This privacy policy applies to the processing of personal data operated by VONA SAS, a company governed by French law, registered with the Paris Trade and Companies Register under the number SIRET 51522328700019 and domiciled at 40 rue Damrémont, 75018 Paris en France (“VONA”). It allows the natural persons concerned (i.e. customers, prospects, candidates, partners), to understand how their personal data is collected and processed by VONA and its possible subcontractors in accordance with the national and European legislation in force (Regulation 2016/679 of the European Parliament and of the Council of the European Parliament and of the Council of 27 April 2016 and the Data Protection Act of 6 January 1978). It also describes the measures implemented by VONA to ensure the protection, confidentiality and security of the data collected and processed.

‍
1. Definitions
Personal data: Personal data is information relating to a natural person that can be identified, directly or indirectly. Example: name, first name, telephone number, telephone number, postal address, email address, IP address, photograph, age.

Treatment: Personal data processing is any operation, or set of operations, whether or not carried out using an automated process and applied to personal data or sets of data. As such, collecting personal data via a contact form constitutes the processing of personal data.

Data controller: The data controller is the person, entity, service or other body that determines the purposes and means of the processing of personal data. As such, VONA is responsible for processing the data collected when you browse its website or when recruiting its staff.

Subcontractor: A subcontractor is any person, entity or service processing personal data on behalf of the data controller. As such, the host of this site, Webflow, acts as a subcontractor to VONA.


2. The use of your data
2.1 How is your browsing data processed?
During your visit to this site, VONA and its partners place cookies and other tracers on your terminal in particular to ensure the proper technical functioning of the site. To find out more about the purposes for which these cookies are placed and the means you have in order to consent to their deposit, please consult the VONA Cookie and Use Notice.

2.2 How are your data from the contact form processed?
VONA provides a contact form in the “Contacts” section for any contact request. By completing the form, you agree to transmit to VONA the personal data concerning you, necessary for the management and processing of your request.

This data will be processed at least for the time necessary to process the request and to send a response. They are kept for a maximum of one (1) year from the date of collection.

‍

---------------------------------
Legal basis
Consent
‍
Purpose of the treatment
Meet the need (s) included in the request. Recontact the applicant.

‍
Recipient (s)
Dedicated email address Shortlist within VONA (communication manager, lead generation, HR manager, DPO).

Shelf life
At least: time required to process the request and to respond.
Maximum: 1 year from collection.

‍

3. Who is responsible for your personal data in the event of a link to a third party site?
If while browsing the site VONA provides a link to a third party site, the rules and policies specific to that site will apply. VONA is not responsible for the processing of your personal data carried out by a third party site.

é, the integrity, availability and traceability of your personal data.
The Webflow host encrypts the data from end to end during the transfer. It ensures that its infrastructures are secure and that data is backed up and can be recovered in the event of an incident. Webflow is SOC 2 certified by the AICPA (American Institute of Certified Public Accountants), which guarantees Webflow protects information by implementing control mechanisms for the security, availability, integrity, integrity, traceability of treatments, traceability of treatments, confidentiality and protection of the personal data processed.‍

4. Where is your personal data transferred?
The personal data collected through the website is transferred to the subcontractor Webflow, a company based in the United States, which hosts them. Webflow is committed to ensuring that its information system, that of its service providers and subcontractors, are protected against external attacks, through the use of appropriate security measures.

The company is equipped with technical and contractual tools that ensure the protection of the information transmitted to it. Webflow complies with the Data Privacy Framework (EU-US Data Protection Framework), which regulates the transfer of data from citizens of the European economic zone to the United States.

5. How is your personal data secured?
As a consulting firm specializing in cybersecurity, VONA places particular importance on the security of your personal data. VONA puts in place appropriate protection measures to guarantee the confidentiality, integrity, availability and traceability of your personal data.

The site host, Webflow, encrypts the data end-to-end during the transfer. It ensures that its infrastructures are secure and that data is backed up and can be recovered in the event of an incident. Webflow is SOC 2 certified by the AICPA (American Institute of Certified Public Accountants), which guarantees that Webflow protects information by implementing control mechanisms for the security, availability, integrity, integrity, traceability of treatments, traceability of treatments, confidentiality and protection of the personal data processed.

In the event of an incident leading to the violation of your personal data, VONA will notify the incident to the competent supervisory authority and, if necessary, inform the persons concerned as soon as possible.

6. How to exercise your rights?
In accordance with Law No. 78-17 of January 6, 1978 as amended and Regulation (EU) No. 2016/679 of April 27, 2016, you can exercise your right to access, rectify and delete as well as a right to limit the processing and portability of personal data concerning you and to define guidelines on the fate of your data after your death.

You also have the possibility to object at any time, for reasons relating to your particular situation, to processing based on the legitimate interest of VONA.

In order to exercise your rights, or for any request for information concerning the processing of your personal data, you can contact our personal data protection department within VONA:

• To the email address dpo@vona.eu
• By post to 29 rue du Faubourg Poissonnière, 75009 Paris

You also have the right to file a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) in accordance with the following procedures:

• Via its website www.cnil.fr
• By post to the Complaints Department — 3 Place de Fontenoy — 3 Place de Fontenoy — TSA80715 —75334 PARIS CEDEX 07

7. How can I change the privacy policy?
VONA regularly reviews this Privacy Policy to reflect the evolution of its practices in the protection of personal data and the management of cookies. Each time this policy is amended, the “Last Updated” date at the top of the first page is updated.