Brainwave or (“we”) is committed to protect personal life and in particular any personal data, i.e. any information relating to an identified or identifiable natural person (“data subject”), processed by Brainwave or to which it has access in the course of its business.
To this end, Brainwave complies with the applicable regulations regarding the protection of personal data and in particular with the laws and regulations in force in the European Union, and their member states relating to the processing of personal data, in particular Law No. 78-17 of 6 January 1978 on information technology, to files and freedoms in its current version (the “Loi Informatique et Libertés”) and the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), (collectively “the Applicable Regulations”).
Ensuring the security and confidentiality of the personal data of its clients and their employees / collaborators is a priority for Brainwave.
The purpose of this data protection policy (the “Data Protection Policy”) is to present you (“You”) Brainwave’s commitments in this area and in particular the measures implemented for the protection of the personal data Brainwave has been entrusted.
Brainwave: data controller or data processor?
- In which cases is Brainwave a controller?: The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
Thus, for example, when personal data is collected by Brainwave within the framework of its recruitment and candidate management, its marketing and prospects management, its client/customers/partners/suppliers/providers relationship, in particular within the framework of their contractual relations, its Internet sites and the forms inserted therein, and the management of the newsletter that it distributes, Brainwave acts as data a controller.
- In which cases is Brainwave a processor?: The processor is the natural or legal person who processes personal data on behalf of the controller.
When using the services offered by Brainwave, its client and any other beneficiary may be required to process personal data as a controller.
Therefore, and only in the event that Brainwave has access or process personal data on their behalf, in particular personal data of its employees and/or collaborators when using the services made available by Brainwave, Brainwave acts as a processor.
In this context, Brainwave undertakes to comply with all the provisions of the Applicable Regulations applicable to processors, and in particular to implement appropriate technical and organizational measures to ensure data security and offer products that respect the principles of data protection by design and by default.
Finally, and most importantly, Brainwave includes in all of its contracts under which it acts as a data-processor, the mandatory contractual provisions imposed by the Applicable Regulations, ensuring its clients both technical and contractual compliance.
What are Brainwave’s commitments regarding the protection of personal data?
Brainwave undertakes to comply with the Applicable Regulations every time it processes personal data.
Brainwave is committed to the protection of personal data and to ensuring a high level of protection of the personal data of its applicants, prospects, clients, partner, suppliers and service providers, to which it has access.
More specifically, Brainwave undertakes to respect the following principles:
- Lawfulness, fairness, transparency: personal data is processed in a lawful, fair and transparent manner;
- Purpose limitation: personal data is collected for specified, explicit and legitimate purposes, and is not further processed in a manner incompatible with those purposes;
- data minimisation: personal data are kept in an adequate, relevant and appropriate manner and are limited to what is necessary for the purposes for which they are processed;
- accuracy: personal data are accurate, kept up to date and all reasonable steps are taken to ensure that personal data which are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay. In this respect, all reasonable measures in accordance with the state of the art are implemented to ensure that inaccurate personal data, having regard to the purposes for which they are processed, are erased or rectified.
Brainwave undertakes to comply with any other principles imposed by the Applicable Regulations, in particular with regard to security, the rights conferred on data subjects, the retention periods for personal data and the obligations relating to cross-border transfers of personal data where applicable.
Brainwave respects the principles of data protection by design and by default. Thus, in any development, design, selection or use of products or services that rely on the processing of personal data, Brainwave takes data protection requirements into account.
Who are the recipients of the personal data?
Personal data are only accessible to authorized persons and when strictly necessary.
Furthermore, depending on the processing operations concerned and exclusively in order to achieve the purposes presented in this Data Protection Policy, personal data collected by the various means mentioned below may be communicated and/or shared with subcontractors – suppliers, service providers and partners of Brainwave. Brainwave requires them to implement strict confidentiality and data protection measures for these personal data.
Finally, Brainwave may be forced to transmit personal data at the request of legal authorities or, more generally, if a legal or regulatory provision requires it to do so.
What are the personal data processed by Brainwave ?
Categories of personal data
In accordance with the principle of data minimisation set out in the GDPR, Brainwave collects and processes only the personal data strictly necessary to achieve the purposes set out in this Data Protection Policy.
In particular, the following categories of personal data may be processed: name, surname,
When Brainwave acts as a processor on your behalf, the type of personal data processed and more generally the processing of this data is carried out in strict compliance with your instructions as defined contractually.
Source of data
Brainwave collects personal data when:
- you visit the website
- you submit an application
- you answer one of the forms on the website
- you formulate requests to us (exercise your rights as stated below…)
- subscribe to the newsletter
- Brainwave establishes a quotation or a contract
- if applicable, and depending on the nature of the products and/or services concerned, we execute the contract that binds us with you
For what purposes and on what legal basis are your personal data processed?
The processing of your personal data is justified on different grounds (legal basis) depending on the use we make of the personal data (relevant purpose).
The legal bases for our main processing operations are as follows:
- Consent: you give your consent to the processing of your personal data for one or more specific purposes (check box, acceptance banner). You can withdraw this consent at any time
- Contractual relation: the processing of personal data is necessary for the performance of the contract to which you have consented
- Legitimate interest: Brainwave has a commercial interest in processing your personal data, in particular to improve its service offering, customer relations and business development that is justified, balanced and does not infringe on your privacy. Under certain circumstances, you can notify Brainwave anytime if you object to the process of your personal data based on legitimate interest
- legal or regulatory provisions: the processing of your personal data is made compulsory by a legal or regulatory provision
The purposes for our main processing operations are as follows:
- exchange with our prospects and customers, and provide them with the documentation necessary to establish our commercial proposals
- to allow our users, clients and partners to benefit from all the services offered by Brainwave
- manage our business relationship
- allow you to browse our sites and, if necessary, to send an application or subscribe to a newsletter
- management of candidates’ applications
We may also use your personal data for administrative purposes or for any other purpose required by applicable law.
How long are your personal data stored?
Personal data are stored, in accordance with the legal provisions, for no longer than is necessary for the purposes for which the personal data are processed.
Are transfers of personal data outside the European Union carried out?
Unless required by law, to the extent possible and preferred, Brainwave does not transfer any personal data collected to a country outside the European Union. However, if such processing is carried out, Brainwave will regulate such transfers in accordance with the requirements of the Applicable Regulations and, in the context of a contractual relationship, will inform you of such transfers.
What are your rights and how do you exercise them?
In accordance with the Applicable Regulations, you may, at any time, exercise your rights of access, rectification, deletion as well as your rights to limit and oppose the processing and the right of portability of your personal data if applicable.
These rights may be exercised at any time, either:
- for certain specific services, online
- by mail to the following address
38-42 rue Gallieni
- By mail at the following address: [email protected]
In this context, we ask you to provide the elements necessary for your identification as well as any other information necessary to confirm your identity.
You also have the right to appeal to the Commission Nationale de l’Informatique et des Libertés in the event of a violation of the Applicable Regulations.
When Brainwave acts as a processor, you are responsible for protecting the rights of the data subjects. Brainwave undertakes, to the extent possible and in accordance with the Applicable Regulations, to assist you in complying with this obligation.
How do we secure your personal data?
Brainwave implements all useful technical and organizational measures, in accordance with the state of the art, with regard to the nature and scope of personal data, and the context and risks involved in processing it, to safeguard the security of your personal data and, in particular, to prevent any accidental or unlawful destruction, loss, alteration, disclosure, intrusion or unauthorized access to such personal data.
The security and confidentiality of personal data is based on good business practices. For this reason, we ask you not to disclose your personal data to third parties who may pretend to be Brainwave.
Brainwave has a specific process to deal with personal data breaches. In the event of a personal data breach as defined by the GDPR, Brainwave undertakes to notify this breach to the French supervisory authority, the Commission Nationale de l’Informatique et des Libertés (CNIL) and, when the personal data breach is likely to result in a high risk to your rights and freedoms, to inform you as soon as possible.
Brainwave may adapt this Data Protection Policy at any time, particularly in accordance with the Applicable Regulations and the doctrine of the CNIL, and undertakes to inform you on its website of any changes or additions.
The following list presents the cookies deposited by the Website:
|Cookie law - cookielawinfo-checkbox-necessary||persistent||1 year||This cookie stores your preference regarding necessary cookies|
|Cookie law - cookielawinfo-checkbox-non-necessary||persistent||1 jour||This cookie stores your preferences relative to non-necessary cookies.|
|Google Analytics - _gid||Google Analytics is used for anonymous tracking, web monitoring and other marleting analyses.|
|Mautic - mautic_device_id||persistent||This cookie tracks visitor registration, in order to access premium contents and downloads.|
|Mautic - mtc_id||persistent||This cookie tracks visitor registration, in order to access premium contents and downloads.|
|Popup||persistent||1 day||This cookie is used to control the display of promotional popups. It does not store any personal information.|
|Smartsupp||session||6 months||The Smartsupp cookies are used for the online chat.|
|Wordpress - _cfduid||session||1 month||This cookie manages a browsing session for our content management system, Wordpress.|
|You Tube - PREF||third party||The You Tube video player imposes several Third-Party cookies which you can disable as part of your browser preferences.|
|You Tube - GPS||third party||The You Tube video player imposes several Third-Party cookies which you can disable as part of your browser preferences.|
|You Tube - VISITOR_INFO1_LIVE||third party||5 months 27 days||The You Tube video player imposes several Third-Party cookies which you can disable as part of your browser preferences.|
|You Tube - YSC||third party||During the session|