Data Protection Policy

Glanceable (or “we”) is committed to protect personal life and in particular any personal data, i.e. any information relating to an identified or identifiable natural person (“data subject”), processed by Glanceable or to which it has access in the course of its business.


To this end, Glanceable complies with the applicable regulations regarding the protection of personal data and in particular with the laws and regulations in force in the European Union and their member states relating to the processing of personal data, in particular Law No. 78-17 of 6 January 1978 on information technology, files and freedoms in its current version (the "Loi Informatique et Libertés") and the General Data Protection Regulation (Regulation (EU) 2016/679) (the "GDPR"), (collectively “the Applicable Regulations”).


Ensuring the security and confidentiality of the personal data of its clients and their employees / collaborators is a priority for Glanceable.
The purpose of this data protection policy (the “Data Protection Policy”) is to present you (“You”) Glanceable's commitments in this area and in particular the measures implemented for the protection of the personal data Glanceable has been entrusted.


Glanceable: data controller or data processor? 

Depending on the concerned processing, Glanceable acts as a controller or a processor.
•    In which cases is Glanceable a controller?: the controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.
Thus, for example, when personal data are collected by Glanceable within the framework of its recruitment and application management, its marketing and prospects management, its client/customers/partners/suppliers/providers’s relationship, in particular within the framework of their contractual relations, its internet websites and the forms inserted therein, and the management of the newsletter that it distributes, Glanceable acts as data a controller. 

•    In which cases is Glanceable a processor?: the processor is the natural or legal person who processes personal data on behalf of the controller.

When using the services offered by Glanceable, its client and any other beneficiary may be required to process personal data as a controller. 
Therefore, and only in the event that Glanceable has access or processes personal data on their behalf, in particular personal data of their employees and/or collaborators when using the services made available by Glanceable, Glanceable acts as a processor.
In this context, Glanceable undertakes to comply with all the provisions of the Applicable Regulations applicable to processors, and in particular to implement appropriate technical and organizational measures to ensure data security and offer products that respect the principles of data protection by design and by default.
Finally, and most importantly, Glanceable includes in all of the contracts under which it acts as a data processor, the mandatory contractual provisions imposed by the Applicable Regulations, ensuring its clients both technical and contractual compliance.


What are Glanceable's commitments regarding the protection of personal data?

Glanceable undertakes to comply with the Applicable Regulations every time it processes personal data. 
Glanceable is committed to the protection of personal data and to ensuring a high level of protection of the personal data of its applicants, prospects, clients, partner, suppliers and service providers, to which it has access. 
More specifically, Glanceable undertakes to respect the following principles: 
•    Lawfulness, fairness, transparency: personal data are processed in a lawful, fair and transparent manner;

•    Purpose limitation: personal data are collected for specified, explicit and legitimate purposes, and are not further processed in a manner incompatible with those purposes;

•    data minimization: personal data are kept in an adequate, relevant and appropriate manner and are limited to what is necessary for the purposes for which they are processed;

•    accuracy: personal data are accurate, kept up to date and all reasonable steps are taken to ensure that personal data which are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay. 
 
Glanceable undertakes to comply with any other principles imposed by the Applicable Regulations, in particular with regard to security, the rights conferred on data subjects, the retention periods for personal data and the obligations relating to cross-border transfers of personal data where applicable.
Glanceable respects the principles of data protection by design and by default. Thus, in any development, design, selection or use of products or services that rely on the processing of personal data, Glanceable takes data protection requirements into account.
Glanceable contractually imposes the same level of personal data protection to its subcontractors (service providers, suppliers, etc.).


Who are the recipients of the personal data processed by Glanceable? 

Personal data are only accessible to authorized persons and when strictly necessary.
Furthermore, depending on the processing operations concerned and exclusively in order to achieve the purposes presented in this Data Protection Policy, personal data collected by the various means mentioned below may be communicated and/or shared with subcontractors – suppliers, service providers and partners of Glanceable. Glanceable requires them to implement strict confidentiality and data protection measures for these personal data.
Finally, Glanceable may be forced to transmit personal data at the request of legal authorities or, more generally, if a legal or regulatory provision requires it to do so. 


What are the personal data processed by Glanceable ?

What data?
In accordance with the principle of data minimization set out in the GDPR, Glanceable collects and processes only the personal data strictly necessary to achieve the purposes set out in this Data Protection Policy.
In particular, the following categories of personal data may be processed: name, surname, address, email address, password, phone number, function, IP address, login and navigation data.
When Glanceable acts as a processor on your behalf, the type of personal data processed and more generally the processing of this data is carried out in strict compliance with your instructions as defined contractually.


What are the data sources?
Glanceable collects personal data when:
•    you visit the website;
•    you submit an application;
•    you answer one of the forms on the website;
•    you formulate requests to us (exercise your rights as stated below, etc.);
•    subscribe to the newsletter; 
•    Glanceable establishes a quotation or a contract;
•    if applicable, and depending on the nature of the products and/or services concerned, we execute the contract that binds us with you.


For what purposes and on what legal basis are your personal data processed? 

The processing of your personal data is justified on different grounds (legal basis) depending on the use we make of the personal data (relevant purpose). 
Legal basis
The legal bases for our main processing operations are as follows:
•    Consent: you give your consent to the processing of your personal data for one or more specific purposes (check box, acceptance banner). You can withdraw this consent at any time;

•    Contractual relation: the processing of personal data is necessary for the performance of the contract to which you have consented;

•    Legitimate interest: Glanceable has a commercial interest in processing your personal data, in particular to improve its service offering, customer relations and business development that is justified, balanced and does not infringe on your privacy. Under certain circumstances, you can notify Glanceable anytime if you object to the process of your personal data based on legitimate interest;

•    legal or regulatory provisions: the processing of your personal data is made compulsory by a legal or regulatory provision.

Purposes
The purposes for our main processing operations are as follows:
•    exchange with our prospects and customers, and provide them with the documentation necessary to establish our commercial proposals;

•    to allow our users, clients and partners to benefit from all the services offered by Glanceable; 

•    manage our business relationship;

•    allow you to browse our websites and, if necessary, to send an application or subscribe to a newsletter;

•    management of applications.
We may also use your personal data for administrative purposes or for any other purpose required by applicable law.


How long are your personal data stored?
Personal data are stored, in accordance with the legal provisions, for no longer than is necessary for the purposes for which the personal data are processed.


How do we secure your personal data? 
Glanceable implements all useful technical and organizational measures, in accordance with the state of the art, with regard to the nature and scope of personal data, and the context and risks involved in processing it, to safeguard the security of your personal data and, in particular, to prevent any accidental or unlawful destruction, loss, alteration, disclosure, intrusion or unauthorized access to such personal data.
The security and confidentiality of personal data is based on good business practices. For this reason, we ask you not to disclose your personal data to third parties who may pretend to be Glanceable.
Glanceable has a specific process to deal with personal data breaches. In the event of a personal data breach as defined by the GDPR, Glanceable undertakes to notify this breach to the French supervisory authority, the Commission Nationale de l'Informatique et des Libertés (CNIL) and, when the personal data breach is likely to result in a high risk to your rights and freedoms, to inform you as soon as possible.


Are transfers of personal data outside the European Union carried out?
Unless required by law, to the extent possible and preferred, Glanceable does not transfer any personal data collected to a country outside the European Union. However, if such processing is carried out, Glanceable will regulate such transfers in accordance with the requirements of the Applicable Regulations and, in the context of a contractual relationship, will inform you of such transfers.


What are your rights and how do you exercise them?
In accordance with the Applicable Regulations, you have the following rights : 
Glanceable is committed to providing you with clear, transparent and easily accessible information on the processing of your personal data.
In addition, in accordance with the Applicable Regulations, you may, at any time, exercise your rights of access, rectification, deletion of data pertaining to you as well as your rights to limit and oppose the processing, to withdraw your consent, the right of portability of your personal data if applicable and to decide what happens to your personal data after your death.
You also have the right to appeal to the Commission Nationale de l'Informatique et des Libertés in the event of a violation of the Applicable Regulations.
These rights may be exercised at any time by by email at the following address:  info@glanceable.io
In this context, we ask you to provide the elements necessary for your identification as well as any other information necessary to confirm your identity.
When Glanceable acts as a processor, you are responsible for protecting the rights of the data subjects. Glanceable undertakes, to the extent possible and in accordance with the Applicable Regulations, to assist you in complying with this obligation.
Modifications 
Glanceable may adapt this Data Protection Policy at any time, particularly in accordance with the Applicable Regulations and the doctrine of the CNIL, and undertakes to inform you on its website of any changes or additions.