Skip to content

Latest commit

 

History

History
187 lines (132 loc) · 16.9 KB

Privacy Policy.md

File metadata and controls

187 lines (132 loc) · 16.9 KB

Privacy policy

Overview

SCALEWAY attaches great importance to compliance with regulations relating to the protection of personal data and in particular the General Data Protection Regulation (EU Regulation 2016/679 of the European Parliament known as “GDPR”) and the data processing and freedom law (law no. 78-17 of January 6, 1978 relating to data processing, files and freedoms).

In this context, this Privacy Policy will help you to understand what personal data concerning you is collected by Scaleway and what it is intended for.

Scope

This privacy policy is intended to govern the processing carried out by Scaleway as data controller (Scaleway, 8 RUE DE LA VILLE L'EVÊQUE 75008 PARIS 8), in particular the data collected in the context of

  • the management of your customer account
  • the management of marketing communications or prospection
  • the use of one of our websites (not already covered by a specific privacy policy)
  • the recruitment management
  • the compliance with our legal obligations
  • the guarantee of legitimate interests

The data collected for the operation of our services, where Scaleway acts as a processor, is governed by our General Conditions of Services as well as our Data Processing Agreement (DPA).

What kind of personal data is processed ?

Scaleway is required to process the following categories of data:

  • Data relating to identity: name, first name, postal and email address, telephone number, customer number, signature, proof of identity.
  • Billing data: bank details, means of payment, invoices, etc.
  • Consumption data: history of services and products used, event logs etc.
  • Communication data: history of exchanges with Scaleway, complaints, support tickets, etc.
  • Connection data: IP address, user ID, location data, connection and event logs etc.

The categories of data used are indicated in each of the treatments in the following section. Any reference to “user account data” includes all account data.

How we use your data?

Contracts management and customer relations

Scaleway processes your data in order to manage contracts for the services you use. This includes the management of accounts, support and payment methods.

Purposes Categories of data Legal basis Retention Categories of recipients
Management of contracts and customer relations (management of accounts, support and means of payment) Identity data
Billing data
Consumption data
Communication data
Connection data
Execution of the contract Duration of the contractual relationship plus an archiving period to meet our legal obligations and guarantee the defense of our legitimate interest Scaleway Services
Entitled Scaleway Partners for support and payment management
Authorized third parties*
Management of contracts with our partners (service providers and suppliers) Identity data
Commercial relationship monitoring data (activity reports and, communications)
Execution of the contract Duration of the contractual relationship Scaleway Services
Entitled Scaleway Partner for the management of suppliers
Authorized third parties

*Means any public authority or administration authorized by a text to receive personal information

Sales and Marketing

Scaleway processes certain data in order to send its service offers to its customers or prospects, guests for events or even collect their opinions on products (processing may involve profiling techniques). These processing operations may be based either on legitimate interest, if the person is already a customer of the company, particularly if the proposals concern products or services similar to those already subscribed, or on consent. Scaleway mainly collects this data directly but can also obtain it indirectly via specialized data processors in conformity with all applicable legal requirements.

Purposes Categories of data Legal basis Retention Categories of recipients
Commercial prospecting and communication campaigns relating to our products and services Identity data
Billing data
Consumption data
Communication data
Connection data
Legitimate interest
Consent
Duration of the contractual relationship
Account deletion request withdrawal of consent objection of the person
Scaleway Sales and Marketing Teams
Entitled Scaleway Partners for the management of marketing campaigns and customer relation
Authorized third parties
Organization of events to promote our services Identity data
Communication data
Connection data
Legitimate interest
Consent
Duration of the contractual relationship
Account deletion request
Scaleway Sales and Marketing Teams
Entitled Scaleway Partners for the management of events
Authorized third parties
Management of cookies and other trackers (learn more about our cookie policy) Connection data Consent Cookies are stored between 3 months and 1 year depending on the type of cookie used Scaleway Sales and Marketing Teams
Entitled Scaleway Partners for the cookies management
Authorized third parties
Carrying out satisfaction surveys or quality surveys on our services and the training of our teams Identity data
Billing data
Consumption data
Communication data
Connection data
Audio or video recording
Legitimate interest
Consent
1 year and anonymization Scaleway Sales and Marketing Teams Entitled Scaleway Partners for marketing analysis
Authorized third parties
Produce usage statistics Connection data Legitimate interest Cookies: between 3 months and 1 year
Service usage data kept during the contractual period or anonymized
Scaleway Sales and Marketing Teams
Entitled Scaleway Partners for quality analysis
Authorized third parties

Recruitment

Scaleway also processes the personal data of candidates as part of its recruitment procedure.

Purposes Categories of data Legal basis Retention Categories of recipients
Recruitment Identity data Execution of contract or pre-contractual measures If the application is not accepted, the data is kept for a maximum period of 2 years
If the application is accepted, the data is kept for the entire duration of the contract, accompanied by an archiving period intended to comply with our legal obligations or guarantee the legitimate interests of the company.
Human resources services
Manager and team concerned
Scaleway partners for human resources
Authorized third parties

Legal obligations

Scaleway processes some of your data in order to meet its legal obligations. This is particularly the case in order to secure our services as a provider of electronic communications services, to meet our accounting and tax obligations or to process your requests for rights relating to data protection.

Purposes Categories of data Legal basis Retention Categories of recipients
Guarantee the security of our customers as a provider of electronic communications services (Directive 2002/58/EC and art 32 of the GDPR) Identity data
Billing data
Consumption data
Communication data
Connection data
Legal obligation Duration of the contractual relationship plus an archiving period for the data necessary to guarantee compliance with our legal obligations Entitled Scaleway Services
Entitled Scaleway Partners for security management
Authorized third parties (auditors etc.)
Abuse of Scaleway services includes cyber-crime, copyright violation, illegal or offensive content, spamming and malware distribution. Abuse should be reported in the console. These data processings are likely to be subject to automated decision-making (e.g. anti-spam control) Identity data
User account information
Legal obligation Duration necessary to meet our legal obligations Entitled Scaleway Services
Entitled Scaleway Partners for the ticketing and support management
Authorized third parties
Responses to the data protection requests and any complaints related to the protection of personal data Identity data (including proof of identity)
User account information
All the data related to the complaint
Legal obligation 5 years from ticket closing
Verification of identity card: 1 month
Entitled Scaleway Services
Entitled Scaleway Partner for the management of subject requests
Authorized third partiesEntitled Iliad service
Data breaches management Identity data
User account information related to the data breach
All data related to the data breach
Legal obligation 5 years from the closure of the data breach Entitled Scaleway Services
Competent administrative authority
Accounting obligations Billing data Legal obligation 10 years from the end of the contract Entitled Scaleway ServicesEntitled Scaleway Partner for the management of payments and invoices
Competent administrative authority
Legal or administrative procedure management Identity data
User account information related to the case
Legal obligation The necessary data is kept until the expiration of the legal remedies Scaleway Legal Department
Iliad Legal Department
Competent administrative authority
Entitled third parties (legal advisor etc.)

Legitimate interest

Scaleway processes some of your data in order to meet a legitimate interest. This is particularly the case in order to secure our services, ensure the management of unpaid debts and the training of our teams (processing relating to security or fraud may involve profiling techniques).

Purposes Categories of data Legal basis Retention Categories of recipients
Guarantee the security of services we offer Identity data
User account information
Legitimate interest Duration of the contractual relationship or duration limited to the limitation period from the closure of the event concerned Scaleway IT security service
Competent administrative authority
Debt collection Identity data
User account information
Legitimate interest 5 years from the payment incident Scaleway Legal and Accounting Services
Entitled Scaleway Partner for debt collection
Fraud detection and prevention Bank details
Identity data
User account information
Legitimate interest 5 years maximum from the suspicion of an incident
ID card verification: 1 month
Entitled Scaleway service
Entitled Scaleway Partner for support and ticketing
Litigation management Identity data
Data necessary for the purposes of establishing evidence
Legitimate interest The data is kept until the expiration of the legal remedies and archived for 10 years Scaleway legal department
Entitled Scaleway partner
Ensure the training of our teams Identity data
User account information
Legitimate interest The data is kept during the contractual period Entitled Scaleway service

Data processors

As a data controller, Scaleway uses data processors for the following purposes:

  • customer relationship management (support management, etc.)
  • carrying out emailing campaigns and surveys on the services
  • partnership management with other cloud providers
  • meeting our legal obligations (accounting, data protection etc.)
  • marketing data analysis
  • website data analysis
  • management of payment services
  • consulting or audit firms
  • the organization of events
  • security and identity control

Scaleway selects its data processors through a strict security control procedure to ensure that they only process data for the purposes for which they have been chosen. Scaleway also ensures that its data processors have technical and organizational security measures in accordance with the regulations relating to the protection of personal data.

Transfer of data outside the European Union

Scaleway strives to minimize data transfers outside the European Union and only carries out such transfers as data controller for the purposes listed above. Data transferred as part of our services is governed by our Data Processing Agreement (DPA)

All transfers outside the European Union are subject to a strict control to ensure that the contracts entered into with our service providers comply with the Standard Contractual Clauses (SCC) updated by the implementing decision ( EU) 2021/914 of the Commission of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council (Text presenting interest for the EEA) and where possible, to supplement these clauses

Requests from authorities

Scaleway undertakes to inform its customers in advance in the event of a request for information from an administrative or judicial authority in order to enable them to assert their rights subject to compliance with applicable regulations. Scaleway cannot oppose such a request if it complies with French or European regulations, an international agreement (art. 48 of the GDPR) or with one of the exemptions provided for in art. 49 of the GDPR.

Children

Scaleway does not provide services to children. Any children wishing to use our services must be accompanied and under the responsibility of an adult.

Link to our partners

Our sites may contain links to our partners. We inform you that these links refer directly to the sites of these partners who have their own confidentiality policy for which Scaleway cannot be held responsible.

Data Security

Scaleway implements technical and organizational security measures to guarantee the constant confidentiality, integrity, availability and resilience of its information systems and services. These measures meet the state of the art and are adapted to the type of data concerned. All of our staff are aware of IT security and data protection issues.

Our security measures specifically meet data protection regulations and in particular the following points:

  • Information systems security policy (ISSP)
  • Physical protection measures for all of our data centers
  • Secure authentication of user accounts
  • Logging
  • Security Information and Event Management (SIEM)
  • Incident management procedure
  • Secure management procedure for data processors
  • Procedure for handling data breaches
  • Secure data backup
  • Anonymization of data when personal data is no longer necessary for processing in order to produce statistics or improve our services or marketing communication

In accordance with our general conditions of service, we remind you that the customer is solely responsible for the management and security of its content as well as the environments and systems that it deploys on the infrastructures made available to it as part of the services offered by Scaleway. It is also up to the customer to make any backups of their content (or other means aimed at ensuring their longevity) that he considers necessary in order to protect against possible deletion, alteration or modification of said content.

For more information regarding all of our security measures, you can consult our Security and Resilience page.

If you have identified a vulnerability or would like to send us a security question, please send it to us at: security@scaleway.com

Data subjects rights & contact

Scaleway informs you that you have the following rights depending on the purpose of processing:

  • Be informed why we process your personal information
  • Access your data and obtain a copy of the personal data we process about you
  • Rectify incorrect, incomplete or outdated data
  • Limit the use of your data
  • Oppose the processing of your data if it is processed on the basis of legitimate interest
  • Withdraw your consent at any time if the processing is based on this legal basis
  • Delete data that is no longer necessary for processing or to meet a legal obligation
  • Exercise your right to portability

You can exercise your rights directly in the privacy section of your Scaleway account or via privacy@scaleway.com. If you believe that your rights have not been respected, you can also file a complaint with the competent supervisory authority.

Policy update

This privacy policy may be updated according to regulatory developments. Any modification will enter into force from its date of publication.

_Last update : january 2024 _