Charter for the Protection of Privacy and Data

Charter for the Protection of Privacy and Data

By the present charter, the Firm Santarelli wishes to establish its engagement for the protection of privacy and for the security of the data entrusted to it, which are fundamental to establishing and preserving the bond of confidence in a sustainable relationship between the Firm and its clients.

The present charter is directed to setting out the engagements of the Firm Santarelli for respectful use of the data entrusted to it in the context of its daily activity of assisting and advising its clients in their projects.

The Firm Santarelli, as a data manager, also wishes to bring to the attention of its clients all the information rendered mandatory by the applicable legislation, in particular Law No. 78-17 of 6 January 1978 in its consolidated version, relative to computing, files, and civil liberties, as well as Regulation 2016/679 of the European Parliament and of the Council dated 27 April 2016, relative to the protection of private individuals in relation to the processing of personal data and the free movement of such data.

Data, the heart of the Firm Santarelli’s activity

The Firm Santarelli is called upon to collect and process the data of its clients in the course of its activities, in order to assist them in the protection and the exploitation of their rights.

Throughout the existence of this relationship, clients need to communicate a large volume of data, including personal data, which the Firm Santarelli must collect and then process with the greatest care and in compliance with legislation and the code of professional conduct applicable to Intellectual Property attorneys.

The Firm Santarelli is aware of the responsibility represented by the storage and use of the data entrusted to it and undertakes to establish all appropriate measures to preserve the integrity, availability and confidentiality of such data.

Although this issue today plays a dominant role in the context of the increasing digitization of communication, it has long been taken into account within the IP profession, in particular, through the principle of responsibility, confidentiality, and avoidance of any conflict of interest imposed by the status of the profession and of its code of conduct.

The objective of minimum relevant collection

By its engagement for fair collection and processing of its clients’ data, the Firm Santarelli seeks only to collect and process such data in the way that is most relevant to the protection and exploitation of their rights, that is to say, with an objective of “minimization”.

In so doing, the Firm Santarelli has set itself the objective of restricting data collection and processing to the absolute minimum required for the proper management and execution of its services and for the administrative procedures carried out on behalf of its clients. In this respect, the data provided are only processed for the purposes determined by the client together with the client’s attorney and will not be the subject of later processing for another purpose.

Thus, the processing implemented by the Firm Santarelli is solely directed to setting up, managing and executing the services sought by the client, including the communication of data considered relevant. It is thus understood that a refusal to provide the data sought by the Firm Santarelli would prevent the client’s requests being met.

In the context of the services offered by the Firm Santarelli, the data collected and processed are essentially what are referred to as “simple” data (such as the contact details of private individuals) and more occasionally data which may be considered as “sensitive” (such as identification numbers on the citizens and residents national register.

As a matter of principle, the data are provided exclusively for use by the Firm Santarelli. However, the firm may be called upon to send such data to several categories of recipients in compliance with the purposes determined by the client and the client’s attorney together, and in particular:

  • the members and staff of the Firm Santarelli;
  • technical operators tasked with the IT management of our information systems;
  • Intellectual Property offices;
  • the legal entities or private individuals participating in the public administration of justice (in particular bailiffs, judicial experts, attorneys at law, and courts).

The Firm Santarelli may also be called upon to communicate the data entrusted to it in under a legal obligation, at the request of an official or legal body in conformity with applicable legislation, and for a legitimate interest (in particular in the interest of national defense).

When such transmission is rendered necessary, the Firm Santarelli undertakes to exercise the greatest care in complying with the applicable legislation and in regard to the guarantees provided by any third party recipients. Apart from these exceptions, the Firm Santarelli undertakes not to communicate the data entrusted to it in any way, except at the express request of its clients.

Furthermore, in order to ensure high-quality service, the Firm Santarelli is called upon to store the data provided for the entire duration of the relationship linking it to its clients, increased by any applicable prescription period applicable to the case. The attorney has the duty to ensure the erasure of the data in accordance with the aforesaid conditions or at the request of the client concerned.

Data in the context of the internationalization of intellectual property

Inventions, trademarks and internet sites are not limited by geographical boundaries, and the Firm Santarelli is regularly called upon by its clients to handle projects with an international dimension. Such projects most often involve the transfer of personal data to foreign countries and, sometimes, to countries not having been the subject of an approval decision by the competent administrative authority.

The Firm Santarelli wishes to bring to the attention of its clients the fact that such transfers involve risks which it strives to reduce or eliminate. For this purpose, the Firm Santarelli relies on an international network of experienced, tried and tested attorneys.

It is to be understood that such transfers can only take place with the agreement of the client concerned, given the risks involved and the applicable contractual provisions. In no case can the Firm Santarelli carry out such transfers without the knowledge of the client concerned.

The security of our information systems

The Firm Santarelli undertakes to ensure the preservation of the confidentiality, integrity and availability of the data entrusted to it in compliance with the state of the art and the available knowledge and means.

To that end, the Firm Santarelli employs all appropriate technical and organizational measures to prevent the modification, disappearance, or unauthorized access to the data entrusted to it, guaranteeing in particular:

  • Control of the logical and physical access to the data;
  • Security of exploitation and communications;
  • Anti-malware protection;
  • Encryption and anonymization wherever possible;
  • The supervising of subcontractor relations.

Furthermore, it should be noted that any person having access to the data entrusted to the Firm Santarelli is bound by an obligation of confidentiality and, in case of non-compliance with that obligation, is liable to disciplinary or contractual sanctions, and possible legal action.

In order to best manage the security of our information systems, the Firm Santarelli has made the choice of handling cybersecurity in accordance with its ISO 9001 quality management system, thereby complying with a logic of continuous improvement of the protection of privacy for its clients and for the data entrusted to it.

Responsibility and Points of Contact

In order to coordinate the measures for the protection of privacy and the security of personal data, the Firm Santarelli has chosen to designate a Data Protection Officer, or DPO, as well as number of relevant professional contacts.

These data security officers are tasked with operating the measures set up, and are your points of contact for any question relating to the protection of your data and the rights guaranteed by the applicable legislation.

It is through these officers and via the following contact details that you can exercise all your data rights: access, rectification, erasure, limitation, opposition, and portability. We would also remind you that you have the right to complain to the competent regulatory authority.

DPO@santarelli.com

49, avenue des Champs Elysées – 75008 Paris

The present charter may be amended at any time according to the needs of the Firm Santarelli or, if legislation so requires. It is therefore advisable to consult our internet site regularly to remain informed of any amendments.

If major modifications are made to the present document, the Firm Santarelli reserves the right to inform its clients by email.

Initial version, published on 20 July 2018.