Privacy Policy

Who we are

IELO-LIAZO GROUP, a simplified joint-stock company with a share capital of €7,155,091, having its registered office at 50 Ter rue de Malte – 75011 Paris, registered with the Paris Trade and Companies Register under number 824 539 241.

For the purposes of this Policy, “IELO” refers to IELO-LIAZO GROUP and its affiliated companies, within the meaning of Article L233-3 of the French Commercial Code.

1. Preamble

IELO operates the websites accessible at https://www.ielo.net/#/home and https://www.quantic-telecom.net/ (the “Sites”) and provides (the “Services”):

  • electronic communications services (including the rental of dark fiber and connectivity services);
  • hosting services;
  • internet access services for INSA students (via https://www.quantic-telecom.net/).

In the context of its activities, IELO is committed to complying with applicable personal data protection laws, in particular the French Data Protection Act of 6 January 1978 (as amended) and Regulation (EU) 2016/679 (General Data Protection Regulation – “GDPR”). Accordingly, IELO implements appropriate measures to ensure the protection, confidentiality, and security of Personal Data

This personal data processing policy (the “Policy”) aims to describe how IELO may collect and process Personal Data.

This Policy is intended for clients, prospects, suppliers, subcontractors, and visitors of the Sites.

2. Definitions

Personal Data”: any information relating to an identified or identifiable natural person.

Data Subject(s)”: any natural person who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.

Data Controller”: the natural or legal person who determines the purposes and means of processing.

Processor”: the natural or legal person who processes personal data on behalf of the Data Controller.

Processing”: any operation or set of operations performed on personal data, whether automated or not, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, transmission, dissemination, alignment, interconnection, restriction, erasure, or destruction.

3. IELO’s Status

The Services themselves are not intended for the processing of Personal Data. IELO has no access to the data or content transmitted through these Services. IELO simply provides the infrastructure that allows users to transmit data. Accordingly, IELO is neither a Data Controller nor a Processor in this context.

However, for the management of Data Center access for hosting services or secured sites, IELO is considered a Processor under Article 4 of the GDPR and undertakes to comply with all obligations related to this status.

Furthermore, IELO processes Personal Data as a Data Controller in the context of providing internet access services to students (for more details, see the student portal personal data policy) and, incidentally, for the management of the Sites and Services, including commercial management of contracts, marketing, communications, and maintenance services.

When IELO processes Personal Data listed under Article 4.1, it acts as Data Controller, and as a Processor for Personal Data listed under Article 4.2.

4. Personal Data Processed by IELO

IELO processes only Personal Data strictly necessary for the purposes described in Article 5 of this Policy.

4.1 Personal Data processed by IELO as Data Controller

IELO may process the following categories of Personal Data:

  • Identification/contact data: title, first name(s), last name(s), employer name, job title, professional postal address, professional phone number (landline and/or mobile), professional email address, client or supplier account number, and, in exceptional cases where necessary for exercising rights, a copy of identity documents (ID card/passport);

  • System and site usage data via functional cookies: login logs, IP address;

  • Location data in the context of the FTTO service eligibility test available on the IELO Site: postal address provided by the user;

  • Support-related data: information in support tickets or communications via IELO’s information system, email, or postal mail.

The above Personal Data are collected (i) directly by IELO from clients, suppliers, processors, or Data Subjects, or (ii) during the use of IELO’s information systems or Sites by the clients, suppliers, processors, or Data Subjects.

4.2 Personal Data processed by IELO as Processor

For the management of Data Center access for hosting services or secured sites, IELO may process the following:

  • Identification data: title, first name(s), last name(s), date of birth, employer name, professional phone number, professional email address, vehicle registration, copy of identity documents (ID card/passport).

 

5. Purposes of Personal Data Processing

IELO processes Personal Data only for specific, explicit, and legitimate purposes, as described below:

PROCESSING PURPOSE DESCRIPTION LEGAL BASIS

Commercial management
  • Client/supplier/subcontractor file creation,
  • account management,
  • contract communication,
  • delivery,
  • billing,
  • collection,
  • customer service,
  • preventive maintenance,
  • incident management,
  • claims management,
  • cancellations,
  • sending mail,
  • dispute management.
 Contract performance (Article 6.1(b) GDPR)
Communication
  • Creation of a client file for communication purposes,
  • sending messages by email (newsletter, invitations),
  • subscription to the newsletter on the Sites,
  • conducting satisfaction surveys.

Legitimate interest (Article 6.1(f) GDPR)

or

Consent (Article 6.1(a) GDPR)

Commercial prospecting
  • Phone or professional network prospecting,
  • follow-up of contact forms,
  • appointment setting,
  • newsletter registration

Legitimate interest

or

Consent,

or

Pre-contractual measures (Article 6.1(b) GDPR)

Recruitment form
  • Managing applications via contact form

Consent (Article 6.1(a) GDPR)

FTTO eligibility test
  • Verification of the availability of the IELO fiber network near the address provided by the user for the provision of an FTTO service.
  • Analysis of the postal addresses provided by users to identify high-demand areas for the deployment of the IELO network.

Legitimate interest (Article 6.1(f) GDPR)

Site and IT security
  • Detection of malicious attempts or intrusions

Legitimate interest (Article 6.1(f) GDPR)

Cookies
  • Portal authentication

Legitimate interest (Article 6.1(f) GDPR)

Exercise of rights requests
  • Managing rights requests

Compliance with law (Article 6.1(c) GDPR)

Judicial requests
  • Providing data to judicial or administrative authorities

Compliance with law (Article 6.1(c) GDPR)

 

6. Retention of Personal Data

IELO retains Personal Data for as long as necessary to achieve the purposes described in Article 5 of this Policy. Furthermore, IELO retains Personal Data for a period that allows it to (i) comply with laws, regulations, and requests from competent authorities, and (ii) protect or assert its rights.

PURPOSE RETENTION PERIOD

Commercial management
  • Duration of the commercial relationship + 5 years;
  • 10 years for accounting documents

Communication
  • Duration of the commercial relationship + 3 years;
  • by exception, until withdrawal of consent

Commercial prospecting
  • 3 years from receipt of contact details or last contact from the prospect;
  • by exception, until withdrawal of consent

Contact forms (including Eligibility Test) / Meeting scheduling
  • If the prospect does not become a client: duration of processing the request;
  • If the prospect becomes a client: duration of the commercial relationship + 5 years

Recruitment form
  • If the person is hired: duration of employment + 5 years;
  • If not hired: 2 years

Security of IELO Sites and information systems
  • Duration required by law

Cookies
  • 13 months

Eligibility Test
  • 3 years

Requests to exercise rights
  • Identity documents: immediately after identity verification;
  • Other data: maximum 3 years (opposition list)

Responding to judicial requests
  • Duration required by law

 

7. Recipients of Personal Data

Personal Data collected is processed internally by IELO. Only IELO employees who are authorized and need to access it in the course of their duties may access the Personal Data.

Furthermore, IELO may transfer certain Personal Data to:

  • Its clients, subcontractors, suppliers, and companies within its group, only to the extent necessary for the purposes described in Article 5, each of them bound by a contract committing to comply with all applicable legal and regulatory obligations regarding Personal Data protection and confidentiality.
  • A third party in the context of a merger, company sale, acquisition, or bankruptcy, subject to compliance with the GDPR, trade secret obligations, and specific confidentiality requirements.
  • Any regulatory authority, government agency, or court, if IELO deems disclosure necessary (i) under applicable law or regulation, or (ii) to exercise, establish, or defend its rights.
  • Any other person, with the prior consent of the Data Subject.

 

8. Security of Personal Data

IELO is committed to processing Personal Data securely and maintaining its confidentiality.

IELO implements reasonable and appropriate technical and organizational measures to prevent loss, disclosure, destruction, alteration, or unauthorized access to Personal Data. These measures are adapted by IELO based on the nature of the Personal Data and the risks associated with its processing. Such measures may include, without limitation, access rights management, data encryption, server security, and awareness training for IELO staff involved in Personal Data processing (IT Charter).

IELO is also committed to informing Data Subjects in the event of a security breach likely to result in a high risk to their rights and freedoms. The notification will specify:

  • The nature of the Personal Data security breach;
  • The likely consequences of the breach;
  • The measures taken by IELO to address the breach and/or mitigate negative consequences;
  • Any recommendations to Data Subjects on measures they can take to limit the negative consequences of the breach.

 

9. Transfer of Personal Data outside the European Union

IELO may transfer Personal Data outside the European Union, in particular to the United States and Vietnam. To this end, IELO has implemented an appropriate safeguard mechanism based on the European Commission’s standard contractual clauses and the Data Privacy Framework.

 

10. Rights of Data Subjects

Data Subjects have the following rights:

Right of access:

You may request the communication of Personal Data we hold about you.

Right of rectification

You may request the updating of your Personal Data if it is inaccurate, incomplete, or outdated.

Right to object

You may object to the processing of your Personal Data when based on our legitimate interest or when profiling is involved.

Right to erasure

You may request the deletion of your Personal Data, provided you have a legitimate reason.

Right to restriction

You may request that the use of your Personal Data be limited.

Right to data portability

You may, within legal limits, request a copy of your Personal Data in a structured, commonly used format and transmit it to another controller.

Right to withdraw consent

You may withdraw your consent at any time.

Post-mortem directives

You may set instructions regarding the retention, deletion, and communication of your Personal Data after your death.

To exercise these rights with IELO, any request must be sent to the following email address: juris@ielo.net

Requests must include all information necessary for their processing, and IELO may request a copy of an identity document.

A response will be provided within one (1) month from receipt of the request. This period may be extended due to the complexity of the request, in which case a notification will be issued.

Data Subjects may file a complaint with the French data protection authority (CNIL) if, after contacting IELO, they believe that their rights regarding Personal Data have not been respected.

 

11. Amendments to this Policy

IELO reserves the right to amend this Policy at any time.

Data Subjects may obtain the current version of the Policy on the Sites, IELO information systems, or upon written request to IELO.

Policy Version: v2.0