Privacy Policy

The website www.bib-batteries.fr (the "Website") is operated by Bib batteries, a simplified joint-stock company with share capital of €1,476.9, headquartered at 14 Villa de la Paix, 92130 Issy-les-Moulineaux, registered with the Nanterre Trade and Companies Register under number 903 533 321.

This Privacy Policy explains how we collect and process personal data when you use our services (the “Services”). We may update this Policy from time to time to reflect legal requirements or changes in our practices. The version available on the Website at the time of your use applies.

Definitions

  • Personal Data: any information relating to an identified or identifiable natural person (the “Data Subject”).
  • Processing: any operation performed on Personal Data, such as collection, recording, storage, adaptation, use, disclosure, restriction, or erasure.
  • Controller: the entity that determines the purposes and means of Processing.
  • Processor: the entity that processes Personal Data on behalf of the Controller.

Processing for which Bib batteries is the Controller

Article I — Data processed, purposes, legal basis and retention
Article II — Data recipients

Personal Data may be accessed by Bib batteries personnel and by trusted service providers acting on our instructions, only where necessary for the purposes described above. We ensure that such parties are subject to appropriate confidentiality and security obligations.

Article III — Data Protection Officer (DPO)

You can contact our DPO at: contact@bib-batteries.fr

Article IV — Your rights
  1. Access, rectification, and erasure: you may request access to, correction of, or deletion of your Personal Data, subject to legal limitations.
  2. Data portability: where applicable, you may request to receive your Personal Data in a structured, commonly used, machine-readable format.
  3. Restriction and objection: you may request restriction of processing or object to processing where permitted under GDPR.
  4. Withdrawal of consent: when processing is based on your consent (e.g. newsletters), you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  5. Exercising your rights: requests should be sent to contact@bib-batteries.fr, including sufficient information to identify you. We will respond in accordance with applicable law.

You also have the right to lodge a complaint with your local supervisory authority, such as the Commission Nationale de l’Informatique et des Libertés (CNIL)www.cnil.fr.

Article V — Automated decision-making

Bib batteries does not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals within the meaning of Article 22 GDPR.

Article VI — Children’s data

Our Services are not directed to children under the age of 16, and we do not knowingly collect their Personal Data.

Processing for which Bib batteries is the Processor

When providing vulnerability analysis and related services, Bib batteries acts as a Processor and processes Personal Data on behalf of and under the instructions of its client (the Controller).

Article I — Description of processing
Article II — Duration

Processing is carried out for the duration of the Services and as otherwise required by law or agreed with the Client.

Article III — Bib batteries’ obligations as Processor
  1. Process Personal Data only on documented instructions from the Client, unless required otherwise by law.
  2. Maintain appropriate confidentiality and security of Personal Data.
  3. Ensure personnel authorized to process Personal Data are subject to confidentiality obligations and receive appropriate training.
  4. Implement appropriate technical and organizational measures, taking into account the state of the art, costs, and nature of processing.
  5. Assist the Client, where reasonably possible, in meeting GDPR obligations such as data subject rights, DPIAs, and breach notifications.
Article IV — Sub-processing

Bib batteries may engage trusted sub-processors (such as hosting, payment, or signature providers). Current sub-processors include: Google Cloud Platform (hosting), Pennylane (payments), and Docusign (electronic signatures). We ensure they are bound by obligations at least as protective as those in this Policy. Bib batteries remains responsible for their compliance in relation to the Services provided.

Article V — Data Subject information

The Client is responsible for informing Data Subjects of processing activities and for obtaining any necessary consents in accordance with applicable law.

Article VI — Exercising rights

Requests from Data Subjects should be addressed to the Client, who acts as Controller. Bib batteries will support the Client in responding, to the extent reasonably possible. Any request received directly by Bastion will be forwarded to the Client without undue delay.

Article VII — Data breaches

If Bib batteries becomes aware of a Personal Data breach, we will notify the Client without undue delay and provide available information to help the Client meet its legal obligations. The Client remains responsible for notifying authorities and/or Data Subjects where required.

Article VIII — Assistance

Bib batteries will provide reasonable assistance to the Client with Data Protection Impact Assessments (DPIAs) and any required prior consultations with supervisory authorities.

Article IX — Security measures
  • Confidentiality undertakings for employees and contractors.
  • Awareness and training on data protection and security practices.
  • Account and access controls, including strong authentication requirements.
  • Physical security for premises and equipment.
  • Secure workstation provisioning, configuration, and disposal.
  • Restricted use of and access to Personal Data, with no disclosure to unauthorized third parties.
Article X — End of processing

Upon termination of the Services, Bib batteries will delete or return Personal Data, unless retention is required by applicable law or otherwise agreed with the Client. Where deletion is not possible, we will ensure continued protection of the Personal Data.

Article XI — Data Protection Officer

Contact: contact@bib-batteries.fr

Article XII — Records of processing

Bib batteries maintains records of processing activities carried out on behalf of Clients, as required under GDPR.

Article XIII — Documentation and audits

Bib batteries will make available information reasonably necessary to demonstrate compliance and allow audits or inspections by the Client, subject to agreed conditions to protect security and confidentiality.

Article XIV — Client obligations
  • Provide documented instructions for processing Personal Data.
  • Ensure it has a valid legal basis for processing and sharing Personal Data with Bib batteries.
  • Supervise processing activities, including through audits where appropriate.