Privacy Policy

At ExoSat, we recognise the critical importance of data protection in today's digital landscape. Inspired by pioneering efforts in data privacy, we've developed a robust approach to safeguarding personal information that goes beyond mere compliance with regulations like GDPR.

As a technology company, we're committed to integrating cutting-edge protection measures into our services, fostering a culture of respect for data privacy.

Our privacy policy reflects our dedication to preserving your fundamental rights and freedoms, acknowledging that behind every piece of data lies a unique individual deserving of protection.

Why is ExoSat involved?
All companies processing personal data and conducting their activities within the European Union must comply with European regulations and the legislation in force relating to the protection of personal data.

​

What is personal data?
Personal data refers to any information relating to an identified or identifiable natural person, either through an identifier or one or more elements specific to their identity. This may include, for example, your surname, first name, email address, location, identity card number, IP address, photos, or social or cultural profile.

​

What is the processing of personal data?
Processing of personal data refers to any operation or set of operations performed on such data, including collection, recording, organisation, storage, adaptation or modification, extraction, consultation, use, disclosure, erasure or destruction.

​

What is the purpose of the processing?
The purpose of the processing is the primary objective for which personal data is used. Personal data must be collected for a clearly defined and legitimate purpose and must not be further processed in a manner incompatible with this initial purpose. This principle of finality restricts how the data controller can use or reuse this personal data in the future.

ExoSat, as part of its own activities, occasionally needs to collect personal data, without relying on large-scale processing.

​

During such processing, the nature, retention period, and purpose of the personal data handled depend on the role of our interlocutors. In all cases, your personal data may be communicated internally to employees who have been strictly authorised to access it, to internal or external subcontractors, and, if necessary, to our partners and state bodies. We require the utmost respect for your data from all parties involved and ensure they take every necessary precaution in processing your personal data by rigorously controlling their purposes in accordance with our instructions.

​

1. You are applying
If you are a candidate, we may process personal data such as your email address when registering for the newsletter, your curriculum vitae, and the information mentioned therein (surname, first name, address, date/place of birth, email, telephone number, family situation, extra-professional activities, schooling, training, diplomas, employers).

​

As the data controller, it is our responsibility to determine the purposes and means of processing. At ExoSat, the collection of candidates’ personal data is solely for the recruitment department to assess your suitability for the job offered by the company and to offer you the position that best matches your profile. Processing involves collection, storage, consultation, extraction, transfer and destruction.

If you are unsuccessful in your application, we will delete any personal data you have shared with us no later than two (2) years after our last contact with you.

​

2. You are an employee or a former employee
If you are one of our collaborators (or former collaborators), we are required to process the data included in your curriculum vitae, personnel information sheet (form completed by you upon hiring), or employment contract.

​

As the data controller, it is our responsibility to determine the purposes and means of processing. At ExoSat, processing this data facilitates work organisation management, administrative personnel management, career development and training. Personal data is also used to highlight your skills in response to calls for tenders. Processing involves collection, storage, consultation, retrieval, transfer and destruction.

​

We will retain your personal data for the duration of your employment contract and then for a maximum of five (5) years after its termination.

​

3. You are a third party
If you are a third party (customer, prospect, supplier etc.), our obligations and responsibilities vary depending on whether our company acts as a data controller or subcontractor under GDPR regulations.

We act as a data controller when collecting all personal information specific to each project that is communicated by you. As a data controller, we process this data to send updates on progress; comply with contractual and regulatory obligations; maintain relationships necessary for business activities (commercial operations, maintenance services etc.); ensure accessibility to information systems for various users; analyse existing client products (software platforms or databases) for requested changes; or test products developed or under development using personal test data provided by you.

Other purposes may also arise but remain specific to each project (e.g., software maintenance).

We retain your personal data for as long as our contractual and/or commercial relationship lasts. Unless otherwise stated in the contract, we then retain your personal data for five (5) years after the end of our contractual relationship.

​

Simultaneously, we act as subcontractors when working on customer sites within the scope of our mission and accessing personal data stored on the customer’s information system solely within this framework. In such cases, we follow written instructions from the customer regarding processing purposes and retention periods defined by them as the data controller. Under no circumstances may this personal data be used by ExoSat; we guarantee its destruction at the end of our intervention.

​

Our employees are trained in implementing security measures and are bound by strict confidentiality regarding any personal data they process during their work. We also ensure compliance with emergency procedures in cases of unauthorised destruction, loss, alteration or disclosure of personal data held by ExoSat. These procedures aim to prevent breaches while enabling swift and appropriate responses to incidents to minimise their impact effectively.

Beyond the general obligations naturally implemented, and fully aware of the challenges, we have gone further in protecting your personal data through effective internal tools.

​

We place particular importance on complying with our legal obligations regarding the protection of personal data. A Data Protection Officer (DPO) has been appointed to oversee the legal compliance of processing activities within ExoSat, advise employees, and cooperate with customers, subcontractors, and the supervisory authority.

​

We regularly document personal data in a register that specifies the objectives pursued, the categories of personal data used, the individuals with access to the data, and their retention periods.

​

We ensure that the use of personal data is restricted to the purposes of the intended processing: ExoSat does not use personal data for purposes other than those predefined, in compliance with the principle of proportionality.

​

We also ensure that personal data is stored and retained only for the duration necessary to achieve the intended purposes and within the specific retention period applicable to each type of data.

We are committed to cooperating with the supervisory authority when required.

Finally, appropriate security measures have been implemented to protect personal data according to its sensitivity.

The European regulation and the current laws relating to the protection of personal data have created new rights for the benefit of the persons whose data we collect. We offer everyone the opportunity to exercise them in the best conditions.

We thus guarantee the effectiveness of the right of access, the right of information, the right of modification, the right of opposition, the right to be forgotten, the right to limit processing, the right to personal data portability, the implementation of which requires contacting our DPO, whose email address is given below.

For more details on your rights, go to the CNIL website: https://cnil.fr

​

Finally, we remind you that you have the right to lodge a complaint with
the CNIL (National Commission for IT and Liberties):
3 Place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07, France.

ExoSat reserves the right to make minor changes to this Privacy Policy to ensure compliance with technological developments, industry practices, and regulatory requirements, or for other reasons. Any significant modification will be preceded by a visible publication on the homepage of this website before it becomes effective.

Whether you are a candidate, employee (or former employee) or third party, for any additional information or to assert your rights, do not hesitate to send an email to our DPO: data@exosat.eu.