Privacy Policy
What is the purpose of this Privacy Policy?
We attach great importance to the protection and privacy of your personal data, which represents a guarantee of seriousness and trust.
The purpose of this Privacy Policy is precisely to demonstrate our willingness to comply with the applicable rules related to personal data protection and, more particularly, to the General Data Protection Regulation (“GDPR”).
In particular, the Privacy Policy aims to inform you about how and why we process your personal data in the context of the services we provide.
Who does this Privacy Policy for?
The Privacy Policy applies to you, regardless of your location, whether you are a customer, a potential customer (“prospect”) or a simple visitor.
If you are under 18 years old, you are not allowed to use our services without the prior and explicit consent of one of your parents. If you believe that we may host information about a child of yours under the age of 18 without your prior consent, you may request that we erase it at dpo@stream.law.
Why do we process your personal data and on what legal basis?
In the context of the services offered, we are necessarily required to process your personal data for the following purposes and legal basis:
- To use our services (e.g. creating an account, organising meetings, advise and support, etc.) and to answer to your requests (e.g. requests for information, management of files, management of court hearings, etc.) based on our terms and conditions of sale, our terms and conditions of use of our website, and our legitimate interest in providing you with the best possible service.
- To keep you informed of our latest events (ex : training, webinars, etc.) on the basis of our legitimate interest.
- To ensure and reinforce the security and quality of our services on a daily basis (e.g. statistics, data security, etc.) on the basis of our legal obligations and our legitimate interest in ensuring the proper functioning of our services.
- Finally, we may also install “cookies” on your device. For more information on the use of cookies, please consult our “Cookies Policy”.
We undertake to process your personal data only for the reasons described above.
What personal data do we process and for how long?
We have summarised thereafter the categories of personal data we collect either directly from you or indirectly through databases of potential customers, as well as their respective retention periods.
If you want more details about the retention periods, you can contact us at dpo@stream.law.
- Professional identification and contact data (e.g. surname, first name, professional email address and professional address, etc.) stored for the duration of the provision of the service plus the legal limitation periods, which are generally 5 years. Please note that we do not collect any of your identity documents (e.g. identity card or passport, social security number or driver license).
- Economic and financial data (e.g. bank account number, invoice address, etc.) retained for the necessary period for the transaction and for the management of invoicing and payments, plus the legal limitation periods, which are generally 5 to 10 years.
- Data used to organise events (e.g. email address, etc.) retained for a maximum period of 3 years from the last contact we had with you.
- Login data (e.g. logs, IP address, etc.) retained for a period of 1 year.
- Cookies retained for a maximum period of 13 months from their installation.
At the end of the retention periods summarised above, we erase all your personal data to ensure your privacy for future years.
The erasure of your personal data is irreversible and we will no longer be able to communicate it to you after this period. After such erasure, we may only keep anonymous data for statistical purposes.
Please also note that in the event of a dispute, we have the obligation to retain all data we have from you during the case even if the retention periods described previously have expired.
What rights do you have to control the use of your personal data?
The applicable data protection regulations grant you specific rights that you can exercise, at any time and free of charge, to control the use we make of your personal data.
- The right of access to your personal data and to obtain a copy, provided that this request does not conflict with business secrecy, confidentiality or the secrecy of correspondence.
- The right to rectification of inaccurate, obsolete or incomplete personal data.
- The right to object to processing of your personal data for direct marketing purposes.
- The right to obtain the erasure (“right to be forgotten”) of your personal data that is not essential to the proper functioning of our services.
- The right to restriction of processing your personal data, which allows you to freeze the use of your data in the event of a dispute over the lawfulness of a processing operation.
- The right to give instructions on the fate of your personal data in the event of your death. You can give instructions directly by you or through a trusted third party or a beneficiary.
- The right to your personal data portability which allows you to transfer some of your personal data from one information system to another.
To be taken into account, the request has to be made directly by you to the following address dpo@stream.law. Any request not made by this means cannot be processed.
No request can be made by anyone other than you. Please note that we may ask you to prove your identity in case of doubt.
We will respond to your request as quickly as possible, up to a maximum of two months from receipt, if the request is technically complex or if we receive many requests at the same time.
Please note that we can always refuse to respond to any excessive or unfounded request, especially if it is repetitive.
Who can access your personal data?
We only share your data with duly authorized persons to perform our services. This may include our staff in charge of the performance of our services, accounting, marketing or even the security of our offices.
We may also disclose your personal data to public authorities, courts, external consultants and legal advisers, as well as to service providers.
How do we protect your personal data?
We implement all the technical and organisational measures required to guarantee the security of your data on a daily basis and, in particular, to struggle against risks of destruction, loss, alteration or unauthorised disclosure of your data.
In particular, we use encryption technology to encrypt your personal data, our computer passwords are changed frequently and require a high level of security, we have backup servers for the backup of your personal data, and all our devices are obviously protected by the latest antivirus and firewall software.
Can your personal data be transferred outside the European Union?
Unless strictly necessary and on an exceptional basis, we never transfer your personal data outside the European Union and your personal data are always hosted on European territory. In addition, we do all that we can to use only service providers who host your personal data within the European Union.
In case our service providers transfer your personal data outside the European Union, we scrupulously ensure that they implement the appropriate guarantees to ensure the confidentiality and protection of your personal data.
Who can you contact for more information?
Our Data Protection Officer (“DPO”) is always at your disposal to give you a detailed explanation of how we process your personal data and to answer your questions on this subject at the following address dpo@stream.law.
How can you contact the French Supervisory Authority (the “CNIL”)?
You may at any time contact the French Supervisory Authority for personal data protection (the “Commission nationale de l’informatique et des libertés” or “CNIL“) at the following address: Service des plaintes de la CNIL, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 (France) or by phone at +331.53.73.22.22.
Can the policy be modified?
We may modify our Privacy Policy at any time to adapt it to new legal requirements and to new processing operations that we may implement in the future. You will of course be informed of any modification of this Privacy Policy.
Certified compliant by Dipeeo ®