This Confidentiality Policy describes how Lectra collects, uses, and transmits personal data as defined in particular in (EU) Regulation 2016/679 of the European Parliament and of the Council of April 27, 2017 (“GDPR”) and Law no. 78-17 of January 6, 1978, as amended (hereinafter referred to collectively as the “data protection regulations”), hereinafter, the “Personal Data.”
Any mention of the term “Lectra” refers to the Lectra entity that acts as data controller or processor of your Personal Data as a user, recipient or under any other capacity within the meaning of the GDPR, as explained in more detail in the section “Identification of the data controller or processor” below.
This Confidentiality Policy applies to the online tools and platforms operated by Lectra, including the Lectra mobile apps related thereto (hereinafter collectively referred to as the “Services”), Lectra.com and other Lectra websites (hereinafter collectively referred to as the “Websites”), and other interactions (for example, customer service requests, forms, all types of e-mails sent to potential customers, existing customers, etc.) that you may have with Lectra.
If you do not agree with the conditions, we encourage you not to access or use the Services, the Websites, or any other aspect of Lectra’s activities.
This Confidentiality Policy does not apply to the third-party applications or software used with the Services (“Third-Party Services”) or to third-party products, services, or activities.
It applies to the Personal Data transmitted to Lectra by the Customer when entering into and executing a contract with Lectra governing the provision, access, and use of the Services (the “Customer Contract”), including the processing of all messages, files, or other content submitted through user accounts (hereinafter collectively referred to as the “Customer Content” and the “Accounts”). It also applies to Personal Data collected on any other occasion, such as marketing campaigns and organization of events.
The organization (i.e. your employer or any other entity or person) that entered into the Customer Contract (the “Customer”) controls its instance of the Services, the Accounts, and the Customer Content associated therewith. If you have questions concerning the specific settings and confidentiality practices of the Customer, please contact the entity or individual within your organization who entered into the Customer Contract.
Lectra may collect and receive Personal Data in the Customer Content as well as other information and data (“Other Information” together with “Information”) in various ways:
- Customer content. The employees, agents, or subcontractors (“Authorized Users”) to whom a Customer grants access to the Services regularly submit Customer Content to Lectra when they use the Services.
- Other information. Lectra collects, generates, or even receives other information:
- Account-related information. To create or update an Account, you or the Customer (such as your employer) provide Lectra with an e-mail address, telephone number, password, domain name, or similar account details.
- Usage information.
- Service meta-data. When an Authorized User interacts with the Services, metadata is generated in order to provide additional information on how Authorized Users work and facilitate their access to and use of the features offered..
- Data log. For the Websites and technological services provided over the internet, Lectra’s servers automatically collect information when you access the Websites or Services and records it in data logs. These data logs may include the internet protocol (IP) address, the address of the web page that you viewed before using the Website or the Services, the browser type and settings, the date and time of use of the services, information on the browser configuration and extension modules, language preferences, and cookie data.
- Device information. Lectra collects information on the devices that access the Services, including the type of device, the operating system used, the device settings, the application IDs, the unique device IDs, and breakdown data.
- Third-party services. In general, the Third-Party Services consist of software that is integrated into the Services. The provider of a third-party service may share certain information with Lectra. For example, if a Cloud-based storage application is activated to facilitate the import of files to the Account, Lectra may receive the user name and e-mail address of the authorized users as well as the additional information that the application decided to make available to Lectra to facilitate integration. Authorized Users must verify the settings and confidentiality notices in these Third-Party Services to determine what data may be disclosed to Lectra. When a Third-Party Service is activated, Lectra is authorized to connect to it and access other information made available to it in accordance with its agreement with the third-party service provider. However, Lectra does not receive or store the passwords of any of these Third-Party Services when Lectra connects to the Services.
- Third-party data. Lectra may receive data on the organizations, industries, website visitors, marketing campaigns, and other issues related to Lectra’s activities from the parent company (ies), affiliated companies and subsidiaries, its partners, or other persons engaged by Lectra to make its information better or more useful. This data may be combined with other information that Lectra collects and may include aggregate data, such as IP addresses corresponding to postal codes or countries. This may also consist of more specific data, such as how successful a marketing or e-mail campaign performed online was.
- Additional information provided to Lectra. Lectra receives other information when you submit requests to the Websites or when you participate in a discussion group, contest, activity or event, apply for a job, request assistance, interact with Lectra's social network accounts, or otherwise communicate with Lectra. Lectra receives Information collected in the course of a marketing campaign of any kind, notably campaigns targeting Customers or potential Customers such as prospects.
Lectra will use the Personal data in accordance with the Customer’s instructions, including the procedures applicable to the Customer Contract and the use by the Customer of the features of the Services and as required by current regulations. In particular, Lectra uses the Information to facilitate the execution of its contract with the Customer, to maintain and improve the Services, Websites, and activities, and for marketing purposes with regards to marketing campaigns. More specifically, Lectra uses the Information:
- To provide, update, maintain, and protect its Services, Websites, and other activities.
- To fulfill a legal or regulatory requirement.
- To communicate with you by answering your requests, comments, and questions.
- To develop and provide research, learning, and productivity tools as well as additional features.
- To send e-mails and other communications. Lectra may send you service e-mails or technical and administrative emails, messages, and other types of communications. Lectra may also contact you to inform you of changes in its services, its service offerings, and important service-related notices, such as security and fraud notices. These communications are considered part of the Services, and you perhaps may not be able to deactivate them. In addition, Lectra sometimes sends e-mails about new product characteristics, promotional communications, or other news about Lectra. These are marketing messages that you may decide to receive or not receive.
- For account management and other administrative matters such as billing, account management, or other reasons, and Lectra uses account data to administer accounts.
- To perform surveys and help to prevent security issues as well as potential abuses.
In its capacity as processor under the GDPR, Lectra stores the Customer Content in accordance with the Customer’s instructions, including all applicable conditions of the Customer Contract and the Customer’s use of the features of the Services. Lectra, therefore, may not be held responsible for the Customers’ failure to abide by the retention periods for their Personal Data.
The elimination of the Customer Content and all other use of the Services by the Customer may result in the deletion and/or anonymization of certain associated Other Information. Lectra may retain other information concerning you for as long as necessary for the purposes described in this Confidentiality Policy. This may include storing your Other Information after you have deactivated your account for the applicable legal retention period.
This section describes how Lectra can share and disclose Personnal data. Customers set their own policies and practices with respect to the sharing and disclosure of their Personnal data. Lectra does not control how its Customers or other third parties choose to share or disclose Personnal data.
- Customer instructions. Lectra will not share or disclose the Customer Content except in accordance with the Customer’s instructions, including under all of the applicable conditions in the Customer Contract and as a function of the Customer’s use of the features of the Service.
- Posting of services. When an Authorized User sends other information, this information may be posted for other authorized users.
- Customer access. The owners, administrators, Authorized Users, and other representatives and employees of the Customers may access the other information, modify it, or restrict access to the same.
- Third-party providers and partners. Lectra may hire third-party companies or private individuals as service providers or business partners to process other information and support Lectra's activities. For example, these third parties may provide virtual IT and storage services.
- Third-party services. The Customer may activate third-party services or allow the Authorized Users to do so. When they are activated, Lectra may share other information with third-party services. The third-party services are not owned by Lectra, and the third parties to which access to other information has been granted may have their own policies and practices governing collection and use. Please check the settings and confidentiality notices for these third-party services or contact the provider in case of any questions.
- Affiliated companies. Lectra may share other information with its Affiliated Companies. The term “Affiliated Company” refers to any company controlled by, controlling, or under the same control as Lectra. Control shall be understood to mean possession of at least 50% of the capital or voting rights.
- During a change in activity at Lectra. If Lectra is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of all or a part of its assets or shares, financing, public offer of securities, acquisition of all or a part of its activities, or similar operations or procedures or steps for the purpose of carrying out such activities (i.e. reasonable due diligence), some other information may be shared or transferred subject to the customary provisions governing confidentiality.
- Aggregate or anonymous data. Lectra may transmit, disclose, or use aggregate information when it cannot be used to identify the natural persons to which it refers or anonymous information for any reason.
- Protecting Lectra’s rights, preventing fraud, and ensuring security. Protecting and defending the rights, property, or security of Lectra or third parties, including the execution of contracts or in the context of investigations and preventing fraud or security issues.
- Consent. Lectra cannot share the Other Information with third parties unless you consent to this sharing in a clear and explicit manner in accordance with current regulations.
Lectra takes the security of your Personal Data very seriously. Lectra makes every effort to protect the information that you provide in order to prevent losses, misuse, unauthorized access, and unauthorized disclosure. These measures take into account the sensitivity of the information that Lectra collects, processes, and stores and the current state of technology. However, given the nature of communication and information processing technologies, Lectra cannot guarantee that the information will be absolutely protected from third-party intrusions while transiting the internet or being stored in its systems or while otherwise in its custody.
Lectra may modify this Confidentiality Policy as necessary and in particular to adapt its provisions to changes in regulations. Lectra will post these changes on this page and Lectra therefore encourages you to check its Confidentiality Policy regularly.
Lectra may transfer your Personal Data to countries other than the country in which you reside. If Lectra transfers Personal Data outside of the European Union or Switzerland to a country that is not recognized as having an equivalent level of personal data protection, Lectra undertakes to sign the applicable standard European Union Contractual Clauses in accordance with the applicable regulatory requirements.
In member countries of the European Union, the GPDR makes a distinction between the “data controller” and the “data processor”:
- Data controller: the natural or legal person, public authority, agency, or other body that alone or jointly with other bodies determines the purposes and methods of processing.
- Processor: the natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller.
As a general rule, the Customer is the data controller of the Customer Content. Generally, Lectra is the processor of the Customer Content and is the data controller for the Other Information. Different Lectra entities provide the Services in different regions of the world. Lectra S.A., a French company registered with the Trade and Companies Register of Paris under number 300 702 305 and having its registered office at 16-18 rue Chalgrin 75016 Paris, is the data controller for the Other Information and the processor of the Customer Content concerning Authorized Users.
Natural persons living in a European Union country have the right to request access to their personal data as well as to update, delete, or correct their Personal data. In general, you can do so through the tools and settings provided in your services account. If you cannot use the tools and settings, contact the Customer to obtain access and additional assistance.
To the extent that Lectra’s processing of your Personal data is subject to the GDPR, Lectra relies on its legitimate interests described above to process your data. Lectra may also process Other Information that consists of your personal data for the purposes of direct marketing, and you have the right to object to Lectra’s use of your personal data for this purpose at any time.
Subject to current laws, you also have the right to (i) restrict Lectra’s use of Other Information that consists of your Personal Data and (ii) file a complaint with your local data protection authority or the National Data Protection Commission at the following address:
Commission nationale de l'informatique et des libertés (National Data Protection Commission)
3 Place de Fontenoy - TSA 80715
75334 PARIS CEDEX 07 – FRANCE
Contact form: https://www.cnil.fr/fr/webform/nous-contacter
Do not hesitate to contact Lectra if you have any questions about this Confidentiality Policy or Lectra’s personal data practices or if you would like to exercise your rights.
In general, if you would like to communicate with Lectra’s Data Protection Officer (DPO), you may do so at the following address firstname.lastname@example.org or the mailing address indicated below:
Data Protection Officer (DPO)
Lectra S.A. - 16-18 rue Chalgrin - 75016 PARIS - FRANCE