To adhere to GDPR requirements, ICD International has taken privacy and security into account in its processes and organization, and has planned both technical and organizational measures that respect rights relating to the protection of personal data.
“Personal data” designates any and all information relating to an identifiable physical person.
Consent is collected for one or more specific purposes when registering for our services or filling in a contact form on one of our different sites, shared applications, or communication tools.
Consent is also collected via various paper forms requiring personal data to be provided, which may be used in the context of our services.
Users of these services agree and accept for ICD International to collect, process, store, and/or use submitted personal data in compliance with the rules stipulated below.
By providing their consent, users also retain the right to modify provided data, the right to be forgotten, and/or the right to erasure of personal data.
This policy only concerns personal data collected by ICD International, a simplified joint-stock company registered with the Trade and Companies Register (Registre du Commerce et des Sociétés – RCS) in Paris, France, under the number 345 397 673, with its main office located at 17-19 Rue Jeanne Braconnier, 92360 Meudon, France
Data collected on our sites
When a third-party registers for our services, the following data is collected and processed:
E-mail address, first name, last name, and as necessary, postal address, telephone number, IP address(es), and domain name…
Connection and navigation data (non-exhaustive list subject to change according to the actions and activities implemented by ICD International).
As some types of data are not needed, ICD International neither requests, nor desires to process, personal data considered as sensitive according to the French Data Protection Authority (CNIL), namely:
- Government-issued identifiers such as social security, driver’s license, or tax identification numbers
- Credit card numbers
- Personal bank account numbers
- Medical information
- Information related to ethnicity
- Information concerning sexual orientation
If this type of information is requested, without the user first having been notified by our teams, it means that the user is no doubt dealing with a malicious site imitating the ICD International graphical charter.
Purpose of processing
The main purpose of collecting personal data is for ICD International to be able to offer a safe, efficient, optimal, and personalized experience. For that purpose, we systematically request our third-parties to provide their consent so that we may use their personal data to:
- Provide our services and make it easier to operate those services.
- Resolve potential problems in order to improve the use of our sites and services.
- Personalize, evaluate, and improve our services, content, and documentation.
- Analyze the volume and usage history of our services.
- Provide information about our services and those of our partners.
- Prevent, detect, and investigate any and all potentially prohibited and illegal activities, or those which are unethical; and ensure compliance with our General Terms and Conditions and solution operation.
- Respect our legal and regulatory obligations.
For example, when the user enters information to register for our newsletter or to download a resource, that user’s e-mail address is collected in order to notify them when new publications become available, or to offer resources likely to be of interest to them.
ICD International may, as necessary, publish a list of clients or testimonials containing personal information on its web sites and communication interfaces. ICD International agrees to obtain authorization from each cited party before publishing any reference on the site.
Personal data recipients
Personal data is collected via our various media and strictly reserved for ICD International’s own use and that of its authorized personnel.
Nonetheless, personal data may be transmitted to companies involved with the business ecosystem that may be used by ICD International to provide its services. ICD International ensures that all outsourced companies are in compliance with data protection requirements.
Each of those companies receives our personal data processing charter and explicitly agrees to respect it by accepting our General Terms and Conditions.
ICD International neither sells nor rents personal data to any third-parties whatsoever for marketing purposes. ICD International agrees to immediately inform any physical person owning personal data in case said personal data is transmitted following a legal request by judicial or administrative authorities that may require the personal data to be provided.
Data protection rights
In compliance with the French Data Privacy Act and the European General Data Protection Regulation 2016/679 (GDPR), our third-parties have the right to access, modify, and delete any personal data concerning them. They may exercise this right simply by submitting a request to us as described below:
Contact the ICD International Data Protection Officer at the following e-mail address: contact[at]icdint.fr
Send certified mail (with return receipt) to ICD International – DPO, 17-19 Rue Jeanne Braconnier, 92360 Meudon, France.
Requests will be handled and requestors will be informed within 60 days.
Cookies / tracking
In compliance with applicable regulations, ICD International requests the user’s consent before installing all other types of cookies on the user’s hard drive. Web browser applications tend to accept all cookies by default.
When the user navigates on third-party sites advertising on the ICD International site, or potentially while viewing advertisements, cookies may be created by the advertising companies.
Third-parties using cookies as part of ICD International services (notably partners or other third-parties providing content or services available on the ICD International site) are responsible for the cookies they install, and their own policies regarding cookies apply.
Data provided by third-parties
As part of its services, ICD International creates e-mailing campaigns based on distribution lists provided by distributor partners. ICD International thus has access to all the information contained in e-mail distribution lists.
Under no circumstances does ICD International sell, share, or rent provided distribution lists to any third-parties, nor does the company use said lists for any purposes other than those stipulated in the requirements below. ICD International shall:
- Submit all required declarations to the French Data Protection Authority (CNIL) or other regulatory authority.
- Comply with all applicable regulations, including data protection laws.
- Obtain explicit consent from the concerned persons when collecting their personal data.
- Ensure that the authorization to use collected personal data is in compliance with the intended purpose.
ICD International collects personal data in order to perform is contractual provision and service obligations.
Data is also collected for analytical and statistical processing regarding the frequency and manner in which our services are used.
This data is thus stored in active databases, log files, or other types of files for the duration for which our services are used.
Data collected on the site www.icdint.fr is stored for a maximum period of 12 months for anonymous contacts, following the person’s last activity on the website.
For identified contacts, on the other hand, data collected on www.icdint.fr is stored for a maximum period of 36 months, even in the absence of associated activity. After the aforementioned periods, all data regarding the person is automatically deleted.
Data storage location and transfers
The hosting servers used by ICD International to process data and store databases are located exclusively within the European Union.
When providing its services, ICD International attaches the highest level of importance to ensure personal data integrity and security for its clients and people visiting its sites.
As such, and in compliance with GDPR stipulations, ICD International is committed to taking all reasonable precautions to protect data. Notably, this includes protecting data from accidental or illicit deletion, accidental loss, alteration, unauthorized access or distribution; as well as protecting data from any other form of illicit processing or communication to unauthorized persons or entities.
For this purpose, ICD International implements industry standard security measures to protect personal data from unauthorized disclosure.
Furthermore, in particular to avoid any unauthorized access and to ensure the accuracy and proper use of data, ICD International has implemented appropriate electronic, physical, and managerial procedures to store and preserve data collected via its services.
Nonetheless, it is impossible to consider that any person or entity is totally safe from an illicit or fraudulent attack. In case of a security breach, ICD International therefore agrees to inform its third-parties as quickly as possible and to make every effort possible to neutralize the intrusion and minimize impact.
Liability limitations are stipulated in our General Terms and Conditions in case one of our third-parties should be subject to damage.
It is important to keep in mind the fact that any user, client, or pirate who discovers and takes advantage of a security vulnerability is subject to criminal sanctions, and that ICD International will take all necessary measures, including filing a complaint and/or taking legal action, to protect the rights of its users and employees in order to limit impact as much as possible.
In case of violation or suspected violation with respect to personal data, ICD International and its sub-contractors shall notify the French Data Protection Authority (CNIL) and its users within 72 hours after becoming aware of the situation.
We recommend reading these rules and stipulations periodically in order to stay informed about our procedures and rules regarding personal data.