OCEAView Privacy Policy

Dickson attaches great importance to the respect of its customers' personal data and to the quality of service it provides on a daily basis. In accordance with the new General Regulations on the Protection of Personal Data (RGPD), we would like to inform you of the provisions implemented to ensure the proper execution of our services.

1.  The controller

The data controller is the company DICKSON / OCEASOFT SAS, located at 720 rue Louis Lépine - 34000 Montpellier - France. SIRET Number: 42501418000052

Telephone: +33 (0)4 99 13 67 30 - Fax: +33 (0)4 67 42 84 13

Email: contact@dicksondata.fr Website: www.Dicksondata.com

2.  Personal data processed

In the context of activities related to the use of the www.dicksondata-debug.freshy.dev website (in particular if you fill in an information request form) or when you use a DICKSON solution for monitoring your environmental conditions, we are required to collect and process the following personal data:

  • Identification data (e.g. surname, first name, e-mail address, postal address, telephone number)
  • Connection data (e.g. IP address, connection logs)

In the event that your personal data is collected via a form, you will be informed of the mandatory nature of the information by an asterisk (*) next to the relevant fields. If there is no asterisk, the information requested is not obligatory.

Only personal data strictly necessary for the purposes described below are collected.

3.  The legal bases of the processing operations

Your personal data is collected and processed on the following legal basis:

  • Within the framework of the execution of a contract ;
  • For legitimate interest purposes ;
  • On the basis of your consent;
  • In order to ensure compliance with our legal and regulatory

4.  Purposes of the treatments

 Your personal data is processed for the following purposes:

  • Manage our commercial relationship: Issuance of quotes, orders, ARC, invoices, answers to your technical or commercial support ..
  • Ensure the operation of the environmental condition monitoring solutions provided by OCEASOF T: Sending alerts by phone and email, traceability on the actions carried out by each registered This data is stored in the audit trail.
  • Carrying out information campaigns and commercial prospecting
  • Improve and optimize the quality of our services and solutions
  • Carry out satisfaction surveys on the solutions and services offered

5.  How long your personal data will be kept

 Your personal data is kept only for the time strictly necessary to fulfil the purposes for which it is collected.

5.1  Management of the Business Relationship :

 If you are a Dickson customer, your personal data is kept for a period of 3 years from the end of the business relationship.

If you are not a Dickson customer (prospect), the personal data that you might have entrusted to us is kept for a period of 12 months from the last action showing an interest in DICKSON solutions and services (e.g. opening or responding to an email, newsletter). You can also unsubscribe at any time by clicking on the link available on the information and communication emails you may receive.

5.2  Data required for the operation of DICKSON solutions :

If you are a user of DICKSON environmental condition monitoring solutions, the data relating to the operation of the solution is kept according to the contractual provisions defined with the customer. These data, integrated into the audit trail, are necessary to ensure the traceability of the activities monitored by the client and as such cannot be deleted without the client's formal agreement before the end of the contractual term.

5.3 Use of Location Data

Our mobile application collects and uses precise location data to provide a feature that displays the geographical location of Bluetooth connections to data loggers on a map, with the goal of enhancing the user experience. This location data may be collected via technologies such as GPS.

This information is used exclusively for display to the user and is not shared with any third parties under any circumstances.

6.  Recipients of your personal data

 As mentioned above, your data is used by DICKSON in accordance with the purposes listed above. We also use subcontractors for technical purposes such as hosting or for communication purposes. Their access is strictly supervised by DICKSON. They are not allowed to use your data for any other purpose than the performance of their service.

7.  The rights concerning your personal data

 The fact that you entrust us with your data does not mean that you lose control of it.

You have several rights. Some are applicable to all data processing operations concerning you, others depend on the type of processing carried out and, more specifically, on the legal basis on which it is based (contract, legal obligation, consent, legitimate interest, etc.).

Below is a brief description of these rights and how they can be implemented.

The right of access :

 This right allows you to ask us questions about the nature of the processing that concerns you (type of data, origin of collection, etc.). It also allows you to ask us for a copy of all the information concerning you. This right applies regardless of the legal basis of the processing operation concerning you.

The Right of Correction :

 The right of rectification serves to update your personal data. This right applies regardless of the legal basis of the processing operation concerning you.

The right of opposition :

 It is the right to say "no", the right not to be included in a data processing operation or to no longer be included in it. This right applies where the processing is based on DICKSON's "legitimate interest", provided that this interest is not "compelling".

Right to erase :

 It's the right to be forgotten. DICKSON has no reason to retain your data beyond what is necessary. All data concerning you will therefore be automatically deleted after the expiry of the retention period.

When your data are processed based on your consent or on the legitimate (non-criterious) interest of DICKSON, you can obtain the early deletion of your data. How? All you need to do is to indicate your willingness to withdraw your consent or to exercise your right to object to the processing.

Right to portability :

 This right allows you to request that your personal data be obtained, provided that it is processed on the basis of your consent or a contractual relationship. We have the obligation to transmit the data to you in a format that is technically usable by you or by an entity other tha Dickson.

You may exercise your rights by contacting us at one of the following addresses:

-by e-mail: contact@dicksondata.fr

-by post: DICKSON, for the attention of the Data Protection Delegate, 720, rue Louis Lépine 34000 Montpellier, France.

8.  Contact our Data Protection Officer (DPO)

 You can contact our DPO :

  • by email at contact@dicksondata.fr
  • by mail: DICKSON SA, for the attention of the Data Protection Delegate, 720, rue Louis Lépine 34000

9.  Security measures

As data controller, we take all necessary measures to safeguard the security and confidentiality of the data and in particular to prevent damage to the data or unauthorised third parties from gaining access to it. To this end, we implement all technical and organisational measures to guarantee an adequate an d risk-appropriate level of security. In addition, we ensure that our subcontractors comply with the rules on the protection of personal data.

DATA PROCESSING AGREEMENT

These data processing terms constitute a binding agreement between you and us only if and to the extent that: (i) you upload any personal data to the Services; and (ii) the GDPR requires that you and we enter into certain data processing terms that comply with article 28 of the GDPR.

This agreement (the “Agreement” or “Data Processing Agreement”) is provided and agreed to in connection with the OCEAView Cloud Services Agreement (the “Principal Agreement” or “Cloud Services Agreement”). By clicking “I AGREE” or a similar method online or digitally to the Cloud Services Agreement, you are agreeing to this Data Processing Agreement referred to in section 7 of the Cloud Services Agreement, which is fully incorporated herein by this reference. “You” refers to you as the counterparty to the Dickson Cloud Services Agreement and customer of the OCEAView software suite.

WHEREAS, you act as a data Controller;

WHEREAS, we (also referred to as “Processor”) may process certain data from you; and

WHEREAS, the Parties seek to implement a data processing agreement that complies with the requirements of the current legal framework in relation to data processing and with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

NOW, THEREFORE, in consideration of the promises and agreements set forth herein, the parties, each intending to be legally bound hereby, do promise and agree as follows:

1.  Definitions and Interpretation

Unless otherwise defined herein, capitalized terms and expressions used in this Agreement shall have the following meaning:

  • “Agreement” means this Data Processing Agreement;
  • “Personal Data” means any Personal Data Processed on behalf of you pursuant to or in connection with the Principal Agreement (the “OCEAView Cloud Services Agreement");
  • “Contracted Processor” means a Sub-processor;
  • “Data Protection Laws” means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country; these and other laws relating to processing personal data are also referred to as “Applicable Laws”;
  • “EEA” means the European Economic Area;
  • “EU Data Protection Laws” means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR;
  • “GDPR” means EU General Data Protection Regulation 2016/679;
  • “Data Transfer” means:
    • a transfer of Personal Data possessed by you; or
    • an onward transfer of Personal Data from a Contracted Processor to a Subcontracted Processor, or between two establishments of a Contracted Processor, in each case, where such transfer would be prohibited by Data Protection Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of Data Protection Laws);
  • “Services” means the services we provide under the Principal
  • “Sub-processor” means any person appointed by or on behalf of Processor to process Personal Data in connection with the Agreement

The terms, “Commission,” “Controller,” “Data Subject,” “Member State,” “Personal Data,” “Personal Data Breach,” “Processing” and “Supervisory Authority” shall have the same meaning as in the GDPR, and their cognate terms shall be construed accordingly.

2.  Processing of Personal Data

  • Processor shall:
    • comply with all applicable Data Protection Laws in the Processing of Personal Data; and
    • not Process Personal Data other than on the relevant documented

3.  Processor Personnel

Processor shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any Contracted Processor who may have access to the Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know/access the relevant Personal Data, as strictly necessary for the purposes of the Principal Agreement, and to comply with Applicable Laws in the context of that individual’s duties to the Contracted Processor, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.

4.  Security

  • Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor shall in relation to the Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the
  • In assessing the appropriate level of security, Processor shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.

5.  Sub-processing

Processor may appoint (and disclose any Personal Data to) any Sub-processor if required or authorized, provided that Processor respects the conditions referred to in paragraphs 2 and 4 of article 28 of the GDPR for engaging another processor; for the avoidance of doubt, the controller authorizes Processor to engage another processor for the conditions referred to in paragraphs 2 and 4 of article 28 of the GDPR have been met and such authorization applies to our current processors, a list of which will be provided to you upon written request.

6.  Data Subject Rights

  • Taking into account the nature of the Processing, Processor shall implement appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the obligations, as reasonably understood, to respond to requests to exercise Data Subject rights under the Data Protection Laws.
  • Processor shall:
    • promptly notify you if we receive a request from a Data Subject under any Data Protection Law in respect of Personal Data;
    • ensure that we do not respond to that request except on your documented instructions or as required by Applicable Laws to which the Processor is subject, in which case Processor shall to the extent permitted by Applicable Laws inform you of that legal requirement before the Contracted Processor responds to the request; and
    • assist the controller at the controller’s cost, in ensuring compliance with the obligations to the extent required to fulfill GDPR obligations, data subjects’ right to access, rectification, or erasure and portability of the data subjects’ personal data; Processor shall not respond directly to data subjects.

7.  Personal Data Breach

  • Processor shall notify you without undue delay upon Processor becoming aware of a Personal Data Breach affecting Personal Data, providing you with sufficient information to allow you to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.
  • Processor shall co-operate with you and take reasonable commercial steps as are directed by you to assist in the investigation, mitigation, and remediation of each such Personal Data Breach.

8.  Data Protection Impact Assessment and Prior Consultation

Processor shall provide reasonable assistance to you with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which you reasonably consider to be required by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Personal Data by and taking into account the nature of the Processing and information available to, the Contracted Processors.

9.  Deletion or Return of Personal Data

  • Subject to this section 9, Processor shall promptly and in any event within 30 (thirty) business days of the date of cessation of any Services involving the Processing of Personal Data (the “Cessation Date”), delete and procure the deletion of all copies of those Personal Data.

10.  Audit Rights

  • Subject to this section 10, Processor shall make available to you on request all information necessary to demonstrate compliance with this Agreement, and shall allow for and contribute to audits, including inspections, by you or an auditor mandated by you in relation to the Processing of the Personal Data by the Contracted Processors.
  • Your information and audit rights only arise under section 10.1 to the extent that the Agreement does not otherwise give information and audit rights meeting the relevant requirements of Data Protection Laws.

11.  Data Transfer

The Processor may transfer or authorize the transfer of Data to countries outside the EU and/or the European Economic Area (EEA) without your prior written consent. If personal data processed under this Agreement is transferred from a country within the European Economic Area to a country outside the European Economic Area, the Parties shall ensure that the personal data are adequately protected and contains appropriate safeguards. To achieve this, the Parties shall, unless agreed otherwise, rely on EU-approved standard contractual clauses for the transfer of personal data.

12.  Confidentiality

Each Party must keep this Agreement and information it receives about the other Party and its business in connection with this Agreement (“Confidential Information”) confidential and must not use or disclose that Confidential Information without the prior written consent of the other Party except to the extent that:

(a) disclosure is required by law; and

(b) the relevant information is already in the public