Date of last update : May 31, 2022
When using the Website, Cosmian Tech (hereinafter “Cosmian”), a French société par actions simplifiée (“simplified joint stock company”) registered in the Paris Trade and Companies Register under number 840 903 447, whose registered office is located at 53/55 rue de la Boétie, 75008 Paris, France, is responsible for the collection and processing of Personal Data as Data Controller.
1. Use of the Website’s contact form
1.1 Personal data collected
When we are asked to enter into contact or are requested about additional information through the Website, we collect the following Personal Data from the contact form accessible at: https://cosmian.com/contact-us/:
- first and last name;
- professional email address;
- phone number;
- any other Personal Data that the Data Subject may provide in the text message you send to us.
1.2 Purpose and legal basis of the processing
Cosmian ensures that it only collects and processes Personal Data that is strictly necessary for the purpose at stake. Cosmian collects and processes the Personal Data of Data subjects to fulfill any request submitted through the Website’s contact form. The legal basis is article 6.1.f (legitimate interest of the Data Controller) of the GDPR. Our legitimate interest in the processing is to have quick communication and to respond to Data subject’s inquiries in a cost-effective and efficient manner. Data subjects can protect their interest in data protection by sharing their data sparingly (e.g. using a pseudonym).
1.3 Retention period of the Personal Data
Personal Data processed in relation to the use of the contact form is only retained for the time necessary to process the Data Subject’s request. The retention period applied to the Personal Data is proportionate to the purpose for which they were collected.
Personal Data may be archived for the purposes of justification or proof.
2. Web analytics and cookies
The Website is configured to use Matomo, an open source software for audience measurement (number of visits, pages consulted). It is configured to respect the conditions of exemption of the consent of the Internet user, in application of the recommendations of the Commission Nationale de l’Informatique et des Libertés (CNIL).
The collection of Matomo cookies and the use of this analysis tool are based on article 6.1.f of the GDPR (legitimate interest of the Data Controller), which states that the publisher of the website has a legitimate interest in analyzing the behavior of users in an anonymous way, in order to improve its website and thus obtain anonymous statistics.
Cookies used by the Website enable the Cosmian to collect the following information about visitors that is used to prepare aggregated, anonymous statistics reports of visitors’ activity
internet protocol (IP) address (anonymised),
location: country, region, city, approximate latitude and longitude (geolocation),
date and time of the request (visit to the site),
title of the page being viewed (page title),
URL of the page being viewed (page URL),
URL of the page that was viewed prior to the current page (referrer URL),
screen resolution of the user’s device,
local time in visitor’s time zone,
files that were clicked and downloaded (download),
links to an outside domain that were clicked (outlink),
page generation time: the time it takes for webpages to be generated by the webserver and then downloaded by the visitor (page speed),
main language of the browser being used (accept language header),
browser version, browser plugins (PDF, Flash, Java) operating system version, device identifier (user agent header),
language of the visited page.
The data collected contains no personal information and cannot be used to identify a particular visitor. Data will not be shared with any other organisations for marketing, market research or commercial purposes.
Cosmian via Matomo uses an IP de-identification mechanism that automatically masks a portion of each visitor’s IP address, effectively making it impossible to identify a particular visitor via the IP address.
Note that for statistical purposes the city and country of origin are determined from the full IP address, then stored and aggregated before the anonymisation mask is applied.
Cosmian automatically deletes the anonymous unaggregated data after 13 months.
With this configuration, prior consent to the deposit of Matomo Analytics cookies is not required. If the visitor of the Website does not wish to be tracked by Matomo, it can use the function below, which will set an opt-out cookie on its browser for a limited time and prevent the Matomo software from saving usage data. If the visitor of the Website deletes cookies, the Matomo Opt-Out cookie will also be deleted. The Opt-Out cookie must then be reactivated on the next visit to the Website.
3.1 Rights of the Data Subjects
In accordance with the applicable regulations, Data Subjects have the following rights regarding the Personal Data that we collect as a Data Controller:
- the right of access: Data Subjects have the right at any time to know whether we hold Personal Data about them and, if so, to request access to it;
- the right to rectification: Data Subjects have the right at any time to rectify or request the rectification of any of their Personal Data that is inaccurate or incomplete;
- the right to erasure: Data Subjects can ask us to delete their Personal Data in certain circumstances (please note that legal or regulatory provisions or legitimate reasons may require us to retain Data Subjects’ Personal Data);
- the right to restriction: Data Subjects can ask us to restrict the processing of their Personal Data, in certain circumstances (please note that we may continue to process Data Subjects’ Personal Data if we have a legitimate reason to do so);
- the right to object: Data Subjects can object to the processing of their Personal Data, in certain circumstances (please note that we may continue to process Data Subjects’ Personal Data if we have a legitimate reason to do so);
- the right to post-mortem instructions: Data Subjects can set out instructions regarding the fate of their Personal Data after their passing.
Our DPO is Harlay Avocats.
Data Subjects can exercise their rights by contacting us:
- By email at firstname.lastname@example.org
- To the following postal address: Cosmian Tech SAS
53-55 rue la Boétie
75008, Paris, France
For any request to exercise their rights, Data Subjects can prove their identity by any means. If we have reasonable doubts as to a particular Data Subject’s identity, we may ask to provide additional information that may appear necessary, including a copy of the Data Subject’s official identity document in order to check that it is indeed the Data Subject of the Personal Data that is the subject of the request.
If, despite all the care we take to protect Personal Data, there are reasons to believe that Data Subjects’ rights have not been properly protected, Data Subjects may lodge a complaint with the competent supervisory authority. In France, the CNIL is the competent authority and its contact details are as follows: 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07, phone number: 01 53 73 22 22.
3.2 Sharing of the Personal Data
Personal Data is stored carefully and is only made available under strict conditions to the following people:
– members of our staff, in accordance with an internal clearance policy and insofar as they need to access it;
– the staff members of our service providers.
We may share Personal Data to comply with applicable laws and regulations or other lawful requests for information we receive or to protect our rights.
3.3 Data security
Cosmian ensures the security of Personal Data by taking all physical, technical and organizational measures to guarantee the confidentiality, integrity and availability of Personal Data, including encryption and anonymisation. We also require all of our employees and partners at Cosmian to adhere to strict standards of Personal Data security.
3.4 Crossborder Personal Data transfers
Personal Data is stored and processed within the European Union. The processing operations do not involve transfers of data outside the European Economic Area (EEA).
However, should this happen, we will put in place contractual mechanisms and binding legal processes to legally transfer Personal Data outside the EEA such as the implementation of appropriate safeguards as provided for by the GDPR (e.g., BCRs for Data Processors, standard contractual clauses adopted by the European Commission, approved codes of conduct or certification schemes).
3.6 Contact us
For more information about our privacy practices, for additional questions, or to make a complaint, please contact us by e-mail at email@example.com or by mail using the details provided below:
Cosmian Tech SAS
53/55 rue la Boétie
75008, Paris, France