Personal Data

Our company, Sarah Dray Architecture, attaches great importance to the confidentiality of your information. This privacy statement explains what personal data is collected by our company through our interactions with you and through our products, and how we use this data.

1. Protection of Personal Data

As part of the execution of its services, our company may collect personal data relating to the Client, its representatives, and/or any person whose contact details are transmitted to us by the Client in the context of the services ordered by the Client and their consequences. It is recalled that as the contracting party for the services, the Client is responsible for the processing carried out by the company’s personnel on its behalf, the latter being a “subcontractor” within the meaning of European Regulation 2016/679 of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR) and any national legislation.

The personal data we collect:

Our company collects data aimed at optimizing our services and providing you with the best possible experiences. You provide some of this data directly, especially when you give it to one of the members of our company.

You have the choice of the data we collect. When you are asked to provide personal data, you can refuse. But if you choose not to provide the data necessary for our company to provide its services, this refusal cannot be reproached to it, just as it cannot be reproached for imperfectly providing a service solely because of this refusal.

The data we collect varies depending on the context of your interactions with our law firm and the services you request. The data we collect may include the following:

  • Name and contact details: We collect your first names, last name, and usual names, first names, your email address, your postal address(es), your telephone numbers, fax, emails, and other similar contact details.
  • Demographic data: In the context of the files we process, we may collect data about you such as your age, gender, country, and preferred language.
  • Payment data: In the context of invoicing for our services, we may collect data necessary for processing with your payment (for example, a bank account number).

We also collect the information you provide to us and the content of the messages you send us or post on our website, such as comments or product reviews you write, or the items and information you provide to members of our company mainly in the context of processing your files.

2. Obligations of our Company

Therefore, the Company undertakes to collect and process such personal data in compliance with this regulation, and in this regard, in particular:

  • to collect and process personal data only in accordance with the express instructions of the Client and the purposes related to the subject of the mandate/mission entrusted;
  • to preserve the security, integrity, and confidentiality of personal data as soon as they are collected or recorded in the context of the execution of the mandate/mission entrusted;
  • not to disclose personal data to any third party whatsoever, except to third parties to whom it would be strictly necessary to transmit personal data in the execution of the mandate/mission entrusted;
  • not to transfer any personal data outside the territory of the European Union, except to third countries providing an adequate level of protection within the meaning of the supervisory authorities or to a subcontractor authorized by the Client and signatory of the standard contractual clauses issued by the European authorities;
  • to implement any data security system that may be required either because of an impact analysis conducted by the Client as data controller or because of specific legislation requiring the use of determined data retention methods;
  • to promptly alert the Client in case of violation, loss, or unauthorized disclosure of personal data collected in the context of the mandate/mission entrusted, in order to allow the Client to alert the persons concerned and to comply with its obligations under the aforementioned regulations.
 

How we use personal data

Our company uses the data collected to ensure the provision of its services and to develop its clientele. We use it in particular to improve our services and personalize your experiences. We may also use this data to communicate with you, for example, by sending you letters, emails, invoices, newsletters, or info letters. We use the data to provide and improve the services we o_er and to carry out business operations mainly sending occasional legal information and monthly newsletters. We use the data we collect to communicate with you and personalize the communications we send you. For example, we may contact you by phone, email, or other means.

Reasons we share your personal data:

We share your personal data with providers working for our company, notably to ensure the internal (servers) and external (providers and Cloud type Dropbox, OneDrive) backup of the files, data, and information entrusted to us by our clients or that we develop on their behalf, to use and ensure the security of our files, notably to prevent or stop an attack on our computer systems or networks, or when required by law or to respond to a judicial procedure.

We also share with external providers the email addresses for sending our Newsletter and general information documents. Members of the Company shall refrain in any event from reproducing, exploiting, or using the personal data collected during the mandate or mission for their own purposes or on behalf of third parties outside the missions entrusted by the Client, from sending occasional information and/or newsletters, and undertake to modify or delete, either at the request of the Client or at the request of a person concerned, and in any event upon completion of the purpose pursued and at the end of the execution of the mandate or mission entrusted, any personal data collected on the occasion or for the purpose of the execution of the mandate or mission entrusted.

Retention period:

Our company retains the personal data of its clients for the entire duration of the mandates and missions entrusted to it by them, to which is added any legal duration of conservation of archives and any legal prescription period.

How to access and control your personal data:

You can request to access, modify, or delete your personal data by contacting one of the members of our company by any means (email, mail, fax, telephone). You can also make choices regarding the collection and use of your data by our company.

You can also choose whether or not to receive emails, SMS messages, phone calls, and postal mail from our company.

3. Client’s Obligations

It is reminded that it is the Client’s responsibility, as data controller of its own data, to obtain any necessary consent from the individuals concerned whose contact details it would transmit to one of the members of the Company, notably its representatives, in correlation with the purposes pursued. In addition, data subjects have rights of access, rectification, erasure, restriction, portability, and objection concerning personal data concerning them, and may revoke consents to processing at any time.

Data subjects may exercise their rights directly with the Company, which undertakes to comply with them within the regulatory deadlines and to inform the Client thereof.

4. Company Subcontractors

Finally, the Client consents to the Company using providers, acting as subcontractors, for the storage of data (including Word, Excel, Pdf, Ppt files, business cards under Outlook and Gmail, etc.) is carried out on the Company’s internal server but storage is also carried out, as a security backup, on one or more external servers and possibly in a Cloud (notably on Dropbox and Oned)

5. Cookies & et technologies similaires :

Notre Société peut utiliser des cookies (de petits fichiers de texte placés sur votre appareil) et des technologies similaires pour vous fournir nos sites web et services en ligne et pour recueillir des données. Les cookies nous permettent, entre autres, de mémoriser vos préférences et vos paramètres ; de vous permettre de vous connecter ; d’offrir une publicité axée sur vos centres d’intérêt ; de lutter contre la fraude ; et d’analyser les performances de nos sites web et services en ligne.

Nous pouvons également utiliser des balises web pour nous aider à placer les cookies et à rassembler des données d’utilisation et de performance. Nos sites web peuvent inclure des balises web et des cookies de prestataires de services tiers. Vous disposez d’une variété d’outils pour contrôler les cookies, les balises web et les technologies similaires, notamment les contrôles du navigateur pour bloquer et effacer les cookies, et les contrôles de certains fournisseurs de services d’analyse tiers pour vous désengager de la collecte de données par les balises web et des technologies similaires.

GDPR Clause – Intellectual Services Contract 

Article 0 – Protection of Personal Data 

In the context of the execution of its Services, the Service Provider may collect personal data relating to either its contacts within the client’s company or the population of individuals subject to the Services ordered by the client. It is reminded that as the client ordering the Services, the client is responsible for the processing carried out by the Service Provider on its behalf, said Service Provider being a “subcontractor” within the meaning of European Regulation 2016/679 of April 27, 2016, regarding the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR). 

0.1 – Obligations of the Service Provider

Therefore, the Service Provider undertakes to process said personal data in compliance with this regulation, and in this regard, undertakes to:

  • only collect and process personal data in accordance with the express instructions of the client and the purposes related to the subject of the Services, namely the purposes of….. (to be completed);
  • preserve the security, integrity, and confidentiality of personal data as soon as it collects or records them in the context of executing the Contract;
  • not disclose personal data to any third party whatsoever, except to third parties to whom it would be strictly necessary to transmit personal data in the execution of the Services, provided that they are expressly listed in the annex of the Contract and made known to the persons concerned by the client;
  • not carry out any transfer of personal data outside the territory of the European Union, except to third countries providing an adequate level of protection within the meaning of the supervisory authorities or to a subcontractor authorized by the client and signatory of the standard contractual clauses issued by the European authorities;
  • implement any data security system that may be required either because of an impact analysis conducted by the client as data controller or because of specific legislation requiring the use of determined data retention methods;
  • promptly alert the client in case of violation, loss, or unauthorized disclosure of personal data collected in the context of the Contract, in order to allow the client to alert the persons concerned and to comply with its obligations under the aforementioned regulations.
 
0.2 – Obligations of the Client

It is reminded that it is the client’s responsibility, as the data controller, to obtain any necessary consent from the individuals concerned, in correlation with the purposes pursued. In addition, data subjects have rights of access, rectification, erasure, restriction, portability, and objection concerning personal data concerning them, and may revoke consents to processing at any time. Data subjects may exercise their rights directly with the Service Provider, which undertakes to comply with them within the regulatory deadlines and to inform the client thereof. The Service Provider shall refrain in any event from reproducing, exploiting, or using the personal data collected in the course of its Services for its own purposes or on behalf of third parties, and undertakes to modify or delete, either at the request of the client or at the request of a person concerned, and in any event upon completion of the purpose pursued and at the end of the execution of its Services, any personal data collected on the occasion or for the purpose of executing said Services.