Personal Data


Aware of the importance of ensuring the confidentiality of personal data, this document describes how Business France, as the data controller, is fully committed to comply with the General Data Protection Regulation (GDPR) (EU Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016). Business France has designated a Data Protection Officer whose contact details are as follows:


A- Framework for the use of data

Below, Business France presents its collective data, its purposes and its basis.

What categories of data do we collect? For what purpose do we collect these data? On what basis do we treat your data?
Name, first name, e-mail, phone number (optional) function, company / organization, country

Seller interface: account creation, administration of the products catalogue and datasheets and processing of contact.

Buyer interface: Access to sellers' catalogue, direct connection with Sellers (sending messages). 

Partnership area: profile creation

Seller interface: contractual basis

Buyer interface: consent

Partnership area: consent

Name, first name, e-mail, phone number (optional) function, company / organization, country Support services to sellers for connection with buyers.  Legitimate interest of Business France 
Civil status, contact details, and professional function Measurement of satisfaction and impact Legitimate interest of Business France in obtaining feedback for product and service improvement


B- Storage time for data

We keep your personal data for the necessary period with respect to applicable legislation and regulations, or for a period defined with regard to our operational constraints, such as our accounting, an efficient management of the client relationship, as well as to enforce any legal rights or to respond to requests by our line ministries.

The data of selling user companies are kept for five years in the active database and five years in the intermediate database from the end of the contractual phase.

The data of buying user companies are kept for three years from when they are collected or from our last contact with you.


C- Access and transfer of data

C-1 Access to data

The personal data that Business France collects, and those that Business France obtains subsequently, are intended for Business France in its capacity as data controller, including its offices and representations abroad, some of which are located outside the European Union.

Business France ensures that only authorized persons have access to this data. Business France service providers and French public program members supporting the international development of the French economy may be recipients of this data to perform the services for which they are entrusted. Some personal data may be sent to third parties or to legally authorized authorities in order to meet Business France’s legal, regulatory or contractual obligations.

Personal data may be subject to a convergence, a mutualization or a sharing between all Business France entities. Personal data may be communicated to these entities for the purposes referred to in A- Framework for the use of data. These operations are carried out on the basis of instruments that comply with applicable regulations and are capable of ensuring that sellers, buyers or partners’ rights are protected and respected.


C-2 Transfer of data

Due to the status of Business France, the sharing of data between the headquarters and its offices abroad is not considered a transfer of data outside the European Union.

D- User rights

A company, whether selling or buying, or a partner can exercise its rights electronically by clicking here or by post to the following address:

Data Protection Officer, 

Business France,

77 boulevard Saint-Jacques

75014 Paris  FRANCE


To do so, it must clearly indicate its name(s) and first name(s), and the address to which he wants the reply to be sent.

As a principle, the claimant can exercise freely all their rights. However, concerning the right of information, Business France will not have to answer it if the seller, buyer or partner already has the information requested.

Business France will inform them if it cannot answer the requests.

The failure to provide information or modification of data can have consequences in the process of certain demands for the execution of contractual relations.

The request concerning the exercise of the rights of the seller, buyer or partner will be store for monitoring purposes.


Right to information:

The selling or buying company and the partner acknowledges that this Charter informs them of the purposes, legal framework, interests, recipients or categories of recipients with whom their personal data is shared, and the possibility of transferring data to a third country. In addition to this information and to ensure fair and transparent processing of their data, they declare that they have received additional information concerning:

  • The period for which their personal data will be kept.
  • The existence of the rights which are granted to them and the terms and conditions to exercise them.

If Business France decides to process data for purposes other than those indicated, all information relating to those new purposes will be communicated to them.


Right to access to and rectification of data:

The seller, buyer or partner has the right to access and rectify their personal data here – or by writing to the Data Protection Officer at Business France   77 Boulevard Saint-Jacques, 75014 Paris, France.

In this respect, the seller, buyer or partner has the confirmation as to whether or not their personal data are being processed and where this is the case, access to their data and the following information:

  • The purposes of the processing.
  • The categories of personal data concerned.
  • The recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries.
  • Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.
  • The existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data, or to object to such processing.
  • The right to lodge a complaint with a supervisory authority.
  • Where the personal data are not collected from the data subjects, any available information relative to their source.
  • The existence of automated decision-making, including profiling, and in this case meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

The seller, buyer or partner can ask Business France to, as the case may be, rectify or complete their personal data that are inaccurate, incomplete, equivocal or expired.


Right to erasure and to data restriction – right to object to data processing:

The seller, buyer or partner can ask Business France to erase their personal data where one of the following grounds applies:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • The seller, buyer or partner withdraws the consent they have previously provided.
  • The seller, buyer or partner object to the processing of their personal data and there is no legal reason for such processing
  • The processing of personal data does not comply with the provisions of the applicable legislation and regulations.

Nevertheless, the exercise of this right will not be possible when the retention of the personal data is necessary for compliance with statutory or regulatory provisions and in particular for example for the establishment, exercise or defense of legal claims.

The seller, buyer or partner may request restriction of processing of their personal data in the cases provided for by law and regulation.

The seller, buyer or partner has the right to object to the processing of their personal data when the processing is based on the legitimate interest of the controller, or on a necessary mission of public interest, or on the exercise of official authority.

Other rights:

The seller, buyer or partner has the right to portability of their personal data. The data on which this right can be exercised are:

  • Only their personal data, which excludes anonymized personal data or data that does not concern them.
  • Declarative personal data and personal operational data.
  • Personal data which do not adversely affect the rights and freedoms of others, such as those protected by trade secrets.

This right is limited to processing based on consent or contract, as well as to personal data that the seller, buyer or partner has personally generated. This right does not include derived or inferred data, which are personal data created by Business France.

When the data processing carried out is based on the seller, buyer or partner's consent, they may withdraw it at any time. Business France will then stop processing the personal data, but this will have no impact on the previous transactions.

The seller, buyer or partner has the right to lodge a complaint with the French Data Protection Authority (CNIL) on French territory without prejudice to any administrative or judicial remedy.

The seller, buyer or partner can give instructions in relation to the retention, erasure and communication of their personal data after their death to a certified trusted third party in charge of enforcing the wishes of the deceased in compliance with the applicable legal framework.

The seller, buyer or partner’s personal data are communicated to Business France as part of the services performed and purchasing procedures set out in the framework of Business France’s public service mission, defined by Decree no. 2014-1571 of December 22, 2014 related to the agency Business France.

In this context, if seller, buyer or partner refuses to provide Business France with their personal data, which would be essential for the performance of the services, partnership, this refusal will result in an impossibility to perform the service or the partnership.


E- Data hosting

Business France has taken the physical, technical and organizational measures necessary to ensure the security, integrity, availability and confidentiality of your personal data, in particular to protect them against destruction, loss, theft, accidental destruction, alteration or non-authorized access.

The data collected and used by Business France for a third party are hosted in France (NB: due to data replication or load balancing reasons, personal encrypted data may be temporarily replicated in another country within the European Union). 


F- Cookies

When you navigate on our website, cookies may be recorded or read on your computer, mobile phone or tablet, subject to your choices.

F-1 – Definition of a cookie

A cookie is a small text file left on your computer, mobile phone or tablet, during a site visit. In your computer, cookies are managed by your internet navigator.

F-2 –The obligation to provide information when depositing cookies

Article 82 of the Data Protection Act modified by Order no. 2018-1125 of December 1, 2018, henceforth requires site administrators and providers of solutions to inform internet users and to collect their consent before the insertion of certain types of cookies or other tracers, whatever terminal is used (computers, smartphones, digital tablets and video games consoles, etc.). Some cookies, judged to be necessary to provide a service expressly requested by the user, do not require prior consent, whereas others are bound by this obligation.

List of different cookies left by our websites are available in the preference management center of our consent management tool: to access it, simply click on the icon at the bottom left of your screen:

F-3 – Accepting or refusing cookies

The list of various cookies deposited on our site is available in the Preference Management Center of our consent management tool: to access it, simply click on the icon at the bottom left of your screen:

Your browser can also be configured to notify you of cookies deposited on your computer and ask you to accept or refuse them. You can accept or reject cookies on a case-by-case basis or refuse them systematically once and for all. The configuration of each browser for managing cookies and your choices is different and is described in the help menu of your browser, which will guide you on how to modify your cookie preferences. 

For : 

If you do not want our site to record cookies coming from social networks in your navigator, you can de-activate these cookies by clicking “Edit cookies” above and/or on the following de-activation links, which will record a cookie in your navigator with the sole objective of neutralizing the use of other cookies from the same issuer. De-activating these cookies will therefore prevent all interaction with the social network(s) concerned:

NB:     The inclusion of your different wishes is based on a cookie or several set cookies. If you delete all the cookies concerning our site recorded on your terminal, we will no longer know what consent or refusal you have provided. It will therefore come down to you re-initializing your consent and you will have to refuse the cookie(s) that you do not want to keep. Similarly, if you use another internet navigator, you will have to refuse these cookies, as your choices, just like the cookies to which they are related, depend on your navigator and your terminal (computer, tablet, smartphone, etc.) that you use to consult our site.


F-4 – Our AT Internet audience measurement cookies

They allow us to measure the audience of our sites (the number of visits, the number of pages viewed, visitor activity on the site, and their frequency of return). Our cookies are exempt from the requirement for consent as allowed by CNIL deliberation No. 2020-091, to the extent that they are strictly necessary for the operation of the site. You can object to the processing of your personal browsing data below:

To disable AT Internet tracking completely, by clicking here.


Please note that if you opt-out, we will no longer be able to measure and improve our sites in an optimal way.

In addition, we carry out more extensive audience measurement once the Internet user has consented to this additional purpose

For more information, please see the section “Data collected automatically via our audience measurement solution”. 


Data collected automatically via our audience measurement solution

To measure audience on digital properties, we collect different types of information.

  • ID-type information: cookie ID, mobile ID, IP address. After being collected, this data is used for real-time processing in order to generate a visitor ID (hashing is applied on source data) and to calculate geolocation information (which is never more granular than the city- or region-level, depending on the country). The raw data collected is never shown in our interfaces.
  • Digital analytics information: data related to Internet users’ navigation:
    • the type of browser used
    • the number of page views
    • the exact navigational path a visitor takes on the site
    • the amount of time spent on a page, or the entire site
    • shopping cart activity (items placed in cart, abandons, etc.)
    • other types of navigational data

Within the framework of the definitions given by Article 4 of the GDPR, we consider that all the data we collect is considered as “personal data” and as such we apply the same attention and the same level of protection to it.