Data will be collected and processed under the conditions and methods specified below. If you do not supply the requested Personal Data, it is possible that you will not be able to access all the services that we offer.

This document is subject to change, in particular when required in order to comply with legal obligations regarding personal data protection.

Com&Co guarantees that personal data will be:

Processed lawfully, fairly and in a transparent manner,
Collected for specific, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes,
Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed,
Accurate and, where necessary, kept up to date,
Kept for no longer than is necessary for the purposes for which they are processed,
Processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures proportionate to the risks.

When Com&Co acts as data controller

Pursuant to Article 5 of the GDPR, we guarantee that personal data are collected for the following purposes:

Management of Com&Co employees, recruitment and careers (considering and contacting applicants etc.),
Management of clients and prospects (sending marketing information on the Group’s products and news, understanding and meeting the needs of clients or prospects, etc.),
Management of sales agreements (order management, invoicing, payment processing, etc.),
Creation and administration of user accounts,
Production and management of services subscribed to by clients (recording of calls made to support, etc.),
Promotion of its events and similar events,
Sales prospecting,
Coordination of communities (users, members, clients),
Creation and management of personal accounts on websites and applications in association with events,
Management of registration for and participation in an event,
Management of applications to a participation fund for an event,
Management of contributions to an events programme,
Management of access and tracking on sites hosting events and the various dedicated spaces,
Management of attendance and other certificates, and invitations,
Management of the online purchase of, or subscription to, products and other services,
Legal declarations to the authorities of the countries hosting events or the countries of origin of participants at events (as necessary),
Improvement of services and customer-satisfaction surveys,
Statistics,
Management of rights and claims,
Management of requests to deregister and unsubscribe,
Management of payments and recovery of debts where necessary,
Management of, and response to, requests made on our websites,
Customisation of our communication via our client marketing programme, to conduct marketing and promotional operations, and to have a better understanding of your needs and desires,
Modification of our products and services to better meet your needs,
Customisation of our sales offers,
Informing you of our companies’ special offers and new services,
Qualification of our prospect and client database, segmentation based on the history of actions carried out on our websites,
Management of requests to unsubscribe from newsletters, promotions and customer-satisfaction surveys,
Performance of actions to take into account the right to modify/correct/delete data or process requests to unsubscribe.

When Com&Co acts as data processor

Pursuant to Article 28 of the GDPR, we guarantee that:

The purposes of processing are described in the contract signed by Com&Co and its client,
The processing of the client’s personal data is carried out only for the specified purposes, on the client’s instruction, and under the conditions specified in the contract,
Personal data will be deleted at the time and under the conditions specified in the contract, unless applicable legislation requires them to be stored.

In accordance with these various purposes, Com&Co shall ensure that the lawfulness of processing is assured, and that one of the following conditions is fulfilled:

The natural person has given consent to the processing of his or her personal data for one or more specific purposes,
- Our partners’ newsletters, management of certain cookies, customer-satisfaction surveys, communication of offers and news, etc.
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract,
- Registration for an event, purchase order, etc.
Processing is necessary for compliance with a legal obligation to which Com&Co is subject,
Processing is necessary in order to protect the vital interests of a natural person,
Processing is necessary for the purposes of the legitimate interests pursued by Com&Co, except where such interests are overridden by the interests or fundamental rights and freedoms of the natural person involved.

Data security

Com&Co shall deploy all technical, organisational and human means to ensure the security and confidentiality of the Personal Data collected and processed, and, in particular, prevent them from being corrupted, damaged or communicated to unauthorised third parties, by providing a level of security proportionate to the risks associated with processing and the type of Personal Data to be protected, with regard to the state of the art and the cost of implementation.

Com&Co staff are subject to a code of good IT conduct and an IT charter to ensure a suitable level of security.

Our website may include links to other websites and external sources.

You hereby acknowledge that this Personal Data Protection Policy only applies to the use of our website, and in no way covers data collected and/or processed on external sites or sources whose link may appear on our website. Consequently, Com&Co cannot be held liable for the practices of these external sites or sources with regard to the collection and processing of personal data, which are governed by the personal data policies specific to each of these external sites or sources.

Personal Data breach

Pursuant to Articles 33 and 34 of the GDPR, notice of any data breach must be issued, in accordance with the following cases:

When Com&Co acts as data controller, the supervisory authority (CNIL) shall be notified, and where necessary, the natural persons impacted by aforesaid breach,

When Com&Co acts as data processor, its clients affected by aforesaid breach shall be notified, according to the contract conditions.

Exercise of rights at Com&Co

How to exercise your rights over your personal data when Com&Co is the data controller

You are informed that by virtue of and under the conditions set out in Personal Data Protection legislation, you have the following rights at Com&Co:

The right to access and obtain a copy of your personal data held by Com&Co,
The right to correct and update your personal data if they are inaccurate or incomplete,
The right, subject to conditions, to delete all or part or your personal data,
The right to obtain information regarding the conditions of use of your personal data by Com&Co,
The right to object to processing of your data on grounds relating to your particular situation,
The right to object, at any time without need for justification, to your data being used for marketing purposes (receiving sales text messages and e-mails) even if you originally gave consent,
The right to remove consent for the processing of your personal data (when the legal basis for processing is your consent),
The right to obtain, subject to conditions, the restriction (temporary interruption, freezing) of the processing of your data,
The right to portability of the data you provided to Com&Co,
The right to supply Com&Co with instructions on what should happen to your data in the event of your death,
The right to not be subject to an automated decision or profiling which would have legal or other significant effects on you.

Pursuant to Article 77 of the French Data Protection Act (Decree 2019-536 of 29 May 2019), you must substantiate your identity with an ID card when you exercise the rights to which you are entitled:

Contact Com&Co’s Personal Data Protection Officer, by writing to:

Com&Co
FAO Data Protection Officer
15 Boulevard Grawitz

13016 MARSEILLE

You request may also be sent by e-mail, subject to the same conditions, to dpo@comnco.com. Substantiation of your identity ensures the confidentiality of everyone’s data (combating identity theft and avoiding confusion of people with the same name).

If you are making the request on behalf of another person (as Agent of the data owner), in compliance with the provisions of the aforementioned Decree, your request must include:

The written mandate of the data owner (the Principal) specifying the duration and specific purpose of the mandate that is given to you and clearly authorising you to be the recipient of the Com&Co response to the request to exercise rights concerning the principal’s personal data,
+ substantiation of your identity, and
+ substantiation of the principal’s identity.

If any of these conditions are not met, the request cannot be accepted.

If your request is accepted, in compliance with the conditions set out in law, a response will be provided within one month, or exceptionally within two months in the event of complexity or a large number of requests.

If, after having made the request, you consider that your Data Protection rights have not been complied with, you can submit a claim to CNIL online or by post.

How to exercise your rights over your personal data when Com&Co is the data processor

When Com&Co receives a request from a natural person affected by the processing of his or her personal data in the context of the performance of a contract between Com&Co and its client, Com&Co will communicate this request to its client as quickly as possible following receipt and, taking into account the type of processing and the conditions specified in the contract, will help its client as much as possible, to fulfil its obligation to follow up on the request by using proportionate technical and organisational measures.

However, the client remains responsible for replying to the natural person in question.

Duration of storage of Personal Data

The data controller undertakes not to store Personal Data beyond the period strictly necessary for the purposes for which they were collected, in compliance with Applicable Regulations.

The data controller undertakes to archive or delete your Personal Data as soon as the purpose and/or the specified storage duration has expired.

These maximum durations apply unless you request the deletion or the cessation of processing of your Personal Data before the expiry of these periods, if their storage is no longer justified by mandatory legal requirements.

Information concerning the people involved

When Com&Co acts as data controller

When personal data are collected, Com&Co shall provide the natural persons involved with suitable information, as far as possible, in particular: the contact details of the data controller and its Data Protection Officer, the purpose of processing and its legal basis, the recipients of the data, transfers outside the EU where relevant, the duration of storage, the possibility of exercising rights, and the right to submit a claim to the Supervisory Authority.

Com&Co may receive the personal data (company, contact name, telephone number, e-mail address) of its clients and/or partners. These data shall only be used to:

Perform its services as event organiser for its clients,
Update, develop and analyse its client/prospect database,
Identify new prospects,

Supply information on services and events organised by Com&Co.

When Com&Co acts as data processor

Pursuant to Article 13 of the GDPR, the data processor is responsible for providing natural persons with the relevant information.

Data collected

Personal Data collected under the business relationship with Com&Co

In order to supply the subscribed service and manage its business relationship, the data controller, located at 15 Boulevard de Grawitz, Marseille, 13016, France, shall collect and process the following personal data: Surname, first name, e-mail address, telephone number, job title, company.

These personal data are processed by Com&Co to manage the business relationship, for sales communication and to supply the subscribed service.

Com&Co may sub-contract certain processing tasks such as payment processing and sales communication to business partners.

For more information on these partners or sub-contractors, contact dpo@comnco.com

You may exercise your rights in compliance with this policy.

Personal Data collected from forms on Com&Co websites

Depending on the type of form, Com&Co, the data controller, located at 15 Boulevard de Grawitz, Marseille, 13016, France, may collect personal data via the websites:

net
com and its sub-domains
All websites for which Com&Co is mandated to perform events communication
Websites associated with Web TV (incathlab.com, oncostream.com, mdscop.com)

In particular, this involves:

Non-technical Personal Data (depending on use case),
Identification (surname, first name, username, etc.),
Contact details (e-mail and/or postal address),
Photo,
Professional information (profession, job title, specialism, etc.),
Bank details, if necessary (for example, in the event of a refund),
Video images (filmed conferences, video monitoring),
Technical data (depending on use case),
Identification data (IP address),
Connection data (in particular, logs),
Acceptance data (clicks),
Location data,
Tracking data (cookies on our websites, conference room access).

These personal data are processed by Com&Co solely for the stated purposes: registration for events, management of medical training, payments for participants and speakers, management of the business relationship and customer file, and prospecting, proposal of offers to suit the interests of clients/prospects, and statistical analyses.

These data shall be stored for the performance of the specified processing purpose, without exceeding the mandatory authorised legal duration. You may, however, exercise your rights in compliance with this policy.

Personal Data collected on websites in general

Personal data are collected from users in order to make the platform’s services available, improve them and maintain a secure environment. The legal basis of processing may be a legitimate interest or performance of the contract between the user and the platform. More specifically, the uses are the following:

Access to and use of the platform by the user,
Management of the operation and optimisation of the platform; verification, identification and authentication of data sent by the user,
Customisation of services by displaying advertising based on the user’s browsing history, according to his or her preferences,
Prevention and detection of fraud, malware (malicious software) and management of security incidents,
Management of any disputes with users,
Contact you by e-mail or telephone,
Administration of a competition, promotion, or performance of a customer-satisfaction/interest survey,
Sending of commercial information and advertising, based on user preferences.

Transfers outside the European Union

Com&Co hereby informs the user that the data collected may be processed outside the European Union. Pursuant to data protection legislation, Com&Co does not transfer Personal Data without providing appropriate safeguards for these transfers, in application of Article 46 of the GDPR, outside:

The European Union, or
The European Economic Area, or
Countries recognised by the European Commission as having an adequate level of security.

Data recipients

When Com&Co acts as data controller or processor

Your personal information, collected or supplied on this website or in the context of our services, is for use by the company Com&Co, Data Controller as defined in the French Data Protection Act, as amended, whose headquarters are located at 15 boulevard de Grawitz, Marseille, 13016, France and more specifically, by the relevant departments of Com&Co, namely: the Production Unit, Website Administration, Support Unit, Communication and Marketing Unit, Accounting, and HR.

Com&Co may share personal data with third parties solely under the conditions specified in this document and/or the relevant contract.

Com&Co suppliers

Com&Co may use service providers, suppliers and sub-contractors, to which it entrusts the performance of some or all of certain tasks.

These service providers may receive or access some personal data for the sole purpose of their tasks carried out on behalf of Com&Co, in compliance with current procedures. Com&Co supervises and checks compliance by said suppliers of their obligations regarding the confidentiality and security of your information:

On behalf of Com&Co, for performance of the client contract (data hosting, accommodation, transport, consulting, sub-contracting, etc.) under the conditions specified by Com&Co,
To assist Com&Co in the performance of the financial and administrative conditions of the contract (payment processing, invoicing, etc.),
For the performance of marketing communications on behalf of Com&Co.
Public Authorities

In some cases, Com&Co may need to share personal data following a request from the public authorities, a writ or any legal request in application of applicable laws.

In this case, Com&Co will supply the data required to fulfil this request, in particular when Com&Co considers that sharing this is necessary to protect your rights, ensure your security or that of others, inquire into cases of fraud or meet a legal obligation.

Cooperation of Com&Co with its clients and the Supervisory Authority

Pursuant to Article 28 of the GDPR and in compliance with its contractual commitments, Com&Co undertakes to reasonably cooperate with its clients to meet their obligations in application of Articles 32 to 36 of the GDPR.

In general, Com&Co undertakes to cooperate with the French Supervisory Authority (CNIL) whenever necessary, and to reasonably take into account its recommendations.

For more information on recipients, please contact us at dpo@comnco.com

Privacy by design in products and services

Whenever Com&Co plans to develop a new offer or service, Com&Co, as the developer, will make every effort to introduce the principles of personal data protection from the start of this project (“privacy by design”) and thereby help Com&Co clients to comply with the requirements of the applicable regulations by specific functionalities and means.

Awareness-raising for Com&Co staff

Com&Co works hard to ensure that its staff and new recruits are made aware and regularly reminded of the issues surrounding personal data protection.

Specific awareness-raising and/or training programmes may be undertaken with staff who regularly handle personal data.

Records of processing activities

Pursuant to Article 30 of the GDPR, Com&Co maintains two records of personal-data processing activities:

One record describes the processing performed as a data controller,
One record describes the processing performed on behalf of and on the instructions of its clients, who are data controllers.

These records are made available to CNIL on request.

Updates to contractual formalities

Com&Co has taken into account the new mandatory contractual obligations in application of Article 28 of the GDPR in all relevant contracts.

In particular, contractual clauses specific to data protection, and in compliance with the relevant regulations, have been introduced into:

Client contracts (T&C of Sale/Use);
Contracts between Com&Co and its own sub-contractors.

Contact

For any questions regarding this policy, or to contact our Data Protection Officer, please send your request to the following e-mail address: dpo@comnco.com

Use of cookies

Henceforth the term “websites” shall refer to:

net
com and its sub-domains
All the sites for which Com&Co is mandated to perform the communication for events
Websites associated with Web TV (incathlab.com, oncostream.com, mdscop.com)

Com&Co websites automatically collect user data relating to website use (and some other data such as the type of browser used, operating system, and IP addresses).

Websites use cookies, which are small text files sent and stored in your computer which enable Web servers to recognise user habits, facilitate their access to the Com&Co website and enable the website to compile general data to improve their websites and content.

Cookies do not damage computers or files. Cookies in themselves cannot be used to discover the user’s identity.

The law states that we can only store cookies on your devices if they are strictly necessary to the site’s operation. For all other types of cookies, we require your permission.

These websites use different types of cookies. Some cookies are placed by the third-party services that appear on our pages. You can access information at the source: https://www.cnil.fr/fr/cookies-traceurs-que-dit-la-loi.

During the first browsing session on this website, an explanatory banner on the use of “cookies” will appear. From then on, by continuing browsing, the client and/or prospect will be considered informed and to have accepted use of the aforementioned “cookies”. The consent given will be valid for a period of thirteen (13) months. The user can deactivate the cookies via their browser settings. All information collected will solely be used to track the volume, type and configuration of the traffic using the website in order to develop its design and layout, for other administrative and planning purposes, and more generally, to improve the service that we offer.

The following cookies may be present on our websites:

No.	Type	Name	Company	Purpose	Lifespan
1.	Third-party session cookie	_ga	Google Inc.	Internet audience analytics for statistical purposes and for measuring traffic, enabling websites and applications to better understand the behaviour of their users.	13 months
2.	Third-party persistent cookie for statistics and tracking	_utma	Google Inc	This cookie is used to distinguish unique visitors to the website. It is updated on each page view.	13 months
3.	Third-party persistent cookies for statistics and tracking	__utmb	Google Inc	This cookie is used to track the internet user’s browsing session. Use of this cookie combined with the _utmc cookie enables tracking of sessions on a given website.	30 minutes
4.	Third-party session cookies	__utmc	Google Inc.	This cookie works alongside the _utmb cookie to determine whether or not there is a new visit by the current user.	Expires at the end of your session
5.	Third-party session cookies	__utmt	Google Inc.	This is a cookie used by the Google Analytics service. Its purpose is to limit the number of requests sent to the server.	10 minutes
6.	Third-party persistent cookie for statistics and tracking	__utmz	Google Inc.	This cookie stores all information useful for identifying a source of traffic.	6 months
7.	Preferences cookie	variable	Com&Co Group	This cookie is used to record your preferences so that you can be automatically reconnected or to simplify your browsing.	13 months

Google Cookies:
Google Analytics: used to measure site audience
Google AdSense: manages Google advertising using websites or YouTube videos as media for its adverts
Google Dynamic Remarketing: so that you can offer dynamic advertising based on previous searches
Google AdWords Conversion: tool for tracking AdWords advertising campaigns
DoubleClick: Google advertising cookies for publishing banner ads.

Twitter Cookies:

Twitter button: for quickly sharing and displaying Twitter content
Twitter advertising: for displaying and targeting ads via Twitter ad management.

LinkedIn Cookies:
Insight Tag: enables customisation of the editorial content on LinkedIn based on the pages viewed on the website.

Third-party service cookie

enables content customisation or recording of user preferences

These cookies expire after thirteen months. For more information on the use, management and deletion of “cookies”, for all types of browser, click here: https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser.

Your consent applies to the following domains: net
com and its sub-domains
All the sites for which Com&Co is mandated to perform the communication for events
Websites associated with Web TV (incathlab.com, oncostream.com, mdscop.com)

We encourage website users to inform us of any omissions, errors or corrections by using our contact form.

Managing cookies in your browser

You have several options for deleting cookies. While most browsers are configured by default to accept cookie installation, you can choose to accept all cookies, reject them all or chose which ones you accept based on the issuer.

You can also configure your browser so that you can accept or refuse cookies on a case-by-case basis prior to their installation. You can also regularly delete the cookies on your machine via your browser.

Each browser has different settings for managing cookies and your choices. This is described in the help menu of your browser, which will show you how to modify your cookie settings.

FOR EXAMPLE:

For Internet Explorer™: https://support.microsoft.com/help/17442/windows-internet-explorer-delete-manage-cookies
For Safari™: https://support.apple.com/kb/PH19214
For Chrome™: https://support.google.com/chrome/answer/95647?hl=en
For Firefox™: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop

However, if you configure your browser to refuse cookies or you refuse installation of a cookie, this deactivation could prevent the use of some of the website functionalities or make it impossible to access certain services, for which we may not be held responsible.

Latest update: 19 Nov. 2021