Personal data protection is particularly governed by EU Regulation (EU) 2016/679 of the European Parliament and Council dated 27 April 2016 relating to the protection of individuals in the processing of personal data and the free movement of such data, otherwise called the General Data Protection Regulation (hereinafter the « GDPR ») and Act n° 78-17 dated 6 January 1978 amended referred to as « Information Technology and Privacy Act » (hereinafter « Act n° 78-17 »).

As part of their business, the COFLEC company, a private limited liability company with a share capital of 22,360 euros, whose head office is located at Parc d’Activités du Moulin de Massy, ​​7 rue du Saule Trapu – 91300 Massy, ​​registered with the Business Register of Evry under the number 340 087 576 and all of its entities in the meaning of Article L. 233-1 of the Business Code (hereinafter, the « DOI« ) collect and process for their account the personal data of their customers, prospective customers, subcontractors, service providers or various partners (hereinafter referred to generally as « Customers« ).

In addition to the GDPR and Act No. 78-17, DOI agrees to comply with this Privacy Policy (hereinafter the « Privacy Policy« ) in the context of any personal data processing that it implements.

The purpose of the Privacy Policy is to inform all Customers in a clear manner about the data that DOI collects, what it does with such data, how long it retains them, the people it is likely to pass them to, the rights of the persons concerned and the protective measures that it implements.

The purpose of the Privacy Policy is to provide the Customers with all information relating to the personal data concerning them that are collected and processed by DEF DOI.
The Privacy Policy applies only to the processing of personal data for which DEF DOI acts as processing manager. In this context, the processing of personal data can be directly implemented by DEF DOI or through a subcontractor specifically designated by him.
In accordance with applicable laws on the protection of personal data, the processing of personal data implemented by DEF DOI relies on a legal basis.

DEF DOI caries out the processing of the Customer's personal data provided that the latter:

  • (i) has entered into a contract for the provision of services and / or the acquisition of products;

  • (ii) completed an electronic collection form in order to participate in an event organized by DEF DOI;

  • (iii) has registered or subscribed for services posted by DEF DOI (for instance, website, social networks, YouTube channel); and or

  • (iv) that the Customer’s formal consent has been secured (e.g. the posting of cookies on the Customer's browsing terminal when he visits a website published by DEF DOI).
DEF DOI collects and processes personal data that the Client voluntarily discloses to it either by means of a collection form, or when entering into a service contract and / or acquisition of products.

Customers are informed on each personal data collection form of the mandatory or optional nature of the responses by the presence of an asterisk.

Where answers are required, DEF DOI explains to the Customers the consequences of a lack of response.

The personal data collected in this context are as follows:

NON-TECHNICAL DATA (depending on the use case):
  • (i) Identification: name, surname, title, position, pseudonym, pseudo social networks;
  • (ii) Contact information: phone, e-mail address, postal address, fax, ...;
  • (iii) Photo: when you grant us this right (usually taken during an event or interview at our events);
  • (iv) Professional life: occupation, degrees, professional background, ...;
  • (v) Banking data as necessary;
  • (vi) Personal life and lifestyle (e.g., shopping habits, purchase plans).

DEF DOI collects and processes the Customer's personal data relating to his browsing and behaviour on a website published by DEF DOI.

The personal data collected in this context are as follows:

TECHNICAL DATA (depending on the use case)
  • (i) Identification Data (IP)
  • (ii) Connection data (logs in particular)
  • (iii) Data on consent (click) mainly for access to our services (Sentinel etc.)

DEF DOI does not deal with sensitive data in the meaning of Article 9 of the GDPR (personal data that show racial or ethnic origin, philosophical, political, trade union, religious opinions, sexual or health life).
This paragraph is intended to inform the Customer about the use by DEF DOI of data collected directly or indirectly.

The processing of the personal data of the Customer by DEF DOI is necessary to enable it to accomplish the following purposes:

  • (i) file processing;
  • (ii) customer relationship management;
  • (iii) management of events organized by the DEF Network (lectures, breakfasts, etc.);
  • (iv) sending newsletters or news feeds;
  • (v) improved site browsing
  • (vi) answers to questions asked (by telephone or online);
  • (vii) responses to public or private tenders;
  • (viii) personalized business monitoring;
  • (ix) improvement of its services;
  • (x) responses to our administrative duties;
  • (xi) management of requests for the exercising of the rights persons concerned such as listed in Article 8 below.
All the personal data collected and processed by DEF DOI are strictly confidential.

DEF DOI agrees not to pass on the personal data of its Customers to a third party that may use them for its own purposes, without their formal consent.

DEF DOI ensures that the data are accessible only to authorized internal or external recipients.

In-house recipients:

  • (i) All employees of DEF DOI The in-house recipients of DEF DOI are trained and authorized to process personal data.


External recipients:

  • (i) Providers or support services (subcontractors, various service providers, etc.)
  • (ii) Lawyers, experts, agents, bailiffs, etc.
  • (iii) Courts
  • (iv) Administration


When the recipient concerned is located outside the European Union, or in a country that does not have an adequate regulation in the meaning of the GDPR, DEF DOI manages its contractual relationship with this third party by adopting an appropriate contractual mechanism.

It should be noted that DEF DOI may be required to pass on the personal data of its Customers to respond to an injunction by the legal authorities.
The personal data of the Customer are kept for a period of three (3) years from their collection.

Audience measurement statistics are not retained for more than thirteen (13) months.

However, at the end of the aforementioned periods, including as and when necessary from the Customer's request for deletion, his / her personal data may be the subject of interim filing so that DEF DOI can meet to its legal retention duties:

  • (i) a contract entered into in the course of a business relationship will be retained for five (5) years after the date of its execution;
  • (ii) a contract entered into electronically in an amount greater than or equal to 120 euros will be kept for two (2) years after the date of its execution;
  • (iii) banking records will be kept for five (5) years as from their release;
  • (iv) records relating to the management of orders will be kept for ten (10) years;
  • (v) billing management documents will be retained for ten (10) years.

Some data may be filed beyond the standard durations (i) in the event of litigation in order to make it possible to establish the reality of the disputed facts; and / or (ii) for the purposes of the investigation, detection and prosecution of criminal offenses for the sole purpose of enabling, as needed, the provision of such data to the judicial authority.

Filing requires that these data be anonymous and can no longer be viewed online but that they may be extracted and stored on an autonomous and secure medium.

After the deadlines set in the said policy, the data are deleted.
Customers have a right of access, modification, opposition, limitation, portability, rectification, to define directives concerning the fate of their data after their death and the deletion of their personal data, the latter being subject to compliance with the following rules:

  • (i) the request originates from the person himself and is accompanied by a copy of an identity document, up to date;
  • (ii) the request should be made in writing and sent to the following address: rgpd@reseau-def.com

Upon receipt of the right to portability of the data, Customers have the right to request a copy of their personal data being processed.

The requested information will be provided in electronic form, unless otherwise requested. Customers are informed that these rights can never cover to confidential information or data or for data which the law does not authorize the communication. These rights cannot under any circumstances allow access to Defence Secret classified documents.

The right to the deletion of the personal data of the Customers will not be applicable in the cases where the treatment is implemented to meet a legal requirement.

The Customer may, at any time, file a complaint before the relevant supervisory authority.
DEF DOI informs its Customers that it may involve any subcontractor at its option in the framework of the processing of their personal data. Subcontractor means any natural or legal person that processes personal data on behalf of DEF DOI.

In this case, DEF DOI ensures that the subcontractor complies with its duties under the GDPR.

DEF DOI agrees to sign a written contract with all its subcontractors and imposes on subcontractors the same data protection duties as its own. In addition, DEF DOI reserves the right to conduct an audit of its subcontractors to ensure compliance with the provisions of the GDPR.
It is the responsibility of DEF DOI to determine and implement technical security or physical measures, that it sees fit, to fight against the destruction, loss, alteration or unauthorized disclosure of data in an accidental or unlawful manner.

Such measures include but are not limited to:

  • (i) the use of security measures for access to the premises (closing of offices, badges, etc.);
  • (ii) secured access to our computers and smartphones (passwords changed regularly);
  • (iii) setting up logins and passwords for all our business applications;
  • (iv) the management of authorizations for access to data (specificity for our financial and accounting and communication services);
  • (v) use of VPN for remote connections;
  • (vi) use of the complex passwords for our Wi-Fi network, changed each month.

In any case, DEF DOI undertakes, in the event of a change in the means to ensure the security and confidentiality of personal data, to replace them by means of superior performance. No evolution can lead to a decrease in the security level.
DEF DOI holds a register of personal data processing which is at the disposal of the National Information Technology and Privacy Commission.
This policy may be amended or modified at any time in the event of legal or jurisprudential developments, and of changes in decisions and recommendations of the European Commission.

Any new version of this policy will be brought to the attention of the Customers by any means chosen by DEF DOI including by electronic means (circulation by email or online for instance).
For any further information please contact our GDPR committee at the following electronic address: rgpd@reseau-def.com