Personal data processing policy

This Policy applied to the satellite internet access service accessible from the website neosat.eu (« the Site ») published by Nordnet, a French company (SA) registered at the register of companies of Lille Métropole under the number 402 974 489, having its registered office at 20 rue Denis Papin 59 650 Villeneuve d’Ascq. It informs you of the way in which Nordnet, as a data controller, and through it, its processors within the meaning of the GDPR, process your personal data, as well as the way it processes your personal data in its capacity of processor. It also specifies Nordnet’s commitment in terms of security, confidentiality, privacy as a controller, processor of a third-party operator within the meaning of regulation relating to data protection.

Additional or specific information may be also explicitly brought to your attention when communicating with Nordnet or when documents are made available on the Site (for example, ordering a service, cookies …).

This Policy supplements the contractual conditions applicable to Nordnet Offers in terms of personal data. It may change from time to time. The version in force is the one published on the website neosat.eu, which can be accessed under the heading « Personal Data ».

Persons concerned by the Policy and processing carried out within the framework of this Policy are as follows:

Customers with an Offer and/or users of an Offer of Nordnet
Prospects
Visitors of the website neosat.eu
Customers’ legal successors, representatives or agents
Nordnet’s contractors and service providers in the context of the tasks Nordnet has given to them.

In what context does Nordnet process personal data ?

Nordnet processes personal data collected directly from you, in particular when you fill in a contact form, make a request in relation with an Offer accessible on the Site or as a result of the use of products, services or equipment supplied by Nordnet as part of Nordnet’s Offer.

Certain data may be collected indirectly through cookies (cf. our Cookies Policy) or from other sources such as our partners based on our legitimate interest (data suppliers, undertakings aiming to face non-payment or fraud, infrastructures operators, public data accessible in open data or to comply with our legal obligations or, with your consent collected by a third parties.

Nordnet, which is concerned about data protection and privacy, processes data in compliance with the essential principles of personal data protection such as defined by the GDPR and the applicable regulations.

What kind of personal data are processed by Nordnet ?

In accordance with the applicable personal data protection regulation and notably the GDPR, personal data is any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly.

Nordnet may process the following kind of data:

Identification and contact data: surname, first name, e-mail address, postal address, telephone number, administrative identifier, proof of identity or residence, etc.
Customer and/or user identification in relation to an Offer
Personal details: household composition, interests, etc.
Professional life: job held, work organisation, etc.
Personal characteristics: marital status, legal protection measures, social measures from which the customer benefits insofar as this is necessary for taking out an Offer or applying for a subsidy,
Financial data: means of payment, invoices, payment history, etc.
Products and services held or used, Offers and options
Consumption statements
Connection data
Information relating to equipment, services, after-sales service and assistance
Technical data: browsing data, connection logs, etc.
Complaints and possible disputes

When collecting your personal data, Nordnet will inform you whether it is compulsory or optional. Where applicable, failure to provide personal data presented as compulsory may make it impossible to process your request.

How is used your personal data ?

Nordnet processes your personal data for specific, explicit and legitimate purposes, depending on your status and the interactions you have with Nordnet.

Nordnet processes your data in the context of your browsing the Site, cookies subject to consent having been accepted, your requests for information or eligibility and your possible participation in promotional contests.

Nordnet processes personal data for the purposes of contractual or pre-contractual management of customers and prospective customers, in particular in order to:

Enable contracts to be concluded and Offers to be subscribed to
Respond to requests for information,
Carry out or enable your eligibility as part of your Internet access,
To provide services (in particular to deliver products or services ordered)
Identify and authenticate the customer and/or user, contacts (...),
Enter the order and your action requests,
Managing the equipment, preparing it, configuring it, dispatching it, collecting it, repackaging it, destroying it, etc.
Handle incoming mail
Invoice and collect payments/ if necessary, carry out debt collection,
Process your grant application
Provide our Offers
Give you access to your Customer Area
Manage the contractual relationship
Providing after-sales service and, where applicable, legal guarantees, as well as assistance and responding to requests for information,
Handle contract terminations (such as cancellations and withdrawals), as well as changes of supplier,
Responding to any complaints or disputes, and dealing with requests from the Mediator of electronic communication

Nordnet processes personal data based on its legitimate interests, in particular in order to:

Manage requests for information or eligibility,
Carry out surveys of customers or prospective customers,
Carry out processing for statistical purposes,
Ensure the security of platforms, services and networks,
Deploy and operate services and offers,
Auditing and assessing vulnerabilities,
Managing its environmental impact,
Fighting fraud,
Analysing the use of services to make proposals to customers,
Improve offerings, customer relations and support,
Dealing with security incidents and improving security.

Nordnet processes personal data based on your consent for canvassing purposes. In particular, this involves processing for the purposes of organising direct marketing operations, sales promotions, promotional contests etc.; and possibly taking a fully automated decision, based on profiling without this conditioning on a fully automated basis the right to enter into a contract.

Depending on the applicable regulations, your status as a consumer or a professional, the means of communication used and the operation concerned, it may be necessary for Nordnet to obtain your prior consent. For all intents and purposes, you are reminded that the fact that you do not expressly consent to receiving commercial canvassing on a new collection form does not mean that you do not wish to receive commercial offers and information from Nordnet, without any further action on your part, in the event that you have previously agreed to receive them.

Nordnet processes your data to meet its legal or regulatory obligations, in particular in order to:

Keep the required data,
Respond to requests from Authorized Data Authorities or legal Authorized and bodies,
Respond to legal requests and interception requests
Respond to requests for emergency communication, alert messages or information of general interest, sent by the Authorities
Handle emergency calls or requests relating to the universal electronic communications service
Respond to requests to exercise rights
Responding to the Authorities during inspections or investigations
Meeting its legal obligations in terms of contractualization, billing, archiving and security
Meeting its environmental obligations
Deal with any complaints and disputes, and handle requests from the Mediator of electronic communication.
When Nordnet intervenes on a strictly technical level, without any direct commercial relationship with the customer, Nordnet acts on the basis of instructions received from the data controller, in compliance with the essential principles of data protection, for limited, explicit and legitimate purposes in relation to the tasks entrusted to it.

How long are your personal data kept ?

Your personal data are kept for the period:

Necessary for the fulfilment of the aforementioned purposes,
Defined in accordance with legal retention obligations,
Increased by the legal period of limitation period as applicable.

Nordnet keeps data in active database as long as it is relevant to the purposes for which it is processed and then in archive database.

The retention periods for personal data are applied by Nordnet in particular on the basis of the following criteria:

Purpose of the process	Period of conservation
Management of prospects file	3 years from the collect of the data or from the last contact from the prospect
Management of customers file	Duration of the commercial relationship + 3 years for a residential Offer aimed to a consumer and + 5 years for a professional Necessary duration to establish the proof of a right or a contract: limitation period for civil and commercial matters 5 years Obligation to keep records and documents created in the course of commercial activities: 10 years from the closing of the financial year. Retention of contracts concluded by electronic means; 10 years from the delivery or from the provision of the service.
Exercise of right of access or right to delete	Piwik Pro
1 year of conservation of identity documents	Piwik Pro
Management of the orders, deliveries, invoicing Accounting documents and supporting documents	10 years
Statistics of audience measurement	13 months
Connection data	13 months
Management of newsletter	Until the unsubscribe of the data subject
Banking information	5 years
Numbers of credit card or bank card	Data related to credit or bank card shall be deleted once the transaction is realized (effective payment) plus cancellation period if applicable. Data may be stored in intermediate archiving for the purpose of evidence in the event of any disputes related to the transaction for a period of 13 months. This period may be extended to 15 months in order to take into account the possible use of card with a deferred debit. Possible longer period based on the consent of the data subject in order to facilitate regular payment or subsequent order for example.
Bank card visual cryptogram (CVV2)	Time necessary to realize each transaction
Management of a list of opposition to receive prospection	At least 3 years from the date of inscription in the list Limitation period 5 years
Data useful to answer to the communication requirement of the Authorities, requisitions of the Authorities and Court decisions	3 years from the date of the response
Data related to exercise of rights of the data subjects	5 years from the process of the demand or, by default from the limitation period of a decision of the Control Authority or Supervisory Authority or limitation period of the litigation

To whom your personal data may be accessible ?

Your personal data are intended for Nordnet's departments, its partners and its contractors/processors (within the meaning of the GDPR) involved in the supply of its Offers and more generally in order to commercially propose its Offers, collect/enter the Order, execute or supply all or part of the Offer subscribed to, carry out the delivery of the Equipment, and its follow-up carried out, where applicable, partially outside the European Union, with regard to the commercial proposal of the Offer, Order entry, assistance and customer service.

Nordnet only communicates your data to contractors/processors with whom Nordnet has concluded a contract in which they guarantee their commitment and their ability to meet security and confidentiality requirements and to comply with all legal and regulatory obligations relating to the protection of personal data.

Lastly, the data processed may be transmitted to the competent authorities, administrations and bodies, at their request, in the context of legal or regulatory procedures, requisitions or judicial decisions and requests for information, to the Electronic Communications Mediator and to persons subject to an obligation of secrecy who may receive it in order to assist Nordnet in the performance of its legal or regulatory obligations.

Where are your personal data processed ?

The data collected are processed by Nordnet and any of its partners or processors, mainly within the European Union. Some data may nevertheless be processed outside the European Union, in particular for storage or assistance purposes or for the performance of the contract, by processors. Where applicable, an adequate level of protection for your personal data is required for any transfer of data outside the European Union if the country does not benefit from an adequacy decision issued by the European Commission.

In this case, Nordnet takes the necessary measures to ensure that such a transfer provides appropriate guarantees, in particular contractually, by means of European Commission standard contractual clauses or any other approved mechanism, in compliance with the applicable regulations.

What are your rights with regard to personal data ?

In accordance with the regulations applicable to data protection, you have the right to access, rectify, limit, delete and oppose the processing of your personal data on legitimate grounds and under the applicable legal conditions, and the right to oppose the transmission of your personal data to third parties, unless such transmission is required by law or is necessary for the performance of the contract you have entered into. You also have the right to object to receiving commercial information.

You also have the right to formulate general or specific directives for the conservation, deletion and communication of your personal data after your death under the conditions laid down by law. In accordance with articles L.224-42-1 to L.224-42-4 of the French Consumer Code, you also have the right to portability and recovery of your data. You have the right to lodge a complaint with a supervisory authority (the CNIL).

You are informed that you also have the right to object to a fully automated decision, based on profiling, being made by Nordnet.

To exercise your rights, please send your complete request (accompanied, if necessary, by a copy of an identity document) by post to Nordnet, Customer Department, 100 or by e-mail to coordonnees@nordnet.com specifying:

Your surname, first name, address (postal or email)
Telephone number, if applicable
Your customer number, or file number if applicable

How are your personal data secured ?

Nordnet attaches particular importance to the security of your personal data and ensures that your personal data are processed in accordance with applicable legal and regulatory requirements, including when certain operations are carried out by processors. To this end, Nordnet has put in place appropriate security measures to ensure that access to your data is limited to employees, subcontractors or other third parties who need to access it in order to carry out their duties and who are subject to an obligation of confidentiality. Appropriate technical and organisational measures to prevent the loss, misuse, alteration and capture of your personal data are put in place by Nordnet and any processors, including data encryption. These measures are adapted and revised.

DPO

If you wish to contact Nordnet's Data Protection Officer, please send an e-mail to the address: dpo@nordnet.com