PERSONAL DATA PROTECTION POLICY

BUREAU VERITAS GROUP PERSONAL DATA PROTECTION POLICY FOR USERS 

BUREAU VERITAS GROUP PERSONAL DATA PROTECTION POLICY FOR USERS 

(Last update: May 18th, 2021) 

Bureau Veritas (hereinafter Bureau Veritas, we, us, our)), recognizes the importance of effective and meaningful Personal Data protections when it collects and uses the Personal Data of its Users (as defined below).

We place great value on integrity and we are committed to building strong and lasting relationships with you based on trust and mutual benefit. Privacy protection is essential to us. This Personal Data Protection Policy expresses the strong commitment of the Bureau Veritas Group to respect and protect Personal Data of every individual and to ensure international compliance with data protection laws.

This Personal Data Protection Policy covers all Personal Data collected and used by Bureau Veritas worldwide.

This Personal Data Protection Policy is intended to inform you about what types of Personal Data we might collect or hold about you, how we use it, who we share it with, how we protect it and keep it secure, and your rights about your Personal Data.

Please note that we may update this Personal Data Protection Policy at any time to adapt it to potential new practices and service offerings. In such case, we will change the “last update” date and we will indicate the date on which the changes have been made. This Personal Data Protection Policy is attached to the agreements we have entered into with our customers, service providers or partners. It is also available on Bureau Veritas websites and solutions.

We encourage you to review regularly the potential updates of this Personal Data Protection Policy available on https://personaldataprotection.bureauveritas.com/privacypolicy

“Personal data" means any information or pieces of information that could identify you either directly or indirectly. This means that Personal Data includes things like email/home addresses, usernames, user generated content, financial information, IP address, etc.

“User(s)" means any prospects, customers, service providers, partners, subcontractors, candidates and more generally anyone who is in contact with us (hereinafter “you” or “your”).   

“Processing" means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

1. What are the principles for processing Personal Data? 

Each Bureau Veritas legal entity that collects or uses your Personal Data for its business needs acts as the “data controller”. According to data protection laws, it must determine the purposes and the means of the processing of your Personal Data. This means we have responsibility for the Personal Data that you share with us

We process your Personal Data in compliance with the applicable laws and regulations and, in particular, the European General Data Protection Regulation 2016/679 (“GDPR”) dated on April 27, 2016, the Lei Geral de Proteção de Dados in Brazil (« LGPD ») of 2018, the South Africa’s Protection of Personal Information Act (POPIA Act) of 2013, the Australian Privacy Act of 1988, the Cybersecurity Law of the People’s Republic of China of 2016, the Chinese Personal Information Protection Law of 2020, etc.

In particular, we undertake to: 

  • Obtain and process your Personal Data fairly and lawfully; 

  • Obtain your Personal data for specified, explicit and legitimate purposes, and not process it subsequently in a manner that is incompatible with those purposes; 

  • Process only Personal Data that is adequate, relevant and not excessive in relation to the purposes for which it is obtained and its further processing; 

  • Ensure that your Personal Data is accurate, complete and, where necessary, kept up-to-date;  

  • Store your Personal Data for a period no longer than is necessary for the purposes for which it is obtained and processed and in accordance with applicable legislation and statute of limitations.  

2. What Personal Data do we collect, why and how do we use it? 

In order for you to have the clearest view on how we use your Personal Data, we have imagined a table where you can find information by searching with the context/purposes of the data collection.

1. Column 1 - In what scenario is your data collected? This column explains what activity or scenario you are involved in when we use or collect your Personal Data.
2. Column 2 - What types of Personal Data may we hold about you? This column explains what types of Personal Data we collect.
3. Column 3 - How and why we use it? This column explains what we do with your Personal Data, and the purposes for collecting it.
4. Column 4 - What is the legal basis for using your Personal Data? This column explains the reason why we may use your Personal Data.

When we collect data through forms including electronic forms, we will indicate the mandatory fields via asterisks. Failure to provide the data marked with an asterisk could prevent you from accessing to a service.

As a User of our services and our websites, there are many ways that you might share your Personal Data with us, and that we might collect it.

Sometimes you will provide your Personal Data to us directly (e.g. when you contact us via our websites, when you ask for a quote estimate, when you subscribe to one of our services, sometimes we collect it indirectly (e.g. using cookies to understand how you use our websites) or sometimes we receive your data from other third parties, including other Bureau Veritas entities.

In which context is your Personal Data collected? 

What types of Personal Data may we hold about you? 

 

How and why we may use it? 

What is our legal basis for processing your Personal Data? 

Subscription to a service 

 

Information collected during the subscription to one of our services 

 

  • Name and surname  

  • Email address 

  • Postal address (invoicing) 

  • Phone number 

  • Transaction information (details regarding the service subscribed, transaction number, services history, etc.) 

  • Payment information 

 

To  

  • Send you a quote estimate 

  • Process and follow your subscription 

  • Manage the payment of your subscription 

  • Manage any contact you have with us regarding your subscription 

  • Manage any dispute relating to a subscription 

  • Run statistics 

 

  • Performance of a contract:  

To provide you with the service you requested (subscription) 

 

 

Provision of a service 

 

Information collected during the provision of the services you have subscribed to 

 

 

  • Name and surname  

  • Email address 

  • Phone number 

  • Data relating to the commercial relationship: details regarding the service subscribed, the duration, correspondence with the client, etc.) 

  • Identification data allowing access to some of our platforms (e.g. Building in One) 

 

To 

  • Provide you with the service requested 

  • Allow you to access and use the Building in One Platform when such service is requested 

  • Manage any contact you have with us during the provision of the service 

  • Manage the commercial relationship with you 

  • Manage any request or dispute relating to a service 

 

  • Performance of a contract:  

To provide you with the service you requested (subscription) 

 

Conclusion of a specific agreement  

 

Information collected when you provide us with a product or service 

 

  • Name and surname  

  • Email address 

  • Postal address 

  • Function 

  • Company name 

  • Phone number 

  • Billing data  

 

To 

  • Create and manage supplier/vendor files 

  • Manage contracts, orders, deliveries, invoices and accountings 

 

  • Performance of a contract:  

To manage the contractual relationship with you 

Newsletter and commercial communications subscription 

 

  • Name and surname  

  • Email address 

  • Function 

  • Company name 

  • Phone number 

 

To : 

  • Send you marketing communications (where you have asked us to) 

  • Keep an up to date suppression list if you have asked not to be contacted 

  • Run analytics or collect statistics 

 

  • Consent: 

No direct marketing communication is sent to you if you have not consented to receive it 

 

  • Legitimate Interest: 

To tailor our marketing communications and understand their effectiveness, to help us better understand your needs and improve our services, to develop our business 

 

  • Compliance with a legal obligation: 

To keep your details on a suppression list if you have asked us not to send you any direct marketing anymore 

Online browsing 

 

Information collected by cookies or similar technologies (“Cookies”*) as part of your browsing on Bureau Veritas websites. 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

* Cookies are small text files stored on your device (computer, tablet or mobile) when you are on the Internet. 

Data related to your use of our website:  

  • Where you came from 

  • Pages you looked at 

  • Duration of your visit  

 

Technical information:  

  • IP address 

  • browser information  

  • device information 

 

 

 

 

  • To tailor our services for you: 

  • to send you recommendations or marketing communications based on your interests 

  • to display our website in a tailored way 

  

  • To allow proper functioning of our website: 

  • proper display  of the content, 

  • interface personalisation such as language 

  • parameters attached to your device including your screen resolution 

  • improvement of our website for example, by testing new ideas.  

  • To ensure the website is secure and safe and protect you against fraud or misuse of our websites or services 

  •  To run statistics: 

  • To improve our offers 

  • To know how you discovered our website 

 

  • Legitimate interest: 

To ensure we are providing you with websites and communications that are working properly, are safe and secure and are continually improving, to develop our business 

 

 

  • Consent: 

For cookies that are not necessary for the functioning of our website 

 

Enquiries 

 

Information collected when you ask questions relating to our services 

 

 

  • Name and surname  

  • Email address 

  • Function 

  • Company name 

  • Phone number 

  • Other information you have shared with us regarding your enquiry 

 

 

  • To answer your enquiries 

  • Where needed, to connect you with the relevant services 

  • For statistics purposes 

  • To send you quote estimates when you ask for it 

 

  • Consent: 

To process your enquiry 

 

  • Performance of a contract:  

To provide you with the information requested in the context of the contract between you and Bureau Veritas 

 

  • Legitimate interest: 

To help us better understand our Users’ needs and expectations and therefore improve our services 

 

Application for a job 

 

Information collected when you apply for a job in Bureau Veritas  

 

  • Identification information 

  • Contact details 

  • Resume (qualifications, previous jobs, etc.); 

  • Interview notes 

To  

  • Review candidates’ applications 

  • Manage the recruitment processes 

  • Hire candidates 

 

  • Consent: 

To process your application 

 

  • Legitimate interest: 

To find the best candidates for our job offers 

 

Bureau Veritas does not process your Personal Data for secondary purposes other than those described in this Personal Data Protection Policy and that would be different from those you have been informed of.

3. Notification and Consent 

In certain circumstances, as set out in the table above, we ask for your consent prior to collecting, using or disclosing your Personal Data, in particular when:

  • You wish to subscribe to our newsletter or receive commercial communications;

  • We use non-essential cookies, or cookie-like technology, and/or collect information about the device you use to access our websites;

  • You ask us questions about our services;

  • You apply to Bureau Veritas for a job.

Where we collect your prior consent, you will be informed at the time of collection of your Personal Data. You may withdraw your consent at any time by using the provided opt-out mechanism and indicated at the time of collection of your Personal Data, or by contacting us at the contact details provided in Article 9 "Contact" of this Personal Data Protection Policy.

4. When do we disclose your Personal Data? 

Some of your Personal Data may be accessed: 

 - Within Bureau Veritas, and by any member of the Bureau Veritas Group; 

  • This will only be done on a need-to-know basis and where necessary to provide you with the services you have asked for, or in the context of a contract between you and Bureau Veritas, or with your consent (in particular for marketing purpose).  

- By trusted service providers acting as subcontractors (i.e. data processors), which will carry out certain services necessary for the purposes indicated above on our behalf (marketing services, hosting services, database maintenance, etc.).  

  • We only provide them with the information they need to perform such services, and we require that they do not use your Personal Data for any other purpose. These service providers will only act upon Bureau Veritas’ instructions and will be contractually bound to ensure a level of security and confidentiality for your Personal Data that is the same as the level Bureau Veritas is bound to ensure and to comply with applicable personal data protection laws and regulations.  

Besides, Bureau Veritas may share your Personal Data with third parties: 

  • To protect the rights, property or safety of Bureau Veritas, our Users, our employees or others; or 

  • In the event of a merger or sale of the company’s assets (in such case your Personal Data will be disclosed to the prospective buyer); or 

  • To comply with a legal obligation or to respond to legal proceedings of any nature, Court orders, any legal action or implementing enforcement measures that are required by the competent authorities; or 

  • For other purposes required by applicable legislation or with your prior consent. 

5. Where do we store your Personal Data? 

Since Bureau Veritas Group has entities all over the world and since some of our service providers are located abroad, the data that we collect from you may be transferred from a country located within the European Economic Area (“EEA”) to a country located outside of the EEA.  

Where Bureau Veritas transfers Personal Data outside of the EEA, this will always be done in a secure and lawful way:  

  • Either by transferring the Personal Data to a data recipient located in a country which is the subject of an adequacy decision adopted by the European Commission, establishing that this third country ensures an adequate level of protection for Personal Data;

  • Or by executing the European Standard Contractual Clauses (signed between Bureau Veritas and its subsidiaries or between Bureau Veritas and its service providers) which have been approved by the European Commission as providing an adequate level of protection for your Personal Data.

6. How long is your Personal Data retained? 

We will keep your Personal Data only as long as necessary for the purposes of the processing for which it was collected (typically the length of the contract).  We may, however, keep your data for a longer period of time in application of specific legal or regulatory provisions and/or to comply with applicable statute of limitations periods. In case of longer data retention for other reasons, we will inform you of such reasons and of the applicable retention period upon collecting your Personal Data. 

To determine the data retention period of your Personal Data, we use in particular the following criteria: 

  • Where you subscribe to a service, we keep your Personal Data for the duration of our contractual relationship and then in accordance with the statute of limitations

  • Where you contact us for an enquiry we keep your personal data for the duration needed for the processing of your enquiry;

  • Where you have consented to direct marketing we keep your Personal Data until you unsubscribe or require us to delete it or after a period of inactivity (no active interaction with us) defined in accordance with local regulations and guidance;

  • Where cookies are placed on your computer, we keep them for as long as necessary to achieve their purposes) and for a period defined in accordance with local regulations and guidance;

  • For candidates, we keep your Personal Data in accordance with the applicable statute of limitations under local legislation.

7. How is your Personal Data protected? 

We are committed to keeping your Personal Data secure, and taking all reasonable precautions to do so. We implement all necessary organisational and technical measures in accordance with this Personal Data Protection Policy and applicable laws and regulations to protect your Personal Data against any unauthorized access and modification, disclosure, loss or destruction. We contractually require that service providers who handle your Personal Data for us do the same.  

8. Your rights 

In accordance with applicable Personal Data protection laws and regulations, you benefit from a certain number of rights in respect of your Personal Data, namely: 

  • A right of access and information: you have the right to be informed in a concise, transparent, intelligible and easily accessible form of the way in which your Personal Data is processed. You also have the right to obtain (i) confirmation as to whether or not Personal Data concerning you are being processed, and, where that is the case (ii) to access such Personal Data and obtain a copy thereof.   

  • A right to rectification: you have the right to obtain the rectification of inaccurate your Personal Data. You also have the right to have incomplete Personal Data completed, including by means of supplying a supplementary statement.   

  • A right to erasure (‘right to be forgotten’): in some cases, you have the right to obtain the erasure of your Personal Data. However, this is not an absolute right and Bureau Veritas may have legal or legitimate grounds for keeping such Personal Data.   

  • A right to restriction of processing: in some cases, you have the right to obtain restriction of the processing of your Personal Data.   

  • A right to data portability: you have the right to receive your Personal Data which you have provided to Bureau Veritas, in a structured, commonly used and machine-readable format, and you have the right to transmit those data to another controller without hindrance from Bureau Veritas. This right only applies when the processing of your Personal Data is based on your consent or on a contract and such processing is carried out by automated means.    

  • A right to object to processing: you have the right to object at any time to the processing of your Personal Data. When you exercise your right to object, on grounds relating to your particular situation, to a processing based on the legitimate interest of Bureau Veritas, Bureau Veritas may, however, invoke compelling legitimate grounds to continue the processing.    

  • The right to revoke your consent, at any time, to processing that is based on your consent: you may revoke your consent to the processing of your Personal Data when such processing is based on your consent. The revoking of consent does not affect the lawfulness of the processing carried out on the basis of such consent prior to the revocation of consent.    

  • The right to file a complaint with the supervisory authority: you have the right to contact your Data Protection Authority to complain about Bureau Veritas’ Personal Data protection practices.   

  • The right to give instructions concerning the use of your data after your death: you have the right to give Bureau Veritas instructions concerning the use of your Personal Data after your death. 

  • The right to obtain a copy of the standard contractual clauses signed by Bureau Veritas when your Personal Data is transferred outside of the EEA.  

For further information on your rights and to exercise them, contact the point of contact indicated in section 9 of this Personal Data Protection Policy.  

Note that we may require proof of your identity and full details of your request, before we process your request above.  

9. Contact 

If you have any questions or concerns about how we treat and use your Personal Data, or would like to exercise any of your rights above, please contact us on our portal for the exercise of data subjects’ rights, available at https://personaldataprotection.bureauveritas.com/privacypolicy.