Personal Data Protection Notice
Hapto, a subsidiary of Sopra Steria with share capital of €10,000, registered with the Annecy Trade and Companies Register under number 824 537 880, with registered office at PAE Les Glaisins, 3 rue du Pré Faucon, Annecy Le Vieux, 74940 Annecy, France (hereinafter “Hapto” or “we”), is committed to protecting the personal data of users of its website (hereinafter “Users” or “You”).
Some of the services offered on certain pages of our website require the processing of Your personal data. The purpose of this Notice is therefore to inform You how Sopra Steria, as Data Controller, processes Your personal data through its website, including its use of cookies. This Notice does not cover job applicants — please refer to the relevant Candidate Privacy Notice on our Careers portal — or employees, who can find the relevant notice on our intranet.
This Notice complies with applicable laws, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”). Please note that this Notice may be updated from time to time by Sopra Steria. The date of the latest update will appear on this page. We therefore encourage You to consult it regularly.
Summary
- What categories of personal data do we process about You
- How is Your personal data collected?
- What are the purposes for processing Your personal data?
- Marketing
- Who are the recipients of Your personal data?
- How do we protect Your personal data?
- How long do we keep Your personal data?
- What rights are granted to You?
- Who should You contact to exercise Your rights or if You have any questions?
1. What categories of personal data do we process about You?
Depending on the circumstances, we may process different categories of personal data about You, which we have grouped as follows:
- Identity Data (including first name, last name, job title, etc.)
- Contact Data (including email address, phone number, etc.)
- Technical Data, including the Internet Protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology data from the devices You use to access this website.
- Profile Data, including Your interests, preferences, feedback and survey responses.
- Usage Data, including information on how You use our website and Your interactions with marketing content.
- Marketing and Communications Data, including Your preferences for receiving marketing material from us or from third parties, and Your communication preferences.
2. How is Your personal data collected?
We use various methods to collect Your personal data, including through: Direct interactions.
You may provide Your personal data when you use any of the following features of our website:
- the form to contact us;
- the form to subscribe to marketing communications or events;
- the form to download reports, articles or other online content;
- the platform to take part in events organised or sponsored by Sopra Steria;
- the form to enter a competition or survey.
Automated technologies or interactions.
When You interact with our website, we may automatically collect Technical Data about Your equipment, browsing actions and patterns, which may be combined with other identifying data to infer further personal information about You. We collect this Data using cookies, server logs and other similar technologies. Please refer to our Cookie Policy for further details.
3. What are the purposes for processing Your personal data?
The information below describes:
- The purposes for which we process Your personal data;
- The legal bases that lawfully allow us to collect and further process Your personal data;
- The categories of personal data we process for each identified purpose.
Processing purpose | Legal basis | Categories of personal data
- To respond to your queries and information requests | Your consent | Identity Data; Contact Data
- To allow You to access and download online content such as white papers, reports, articles or other publications | Your consent | Identity Data; Contact Data; Marketing and Communications Data
- To run marketing campaigns and provide promotional content such as information on our products and services, events, etc. | 1. If You are not a customer or prospect: your explicit consent (opt-in) via a tickbox, or another positive action taken when registering to receive this information or subscribe to these services. 2. If You are a customer or prospect (B2B): Your soft opt-in consent (opt-out). | Identity Data; Contact Data; Marketing and Communications Data; Usage Data; Profile Data
- To allow You to subscribe to our newsletters | Your consent | Identity Data; Contact Data
- To enable the use of cookies and/or other trackers — provided You have given your consent (with the exception of strictly necessary cookies) — and subject to the detailed terms set out in our Cookie Policy | Your consent | Technical Data; Usage Data
- To use data analytics to improve our website, products/services, marketing, customer relationships and experiences | Legitimate interest (to define customer types for our products and services, to keep our website up to date and relevant, to grow our business and to inform our marketing strategy) | Technical Data; Usage Data
- To ensure the security of this website | Legitimate interest | Technical Data; Usage Data
- To meet our legal obligations and defend our interests in the event of a dispute. We may be subject to legal and regulatory disclosure obligations and may also have a legitimate interest in using data to defend ourselves in legal proceedings. | N/A. Depends on the specific case | N/A
- To allow You to register for an event, webinar, etc. via our website | Your consent | Identity Data; Contact Data; Marketing and Communications Data; Profile Data; Usage Data
- To run competitions or carry out customer satisfaction surveys | Your explicit consent resulting from your registration/participation and from the performance of the general terms/rules governing those activities | Identity Data; Contact Data; Marketing and Communications Data; Profile Data
4. Marketing
Soft opt-in and opt-in
We do not ask for your consent to send you marketing communications promoting our activities, products or services if you are a customer or prospect (B2B). In that case, we rely on soft opt-in under applicable laws to send you these communications. This means we do not ask you to register via a tickbox, but we give you the option to unsubscribe at any time.
If You are not a customer or prospect, we either rely on Your explicit consent (via an opt-in tickbox) or on another positive action, such as completing a registration form.
If you would like to review or update your marketing preferences, please contact contact-corp@soprasteria.com.
We keep your data for 3 years after the end of the business relationship with you, or after your last digital interaction with our organisation, after which your records will be deleted from our marketing database.
In certain circumstances, we may share your personal data with other Sopra Steria group subsidiaries for marketing purposes. However, we will not share Your personal data with companies outside the Sopra Steria group for marketing purposes without your consent.
Unsubscribing
You can ask us to stop sending you marketing messages at any time by clicking the unsubscribe link included in any email we have sent you, or by contacting us at contact-corp@soprasteria.com. If you choose not to receive our communications, we will keep these instructions for a period of 18 months and will only retain your email address for that period, after which your data will be deleted.
5. Who are the recipients of Your Personal Data?
5.1 Internal recipients
Depending on the specific purpose, Your Personal Data may be processed by authorised internal staff (including marketing and communications, sales, administration, HR and other support functions) at Sopra Steria. Access to your personal data is limited to what authorised staff need to carry out their duties, and is subject to a confidentiality obligation.
5.2 External recipients
Your personal data may also be processed by third-party service providers acting on Hapto’s behalf, such as our website hosting provider or our marketing service providers. Our website also contains cookies placed by third parties, as set out in our Cookie Policy. Please note that all our third-party service providers are required to put in place appropriate security measures to protect your personal information in line with our policies and requirements. We only allow them to process your personal data for specific purposes and in accordance with our instructions.
We may also share your personal data, in certain circumstances, with other recipients such as:
- 5.2.1 Other Sopra Steria Group Companies;
- 5.2.2 Other third parties in connection with a merger, acquisition, partial transfer of assets or any other transaction relating to Sopra Steria or any of its Group Companies;
- 5.2.3 Law enforcement authorities when required by law (including under a court order), or where disclosure is necessary to defend our rights, prevent fraud or cybercrime, or ensure the safety of Sopra Steria or any other person — provided applicable legal provisions require or permit it.
Such disclosure will be limited to what is strictly necessary, to the extent permitted by applicable law.
5.3 Sharing of data outside the EU/EEA
Given the international scope of the Sopra Steria group, Your Personal Data may be transferred to recipients located outside the European Union/European Economic Area (EEA: EU member states plus Iceland, Liechtenstein and Norway), to countries that do not provide a level of protection essentially equivalent to that required under European law. International transfers of Personal Data may be necessary for the conduct of Sopra Steria’s business activities and its internal administration. Sopra Steria ensures that restricted transfers take place in compliance with the law, by using the transfer tools provided for under applicable regulations and by putting in place appropriate guarantees and protective measures. You may obtain a copy of these guarantees by sending an email to: acces-cnil@soprasteria.com or support.privacy@soprasteria.com.
6. How do we protect your personal data?
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, or from being used, accessed, altered or disclosed in an unauthorised way. In addition, we have put procedures in place to deal with any suspected or actual personal data breach.
Third parties will only process your personal information on our instructions and where they have agreed to treat it confidentially and keep it secure.
We limit access to your personal information to employees, contractors and other third parties who have a business need to know.
7. How long do we keep your personal data?
We will retain your personal information for as long as necessary to fulfil the purposes for which we collected it, including to satisfy any applicable legal requirements. This means that the retention period may be defined differently depending on the Purposes of the processing and on specific legal obligations.
Below are some of the retention periods applicable to personal data collected on our Site:
- as long as your user account remains active;
- for as long as we remain in contact with you through our promotional activities, plus three (3) years after the last interaction, unless you object to the processing of your personal data;
- for as long as required by applicable law;
- cookies and other trackers used on our Site are kept in accordance with our Cookie Policy.
We may need to retain Your personal data in restricted-access archives for evidentiary purposes beyond the periods above in order to comply with our legal obligations or, where applicable and considering the limitation period, to enforce our rights.
Once your personal data is no longer required for the identified purposes, to meet our legal obligations or to comply with the applicable limitation period, we ensure it is either fully destroyed or anonymised.
8. What rights are granted to You?
Sopra Steria recognises the importance of data subjects’ rights and enables individuals to exercise them in the simplest and most effective way possible. Accordingly, we welcome Your questions about how Your Personal Data is processed and Your requests to exercise the following rights:
- Right of access to your personal data and to obtain a copy of it, along with information on how your personal data is processed.
- Right to rectify Your Personal Data if it is incorrect, and to complete it if it is incomplete.
- Right to erasure, under certain conditions, of Your Personal Data when it is no longer necessary for the purposes for which it was collected or processed. You also have the right to ask us to erase or remove your personal data when you have successfully exercised your right to object to processing. Please note, however, that the right to erasure is not absolute. We may not always be able to fully comply with your erasure request due to specific legal obligations, which will be communicated to you at the time of your request.
- Right to object, on grounds relating to Your particular situation, to the processing of Your Personal Data where it is based on Sopra Steria’s legitimate interest. You also have an absolute right to object to our processing your personal data for direct marketing purposes. In some cases (other than direct marketing), we may be able to show compelling legitimate grounds for processing your information that override your rights and freedoms.
- Right to restrict the processing of Your Personal Data while You await a response from Sopra Steria after exercising Your right to object or rectify Your data.
- Right not to be subject to automated decision-making or profiling in connection with your personal data. This refers to business decisions taken by automated means, including by artificial intelligence. You have the right to request that a human being be involved in such decision-making, and to ask us to review any decision made by automated means.
- Right to withdraw consent to the processing of your personal data where that processing is based on your consent.
- Right to opt out of marketing communications. You can unsubscribe from marketing communications sent by Sopra Steria at any time—whether Your data was collected and processed on the basis of legitimate interest or consent—by contacting us at contact-corp@soprasteria.com or by clicking the unsubscribe link at the bottom of any email we send You.
9. Who should you contact to exercise your rights or if you have any questions?
If you wish to exercise any of your rights, please contact us at: contact-corp@soprasteria.com.
If you have any questions about this notice, please contact us at: acces-cnil@soprasteria.com or support.privacy@soprasteria.com.