1 - Foreword
Regulation (EU) 2016/679, known as the General Data Protection Regulation (GDPR), of 27 April 2016, applicable as of 25 May 2018, is the European reference text on personal data protection. It strengthens and harmonizes the protection of individuals at European Union level as regards the processing of their personal data. In addition, this personal data is also subject to the provisions of the French data protection law No. 78-17 of 6 January 1978, as amended.
Ellisphere, the French reference in business intelligence, assists and safeguards its clients’ decisionmaking concerning their business partners, by delivering appropriate decision-making solutions. For this purpose in particular, Ellisphere publishes and posts a database on 8.6 million companies in France, comprising B2B data, some of which may be classed as «personal data» within the meaning of the GDPR, so that Ellisphere has the capacity of controller. Ellisphere is also the controller of its clients’ personal data which it processes for the purpose of managing the contractual relationship.
In its capacity as controller, in accordance with the regulations, Ellisphere takes the necessary steps to ensure the protection, confidentiality and security of the personal data it processes in connection with its business, as well as the exercise of the rights of the persons concerned.
To this end, Ellisphere has appointed a data protection officer (DPO), who will be the go-to person for any matters relating to personal data protection.
The aim of the DGPR policy is to inform those concerned of the commitments made by Ellisphere in respect of the collection, processing and securing of their personal data.
Ellisphere also complies with the «Code of good practice of FIGEC* members on company information».
* French National Federation for Company Information, Debt Management and Civil Investigation.
Data value chain
2 - Identity and contact details of the controller and his representative
ELLISPHERE General Manager – 55 place Nelson Mandela 92000 NANTERRE
3 - Contact details of the data protection officer
ELLISPHERE DPO - 55 place Nelson Mandela 92000 NANTERRE
E-mail address: email@example.com
4 - Scope of application
The commitments undertaken in connection with this policy apply to all personal data processing carried out by Ellisphere both in connection with its business relationship with its clients, prospects, suppliers and partners and in connection with the establishment and updating of its B2B database.
5 - Definitions according to the GDPR
Any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a surname or forename, a telephone number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s economic situation […]
6 - Categories and sources of processed personal data
7 - Purposes and legal basis of personal data processing carried out by Ellisphere
8 - Legitimate interest pursued by Ellisphere
Ellisphere markets products and services to its clients relating to its «Risk Management», «Marketing Solutions» and «Compliance» packages, requiring it to set up and update its Companies database.
Ellisphere may, in this connection, need to process personal data mainly coming from public sources, where the persons concerned may reasonably expect the data to be the subject of such processing.
The legal basis of the processing is the legitimate interest of Ellisphere in contributing to the sustainable economic development of its clients by enabling them to manage their customer risks and transactions better and so develop their business confidently on a continuous basis, as well as to help its clients comply with certain legal and regulatory obligations.
In accordance with the applicable regulations, Ellisphere strikes a permanent balance between its legitimate interest in carrying out necessary, proportionate processing and the fundamental rights and freedoms of the data subjects.
9 - Recipients of the data
In relation to the purposes described in section 7, Ellisphere forwards personal data to some of its service providers – partners – processors and clients. The categories of recipients are as follows:
- For data relating to prospects – clients: associates and, where applicable, service providers and partners on a need to know basis.
- For data in the B2B database: authorized associates, clients and, where applicable, certain service providers.
10 - Transfer of data to third countries
Ellisphere may transfer certain personal data to countries outside the European Union. In this case, Ellisphere puts the appropriate safeguards and security measures in place.
11 - Retention of data
Data are retained for the time needed to fulfil the purposes for which they were collected.
12 - Right of access and right to rectification, erasure, restriction of processing and object
Any natural persons whose data is processed by Ellisphere have the following rights in respect of the personal data concerning them:
- A right of access
- A right to rectification
- A right to erasure
- A right to restriction of processing
- A right to object
Depending on circumstances, Ellisphere will not always be legally obliged to respond favourably to requests relating to those rights.
If you wish to exercise these rights, please contact our customer relations service by e-mail at firstname.lastname@example.org or by writing to the following address: ELLISPHERE – Customer Relations – Immeuble le Murano – 37 rue sergent Michel Berthet – CS 99063 – 69255 LYON Cedex 09.
13 - Right to lodge a complaint with the CNIL (French data protection authority)
Any natural persons whose data are processed by Ellisphere have the right to lodge a complaint with the French data protection authority (CNIL).
14 - Scoring of companies
Ellisphere carries out scoring of companies (economic entities), without automated decision-making.
Ellisphere evaluates all economic entities listed in France, awarding them a statistical score presented on a scale of 10 segments. The Ellisphere score is an indicator designed to provide an estimate, in summary form, of an entity’s 12-month default risk, here referring to statutory default (winding up or compulsory liquidation). In this regard, Ellisphere is liable to award a score to individual companies and this scoring could be seen as profiling within the meaning of the GDPR.
A presentation of the Ellisphere scoring system can be found on the following link:
In addition, any entity which has been evaluated may obtain its score and the underlying rationale from Ellisphere by subscribing free of charge to the Transparency Charter:
15 - Cookies
When you visit this site, a cookie may be installed in your browser software.
You have several options to manage cookies.
When you visit the site, cookies may install automatically in your browser software. You may choose to refuse them using your browser’s options (the instructions will differ depending on the manufacturer of your device, but the options allow management and/or deletion of installed cookies at the Internet user’s discretion).
In order to manage cookies in line with your expectations, please configure your browser bearing in mind the purpose of cookies. Otherwise, blocking cookies may limit certain functionalities or possibilities of navigating on the site.
For more information, check out the «Disabling cookies» tab.
Categories of cookies we use on the site:
The site uses different types of cookies. These are stored in your Internet browser.
These are cookies essential to the smooth operation of the site. They help you to move around the site and use the associated functionalities. Without these cookies, some of the site’s functionalities would not be available. These cookies do not store any personal information which could be used for marketing purposes.
These cookies enable the site to remember the choices you make when browsing and to offer you improved functionalities, such as for example your username, your language of use or the region where you are located.
The site uses web audience analysis tools such as «Google Analytics». These help us to improve operation and monitor site performance to generate maintenance tasks. The information collected by these cookies is anonymous and used solely to generate reports for statistical purposes without personally identifying individual users.
The site user is nevertheless informed that most Internet browsers allow users to block cookies, receive a warning before a cookie is installed or delete cookies from their hard disk. To find out more about these functions, users must refer to the help menu of the browser they use.
However, if the user either blocks cookies or deletes them, use of the site may be impaired or even become impossible.