Updated on October 16th, 2023
GENERALITIES
PENTALOG FRANCE is a French simplified joint-stock company (SAS) headquartered at 9 rue du 4 Septembre, 75002 Paris, France, and the parent company of PENTALOG GROUP, a globally enabled digital skills and services platform.
This Privacy Policy applies to all websites (the “Website”) of PENTALOG (“PENTALOG”), unless an Affiliate or a website of PENTALOG GROUP publishes its own privacy policy.
“Affiliates” in this Policy shall mean any companies belonging to PENTALOG GROUP whether existing at present or in the future and/or majority shareholder companies of the PENTALOG Group. PENTALOG is a GLOBANT’s division.
In the interest of full transparency, PENTALOG provides a list of its Affiliates to whom this policy applies and the relevant Data Protection Authorities (Article 14).
This Privacy Policy explains:
2. Data collected by PENTALOG.
3. How does PENTALOG use the data collected?
4. Who receives the data collected by PENTALOG and why is the data passed is shared with to them?.
5. How does PENTALOG use and moderate comments?
7. Where and how data is shared by PENTALOG
9. Your rights over your personal data
11. Links to other websites from PENTALOG’s Website
12. Changes to the Privacy Policy
14. PENTALOG’s Affiliates and relevant Regulatory Bodies
15. Specific requirements for non-EU Pentalog’ Affiliates
1. Introduction
Since its creation, PENTALOG has put privacy at the heart of its business.
PENTALOG is therefore committed to the protection of and respect for the fundamental rights guaranteed by the laws and regulations in force, in particular the General Data Protection Regulation (“GDPR”) in force since May 25th 2018 in the European Union (“EU”).
For non-EU based users, the Website is hosted by PENTALOG FRANCE on its data center located in Paris (France) and so it is subject to French Data Privacy Act of 1978 and the GDPR. PENTALOG as a data controller will offer you the same rights than EU-based Users and processed your data with the same level of protection as required in the GDPR.
The laws and regulations of different countries may impose different requirements (and even conflicting) with French laws and the GDPR. For Users located in another country outside of the EU, please note that any information you provide may be transferred to the EU, and when entering your information in our Website or sending your information to a Pentalog’s representative, you authorize this transfer by acceptance of this Privacy Policy.
PENTALOG’s Privacy Policy (the “Policy” or the “Privacy Policy”) is intended to inform you, in a transparent manner, of practices regarding the collection, use and sharing of information you may need to provide on the Website of the Affiliates of PENGALOG GROUP, accessible on www.pentalog.com, unless an Affiliate publishes its own privacy policy.
This Policy (and all documents to which it refers such as the Cookies Policy) describes how PENTALOG processes the personal data collected or provided by you. PENTALOG recommends you read this document carefully to familiarize yourself with and understand its practices regarding the processing of your personal data.
The terms used in this Policy have the meaning of the definitions set out in the GDPR and in not any other local data protection legislation.
2. Data collected by PENTALOG
PENTALOG may collect and process data relating to its Website’s users (the “Users”) whether they are:
- Candidates for positions within PENTALOG or one of its Affiliates;
- Prospective clients or contacts;
- Clients or Suppliers;
- Users that do not belong to any of the precited categories
- Users cookies (please refer to our Cookies Policy)
The detail on the type of data collected by PENTALOG is available at the dedicated chapter to the categories of data subject concerned. Thus:
- To view the chapter of our Privacy Policy for our Candidates, please click here.
- To view the chapter of our Privacy Policy for our Clients & Suppliers, please click here.
- To view the Privacy Policy for the Visitors (different from the above categories) of our website, please click here.
3. How does PENTALOG use the data collected?
PENTALOG uses the data collected for the purposes of:
3.1 Assessing applicants for positions offered by PENTALOG or within PENTALOG GROUP;
3.2 Notifying applicants of PENTALOG GROUP’s job offers that may interest them;
3.3 Due diligence: preparatory step for the signing of an employment contract;
3.4 Due diligence: in order to confirm applicants’ identities;
3.5 Sending targeted offers and marketing communications;
3.6 Communicating with prospective clients or clients after the services are provided;
3.7 Providing a price list;
3.8 Due diligence: preparatory step for the signing of a contract with a client or supplier;
3.9 Communicating with all interested parties in PENTALOG’s activities
3.10 Sending newsletters or advertising events that may interest recipients.
4. Who receives the data collected by PENTALOG and why is the data passed is shared with to them?
4.1. Some information that you share with PENTALOG might be shared with PENTALOG’s Affiliate, in accordance with this Policy, for the purpose of making best use of its services.
4.2. PENTALOG works in close collaboration with its Affiliates and third-party companies who may have access to your personal data. This is particularly the case:
- for technical services;
- to confirm your identity;
- for suppliers;
- for internal administrative and accounting matters;
- for recruitment when using its Affiliate SkillValue to assess applications.
4.3. PENTALOG only shares data with the third parties mentioned in article 4.2 in the following cases:
- When PENTALOG uses suppliers to improve and optimize its Website and services;
- When using communication tools (social networks, chat tools from our Website) and email clients to communicate with you;
- When PENTALOG is (1) legally required to comply with a request from the legal authorities, (2) an emergency poses a risk to an individual’s physical safety, (3) when PENTALOG needs to implement a contract or prepare for the implementation of a contract (4) to guarantee the rights of PENTALOG;
- In the event of the sale or purchase of a company or assets, PENTALOG reserves the right to share its users’ personal data with the potential seller or buyer of this company or these assets.
- If PENTALOG or all or part of its assets are acquired by a third party, the data in its possession shall, where required, be passed on to the new owner.
- Under the regulations in force and with its users’ consent, PENTALOG may, where necessary, aggregate data and send it to companies in the PENTALOG GROUP, including all or part of its users’ personal data and the cookies collected. This information shall be used strictly for the purposes described above.
- By allowing PENTALOG to access personal data via social networks, their privacy policy and terms of use become effective for users. PENTALOG has no control over the collection or processing of data collected by these networks.
5. How does PENTALOG use and moderate comments?
PENTALOG reads comments posted on its blog and ensures that comments do not contain inappropriate content. Users are required only to post appropriate content related to the subject on our blog.
6. Emails sent by PENTALOG
6.1. PENTALOG may only use your data provided on the Website in accordance with the GDPR, in other words: with your consent where required, in particular to (1) send targeted marketing content, (2) send a newsletter, (3) send a price list, and (4) send an event invitation.
6.2. In accordance with its legitimate interests, PENTALOG may send you emails if you are likely to be interested in its services or if you have shown an interest in its services.
6.3. Pursuant to the legislation in force, you may decide to stop receiving emails from PENTALOG, at any time, by withdrawing your consent. To do so, you must unsubscribe via the link included at the bottom of every marketing email or by emailing PENTALOG with the details of the request at the following address: contact@pentalog.com.
6.4. For personal data collected indirectly by PENTALOG, the right of information as defined by the GDPR shall be respected at all times by PENTALOG from the first communication with the data subjects. They may decide, at any time, to exercise the rights set out in article 6.3.
On social networks (for example, Facebook and Twitter) you can oppose the processing of your data at any time by configuring your account settings relating to advertising;
On third-party websites: you can refer to the Cookie Policy to find out how to withdraw your consent.
7. Where and how data is shared by PENTALOG
7.1 For EU or European Economic Area (EEA) Users, PENTALOG stores your personal data within the European Union. For non-EU users, PENTALOG may use data centers out of EU or the EEA.
7.2 However, while using the Website, some of your data may be transferred to other countries whose local personal data protection laws differ from those in the user’s country of residence.
7.3 This happens when data is transferred via third-party application software. PENTALOG uses this third-party application software to operate its services, communicate with you, and pass on information in preparation for the signing of a services contract.
Only for B2B contacts, our carefully selected partners and service providers may process personal information about you on our behalf as described below:
- Digital Marketing Service Providers
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:
(i) Prospect Global Ltd (trading as ‘Sopro’) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: https://sopro.io. Sopro is registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.”
7.4 This is also the case for Affiliates located outside the EU or the EEA to which PENTALOG may transfer some data as part of the provision of services in these countries or certain administrative and accounting tasks.
7.5 When such transfer occurs, PENTALOG shall ensure that the transfer is done in accordance with this Policy and guaranteed an adequate level of personal data protection of your personal data through the use of the Standard Contractual Clauses of the European Commission among other.
7.6 In the interests of full transparency towards its users, PENTALOG undertakes to provide on request the list of countries in which users’ personal data is stored in the European Union or the EEA, and the list of countries to which data is occasionally passed on.
8. Security measures
PENTALOG takes all the necessary technical and organisational measures in accordance with the GDPR to guarantee the best possible level of security, ensuring comprehensive protection of the personal data collected
These security measures will oblige for example PENTALOG to verify the requested identity of an individual in case of exercise of the rights provided in the article 9.
If you believe your personal data has been interfered with in any way, please contact PENTALOG immediately in accordance with article 13.
9. Your rights over your personal data
9.1 If you are an EU or an EEA based Users, you are under the provisions of the articles 12 and seq. of the GDPR:
You have the right to access your personal data processed and held by PENTALOG.
When such a request is made by a user, PENTALOG may, before responding, confirm the user’s identity by asking them to provide more information.
In the case of requests which, due to their number or repetitive or systematic nature, are manifestly unreasonable, excessive or unfounded, PENTALOG may either refuse to pursue the request by demonstrating its manifestly excessive or unfounded nature or request the payment of reasonable fees that consider the administrative costs incurred in providing the information, sending correspondence or adopting the measures requested.
For non-EU based users, PENTALOG will guarantee the same level of rights on your personal data when provided by the local applicable regulation on personal data.
9.2 Pursuant the articles 12 and seq. of the GDPR, PENTALOG shall respond to you as soon as possible and, in any case, within one month of receipt of the user’s request, or within two months considering the complexity and number of requests.
In this case, PENTALOG shall inform you of the reasons for extending the deadline of one month from receipt of the request.
9.3 You may correct, change or remove any incorrect information under the articles 12 and Seq. of the GDPR.
It is your responsibility to provide PENTALOG with full, accurate and up-to-date information. You may withdraw your consent at any time.
Any request to change or remove data must be made by contacting PENTALOG directly in accordance with article 13, below.
9.4 PENTALOG may store some of your personal data if required by the legislation of an EU Member State in which it operates or EU legislation. This shall also be the case when PENTALOG has a legitimate interest in doing so under the terms of the applicable law or the GDPR. (This also applies to non-EU based users according to local applicable legislation).
9.5 Under the applicable law, when this is the case, in particular in France pursuant to the Data Protection Act, you may give instructions relating to the storage, deletion and disclosure of your data after your death.
10. Cookies
Pursuant to article 1 of the presents on the data that PENTALOG is collecting cookies and pursuant to its Cookies Policy, PENTALOG uses cookies to customize and optimize browsing and time spent online. Refer to the Cookies Policy for more information.
11. Links to other websites from PENTALOG’s Website
The Website may contain some links to the Websites of companies in PENTALOG GROUP or third-party companies such as social network or media. PENTALOG hereby informs you that some Affiliates have own very strict and transparent privacy policy, which can be viewed on their websites or will be available shortly. As for third-party companies, it is your responsibility to familiarise themselves with their privacy policies before submitting your personal data. PENTALOG may not be held liable for use of this data by these third-party websites and shall not, under any circumstances, be responsible for the privacy policy of these third-party websites.
12. Changes to the Privacy Policy
PENTALOG reserves the right to change its Privacy Policy at any time.
PENTALOG shall visibly publish any substantial changes on its Website and they shall take effect from the date of publication. In this case, PENTALOG shall contact you via email if necessary. PENTALOG is committed to full transparency regarding the use of your data, subsequent uses and the third parties to whom PENTALOG intends to disclose it.
13. Contact PENTALOG
Users of the Website can contact PENTALOG with any queries relating to this Policy or any requests relating to their personal data.
PENTALOG can be contacted via its website, at the email address contact@pentalog.com or, to exercise the rights guaranteed by the applicable laws and the GDPR, by sending this form to the address given above and reproduced in the form’s header.
The request must contain the username and address or other means to communicate the answer to the request, where appropriate, the documents establishing the identity or legal representation, the clear and precise description of the Personal data on which to search exercise any rights and any other element that facilitates the location of Personal data.
14. PENTALOG’s Affiliates and relevant Regulatory Bodies
As described above, this Policy applies to the companies below. PENTALOG provides a list of the relevant regulatory bodies based on the information available as of October 6th 2023:
|
15. Specific requirements for non-EU Pentalog’ Affiliates
15.1. Mexico
Pursuant to the Federal Law on Protection of Personal Data held by individuals (“FLPPDPP”) and the Regulations to the Federal Law on Protection of Personal Data Held by Private Parties (‚the Regulation‘) in force in Mexico, PENTALOG has implemented all technical and organizational measures to ensure the protection of your Personal data.
PENTALOG collects only the information on this Website as described in previous relevant chapters of this Policy. The personal data Pentalog collects in compliance with all the principles pursuant to the FLPPDPP: legality, quality, consent, information, purpose, fairness, proportionality and accountability.
PENTALOG do not market, sell or rent personal data about you to third parties.. PENTALOG does not collect sensitive personal data of the Users.
PENTALOG guarantees your exercise of your ARCO’s rights (access, cancellation, rectification, and opposition) as provided in article 9 of this Privacy Policy, by directing your request by email as provided in Article 13 of this Privacy Policy.
This Privacy Policy meets the requirements of articles 15 and 16 of the FLPPDPP.
15.2. Moldova
The Moldovan Law of 8 July 2011 No. 133 on Personal Data Protection, provides general personal data protection provisions, establishes data subject rights such as the rights to access, rectification, or erasure, and includes requirements to appoint a data protection officer and provide data processing notifications. PENTALOG and its Affiliate based in Moldova is committed to be fully compliant with the laws on data protection applicable in Moldova.
For data transfer, National Center for Personal Data Protection (‚NCPDP‘), has adopted the Decision of the NCPDP No. 23 of 17 March 2022 on the approved list of states that ensure an adequate level of personal data protection (only available in Romanian here). In addition, pursuant to Article 32(2) of the Law on Personal Data, transfer of personal data is allowed if the transfer is made to the member states of the European Economic Area (‚EEA‘). Where a country is not a member state of the EEA or is not recognized as providing an adequate level of protection, personal data may still be transferred following specific criteria that PENTALOG has ensured to comply with.
For Users residing in Moldova, PENTALOG guarantees the exercise of their rights over their Personal data pursuant to article 9 and 13 of this Privacy Policy.
15.3. The United Kingdom
PENTALOG is committed to comply with Data Protection Act 2018 and the UK General Data Protection Regulation (Regulation (EU) 2016/679) (‚UK GDPR‘) obligations. Any data transfer between the EU and the UK can flow freely since the EU officially adopted an adequacy decision for the UK on June 28th, 2021.
Besides maintaining full compliance with the Data Protection Act of 2018 and UK regulations, for PENTALOG’s Affiliate based in the UK, the EU’s GDPR also applies for business based in the UK because of the extraterritoriality principle of the EU’s GDPR.
Any difference between EU’s GDPR and UK regulations have been strictly reviewed and PENTALOG considers extremely important to ensure its compliance to what’s required. UK based Users can exercise any right guarantee by the UK GDPR and the Data Privacy Act as mentioned in articles 9 and 13 above.
This Privacy Policy meets the requirements of the UK GDPR and the Data Privacy Act.
15.4. United States (California)
- The CCPA
For Californian based Users, the California Consumer Privacy Rights Act 2018 (CCPA) requires PENTALOG to provide User with certain information regarding the personal information collected by PENTALOG that relates to, or is reasonably capable of being associated with, User as an individual. This Privacy Policy is compliant with this requirement.
The CCPA creates obligations for PENTALOG’s Affiliate in the US and provides certain rights for consumers, such as the right of access, the right of deletion, and the right to opt-out of the sale of their personal information. Besides the requirements already guaranteed by the articles 9 and 13 of this Privacy Policy, PENTALOG guarantees that Users right to opt out is absolute but not apply to information collected by PENTALOG
- The CPRA
The CCPA was subsequently amended by the California Privacy Rights Act of 2020 (‚CPRA‘) which introduces new requirements associated with data sharing, sensitive data, among other things. The CPRA also creates enhanced as well as new consumer rights including a right to correction, an expanded right to access, and additional disclosure and transparency requirements. Besides the requirements already guaranteed by article 13 of this Privacy Policy, PENTALOG guarantees:
– Users that PENTALOG will not be discriminated against them for exercising any rights they may have as a consumer under CCPA.
– Users‘ information collected by PENTALOG will not be sold.
- Children protection
Pursuant the article 5 of Terms of Use of our Website, Users warrant that they have the minimum legally required age in their country of residence when accessing our Website. Besides, our Website is not intended for, nor targeted to, children under 13, and PENTALOG do not knowingly request or collect personal information from any person under 13 years of age. If we learn that we have received information directly from a child who is under the age of 13, PENTALOG will delete the information in accordance with applicable law.
- Supplemental California Privacy Rights – The "Shine the Light" Law
Users residing in California are authorized, under California Civil Code Section 1798.63, to request information regarding the disclosure of their personal information by PENTALOG or its Affiliates to a party to direct marketing purposes by third parties. These rights granted to California residents apply only to activities in the States of California. PENTALOG do not disclose personal information for direct marketing purposes to any third parties.
15.5. Vietnam
PENTALOG’s Affiliate in Vietnam is committed to comply with Vietnamese local regulations for the protection of Users’ personal data, including the Decree No. 13/2023/ND-CP on the Protection of Personal Data (“PDPD”). This Privacy Policy is compliant with these requirements and provides all information and rights to Users over their personal data processed and stored by PENTALOG and its Affiliate in Vietnam. The articles 9 and 13 of this Privacy Policy guarantee the exercise of Users’ rights.