Privacy policy.

Introduction

Be and Lead places great importance on privacy protection and ensures the security of your personal data.

Be and Lead complies with applicable personal data protection regulations, in particular the European General Data Protection Regulation (GDPR) No. 2016/679 of April 27, 2016, as well as all national laws enacted in its implementation, subsidiarily.

This document clearly and simply reflects our policy on the matter and informs you about the conditions under which Be and Lead, as the data controller, collects and uses your personal data in accordance with the data protection principles of the group companies, as well as the means available to you to control this use and exercise your related rights.

Definitions

Processing: any operation or set of operations performed on personal data, whether automated or not: collection, recording, organization, storage, modification, matching, retrieval, consultation, extraction, use, making available, alignment, combination, as well as blocking, erasure, or destruction of such personal data.

Cookie and tracker: refers to a block of data not used for identification purposes but serving to record information related to the client’s navigation within the service. Cookies and trackers aim to collect information about your browsing on websites. These files store information that helps facilitate your navigation, adapt content, and optimize certain functionalities.

Processor: the natural or legal person, public authority, service, or other body that processes personal data on behalf of the data controller.

Data Controller

Who are the data controllers within Be and Lead?

The company B lief owns the Be and Lead brand.

B lief:

  • Simplified joint-stock company with a capital of 1,000 euros,

  • Registered with the Paris Trade and Companies Register under number 513 014 951,

  • Intra-community VAT number FR885 130 149 51,

  • Registered and certified training and consulting organization under number 11754455475.

Head office: 86-90 rue Notre Dame de Nazareth – 75003 Paris
Phone: +33 (01) 83 62 94 52

Personal Data

1/ What categories of personal data are processed by Be and Lead?

In strict compliance with applicable regulations, we mainly process the following personal data:

  • Declarative personal data, i.e., data collected directly from you;

  • Personal data from public information (such as the public part of social networks).

Within the scope of personal data processing whose purposes are presented below, Be and Lead may, for example, process personal data related to:

  • Identification of individuals;

  • Professional situation.

2/ Why do we collect your personal data?

The personal data collected and processed by Be and Lead are used in accordance with the principle of minimization, limiting the collection of personal data only to the purposes defined below:

  • Management of a contract to which you are a party;

  • Operations related to commercial management and the implementation of marketing actions.

Within the framework of our business relationship, and subject to obtaining your express consent, your personal data may also be used for prospecting purposes for products or services offered by Be and Lead.

Finally, we may also offer you satisfaction surveys to gather your needs and improve our services.

If data processing is intended for purposes other than those mentioned above, Be and Lead will specify these purposes and obtain your prior consent if required by law.

Be and Lead only implements data processing if at least one of the following conditions is met:

  • Consent has been obtained;

  • The legitimate interest of Be and Lead justifies the processing of the personal data concerned;

  • The performance of a contract binding Be and Lead and the Client requires that Be and Lead process the personal data concerned.

3/ Who are the recipients of the personal data processed by Be and Lead?

The personal data that Be and Lead collects, as well as any data collected subsequently, are intended for Be and Lead as the data controller.

Be and Lead ensures that only authorized individuals have access to this data. Be and Lead’s service providers may receive this data to carry out the services entrusted to them by Be and Lead. Some personal data may be shared with third parties (business partners) or with legally authorized authorities in order to comply with Be and Lead’s legal, regulatory, or contractual obligations.

The Client’s personal data may be combined, pooled, or shared among all entities within the Be and Lead group.

Furthermore, Be and Lead takes appropriate measures to ensure that our subcontractors process your personal data in accordance with the applicable data protection legislation.

These measures notably include the signing of an agreement that clearly defines the data processing and requires subcontractors, among other things, to process your personal data only according to our instructions, not to engage a second-level subcontractor without our consent, to implement appropriate technical and organizational measures to guarantee the security of your data, to ensure that authorized persons accessing the data are subject to confidentiality obligations, to return and/or destroy your data at the end of their mission or contract, to undergo audits, and to provide us assistance in monitoring your requests regarding the exercise of your rights in relation to your personal data.

4/ What security measures does Be and Lead implement?

Regulations require us to ensure a level of security and confidentiality for your personal data. Accordingly, we consider all data concerning you as confidential information subject to professional secrecy to which we are bound. This data may be transmitted, used, or stored according to the security framework described below.

Be and Lead implements and maintains a series of logical, organizational, and physical security measures within its IT environments to ensure the security of data stored in its information system.

We regularly conduct a series of tests on our websites to correct any identified vulnerabilities or weaknesses. We comply with information system security best practices regarding backups, data access, and incident response.

Be and Lead ensures that its subcontractors and service providers implement and maintain a security system compliant, notably, with the GDPR.

If we detect an incident impacting personal data, we ensure, according to regulatory requirements, to notify the French Data Protection Authority (CNIL) as soon as possible after becoming aware of it and to inform the affected individuals.

5/ What are the retention periods for your personal data?

We have established a data retention policy to ensure that your personal data is kept only for a period not exceeding what is necessary in relation to the purposes for which it is processed.

To determine these periods, we take into account the various purposes for which the data is collected, the individuals concerned by the collection, and compliance with legal, regulatory, or industry obligations to which we are subject. These periods do not exceed what is strictly necessary for the proper execution of the processing.

For any questions regarding the processing of your personal data by Be and Lead, you can contact the Data Protection Officer by email or by mail at Be and Lead – DPO – 86-90 rue ND de Nazareth – 75003 Paris.

What rights do you have?

In accordance with the applicable data protection legislation, you have the rights of access, correction, and deletion of your personal data; the rights to object to or restrict the processing of your personal data; the right to data portability; and the right to set directives regarding the fate of your personal data after your death.

Right to be informed: You have the right to receive clear, transparent, and understandable information about how we use your personal data and about exercising your rights. This is why we provide you with the information contained in this Personal Data Policy.

Right of access and rectification: At any time, you can request access to your personal data and have it corrected if it is inaccurate or incomplete.

Right to erasure (“right to be forgotten”): You have the right to have your personal data erased. However, this right is not absolute and is subject to certain conditions. Thus, we may retain your personal data as permitted by applicable law, notably when its processing remains necessary to comply with a legal obligation to which Be and Lead is subject, or for the establishment, exercise, or defense of a legal claim.

Right to restriction of processing: You have the right to obtain restriction of processing in certain circumstances. In such cases, the data may only be processed with your consent or for the establishment, exercise, or defense of a legal claim, except for storage.

Right to data portability: Under certain circumstances, you have the right to receive your personal data that you have provided to Be and Lead in a structured, commonly used, and machine-readable format, and to transmit it to another data controller.

Right to object to processing: You have the right to object, for legitimate reasons, to certain types of processing (unless Be and Lead’s processing is required by law).

Right to withdraw consent: If you have given your consent to the processing of your personal data, you have the right to withdraw it at any time.

Please send any requests related to exercising your rights by email or by mail to Be and Lead – DPO – 86-90 rue ND de Nazareth – 75003 Paris.