Dassault Systèmes has always considered the protection of personal data as a major concern for its customers and partners and is aware of the responsibility in the processing of such data. Since the introduction of the European Union’s General Data Protection Regulation (GDPR) as well as other data protection laws, Dassault Systèmes has continuously reasserted its data privacy commitment by improving its solutions through new capabilities that enable relevant stakeholders to manage their data privacy compliance programs.
Dassault Systèmes values the confidence of its customers, users, staff, and global ecosystem. Therefore, any personal data collected, used, disclosed, and transferred is managed in a manner consistent with the laws, regulations, and practices of the countries in which Dassault Systèmes does business.
To support this compliance, Dassault Systèmes has implemented a Data Privacy Compliance Program within the Dassault Systèmes Group. The Program is based on the following main principles:
In the course of its business activities, Dassault Systèmes is acting as data controller or data processor under certain applicable data privacy legislations. Designation of an entity as controller or processor entails different obligations.
Dassault Systèmes is acting as data controller when processing personal data in its internal tools (e.g. financial systems) for its own needs.
On the contrary, Dassault Systèmes is acting as data processor when it provides certain Dassault Systèmes’ solutions such as the 3DEXPERIENCE Platform on the Cloud and services to an enterprise for the personal data it has been asked to process and store. Dassault Systèmes’ Customers are considered as acting as data controller and, in that respect are ultimately responsible for determining how they will comply with the applicable data protection laws based on their specific business requirements when using Dassault Systèmes’ solutions. Consequently, customers need to determine when personal data should be manipulated (deleted or modified per the applicable data protection laws) or when it should be retained for record keeping or regulatory, industry or statutory purposes. It is the responsibility of Dassault Systèmes to release its solutions with functionalities that enable customers to be compliant with applicable data protection legislation. That is why, Dassault Systèmes’ solutions are designed according to the concepts of “Privacy by Design” and “Privacy by Default” that aim to ensure that privacy is integrated into applications from the design stage.