Version: 1.0 of October 10th, 2017

1. Certain definitions

As used herein,

Campaign: means a questionnaire to evaluate the quality of service provided by Gemalto to its Customers and that is presented to Employees that are under no obligation to participate.

Customer: means a legal entity that has a contract for support services with Gemalto.

Employee: means an employee of Customer that receives via e-mail an invitation to participate to a Campaign.

User Information: means Personal Data of Customer's employees or agents.

Gemalto: means Gemalto SA a company organized under the law of France located at 6 rue de la Verrerie Meudon 92190 (France), acting on its own behalf and on behalf of each company of the Gemalto Group.

Gemalto Group: means collectively or individually legal entity(ies) controlled by Gemalto N.V. a company organized under the laws of Netherlands. In this context, the control means direct or indirect (through any number of successive tiers) ownership of (a) more than fifty per cent (50%) of the outstanding shares having the right to vote for the election of directors or other managing authority of the subject entity; or (b) in the case of an entity which does not have outstanding shares (e.g., a partnership, joint venture or unincorporated association), more than fifty per cent (50%) of the ownership interests having the right to make decisions for the subject entity.

Personal Data: means any information relating to an identified or identifiable individual where the individual is associated with User.

2. Purpose of Processing of User information

2.1 The purpose of the processing of the User Information is to run the Campaign through an Employee.

2.2 Gemalto determines the purpose and means of the processing of the User Information, hence Gemalto is the entity controlling the User Information.

3. Quantity of Data

3.1 Gemalto restricts the processing of User Information to the Personal Data that is reasonably adequate and relevant for the purpose of the Portal.

3.2 Gemalto retains the User Information until a request to opt-out is received. The opt-out option is included with each Campaign. Upon the exercise of the opt-out option, the User Information is securely deleted or destroyed.

4. Information and Consent of Individual

4.1 With respect to the User Information a privacy notice containing these Data Processing Terms is made available to individuals via a dedicated hyperlink, it belongs to each Employee to be acquainted with these Data Processing Terms before participating to the Campaign. 

4.2 Employees consents to the processing of the User Information when participating in the Campaign.

5. Rights of individuals

5.1 If the Personal Data processed for the purpose of the Campaign is incorrect or incomplete, the Employee has the right to have the Personal Data rectified.

5.2 To undertake the rights set forth in Section 5.1 above the Employee has to make a request following the process set forth in each invitation message to participate in a Campaign.

6. Security

6.1 Gemalto takes appropriate commercially reasonable technical, physical and organizational measures to protect the User Information from misuse or accidental, unlawful or unauthorized destruction, loss, alteration, disclosure, acquisition or access.

6.2 Gemalto's staff is provided access to User Information only to the extent necessary to undertake the purpose set forth in Section 3 above and to perform their job.

6.3 Gemalto's staff in contact with User Information shall meet their confidentiality obligations as specified by contract, and Gemalto's policies.

7. Usage Limitation

7.1 Gemalto only uses the User Information within the scope of the set forth in Section 3 above. Gemalto does not share the User Information with third parties.

8. Policies and Procedures

8.1 Gemalto develops and implements policies and procedures to comply with these Data Processing Terms.

9. Applicable Privacy Law

9.1 The processing of User Information remains subject to the applicable local law. Individuals keep any rights and remedies they may have under applicable local law.

9.2 Where these Data Processing Terms provide more protection than applicable local law or provide additional safeguards, rights or remedies for individuals, these Data Processing Terms apply.

9.3 Any additional safeguards, rights or remedies granted to individuals under these Data Processing Terms are granted by and enforceable in France against Gemalto only. Gemalto ensures that adequate steps are taken to address the implementation of these Data Processing Terms by the company of the Gemalto Group.

More on this topic: Thales Privacy Policy, All About Me privacy policy