Critical Expertise Solutions
Privacy Policy
A Legal Disclaimer
Privacy Policy
1. Introduction and Scope
Critical Expertise Solutions (CES) is committed to protecting and respecting your privacy. We comply with the applicable data privacy and security requirements in the countries in which we operate.
Critical Expertise Solutions (CES), based in France, is responsible for this website. This Privacy Policy is issued on behalf of CES. When we mention “CES,” "we," "us," or "our" in this Privacy Policy, we are referring to CES, which is responsible for processing your data.
This Privacy Policy sets out the basis on which we process the following types of personal data:
- Any Personal Data provided to us through our website (“Website Data”);
- Any Personal Data provided to us in connection with our contractual relationship with a client or prospective client (“Client Data”); and
- Any Personal Data that is provided to us or which we collect during the course of providing services to clients (“Client Services Data”).
Where we process Website Data and Client Data, CES is the data controller. For Client Services Data, CES may act as a controller or a processor depending on client instructions.
2. What Personal Data Do We Collect and How Do We Use It?
We collect the following types of Personal Data as part of our business operations:
Client Data
We collect the following Personal Data directly from clients and prospective clients to enable CES to provide the requested services:
- Full name and job title;
- Contact details, including email address and, if applicable, company name.
We may also collect additional Personal Data, such as:
- Records of correspondence if you contact us;
- Details of your interests and preferences;
- Account information (username and password) if you use our proprietary portal ("Portal");
- Details of your website visits, including traffic data, location data, weblogs, and other communication data.
We collect this Personal Data as part of our contractual obligations to provide the requested services. Where services are provided to clients, we process Personal Data based on our and our clients' legitimate business interests. Although providing Personal Data is not mandatory, withholding it may limit our ability to offer requested services.
We may also use Personal Data for the following purposes:
- Marketing our services to you based on our legitimate interests;
- Complying with applicable laws or regulations;
- Improving our products and services;
- For internal training purposes.
In some cases, such as when legally required, we may request your consent to process Personal Data.
Website Data
CES collects Personal Data about website users, including email addresses, company name (if applicable), job title, and any additional information provided by users. We may also collect information about your computer, such as IP address, operating system, and browser type, for system administration. We use Cookies (see our Cookie Policy for details) to collect Website Data.
We use Website Data in the following ways:
- To present content in the most effective way for your device;
- To analyze data for improving our website and services;
- For fraud prevention and security;
- To respond to website inquiries.
CES does not sell or distribute Website Data to third parties, nor do we host mailings on behalf of third parties. Website Data is stored in our contacts database unless you request its removal by contacting [contact@criticalexpertisesolutions.com]
We do not sell your Personal Data and only share it with our partners when necessary and when we have ensured its privacy and security.
Client Services Data
CES provides cybersecurity, corporate intelligence (including strategic intelligence, regulatory and compliance due diligence, disputes, investigations, and litigation support), and crisis response services to clients. In some cases, clients require us to collect information on individuals. This data may come from clients, you, public records, or other sources. Depending on the engagement, CES may act as a data controller or processor.
When CES acts as a controller, we establish a lawful basis for processing, often based on legitimate interests to provide services that help clients meet their legal, regulatory, or compliance obligations. When acting as a processor, we require our clients to establish a lawful basis for data processing.
Client Services Data may include:
- Contact information (name, job title, address, phone, email, etc.);
- Company profiles and statistics, including details of company officers;
- Background information on company management;
- Information related to actual or suspected criminal offenses from media reports or public records;
- Special categories of data, such as health, beliefs, and political affiliations, from public sources.
We use Client Services Data to:
- Provide services to our clients;
- Comply with applicable laws or regulations;
- Improve our products and services;
- For training and record-keeping.
4. Where We Store Your Personal Data
4.1 Storage and Retention
CES retains Personal Data only as long as necessary for the purpose for which it is collected. For Client Data and Website Data, this is typically for the duration of the client relationship. For Client Services Data, retention generally lasts for the engagement duration. Certain records may be retained longer to comply with legal obligations.
If you request deletion of your Personal Data, we will respond in accordance with applicable data privacy law. For access, correction, or deletion requests, please see the "Your Rights" section.
5. How We Protect Your Data
CES employs industry-standard technical and organizational security measures to safeguard your Personal Data. Electronic data and databases are stored on secure computer systems with controlled access. Our staff receive data protection training, and we follow strict data protection procedures.
6. Disclosure of Personal Data
We may share Personal Data with group companies, suppliers, and service providers as necessary to provide our services, and with clients if data was collected on their instructions. All disclosures adhere to GDPR requirements, using appropriate safeguards.
Personal Data may also be disclosed:
- In case of a business or asset sale;
- If CES or its assets are acquired by a third party;
- When legally required to protect CES, clients, or others' rights, property, or safety.
7. Your Rights
7.1 Opt-Out
You have the right to request that we not process your data for marketing. You can exercise this right by selecting opt-out options on data collection forms or by contacting [contact@criticalexpertisesolutions.com]
7.2 Data Subject Rights
In addition to the opt-out, GDPR provides you the right to:
- Request access to your Personal Data;
- Request correction or deletion of your data;
- Withdraw consent for specific data processing;
- Request restriction of processing;
- Object to processing;
- Obtain and transfer data in a machine-readable format.
Requests should be directed to the data controller, typically our client if CES is acting as a processor. If CES receives a request as a processor, we will consult the client.
8. Complaints Process
If you believe your data rights under GDPR have been breached or are dissatisfied with our handling of your Personal Data, you may file a complaint with the French data protection authority, **CNIL** ([https://www.cnil.fr](https://www.cnil.fr)).
9. Data Protection Officer
Our Data Protection Officer can be reached at:
[privacy@criticalexpertisesolutions.com]
10. Links to Third-Party Websites
Our website may occasionally contain links to third-party websites. Please note that these websites have their own privacy policies, and CES does not accept liability for any data provided to or collected by these third parties.
11. Contact
If you have questions about this policy or how we use your data, please email [privacy@criticalexpertisesolutions.com]
12. Changes to This Notice
We reserve the right to modify this policy. Any updated policy will be posted on our website.
Last updated: November 2024