Data Protection and Privacy
Introduction
This Privacy Policy explains how CROWN PROCUREMENT SAS processes Personal Data in compliance
with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable European
data protection laws. It complements the Terms of Use and applies to Users and other data subjects
whose Personal Data is processed through the Platform. Capitalized terms not defined here have
the meaning given in the Terms of Use.
1. Scope
In the course of providing access to the Platform, CROWN may process Personal Data relating to
Users. The meaning of “Personal Data” is defined in Section 3 of the Terms of Use (Definitions).
2. Categories of data
The Personal Data processed may include, for example:
● identification data (name, surname, email, phone number, company);
● authentication and access data (login, password, logs);
● usage data (time of access, actions performed on the Platform).
3. Purpose of processing
Personal Data is processed solely for the following purposes:
● providing and managing access to the Platform;
● ensuring the security and integrity of the Platform;
● fulfilling contractual obligations with Clients;
● providing technical support and service improvement;
● complying with legal or regulatory requirements.
4. Legal basis
The processing of Personal Data is based on:
● the necessity to perform a Commercial Contract with the Client;
● CROWN’s legitimate interest in ensuring the security and proper functioning of the Platform;
● compliance with legal obligations.
5. Data subject rights
In accordance with GDPR, Users have the right to:
● access their Personal Data;
● request rectification or erasure of their data;
● restrict or object to processing;
● request portability of their data.
6. Retention
Personal Data is retained only as long as necessary to fulfill the purposes above, or as required by
law.
7. Sharing of data
Personal Data is not shared with third parties except:
● where necessary to provide the Platform (for example, hosting providers, service providers
bound by confidentiality and data protection obligations);
● where required by law or regulation;
● where explicitly authorized by the Client or the User.
8. Data location
All Personal Data processed through the Platform is hosted on servers located within the European
Union.
9. Roles of the parties
In most cases, CROWN acts as a Data Processor on behalf of its Clients, who act as Data Controllers
and remain responsible for determining the purposes and means of processing.
In certain circumstances, such as the management of User accounts, Platform security, or
compliance with legal obligations, CROWN may act as an independent Data Controller. The
allocation of responsibilities between CROWN and the Client is further specified in the applicable
Commercial Contract.
10. Security and incidents
CROWN implements technical and organizational measures designed to ensure a level of security
appropriate to the risks. In the event of a data breach or other security incident affecting Personal
Data, CROWN will notify the relevant Client without undue delay, in accordance with applicable legal
requirements.
11. Updates
This Privacy Policy may be amended from time to time. The most recent version is always available
on the Platform or on CROWN’s website. Users are responsible for reviewing this Privacy Policy
regularly to remain informed of any changes.
For any questions regarding this Privacy Policy, please contact us at
contact@crown-procurement.com.