Security and Confidentiality Policy

Security and Confidentiality Policy

By using the website of Cleo, the Event Performance Calculator by UNIMEV and the Paris Region Tourist Board, as well as UL’s Pure platform, you confirm that you have understood and unreservedly accepted the Security and Confidentiality Policy set out hereafter.

 

  1. Data security

 

Security of UL’s Pure platform

UL EHS’ primary and secondary data centres are located in the United Kingdom. The primary data centre is managed by EQUINIX and located at the London Docklands.

EQUINIX data centres are managed in accordance with the most stringent security, energy and environmental standards, with power supply, fire suppression and physical security systems which are fully redundant and engineers on-site 24 hours a day.

They comply with the following certifications: ISO27001, OHSAD 18001, ISO 9001, SSAE 16/ISAE 3402, PCI DSS, ISO 5001.

 

  1. Confidentiality of data and results

 

2.1- Scope of application

The Confidentiality Policy, i.e. the conditions governing data access, is applicable to:

– raw data entered by users,

– results generated by UL’s Pure platform.

 

2.2-Data entry

Data entered into the Cleo Calculator’s website

Data entered into the Cleo Calculator’s website is only accessible to UNIMEV’s research team who have signed a statistical confidentiality agreement and are thereby authorised to take action on the platform as administrators.

 

Employees of UNIMEV’s research team may only access data for the following purposes:

– to create venues or events in the Pure platform,

– to provide information on the Cleo Calculator to users, in compliance with the “Personal Data Confidentiality” section hereafter.

 

Data entered into the Pure processing platform

Data entered into UL’s Pure platform is accessible only to:

– the users who entered the data for the following purposes:

  • configuration of venues for venue managers,
  • event assessments for event organisers.

– authorised UNIMEV employees, for the purposes of:

  • administration, data storage and data history recovery,
  • conducting studies, in compliance with statistical confidentiality rules, on behalf of the Event industry.

 

2.3-Results generated by UL’s Pure platform

The results generated via UL’s Pure platform are only accessible to:

– the users who entered the corresponding data for the purpose of event assessment,

– authorised UNIMEV employees for the purposes of:

  • administration, data storage and data history recovery,
  • conducting studies, in compliance with statistical confidentiality rules, on behalf of the Event industry,
  • generating consolidated reports for venues and event places/destinations.

 

In strict compliance with the consolidation rules set out in the Calculator’s methodology, UNIMEV guarantees that:

– consolidated reports for venues cannot be used under any circumstances to access, deduce or extrapolate the results of an event,

– consolidated reports for event places/destinations cannot be used under any circumstances to access, deduce or extrapolate the results of a venue or a venue manager.

 

  1. Liability

 

UNIMEV and the Paris Region Tourist Board may not be held liable for any difficulties in accessing the Cleo website and the Pure processing platform, or for any break in connection for whatever reason.

UNIMEV and the Paris Region Tourist Board shall not guarantee the accuracy and completeness of the data entered by users into the Cleo website and the Pure processing platform. They may not be held liable for any errors or omissions or for any unavailable data.

 

  1. Personal Data Confidentiality

 

Scope of application

This Confidentiality Policy is applicable to the policy implemented with regard to the collection and use of your personal data (hereafter “Personal Data”) when you browse our website or use our services.

 

The Confidentiality Policy presents the origin and type of Personal Data we collect, the reasons behind collection, the ways in which we use such Data and the rights you enjoy in relation to the Data in accordance with the French Law No. 78-17 dated 6 January 1978 amended (the French Data Protection Act) and EU Regulation 2016/679 dated 27 April 2016 (“GDPR”).

 

The purpose of this Confidentiality Policy is to:

– assure you enjoy a positive and confident experience when you browse our website and when you use our services,

– answer your questions on the collection and use of your personal data as clearly and as fully as possible.

 

Each service may have its own provisions in terms of Personal Data and confidentiality as set out in the specific conditions of use.

 

The Confidentiality Policy is not applicable to third-party websites or mobile applications to which you may be redirected during your use of our website and our services. We would ask you to read the confidentiality policies of these websites.

 

Lastly, given the rapid changes in web technologies, we may make amendments to this Confidentiality Policy. We would therefore ask you to check its content regularly.

 

Purposes of processing

Your personal data is collected and processed to keep you informed, support you and give you access to the services of the Cleo Calculator.

 

Data Protection Officer

The contact details of the data protection officer are:

Référent protection des données UNIMEV – rgpd@unimev.fr – 11 rue Friant 75014 Paris

 

Persons authorised to process your data

The recipients of your data are authorised persons within UNIMEV in charge of data processing and authorised employees of our sub-contractors in charge of development and hosting operations.

 

Data security

We implement organisational and technical data security measures with a view to ensuring the confidentiality and integrity of your Personal Data.

All data stored on our servers is protected by firewalls, antivirus software, access management and an intruder detection system.

However, given the very nature of Internet as a public network, you acknowledge and accept that the security of data transfers via the Internet and Personal Data integrity cannot be guaranteed.

In the event of a security failure resulting in a breach of your Personal Data, we undertake to implement remedial actions as swiftly as possible and to inform you, and the French Data Protection Agency (CNIL) of this breach, in accordance with the provisions of the applicable legislation.

 

Retention period

Your data is stored for as long as necessary to provide you with the service in question and to meet your requests.

 

Rights of data subjects

You enjoy the right to access, correct and erase your data. You are also entitled to restrict and oppose data and enjoy the right to data portability. You are also entitled to define the instructions as to what happens to your personal data upon your death. To exercise these rights, you can contact us at the following address: rgpd@unimev.fr.

We undertake to answer your requests satisfactorily. If, for whatever reason, you feel that our response is not satisfactory, we inform you that you can file a complaint with the CNIL.

 

Data transfers outside the EU

As part of the use of your Personal Data, the information we collect may be transferred, stored and processed in all countries or regions in which one or more of our sub-contractors are located, it being specified that these countries are within the European Union and, wherever this is not the case, the appropriate guarantees pursuant to article 46 et seq. of the GDPR would be implemented.

 

Contact

You can contact us with any questions or comments regarding our Confidentiality Policy at the following address: rgpd@unimev.fr.

 

You can also use this address if you would like to request access to your Personal Data in our possession.

 

Version – 30/11/2018