Personal data protection is particularly governed by EU Regulation (EU) 2016/679 of the European Parliament and Council dated 27 April 2016 relating to the protection of individuals in the processing of personal data and the free movement of such data, otherwise called the General Data Protection Regulation (hereinafter the « GDPR ») and Act n° 78-17 dated 6 January 1978 amended referred to as « Information Technology and Privacy Act » (hereinafter « Act n° 78-17 »).

As part of its business, FARE, a company with a share capital of 460 000 euros, whose head office is located at Rue Duhamel du Monceau – ZA de la Guinette – 45300 Dadonville, ​​ registered in the Register of Commerce and Companies of Orleans under the number 349 462 192, collects and processes for its account the personal data of their customers, prospective customers, subcontractors, service providers or various partners (hereinafter referred to generally as “Customers“).

In addition to the GDPR and Act No. 78-17, FARE agrees to comply with this Privacy Policy (hereinafter the “Privacy Policy“) in the context of any personal data processing that it implements.

The purpose of the Privacy Policy is to inform all Customers in a clear manner about the data that FARE collects, what it does with such data, how long it retains them, the people it is likely to pass them to, the rights of the persons concerned and the protective measures that it implements.

The purpose of the Privacy Policy is to provide the Customers with all information relating to the personal data concerning them that are collected and processed by FARE.
The Privacy Policy applies only to the processing of personal data for which FARE acts as processing manager. In this context, the processing of personal data can be directly implemented by FARE or through a subcontractor specifically designated by him.
In accordance with applicable laws on the protection of personal data, the processing of personal data implemented by FARE relies on a legal basis.

FARE caries out the processing of the Customer's personal data provided that the latter:

  • (i) has entered into a contract for the provision of services and / or the acquisition of products;

  • (ii) completed an electronic collection form in order to participate in an event organized by FARE;

  • (iii) has registered or subscribed for services posted by FARE (for instance, website, social networks, YouTube channel); and or

  • (iv) that the Customer’s formal consent has been secured (e.g. the posting of cookies on the Customer's browsing terminal when he visits a website published by FARE).
FARE collects and processes personal data that the Client voluntarily discloses to it either by means of a collection form, or when entering into a service contract and / or acquisition of products.

Customers are informed on each personal data collection form of the mandatory or optional nature of the responses by the presence of an asterisk.

Where answers are required, FARE explains to the Customers the consequences of a lack of response.

The personal data collected in this context are as follows:

NON-TECHNICAL DATA (depending on the use case):
  • (i) Identification: name, surname, title, position, pseudonym, pseudo social networks;
  • (ii) Contact information: phone, e-mail address, postal address, fax, ...;
  • (iii) Photo: when you grant us this right (usually taken during an event or interview at our events);
  • (iv) Professional life: occupation, degrees, professional background, ...;
  • (v) Banking data as necessary;
  • (vi) Personal life and lifestyle (e.g., shopping habits, purchase plans).

FARE collects and processes the Customer's personal data relating to his browsing and behaviour on a website published by FARE.

The personal data collected in this context are as follows:

TECHNICAL DATA (depending on the use case)
  • (i) Identification Data (IP)
  • (ii) Connection data (logs in particular)
  • (iii) Data on consent (click) mainly for access to our services (Sentinel etc.)

FARE does not deal with sensitive data in the meaning of Article 9 of the GDPR (personal data that show racial or ethnic origin, philosophical, political, trade union, religious opinions, sexual or health life).
This paragraph is intended to inform the Customer about the use by FARE of data collected directly or indirectly.

The processing of the personal data of the Customer by FARE is necessary to enable it to accomplish the following purposes:

  • (i) file processing;
  • (ii) customer relationship management;
  • (iii) management of events organized by the DEF Network (lectures, breakfasts, etc.);
  • (iv) sending newsletters or news feeds;
  • (v) improved site browsing
  • (vi) answers to questions asked (by telephone or online);
  • (vii) responses to public or private tenders;
  • (viii) personalized business monitoring;
  • (ix) improvement of its services;
  • (x) responses to our administrative duties;
  • (xi) management of requests for the exercising of the rights persons concerned such as listed in Article 8 below.
All the personal data collected and processed by FARE are strictly confidential.

FARE agrees not to pass on the personal data of its Customers to a third party that may use them for its own purposes, without their formal consent.

FARE ensures that the data are accessible only to authorized internal or external recipients.

In-house recipients:

  • (i) All employees of FARE The in-house recipients of FARE are trained and authorized to process personal data.


External recipients:

  • (i) Providers or support services (subcontractors, various service providers, etc.)
  • (ii) Lawyers, experts, agents, bailiffs, etc.
  • (iii) Courts
  • (iv) Administration


When the recipient concerned is located outside the European Union, or in a country that does not have an adequate regulation in the meaning of the GDPR, FARE manages its contractual relationship with this third party by adopting an appropriate contractual mechanism.

It should be noted that FARE may be required to pass on the personal data of its Customers to respond to an injunction by the legal authorities.
The personal data of the Customer are kept for a period of three (3) years from their collection.

Audience measurement statistics are not retained for more than thirteen (13) months.

However, at the end of the aforementioned periods, including as and when necessary from the Customer's request for deletion, his / her personal data may be the subject of interim filing so that FARE can meet to its legal retention duties:

  • (i) a contract entered into in the course of a business relationship will be retained for five (5) years after the date of its execution;
  • (ii) a contract entered into electronically in an amount greater than or equal to 120 euros will be kept for two (2) years after the date of its execution;
  • (iii) banking records will be kept for five (5) years as from their release;
  • (iv) records relating to the management of orders will be kept for ten (10) years;
  • (v) billing management documents will be retained for ten (10) years.

Some data may be filed beyond the standard durations (i) in the event of litigation in order to make it possible to establish the reality of the disputed facts; and / or (ii) for the purposes of the investigation, detection and prosecution of criminal offenses for the sole purpose of enabling, as needed, the provision of such data to the judicial authority.

Filing requires that these data be anonymous and can no longer be viewed online but that they may be extracted and stored on an autonomous and secure medium.

After the deadlines set in the said policy, the data are deleted.
Customers have a right of access, modification, opposition, limitation, portability, rectification, to define directives concerning the fate of their data after their death and the deletion of their personal data, the latter being subject to compliance with the following rules:

  • (i) the request originates from the person himself and is accompanied by a copy of an identity document, up to date;
  • (ii) the request should be made in writing and sent to the following address: rgpd@reseau-def.com

Upon receipt of the right to portability of the data, Customers have the right to request a copy of their personal data being processed.

The requested information will be provided in electronic form, unless otherwise requested. Customers are informed that these rights can never cover to confidential information or data or for data which the law does not authorize the communication. These rights cannot under any circumstances allow access to Defence Secret classified documents.

The right to the deletion of the personal data of the Customers will not be applicable in the cases where the treatment is implemented to meet a legal requirement.

The Customer may, at any time, file a complaint before the relevant supervisory authority.
FARE informs its Customers that it may involve any subcontractor at its option in the framework of the processing of their personal data. Subcontractor means any natural or legal person that processes personal data on behalf of FARE.

In this case, FARE ensures that the subcontractor complies with its duties under the GDPR.

FARE agrees to sign a written contract with all its subcontractors and imposes on subcontractors the same data protection duties as its own. In addition, FARE reserves the right to conduct an audit of its subcontractors to ensure compliance with the provisions of the GDPR.
It is the responsibility of FARE to determine and implement technical security or physical measures, that it sees fit, to fight against the destruction, loss, alteration or unauthorized disclosure of data in an accidental or unlawful manner.

Such measures include but are not limited to:

  • (i) the use of security measures for access to the premises (closing of offices, badges, etc.);
  • (ii) secured access to our computers and smartphones (passwords changed regularly);
  • (iii) setting up logins and passwords for all our business applications;
  • (iv) the management of authorizations for access to data (specificity for our financial and accounting and communication services);
  • (v) use of VPN for remote connections;
  • (vi) use of the complex passwords for our Wi-Fi network, changed each month.

In any case, FARE undertakes, in the event of a change in the means to ensure the security and confidentiality of personal data, to replace them by means of superior performance. No evolution can lead to a decrease in the security level.
FARE holds a register of personal data processing which is at the disposal of the National Information Technology and Privacy Commission.
This policy may be amended or modified at any time in the event of legal or jurisprudential developments, and of changes in decisions and recommendations of the European Commission.

Any new version of this policy will be brought to the attention of the Customers by any means chosen by FARE including by electronic means (circulation by email or online for instance).
For any further information please contact our GDPR committee at the following electronic address: rgpd@reseau-def.com