CONFIDENTIALITY POLICY

The Bureau International de l’Edition Française (BIEF) (The French International Publishing Office) is an association constituted in accordance with the French law of 1901 concerning non-profit organizations, registered under the number 306 794 959, and located at 115 Boulevard Saint Germain, 75006 Paris.
 
Respecting your privacy, the BIEF enforces law n° 78-17, January 6, 1978 concerning information technology, data files and civil liberties and the European regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, GDPR.  2016/679 of 27 April 2016.
 
BIEF has named a data protection officer. He/She can be contacted by email at bief_donneespersonnelles@bief.org or at the postal address: BIEF, M. le Délégué à la Protection des Données, 115, boulevard Saint-Germain – 75006 Paris.
 
The present confidentiality policy informs you as to how the BIEF receives and deals with your personal data as representatives of the BIEF member publishing houses, representatives of the Ministries of Culture and of Europe and Foreign Affairs, representatives of the Centre National du Livre and of the Organisation Internationale de la Francophonie, representatives of other inter-professional organizations (such as the Société Française des Intérêts des Auteurs de l’Ecrit, the Office Franco-Allemand pour la Jeunesse, the Centres Régionaux du Livre, Présence du Livre Français and its members, the Institut français, the Société Civile des Editeurs de Langue Française, the Association Internationale des Libraires Francophones, the Fédération des Editeurs Européens, the Alliance Internationale des Editeurs Européens, the Société des Gens de Lettres, the Syndicat de la Librairie Française), bookstores in France and abroad, trade show organizers in France and abroad, representatives of publishing houses with headquarters in countries other than France. It is addressed to any person who receives our publications.
 
The present confidentiality policy applies to all data of a personal nature that we collect from you or that is provided by a third person and that can concern you.
 
The present confidentiality policy is not contractualin nature and does not create any obligation beyond what is already set out by the regulations cited above in terms of data protection and privacy.
 

1. What data do we collect and process and where do they come from?

 
As part of our activities we collect your personal data from different sources.
They can be communicated:
  • By you yourself during our dealings (telephone calls, emails, appointments, bookfairs, professional events, mail, paper or on-line forms and other communications);
  • By another person belonging to your structure (for example, from the BIEF membership form). There are identification data (e.g. last name, first name, professional email address, etc.), and data concerning your intention to participle in BIEF programs.
  • From cookies and other Internet trackers used on our internet site.
 
They can also be collected on professional Internet sites accessible to the public like LinkedIn or your structure’s Internet site. These are data concerning your present professional situation.
 

2. What are the purposes and legal bases for our data processing?

 
In respect of the regulation, all personal data processing to be lawful must be based on one of the legal bases set out in article 6 of the GDPR.
 
The following chart shows the different purposes in the processing of your data and the legal grounds to achieve these aims.
 
Purposes pursued: Management of the association (notifications for general assemblies, board meetings, group meetings on specific subjects, minutes of these meetings, membership forms, corresponding bills and payment follow up.)
=> Legal grounds: GDRP art. 6.1.c – legal obligation, necessary for BIEF’s proper functioning
 
Purposes pursued: Management of BIEF’s members’ participation in its annual operations program (members’ registration on the BIEF internet site in their private space via a login and password, generation and sending of participation forms, sending participation bills and payment follow-up.)
=> Legal grounds: GDRP art. 6.1.b – BIEF membership contract
 
Purposes pursued: Production of an annual catalog of member publishing houses and their representatives, to be exposed and communicated to any person on any BIEF promotion operations
=> Legal grounds: GDRP art. 6.1.b – BIEF membership contract
 
Purposes pursued: Production for BIEF members of market studies and organigrams for the publishing sector all over the world
=> Legal grounds: GDRP art. 6.1.b – BIEF membership contract
 
Purposes pursued: Management, publishing and security of the BIEF Internet site, www.bief.org (in particular the membership space), including the use of cookies/trackers (session cookies and security cookies, for the functioning of the site)
=> Legal grounds: GDRP art. 6.1.b – BIEF membership contract
 
Purposes pursued: Management of BIEF members’ promotion for bookfairs, meetings and professional workshops in France and abroad. Registration of French participants exhibiting on the BIEF collective stand in the salon organizers’ catalogues in France and abroad.
=> Legal grounds: GDRP art. 6.1.a - Consent by registration for non-members 
GDPR art. 6.1.b - BIEF membership contract for BIEF members
 
Purposes pursued: Management of foreign publishers' participation in digital events (appointment setting) to meet French publishers, BIEF members, such as the French week project (registration on dedicated platforms such as Inwink, in a private space via a login and password)
=> Legal grounds: GDRP art. 6.1.a - Consent by registration for non-members 
GDPR art. 6.1.b - BIEF membership contract for BIEF members

Purposes pursued: Management of BIEF’s members’ participation in its catalogs of royalty-free titles on to "Books from France" platform
=> Legal grounds: GDRP art. 6.1.a - Consent by registration for non-members 
GDPR art. 6.1.b - BIEF membership contract for BIEF members
 
Purposes pursued: Sending of BIEF newsletter
=> Legal grounds: GDRP art. 6.1.a - Consent by registration for non-members 
GDPR art. 6.1.b - BIEF membership contract for BIEF members
 
Purposes pursued: Management of complaints, unpaid debts, pre-litigation and litigation
=> Legal grounds: GDRP art. 6.1.c – legal obligation, necessary for BIEF’s good working
 
Purposes pursued: Management of your rights recalled on point 5
=> Legal grounds: GDRP art. 6.1.c – legal obligation, necessary for BIEF’s good working
 
Purposes pursued: Account of audience measures on the Internet site www.bief.org and www.booksfromfrance.com; Session cookies for the member’s space of the Internet site www.bief.org (subject to consent) and www.booksfromfrance.com
=> Legal grounds: GDRP art. 6.1.a – BIEF membership consent
 
Where the legal ground is based on consent, you may withdraw your consent to processing.
Where the legal ground is based on a contract you cannot object to the processing except by terminating the contract.
Where the legal ground is based on a legal obligation, you cannot object to the processing or request the erasure of the data. 
 

3. Is the collection and processing of your data obligatory?

 
The management of your structure’s membership in the BIEF necessitates the obligatory collection of the following data: last name, first name, position, professional email, professional telephone number. Failure to communicate this obligatory information prevents membership request. These information requirements are contractual. The data you transmit with your membership form are registered and circulated on the BIEF internet site. The contacts of member companies have access, via a login and password, to the company’s private space on the BIEF internet site and the company card and contacts can be modified at any time.
 
The management of foreign publisher’s participation to digital operations that may be organized from time to time, necessitates collection of the following data: last name, first name, position, professional e-mail. Failure to communicate this obligatory information prevents participation request. These data provision requirements are contractual. The data provided in this way are saved and published on the platform used to host the event. The contacts of the companies (foreign publishing houses) have access, via a login and password, to the company’s private space on the platform, and can modify their company file and contacts at any time.
 
To exercise your rights, as they appear in point 5 of the present Confidentiality Policy, your identity will be required for the communication of information or of documents or for complementary information on your request. Failure to provide this information can prevent us from answering your requests. This requirement of providing data is regulatory law.
 
The collection of other data can be obligatory. All the data that has obligatorily to be collected, the contractual or regulatory nature of this obligation and the consequences of the failure to provide these data are brought to your attention directly during the collection. 
 

4. To whom might your data be transmitted?

 
We might communicate these data:
 
  • To the Ministries of Culture and of Europe and Foreign Affairs, financial supporters of the BIEF to whom we report on BIEF activity;
  • To the Centre National du Livre and to the Organisation internationale de la Francophonie, in the partnerships or events organized with them and/or with their support;
  •  To inter-professional organizations (the Société Française des Intérêts des Auteurs de l’Ecrit, the Office Franco-Allemand pour la Jeunesse, the Centres Régionaux du Livre, Présence du Livre Français, the Institut Français, the Société Civile des Editeurs de Langue Française, the Association Internationale des Libraires Francophones, the Fédération des Editeurs Européens, the Alliance Internationale des Editeurs Européens, the Société des Gens de Lettres, the Syndicat de la Librairie Française, Pro Helvetia); in the framework of partnerships for events organized together or for informational needs and invitations to events ;
  •  To the French Publishers’ Agency, BIEF affiliate in New York, selling rights agency whose services are proposed to BIEF member publishing houses;
  •  To bookfairs and other events organizers in France and abroad (such as cultural services in French embassies, the Instituts français, the Frankfurt Fair, Reed Expositions, Reed Exhibitions), in the framework of partnerships for events organized together, if you intervene or participate in the said events for the management, organization or promotion such as the inclusion of participants in the catalogue of the salons and book fairs, the accreditation of the speakers and participants;
  • To French and foreign booksellers, participating in some BIEF projects;
  • To our subcontractors for various studies (writers, translators, graphists, printers); for the production of such studies;
  • To our subcontractors and their own subcontractors, called sub-processors (host and developer of our Internet site, company in charge of maintenance of our data processing equipment, emailing program, email messaging, audience measurement system of our Internet site). Our subcontractors are bound by an obligation of confidentiality and security, as well as other obligations spelled out in the GDPR. We choose our subcontractors carefully and remain in all cases responsible for the processing of your personal data by our sub-contractors;
  •  To certain regulated professions like lawyers, auditors, certified public accountants;
  •  To financial, legal, administrative authorities or State agencies, public organizations and regulation authorities for which the BIEF can, in particular in the case of a legal proceeding, a dispute, a control and/or a query be required to divulge certain data, if requested and within the limits of what the regulation allows.
 
The list of BIEF sub-contractors is available on our website.
 
In compliance with article 19 of the GDPR, the controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.
 

5. What are your rights?

 
As defined in article 12 and following of the GDPR, with a few exceptions:
 
  • You shall have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data (Right of access by the data subject – article 15 of the GDPR);
  •  You shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. (Right to rectification – article 16 of the GDPR);
  • You shall have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies (Right to erasure or to be forgotten) – Article 17 of the GDPR);
  • You shall have the right to obtain from the controller restriction of processing in certain cases (Right to restriction of processing - Article 18 of the GDPR);
  • You shall have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (Right to data portability – Article 20 of the GDPR)
  • You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Automated individual decision-making, including profiling (Article 22 of the GDPR). Our processing is not concerned.
  • The following provisions also exist, defined in Article 21 of the GDPR:
  • You shall have the right to object, on grounds relating to your particular situation. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.  (Right to object - Article 21.1)
  • Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing (Right to object - Article 21.2)
 
The existence or absence of these rights depends on the legal grounds for processing concerned by the request. These rights have limits, and in certain cases we can thus refuse your request (for example for imperious legitimate reasons concerning the right to object). Thus, in certain cases, it is possible that we cannot accede to your request and we will explain the reason for that.
 
You also have the right to define, modify and revoke at any moment the directives concerning the conservation, erasure and communication of your personal data post-mortem in compliance with CNIL law 40-1. These directives can be general or specific. We can only be custodians of the specific directives concerning the data we process. The general directives can be collected and conserved by a third party of digital confidence certified by the CNIL. You also have the right to designate a third party to which your data can be communicated after your death. You are committed to informing this third party of your move and of the fact that the positive-identifying data will be transmitted to us, to communicate the present confidentiality policy.
 
Subject to compliance with the conditions set out by the regulation, you can exercise your rights by writing to bief_donneespersonnelle@bief.org or to the mailing address: BIEF, 115 boulevard Saint Germain, 75006 Paris. 
 
In the event of reasonable doubt as to your identity, we may request the provision of additional information necessary to confirm the identity of the data subject (for example, in certain cases, a copy of both sides of your identity card in black and white).
 
No payment is due in response to your requests in the exercise of the pre-cited rights.  However, in compliance with article 12 of the GDPR, where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either: charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to act on the request. 
 
The controller shall provide information on action within one month of receipt of the request. That period may be extended by two further months taking into account the complexity and number of the requests received by the BIEF. 
 
You also have the right to introduce a complaint to the supervisory authority (in France, to the Commission Nationale de l’Informatique et des Libertés, the CNIL, 3 Place de Fontenoy, TSA 80715 – 75334 Paris Cedex 07, www.cnil.fr)
 

6. How long do we conserve the data?

 
The data are stored in an active database (accessible to administrative and operational personnel) during the time required for the purposes described above in point 2. To determine the storage times, the BIEF follows the CNIL recommendations when they are provided by the latter; if necessary by bringing up to date these recommendations not taken into account by the CNIL concerning when the new legal or regulatory texts come into effect.
 
When these periods expire, the data are stored in an archive data (accessible only by limited personnel and only for grievances, litigation, request for access or to prove BIEF’s correct execution of its legal or contractual obligations) during the applicable statutory limitation period or the period necessary to comply with a legal obligation (for example the legal requirements for the conservation of accounts). These periods vary according to the purposes and databases involved. If the periods between the civil and criminal proceedings differ for the same data category, the longer period is applied. 
 

7. Are we likely to transfer your data outside of the European economic space?

 
We use several sub-contractors, partners or providers to transfer all or part of the data we collect and process. The hosts of some of these participants are located outside of the European Union so your data are thus possibly transferred outside of the European economic space. In this case, the BIEF ensures that these transfers take place towards countries or entities where the personal data protection level has been recognized as acceptable by the European Commission or has established standard contractual clauses of the European Commission with the service providers carrying out these transfers. For all further information on this, please write to bief_donneespersonnelles@bief.org or to the mailing address: BIEF, 115 Boulevard Saint Germain, 75006 Paris.
 
The list of BIEF sub-contractors is available on our website.
 

8. Might the BIEF Confidentiality Policy change? 

 
Aside from objections, BIEF’s Confidentiality Policy can be brought up to date.
 
Any potential updating will be brought to your attention and when necessary your consent will be obtained.
 
9. Who is your counterpart in BIEF for questions concerning your personal data?
 
The BIEF has designated a data protection officer, who can be contacted by email at
bief_donneespersonnelles@bief.org or at the mailing address: BIEF, 115 Boulevard Saint Germain, 75006 Paris.
 

COOKIES CHARTER

 
When you click on our internet site (hereafter “site”), cookies are placed on your browser, tablet, smartphone or any other means.
A “cookie” is a small piece of data sent from a website by your web browser while you are browsing. Your browser will keep it for a certain time and it will be sent back to the server every time you visit the website. 
Cookies are widely used in order to make websites work, or work more efficiently, for example, to memorize your identifier or track usage, remember your choices, for statistics and advertising purposes.
 
Two types of cookies are place on the site:
 

1. Cookies strictly necessary to make the site work

 
The cookies strictly necessary to make the site work are those without which you will not be able to use all the services available. These cookies are placed by the Bureau International de l’Edition Française and concern only the functioning of the site.
 
These cookies are:
  • Session cookie
  • Authentication cookie
  •  Cookie acceptance 
 

2. Third party cookies “audience and analytical measurements”

 
The site uses Google Analytics to analyze the use and performances of the site. These cookies are issued and placed by Google.
Use of cookies can be set in your browser. You can set your internet browser to refuse all cookies or accept selected types of cookies. 
If you decide not to accept cookies, certain of the site’s functionalities will not be provided and your user experience will be degraded.
 
Please follow your browser’s instructions to configure your cookie management.
Internet explorer: https://support.microsoft.com
 
You can change your parameter selection at any time.