Privacy policy
Privacy policy
Effective Date: September 1, 2021
Introduction
Welcome to Orange Silicon Valley’s Privacy Policy. It details our privacy practices for the activities described below. Please take the time to carefully review this Privacy Policy in order to understand how we collect, share, use and otherwise process information relating to individuals, and to learn about your rights and choices regarding our processing of your Personal Data (as defined below).
Orange Silicon Valley (“Orange Silicon Valley”, “we”, “us” or “our”) is committed to protect your Personal Data in accordance with applicable data protection and information security laws, including but not limited to the California Consumer Privacy Act (the “CCPA”), the EU General Data Protection Regulation 2016/679, as nationally implemented, supplemented and amended from time to time (the “GDPR”), the EU ePrivacy legislation, and various national privacy laws.
1. The scope of this Privacy Policy
This Privacy Policy applies to Personal Data that Orange Silicon Valley processes when you:
Visit our website siliconvalley.orange.com;
Visit our branded social media pages;
Visit our offices;
Receive communications from us, including emails, phone calls, or texts;
Register for, attend or take part in our events, webinars, or contests; or
Answer our surveys;
Collectively, our “Services”.
For further details on our processing activities as Controller and the type of Personal Data processed, please see section 5.
Processing of Personal Data is required for receiving certain products or services.
Our Services are not intended for use by children, and we do not knowingly collect Personal Data relating to children.
Definitions
“Controller” has the meaning set out in the GDPR: it is the company that (alone or jointly with others) determines the purposes and means of the processing of Personal Data. Orange Silicon Valley is the controller of your Personal Data, as described in this Privacy Policy, unless otherwise stated.
“Personal Data” means any information relating to an individual from which that individual can be identified. It does not include data where the identity has been removed (anonymous data).
“Processor” has the meaning set out in the GDPR: it is the company that processes Personal Data on behalf of the Controller. Orange Silicon Valley may act as a Processor in respect of all Personal Data collected or generated by Orange Silicon Valley in order to provide its Services to you, on your instructions, and not for any other purpose.
In addition, the terms “Business Purpose,” “Consumer,” “Personal Information,” “Service Provider,” “Sell,” and any other term defined by the CCPA shall have the meanings given to such terms in the CCPA.
Third-party links
Our website siliconvalley.orange.com (the “Website”) may include links to third-party websites and applications as well as to partner providers of multiple different types of services associated with a particular Service. Clicking on those links, content or application may allow these third parties to collect or share Personal Data about you. Except as otherwise expressly included in this Privacy Policy, this document addresses only the use and disclosure of information we collect from you. If you disclose your information to others, different rules may apply to their use or disclosure of the information you provide to them. We do not control these third-party websites and are not responsible for their privacy statements or the way in which they collect or use your Personal Data. When you leave our Website, please read the privacy policy of the other websites that you visit.
Changes to this privacy policy and the importance of keeping us updated
We will update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. If we do, we will update the “effective date” at the top. If we make a material update, we may provide you with notice prior to the update taking effect, such as by posting a conspicuous notice on our website or by contacting you directly, or where required under applicable law and feasible, seek your consent to these changes.
We encourage you to periodically review this Privacy Policy to stay informed about our collection, processing and sharing of your Personal Data.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
This version was last updated on September 1, 2021.
2. Who we are and our contact information
We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy policy.
If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.
Contact details
If you have any questions about this privacy policy or our privacy practices, please contact our data privacy manager in the following ways:
Full name of legal entity: Orange Silicon Valley, LLC
Mailing address: 60 Spear Street, Suite 1100, San Francisco, CA 94105
Email address: notices.osv@orange.com
3. What Personal Data may we collect?
The Personal Data we collect directly from you includes identifiers, professional or employment-related information, financial account information, commercial information, visual information, and internet activity information.
Personal Data we collect directly from you
We may collect, use, store and transfer different kinds of Personal Data about you which we have categorized as follows:
Category Personal Data in category
Identity Data first name, last name, honorific (e.g. Ms., Mr., Dr., …), username or similar identifier, password, image, employer name, job title, and, if you contribute to or interact with an event, any other audio-visual content which you appear in
Contact Data home address, office address, email address and telephone numbers
Visual Data photographs and other audio-visual record or content which you appear in and that we take during Orange Silicon Valley or third party events or that we process based on your consent
Transaction Data details about payments you have made and other details of services you have accessed or used through the Website. We do not store card details on our server. Credit and debit card payments are processed by Stripe on their secure payments server and all card details and fully encrypted and store by them
Technical Data internet protocol (IP) address, login data, browser type and version, time zone setting and location, hardware information, time zone setting and location, browser plug-in types and versions, operating system and website, and other technology on the devices you use to access areas of our Website
Profile Data username and password, interests, purchases, preferences, comments, questions, feedback and survey responses
Usage Data information about how you use our Website and Services
Marketing and Communications Data preferences in receiving marketing from us and our third parties partners and your communication preferences
Personal Data we collect from other sources
We also collect information about you from other sources including third parties from publicly available information. We may combine this information with Personal Data provided by you. This helps us update, expand, and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you. The Personal Data we collect from other sources includes identifiers, professional or employment-related information, education information, commercial information, visual information, internet activity information, and inferences about preferences and behaviors. In particular, we collect such Personal Data from the following sources:
Third party providers of business contact information, including mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), IP addresses, social media profiles, LinkedIn URLs and custom profiles, for purposes of targeted advertising, delivering relevant email content, event promotion and profiling, determining eligibility and verifying contact information; and
Another individual at your organization who may provide us with your business contact information for the purposes of obtaining services.
Aggregated / anonymized data
We also collect, use and share aggregated and anonymized information such as statistical or demographic information. Aggregated or anonymized data could be based on Personal Data but is not legally considered to be Personal Data. For example, we may aggregate or anonymized Usage Data to calculate the percentage of users accessing a specific function on our website. If we combine or link aggregated or anonymized data with any Personal Data so that it can identify an individual, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.
4. How do we collect your Personal Data?
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity, Contact and other Data by filling in forms or by corresponding with us by email or otherwise on the Website. This includes Personal Data you provide when you: (a) register to use our website or create an account with us; (b) sign up for an event, webinar or contest, (c) subscribe (or are subscribed) to our services or interact in an event; (d) request marketing to be sent to you; (e) enter a promotion or survey; or (f) give us feedback or contact us, or (g) if you visit our offices.
- Automated technologies or interactions. As you interact with the Website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
5. How do we use your Personal Data?
The table below shows the ways that we use Personal Data for which we are Controller and our legal bases for doing so (including a description of our legitimate interests).
We may process your Personal Data for more than one lawful ground depending on the specific purpose for which we are using your data.
Our Activity
Types of Personal Data processed
Our lawful basis for processing
To register you as a user of our Website Identity Data
Contact Data
- Performance of a contract with you
To process any paid or unpaid entry to an event:
- Managing payment, fees and charges (if any)
- Verifying your identity and details of your payment method or credit card account (if any)
- Communicating with you, for example confirmation of your attendance for an event
Identity Data
Contact Data
Transaction Data
Marketing and Communication
- Performance of a contract with you
- Necessary for our legitimate interests
To manage our relationship with you, which will include:
- Providing access to Website services
- Notifying you of any changes to our terms of service or Privacy Policy
- Asking you to leave a review or take a survey
- Investigating complaints
Identity Data
Contact Data
Profile Data
Marketing and Communications
- Performance of a contract with you
- Necessary to comply with a legal obligation
- Necessary for our legitimate interests (to keep our records updated and to study how users use the Websites and our services)
To deliver relevant Website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you Identity Data
Contact Data
Profile Data
Usage Data
Marketing and Communications Data
Technical Data
- Necessary for our legitimate interests (to study how users use the Website and to grow our business and inform our marketing and growth strategy)
To complete a survey, provide customer satisfaction feedback, take part in service improvement programs, and attend any events that we organize Identity Data Contact Data Profile Data Usage Data
Marketing and Communications Data
Visual Data
- Necessary for our legitimate interests (to study how Customers use our services, to try to increase and improve interaction with customers, to find out how we can improve our services, and to develop and grow our business, to communicate about our events)
To make suggestions and recommendations to you about events or services that may be of interest to you Identity Data Contact Data Profile Data Usage Data
Marketing and Communications Data
- Necessary for our legitimate interests (to develop our products/services, grow our business and maintain our relationships)
- Consent where required
To administer and protect our business and our websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) Identity Data
Contact Data
Technical Data
- Necessary for our legitimate interests (for running our business, administering our CRM, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)
- Necessary to comply with a legal obligation
To provide access to you, as an individual, to on-line portals for your own individual usage management; Identity Data Contact Data Technical Data Profile Data · Necessary for the legitimate interests of your organization, our Customer, to provide you with this feature to improve and facilitate your use of the service;
- Necessary with our legitimate interests to study how you use our service, to try to improve interaction with you, to find out how we can improve our services, and to develop and grow our business
To use data analytics to improve: our Website, products/services, marketing or user relationships and experiences Depending on the activity, certain:
Contact Data
Profile Date
Marketing and Communications Data
Technical Data
Usage Data
- Necessary for our legitimate interests to manage or improve/develop our products, services, offers, marketing strategy, develop our business, keep our services and Website updated and relevant
To register office visitors for security, health, and safety reasons and to manage non-disclosure agreements that visitors may be required to sign Identity Data
Contact Data
- Necessary for our legitimate interests in protecting our offices, staff and visitors and our confidential information against unauthorized access
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. In respect to Orange Silicon Valley, that is the performance of our agreement with you to make the Website and our services available. We are not involved in the processing of your Personal Data during any engagement you enter into with our third party partners. We will always get your consent to transfer any Personal Data to any third party whom you enter into an agreement with for the provision of their services to you.
Comply with a legal obligation means processing your Personal Data where it is necessary for compliance with a legal obligation that we are subject to.
Marketing
We strive to provide you with choice regarding use of your Personal Data around marketing and advertising. We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think may be of interest to you. This is how we decide which services and offers may be relevant for you.
You will receive marketing communications from us if you have provided your consent to receive those communications.
You can ask us to stop sending you marketing messages at any time by contacting us.
Third-party Marketing
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes, including our affiliates.
Opting out
You can ask us or third parties to stop sending you marketing messages at any time. Where you opt out of receiving these marketing messages, this will not apply to Personal Data provided to us as a result of your use of the Website, registration for an event or any associated services.
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Website may become inaccessible or not function properly.
Change of Purpose
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by applicable law.
6. To whom may we disclose Personal Data?
We may share your Personal Data in our capacity as Controller of such Data with the parties set out below for the purposes set out in the table in section 5 above.
If you use our websites to register for an event or webinar organized by one of our affiliates, we may share your Personal Data with such affiliate to the extent this is required on the basis of the affiliate’s contract with you to process your registration and ensure your participation in the event. Our affiliate will process the relevant Personal Data as a separate controller and will provide you with further information on the processing of your Personal Data, where required.
Service providers acting as Controllers in their own rights, in which case the processing of your Personal Data will be subject to these service providers’ privacy policies. For example, to provide event hosting platform services when we hold our events virtually, or our third-party partners and affiliates who you engage with you through the use of the Website or Services in order to facilitate the provision of services.
Where third parties provide support for the provision of services made available to you through the Website or for the hosting of events, these third parties may receive certain Personal Data from you. Whilst we are not in control of any third parties to whom you request your data to be shared, we require all third parties to respect the security of your Personal Data and to treat it in accordance with applicable data protection laws. Unless they obtain your explicit consent, we do not allow any third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with your instructions.
Service providers acting as Processors based in EU and outside of EU, who provide IT and system administration services, maintenance, expert technical support and hosting.
To help constantly improve and tailor the service we provide to you through our Website, we may use aggregated information so that we can administer and improve our services, analyze trends, gather broad demographic information and detect suspicious or fraudulent transactions and most importantly monitor and improve our operations on a day to day basis. In carrying out this activity, we may pass some information to third parties in aggregate and anonymized format.
National authorities (such as tax authorities), agencies and regulators acting as Processors or Controllers who have the legal authority to require reporting of processing activities or disclosure of Personal Data in certain circumstances.
7. What are the appropriate safeguards for international transfers of Personal Data?
Your Personal Data may be collected, transferred to and stored by us in the United States and by our affiliates and third parties disclosed in Section 6, above, that are based in other countries.
Your Personal Data may therefore be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area (EEA).
Whenever we transfer your Personal Data out of the EEA, for example to an external supplier in a country which the EU Commission has not assessed as providing an adequate level of protection, we ensure an appropriate degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in the European Union.
Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.
8. Our data security practices
We have put in place appropriate security measures including organizational, technical, and physical measures to prevent Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to access it. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
While we follow generally accepted standards to protect Personal Data, no method of storage or transmission is 100% secure. You are solely responsible for protecting your password, limiting access to your devices and signing out of websites after your sessions.
9. How long will we retain Personal Data?
We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for Personal Data, we consider:
the amount, nature and sensitivity of the Personal Data;
the potential risk of harm from unauthorized use or disclosure of your Personal Data; and
the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances we will anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
10. Your legal rights
Under certain circumstances, you have the following rights under data protection laws in relation to your Personal Data:
request access to, correction of, or erasure of Personal Data to the extent permitted by applicable data protection laws
object to processing of Personal Data
request restriction of processing of Personal Data to the extent permitted by applicable data protection laws
request transfer of Personal Data to another organization, to the extent possible
withdraw consent to processing of Personal Data
Opt out of certain disclosures of your Personal Data to third parties
If you’re under the age of 16, opt in to certain disclosures of your Personal Data to third parties
Not be discriminated against for exercising your rights described above
Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects
make a complaint to the relevant national data protection regulator (such as the Information Commissioner’s Office (ICO) in the UK – ico.org.uk, or the Commission Nationale de L’Informatique et des Libertés (CNIL) in France – www.cnil.fr/fr).
If you wish to exercise any of the rights set out above, please contact us.
How will Orange Silicon Valley deal with my request?
Usually no fee
You will not have to pay a fee to access your Personal Data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we require
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
When we will respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Additional Disclosures for California Residents
The California Consumer Privacy Act requires businesses to disclose whether they sell Personal Data. As a business covered by the CCPA, we do not sell Personal Data. We may share Personal Data with third parties or allow them to collect Personal Data from our sites or Services if those third parties are authorized service providers or business partners who have agreed to our contractual limitations as to their retention, use, and disclosure of such Personal Data, or if you use our website or Services to interact with third parties or direct us to disclose your Personal Data to third parties.
California law requires that we detail the categories of Personal Data that we disclose for certain “business purposes,” such as to service providers that assist us with securing our services or marketing our products, and to such other entities as described in Sections 5 and 6 of this Privacy Statement. We disclose the following categories of Personal Data for our business purposes:
Identifiers;
Commercial information;
Internet activity information;
Financial information;
Professional and employment-related information;
Education information; and
Inferences drawn from any of the above information categories.
California law grants state residents certain rights, including the rights to access specific types of Personal Data, to learn how we process Personal Data, to request deletion of Personal Data, and not to be denied goods or services for exercising these rights.
If you are a California resident under the age of 18 and have registered for an account with us, you may ask us to remove content or information that you have posted to our website(s). Please note that your request does not ensure complete or comprehensive removal of the content or information, because, for example, some of your content may have been reposted by another user.
For information on how to exercise your rights, please refer to Section 10 of this Privacy Policy. If you are an authorized agent wishing to exercise rights on behalf of a California resident, please contact us using the information in section 2 above and provide us with a copy of the consumer’s written authorization designating you as their agent.
We may need to verify your identity and place of residence before completing your rights request.