Sopra Steria Group S.A., with a capital of € 20,547,701, registered with the Annecy Company Register under
n° 326 820 065, with headquarters located at PAE Les Glaisins, 3 rue du Pré Faucon, Annecy Le Vieux, 74940
Annecy, France, (hereinafter referred to as "Sopra Steria" or "we" or "us") attaches great importance to the
protection of Personal data of the users of its Website (hereinafter referred to as "Users" or "You").
Some of the services offered on certain pages of our Website require the processing of Your Personal data. The
purpose of this Notice is therefore to give You information on the ways Sopra Steria, as Data Controller,
processes Your Personal data through its Website, including the use of cookies. This statement does not cover
details relating to job applicants which can be found on our Careers portal (please consult the Candidate Data
Protection Notice relevant for the recruitment process) or employees which can be found on our intranet.
This Notice complies with applicable laws including with Regulation (EC) 2016/679 of the European Parliament
and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of Personal
data and on the free movement of such data (“GDPR”).
Please note that this Notice may be updated from time to time by Sopra Steria. The date of the most recent
update will appear on this page. We therefore invite You to consult it regularly.
Contents
- What kind of Personal data do we process about You?
- How is Your Personal data collected?
- What are the Purposes of the processing of Your Personal data?
- Marketing
- Who are the recipients of Your Personal data?
- How do we protect Your Personal data?
- How long do we retain Your Personal data?
- What rights are granted to You?
- Who should You contact to exercise Your rights or if You have any questions?
1. What kind of Personal data do we process about You?
Depending on the circumstances we may process different categories of Personal data about You which we
have grouped together as follows:
- Identification data (including first name, last name, job position etc.)
- Contact data (including email address, telephone number etc.)
- Technical Data including internet protocol (IP) address, browser type and version, time zone setting
and location, browser plug-in types and versions, operating system and platform and other technology
on the devices You use to access this Website
- Profile Data including Your interests, preferences, feedback and survey responses
- Usage Data including information about how You use our Website and Your interactions with marketing
content
- Marketing and Communication Data including Your preferences in receiving marketing materials form
us or our third parties and Your communication preferences.
2. How is Your Personal data collected?
We use different methods to collect Personal data about You including through:
Direct Interactions. You may provide Your Personal data when You use one of the following Website
features:
- the form to contact us;
- the form to subscribe to marketing communications or events;
- the form to download reports, articles or other online content;
- the platform to attend events run or sponsored by Sopra Steria;
- the form to enter a competition or survey.
Automated technologies or interactions. As You interact with our Website, we may collect
automatically Technical Data about Your equipment, browsing actions and patterns which might be
used with other identifying data to establish other Personal Information about You. We collect these
Data by using cookies, servers’ logs and other similar technologies. Please see our Cookie Policy for
further details.
3. What are the Purposes of the processing of Your
Personal data?
The table below describes:
- The Purposes for which we process Your Personal data;
- The Legal bases which legally authorise our collection and further processing of Your Personal data;
- The categories of Personal data We process for each identified Purpose.
Purposes of the processing | Legal basis | Categories of Personal Data |
To reply to Your inquiries/requests
for information | Your consent | Identity data
Contact data |
To let You access and download
online content such as whitepapers,
reports, articles or other
publications | Your consent | Identity data
Contact data
Marketing and communication
data |
To organize promotional activities
and deliver marketing materials
such as information about our
products and services, events etc. | (a) If You are not a customer or
prospect, Your explicit consent (opt-in
consent) via a checkbox, or by taking a
positive step during Your registration
to receive this information or subscribe
to these services
(b) If You are a customer or prospect
(B2B), Your consent via soft opt-in
(opt-out consent). | Identity data
Contact data
Marketing and communication
data Usage data Profile data |
To allow You to subscribe to our
Newsletters | Your consent | Identity data
Contact data |
To enable the use of cookies and/or
other trackers – provided You
agreed to it (except for strictly
necessary cookies) – and subject to
the terms and conditions detailed
under our Cookies Policy | Your consent | Technical data
Usage data |
To use data analytics to improve
our Website, products/services,
marketing, customer relationship
and experiences | Legitimate interest (to define types of
customers for our products and
services, to keep our Website updated
and relevant, to develop our business
and to inform our marketing strategy) | Technical data Usage data |
To ensure the security of this
Website | Legitimate interest | Technical data Usage data |
To meet our legal obligations and
defend our interests in the event of
a dispute. | We may be subject to legal and
regulatory obligations to disclose data
and may also have a legitimate interest
in using the data to defend ourselves in
the event of a legal action
| N/A.
It depends on the specific case |
To allow You to register to an event
or webinar etc. via our Website | Your consent | Identity data
Contact data
Marketing and communication
data
Profile data
Usage data
|
To organise competitions or conduct
customer satisfaction surveys | Your explicit consent resulting from
Your registration/ participation and
the execution of the general
terms/regulations governing these
activities
| Identity data
Contact data
Marketing and communication
data Profile data
|
4. Marketing
4.1 Soft-Opt in & Opt-in
We do not ask Your consent to send You marketing communications for the promotion of our activities,
products or services if You are a customer or prospect (B2B). In this case we use soft opt-in under
applicable laws to deliver content to You. This means we do not ask for You to ‘opt-in’ via a checkbox,
and instead provide You with the ability to ‘opt out’ at any time.
If You are not a customer or prospect, we use either Your explicit consent (via an opt-in checkbox), or
another positive action, such as completing a registration form.
If you would like to know about Your marketing preferences, please contact contact-corp@soprasteria.com.
We retain Your data for 3 years after the end of the commercial relationship with You or after Your last digital
interaction with our organisation after which Your records will be removed from our marketing database.
We may in some circumstances need to share Your Personal data with other Sopra Steria Group subsidiaries
for marketing purposes.
However, we will not share Your Personal data with any company outside the Sopra Steria group of companies
for marketing purposes without Your consent.
4.2 Opt-out
You can ask us to stop sending You marketing messages at any time by following the opt-out links on our
marketing message sent to You, or by contacting us at contact-corp@soprasteria.com. If You opt-out of our
communications, we will retain this instruction for a period of 18 months and will only retain Your email address
for that period, after which Your data will be deleted.
5. Who are the recipients of Your Personal data?
5.1 Internal recipients
Depending on the specific purpose, Your Personal Data may be processed by internal authorised personnel
(including marketing & communication, sales, administration, HR and other support functions) of Sopra Steria.
Access to Your Personal data is limited to the performance of the tasks and functions of authorised personnel
and is subject to an obligation of confidentiality.
5.2 External recipients
Your Personal data may also be processed by third-party service providers acting on behalf of Sopra Steria,
such as our Website hosting provider or providers of marketing services. Our Website also contains cookies
placed by third parties, as set out in our Cookie Policy. Please note that all our third-party service providers
are required to take appropriate security measures to protect Your Personal information in line with our policies
and requirements. We only permit them to process Your Personal data for specified purposes and in accordance
with our instructions.
In addition, we may in some circumstances have to share Your Personal data with other recipients such as:
- Other Sopra Steria Group subsidiaries;
- Other third parties in connection with any merger, acquisition, partial sale of assets or other transaction
relating to Sopra Steria or one of the companies in its Group;
- To law enforcement authorities if required by law, including under a court order, or if such disclosure is
necessary to defend our rights, to prevent fraud or computer crime, or to ensure the security of Sopra
Steria or any other person, where required or permitted by applicable legal provisions.
Such disclosure shall be limited to what is strictly necessary to the extent permitted by applicable law.
5.3 Data sharing outside of the EU/EEA
Given the international dimension of the Sopra Steria Group, Your Personal data may be transferred to
recipients outside the European Union/European Economic Area (EEA: EU Member States and Iceland,
Liechtenstein and Norway), to countries that do not offer a level of protection up to the EU standard of essential
equivalence. International transfers of Personal data may be necessary for the performance of Sopra Steria’s
business activities and for its internal administrative management. Sopra Steria ensures that restricted
transfers take place lawfully, using the transfer tools provided for by applicable regulations and providing
appropriate safeguards and protection measures. You can obtain a copy of these guarantees by sending an
email to the following email address: acces-cnil@soprasteria.com or support.privacy@soprasteria.com.
6. How do we protect Your Personal data?
We have put in place appropriate security measures to prevent Your Personal Information from being
accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we have
procedures to deal with any suspected or actual Personal data breach.
Third parties will only process Your Personal Information on our instructions and where they have agreed to
treat the information confidentially and to keep it secure.
We limit access to Your Personal Information to those employees, contractors and other third parties who have
a business need to know.
7. How long do we retain Your Personal data?
We will retain Your personal information for as long as necessary to fulfil the Purposes we collected it for,
including for the Purposes of satisfying any applicable legal requirements. This means that the retention period
may be defined differently depending on the Purposes pursued by the processing and the specific legal
obligations.
Some of the retention periods applicable to Personal data collected on our Website are as follows:
- as long as Your User account remains active,
- for as long as we keep in touch with You through our promotional activities and three (3) years after
the last interaction, unless You object to the processing of Your Personal data,
- as long as required by the applicable law,
- cookies and other trackers used on our Website are retained according to our Cookies policy.
It is possible that we may need to keep Your Personal data in intermediate archives with restricted access for
evidentiary purposes beyond the above-mentioned periods to comply with legal obligations incumbent on us
or, if necessary and in consideration of the statute of limitations, to enforce our rights.
Once Your Personal data is no longer required for the identified Purposes, to meet our legal obligations or to
comply with the applicable statute of limitations, we ensure that it is completely destroyed or made anonymous.
8. What rights are granted to You?
Sopra Steria recognizes the importance of data subject rights and enables individuals to exercise them in the
simplest and most effective way. Accordingly, we are open to Your questions on the conditions of processing
of Your Personal data and to Your requests to exercise the following rights:
- Right to access and obtain a copy of Your Personal data and information on how Your Personal data
is processed;
- Right to rectify Your Personal data if it is incorrect and the right to complete it if it is incomplete;
- Under certain conditions, right to delete Your Personal data when it is no longer required for the
purposes for which it was collected or processed. You also have the right to ask us to delete or remove
Your Personal data where You have successfully exercised Your right to object to processing. Please
note, however, that the right to erasure is not absolute. We may not always be able to comply fully
with Your request of erasure due to specific legal obligations which will be notified to You at the time
of Your request.
- Right to object to the processing of Your Personal data on grounds relating to Your particular
situation, if the processing is based on Sopra Steria's legitimate interest. You also have the absolute
right to object where we are processing Your Personal data for direct marketing purposes. In some
cases (with the exception of direct marketing), we may demonstrate that we have compelling legitimate
grounds to process Your information which override Your rights and freedoms;
- Right to restrict the processing of Your Personal data when You have exercised Your right to object
or rectify Your data pending a response from Sopra Steria;
- Right not to be subject to automated processing or profiling in relation to Your Personal data.
Typically, this means decision-making by automated means, including Artificial Intelligence in order to
make business decisions. Here, You have the right to ask for a living person to be involved in decisionmaking. You also have the right to ask us to review any decision made by automated means.
- Right to withdraw Your consent to the processing of Your Personal data if such processing is
based on Your consent.
- Right to opt out of marketing communications. You have the right to refuse or opt out of
marketing communications sent by Sopra Steria, regardless of whether Your data was collected and
processed based on legitimate interest or consent, by contacting us contact-corp@soprasteria.com or
by unsubscribing within any email communication we may send to You (found at the footer of each
email).
9. Who should You contact to exercise Your rights or if You
have any questions?
If You wish to exercise any of Your rights, please contact us at: contact-corp@soprasteria.com.
If You have any questions about this Notice please contact us at: acces-cnil@soprasteria.com or
support.privacy@soprasteria.com.