PERSONAL DATA PROTECTION NOTICE FOR CONTACT DETAILS IN AGREEMENTS
ArianeGroup attaches great importance to the protection of Personal Data, which ensures that Personal Data of the concerned Data Subjects is processed in accordance with Applicable Data Protection Legislation. In this respect, ArianeGroup has adopted a policy on the protection of personal data, defining the principles and procedures that ArianeGroup undertakes to respect.
DEFINITIONS
| Agreement | Means any contract, offer, letter of intent, memorandum of understanding or agreement signed by ArianeGroup with a customer, supplier, partner, prospect or any other third party. |
| Applicable Data Protection Legislation | Means any personal data protection regulations applicable to the Agreement, including Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “the GDPR”) and the national laws and regulations adopted to implement the GDPR. |
| Data Subjects | Means an identified or identifiable natural person. An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, an e-mail address, location data, an online identifying number, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
| Data Controller | Means an organisation that determines the purposes and means of the Processing of Personal Data. |
| EEA | Means the European Economic Area. |
| Parties | Means the Parties of the Agreement. |
| Personal Data | Means any information relating to a Data Subject. |
| Processing | Means any operation and/or set of operations carried out by using automated processes or not and applied to Personal Data or sets of Personal Data, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, alignment or interconnection, limitation, deletion or destruction. |
| Third Country | Means a country outside the combined territories of the EEA. |
The GDPR definitions shall prevail in case of doubt.
PURPOSE OF PERSONAL DATA PROCESSING
This information notice applies to the Processing of Personal Data carried out by ArianeGroup to manage the contractual relationship including the administrative management of the Agreement, invoices and communication. In this respect, the ArianeGroup acts as Data Controller.
CATEGORIES OF PERSONAL DATA PROCESSED
The Personal Data processed by ArianeGroup includes the contact details of the employees of the Parties and/or any third party involved in the performance and/or administrative management of the Agreement.
Personal Data processed are mainly: surname, first name, title, function, professional e-mail address, professional postal address and telephone number(s).
In certain cases, where the Agreement requires the provision of additional references concerning the Data Subject, the Personal Data mainly includes information such as the nationality, date and place of birth, studies and diploma, positions held, address and place of residence.
LEGAL BASIS FOR PROCESSING OF PERSONAL DATA
ArianeGroup processes Personal Data for the performance of the Agreement and compliance with legal obligations.
RETENTION DURATION
ArianeGroup keeps Personal Data for a period of five (5) years after the end of the Agreement.
RECIPIENTS OF PERSONAL DATA
The recipients of all or part of the Personal Data processed are the Parties to the Agreement and, where applicable, the end customer, subcontractors, service providers and/or suppliers involved in the performance of the Agreement.
TRANSFERS OF PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA
In principle, ArianeGroup does not transfer Personal Data outside the EEA.
Where Personal Data is transferred by a ArianeGroup outside the EEA in a country which has not been recognised as offering an adequate level of protection by an adequacy decision of the European Commission, such transfer shall be governed by the European Union Standard Contractual Clauses as adopted by the European Commission (hereinafter the “SCC”) or any other appropriate safeguards.
RIGHTS OF DATA SUBJECTS
Data Subjects have the right to access their Personal Data and the right to rectify and delete their Personal Data. They also have the right to object to the Processing of their Personal Data or to request that the said Processing be limited. Any request to exercise a right or make a claim may be made by e-mail to the ArianeGroup DPOs: DPO-France@ariane.group or DPO-Germanya@ariane.group
The Parties undertake to communicate this information to their employees, partners and/or suppliers whose personal data may be exchanged under this Agreement.
If the persons concerned estimate, after contacting the DPOs, that their rights are not respected, they can make a complaint to the national supervisory authority.
Edition August 2025