1. Introduction

We attach great importance to the confidentiality and security of data and have put in place all the technical and operational arrangements to preserve its integrity.
This privacy policy describes our rules concerning the management, processing and storage of personal data in connection with the provision of our platform for collecting and processing professional alerts from public and private organizations.

The term “personal data” refers to information relating to an identified or identifiable natural person.

2. Presentation of the service
Signalement.Net is a Saas platform developed and marketed by the company Valeur & Conformité SAS, a French company expert in regulatory compliance and digital solutions, whose head office is located at 10 rue de Penthièvre, 75008, Paris – France, SIREN 829551878.

This tool is made available to public and private organizations and allows them to collect and process professional alerts.

For confidentiality reasons, Signalement.Net employees do not have access to and knowledge of the alerts received and processed by the service’s customers.

The contents of the alerts and their processing methods are exclusively intended for the referent(s) of the organization using the platform.

3. Personal data collected
3.1 Identity and contact details of the data controller
Personal data is collected on the Signalement.Net platform owned by Valeur & Conformité SAS, a French company with expertise in regulatory compliance and digital solutions, whose head office is located at 10 rue de Penthièvre, 75008, Paris – France, SIREN 829551878.

3.2 CNIL declaration and RGPD compliance
The automatic processing of information has been declared to the CNIL in the framework of the AU-004 under the N° 2115018v0 for its own needs.

The Signalement.Net platform also complies with the new obligations applicable on May 25, 2018 relating to the regulations on the General Regulation on Data Protection (RGPD).

Each organization using Signalement.Net must also ensure that it complies with the regulations on the RGPD.

Users of the service have a right of access, rectification and deletion to be asserted to the referent designated by the client organization of the service or its Data Protection Officer (DPO).

3.3 Personal data concerned
When you use the Signalement.Net platform provided to the Value & Compliance SAS client organization, the following data may be collected and processed by the organization’s business alert referrer(s):

identity, functions and contact details of the issuer of the professional alert ;
Identity, functions and contact information of the persons who are the subject of an alert;
identity, functions and contact details of the persons involved in the collection or processing of the alert;
reported facts ;
elements collected in the context of the verification of the facts reported;
report on verification operations;
follow-up to the alert.

3.4 Purposes of processing and legal basis
The automated processing of personal data for the purpose of processing alerts, issued by a member of staff or an external and occasional collaborator, relating to :

a crime or a misdemeanor ;
a serious and manifest violation of an international commitment regularly ratified or approved by France;
a serious and manifest violation of a unilateral act of an international organization taken on the basis of a duly ratified international commitment;
a serious and manifest violation of a law or regulation;
or a serious threat or prejudice to the general interest of which the issuer of the alert has personal knowledge.
The following are also covered:

the automated processing of personal data implemented by an organization for the collection of alerts from its personnel relating to the obligations defined by European regulations and by the monetary or financial code or the general regulations of the Autorité des marchés financiers, and whose supervision is ensured by the Autorité des marchés financiers or the Autorité de contrôle prudentiel et de résolution ;
Automated processing of personal data implemented by a body for the collection of reports, from employees, relating to the existence of conduct or situations contrary to the company’s code of conduct, concerning acts of corruption or trading in influence, provided that the implementation of such processing meets a legal obligation or a legitimate interest of the data controller.

3.5 Confidentiality and anonymity
The data controller takes all useful precautions to preserve the security of the data both at the time of their collection and their communication or conservation.

The identity of the issuer of an alert and of the persons concerned by the alert as well as the information collected by all the recipients of the alert are treated confidentially.

A completely anonymous report is also possible when the organization that is the client of the service has activated this feature. In this case, in order to preserve complete anonymity, no information on the identity of the author of a report is required. This does not prevent him/her from being able, if he/she wishes, to receive a copy of his/her report by email after step 4 of the report transmission and to be notified afterwards of a new message or an evolution of his/her report, it is important to note that the email filled in at this step is in no case transmitted to the organization or visible by it.

In all cases, it will be possible for the author of a report to communicate, even anonymously, with the organization’s referents via the confidential messaging system. To do so, it is sufficient to access the “report follow-up” page from the report page and to use the unique confidential code that was generated after the report was transmitted.

3.6 Recipients of your data
The personal data about you collected on the platform is intended for the own use of the service’s client organizations.
Value & Compliance SAS ensures compliance with data protection requirements for all its sub-contracting companies.

3.7 Your Data Protection Rights
In accordance with the French Data Protection Act of 6 January 1978 as amended, and the General European Data Protection Regulation 2016/679 (RGPD), you have the right to access, rectify and delete personal data concerning you, which you can exercise by sending us a letter to the following e-mail address: support@signalement.net or directly to the referent of the service’s client organization.

3.8 Cookies and IP address
Signalement.Net uses the minimum number of cookies possible and only to maintain a current session without losing the information entered or the selected interface language.

No personal data is collected via the service use and navigation cookies.

It is important to specify that for people who browse the reporting pages of the platform or who make a report no IP address is collected.

4. Place of data storage
The data is securely stored on dedicated servers hosted in France by our trusted partner OVH.

5. Conservation of data
The data collected by the Signalement.Net client organization is dependent on their business rules in accordance with applicable laws and regulations.
Signalement.Net applies an internal rule of secure and encrypted automatic daily archiving of data. An archive is kept for 30 days before being automatically deleted.

6. Security
As part of its Signalement.Net services, SAS Value & Compliance places the utmost importance on the security and integrity of the personal data of its customer organizations.

In accordance with the DPMR, Value & Compliance SAS is committed to taking all necessary precautions to preserve the security of data and in particular to protect it against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access, as well as against any other form of unlawful processing or communication to unauthorized persons.

To this end, Value & Compliance SAS implements all security measures to protect personal data from unauthorized disclosure. Using recommended encryption methods and other best practices such as regular auditing by an external cyber security organization.

For passwords and security access to the client organization’s trusted users to their session, an alpha-numeric password with special characters, lower/upper case combined with a second identification factor (unique and temporary authentication code) is required.

The alertsetter has a unique and temporary encrypted code allowing him to access his alert and valid for the time his alert is processed. This code allows him to send and receive confidential messages from the platform to the referent(s) in connection with his alert.

7. Changes to the privacy policy
Value & Compliance SAS reserves the right to change this privacy policy at any time, including in response to changes in laws and regulations.

8. How to contact us
Use our contact form on www.signalement.net, send us a message to support@signalement.net or a mail to :
Valeur & Conformite
Data Protection Officer / Legal Department
10 rue de Penthièvre
75008 Paris – France.

Version of this document: June 12, 2018