Information Notice on the Protection of Personal Data

Last update: 27 January 2026

1 - Introduction

Regulation (EU) 2016/679 (known as the “General Data Protection Regulation” or “GDPR”) establishes a regime of protection of personal data. European Union member states have also adopted laws in this area. The GDPR, supplemented by applicable national laws, provides a frame of reference for the processing of personal data by ASN. Various other countries have also adopted laws in this area (for example, in the UK, the Data Protection Act 2018).

The purpose of this note is to provide with information about how ASN processes personal data of persons outside ASN, with the exception of candidates for a position at ASN, for whom a dedicated information note is available on the ASN recruitment site. It specifies what kind of personal data ASN is likely to process, why these data are processed and what your rights are. This note applies to personal data processing, whether by automated or non-automated means (for example to paper file systems). This note also applies to the personal data of third parties for whom you have provided information to ASN.

2 - General notions about personal data

A number of key terms are used in this note:

  • Personal data” means any information relating to an identified or identifiable natural person.
  • Processing” means any operation performed on personal data, such as collection, consultation, alteration or storage.
  • Controller” means the person that determines the purposes and means of the processing.
  • Processor” means the person that processes personal data on behalf of a controller.
  • Purpose of processing” means the reason for which personal data are processed.
  • Means of processing” means the methods and tools used to perform the processing.
  • Data subject” means the person to whom the personal data relate.
  • Sensitive data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership and genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

3 - Why does ASN process your personal data?

Here is a list of the main purposes for which ASN processes your personal data:

  • Contract management, including activities such as:
      • Training;
      • Organising meetings; and
      • Professional correspondence.

  • Professional monitoring, including activities such as:
      • Technological monitoring;
      • Strategic monitoring;
      • Searching for business partners;
      • Searching for customers; and
      • Searching for suppliers.

  • IS/IT management, including activities related to the provision of IS/IT services, such as:
      • Administration and maintenance; and
      • Verification of the legality of the use of the services.

  • Security management, including activities to ensure the safety and security of ASN’s premises and personnel present on ASN’s premises as well as during business trips and the security of ASN’s property and information (for example, industrial and commercial secrets, intellectual property and other confidential information), such as:
      • Identification and authentication of persons;
      • Management of access to ASN’s buildings;
      • Locating visitors in case of emergency;
      • Monitoring the network or computers against misuse and preventing and analysing security events;
      • Video surveillance of ASN buildings;
      • Implementing measures to ensure the security of personal data; and
      • Prevention and investigation of fraud, industrial espionage and other offences or violations of ASN policies and procedures.

  • Compliance, including obtaining and disclosing personal data to comply with laws, regulations and ASN Group policies and procedures, such as:
      • Anti-corruption measures, including control of hospitality;
      • Reporting systems; and
      • Compliance with tax, accounting, securities, labour, health and safety regulations.

When ASN decides to process personal data for a purpose other than that for which it was initially collected, it will inform you of this new purpose.

4 - What categories of personal data does ASN collect?

The categories of personal data that ASN may collect include:

  • Vital records and personal information, such as your name, home address, phone numbers, email address, date and place of birth, nationality, copies of your IDs as well as information about other people you have shared with us (for example, whom to contact in case of emergency and other similar information).

  • Information about your professional life, such as your CV, career path, information about your education (which may include evaluations at training sessions proposed by ASN) and qualifications, third party references and background checks.

  • Your image, such as images captured by CCTV on ASN sites.

  • Financial information, such as information regarding hospitality and gifts that you may have exchanged with ASN employees.

  • Information of a technical nature, such as identifiers used for security purposes, your user IDs and passwords, access control data and network traffic records, including connection data, the use of corporate and mobile telephony. These data may for instance be collected when you use IT resources provided to you in the course of your interaction with ASN.

  • User-generated content, such as photos, videos, comments, news, newspaper articles and information about you or others published by you on the intranet or internet.

5 - Is all processing allowed?

The GDPR does not allow all processing. In general, only processing that meets at least one of the conditions in the following list is allowed. We refer to this as the legal basis.

  • The data subject has given consent to the processing.
  • Processing is necessary for the performance of a contract to which the data subject is a party.
  • Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Processing is necessary to protect the vital interests of the data subject.
  • Processing is necessary for the performance of a task carried out in the public interest.
  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

When ASN bases the processing on its legitimate interests, it will point them out to you when your personal data are collected.

The GDPR prohibits the processing of sensitive data except in special cases that are specifically regulated. Indeed, these data are, by nature, particularly sensitive from the point of view of fundamental rights and freedoms and require specific protection since the context in which they are processed could create significant risks for these freedoms and rights.

Other laws or regulations may also impose limits on the processing of certain types of personal data. For example, it may be necessary to ask for the data subject’s consent for the use of his image.

6 - Who are the recipients of your personal data?

ASN ensures that your personal data are only accessible to people with an identified need to know them, by implementing access control measures.

The number of ASN people who can access your personal data depends on the nature of the data. Some personal data may be viewed by anyone working at ASN (for example, publicly available data about you). Access to most of your personal data is limited to certain employees (for example, in the purchasing or project departments), to the extent that this access is necessary for the performance of their work (for example to write invitation letters or organise meetings).

In addition, ASN may send your personal data to the following recipients:

  • ASN Group companies and authorized third-party companies: ASN may share your personal data with other companies in the ASN group and with non-group entities that process personal data on behalf of ASN, provide services to ASN personnel or process personal data for their own use. In all cases, ASN ensures that there is an identified need to transfer your personal data.

Outside entities include, for example:

      • Insurers;
      • Lawyers and other professional advisors;
      • Telecommunications service providers;
      • Catering service provider;
      • Provider of medical services;
      • Security provider in charge of access to the ASN site, including CCTV and badges;
      • Training bodies; and
      • Public, private, associative, non-governmental or other types of organisations, in the context of professional meetings such as conferences or exhibitions.

When ASN uses a processor, it enters into a contract with it to protect your personal data and in particular to prohibit any processing that has not been decided by ASN.

  • Public authorities and bodies exercising a public-interest mission: ASN may be required by law to disclose your personal data to certain authorities or other third parties, for example, labour or tax authorities, the police or other entity law-enforcement authorities acting within the scope of their duties.

  • Stakeholders in mergers and acquisitions: When ASN is involved in merger, acquisition or reorganisation projects, it may need to disclose personal data to other stakeholders and their advisers. In such circumstances, ASN ensures that appropriate measures are implemented to protect the personal data disclosed.

7 - International transfers of personal data

ASN may sometimes transfer your personal data to countries outside the European Union. Some of these countries are recognized by the Commission of the European Union as ensuring an adequate level of protection of personal data, through an adequacy decision. When ASN transfers your personal data to a country that has not been the subject of an adequacy decision, it implements appropriate safeguards to provide adequate protection to your personal data. These safeguards may take the form of standard contractual clauses for the protection of personal data approved by the European Commission.

8 - How long are your personal data stored?

ASN only keeps your personal data for the time necessary for the purposes for which they are processed. In most cases, the personal data will be kept eventually during the period of your commercial relationship with ASN, then archived for the legally required period. They may also be kept if necessary for periods in accordance with industry standards or the recommendations of the competent data-protection supervisory authorities.

9 - What are your rights?

Regarding the processing of your personal data, you have the following rights:

  • Right of access: you have the right to request access to your personal data processed by ASN.
  • Right to rectification and erasure: You have the right to request the rectification and deletion of your personal data processed by ASN. You can help keep your personal data up-to-date by informing ASN if they change.
  • Right to restriction: you have the right to ask ASN to restrict the processing of your personal data, meaning that your personal data held by ASN are marked to limit their future processing.
  • Right to object: you have the right to object to ASN’s processing your personal data on grounds relating to your particular situation.
  • Data portability: when ASN processes your data on the basis of your consent or a contract with you and by automated means, you have the right to receive the personal data you have provided to ASN in a structured, commonly used and machine-readable format and forward them to another controller and the right to have them forwarded directly by ASN when technically possible.
  • Right to withdrawal of consent: when processing is based on your consent, you have the right at any time to withdraw that consent, without the withdrawal’s having retroactive effect.
  • Right to lodge a complaint with a supervisory authority: if you consider that the processing constitutes a violation of the GDPR, you have the right to lodge a complaint with a supervisory authority. In the UK, the competent supervisory authority is the Information Commissioner’s Office (ICO).

If you intend to lodge a complaint with a supervisory authority, ASN would appreciate your first informing the ASN Privacy Team of your comments, questions or complaints (see section 11 below).

10 - Mandatory nature

ASN will inform you whether the provision of your personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the data and of the possible consequences of your failure to provide them.

11 - Contact details of the ASN Privacy Team

You can access your data, ask questions about the management of personal data within ASN, obtain a copy of the safeguards mentioned in section 7 above and exercise most of your rights described above by contacting the ASN Privacy Team at privacy@asn.com.

Before processing your request, ASN may need to identify you, for example by asking you for proof of identity. ASN will respond to your request as soon as possible and in any case within one month, but this period can be extended by two months, in view of the complexity and the number of requests.

13 - Your responsibilities

Where applicable, during your interactions with ASN, you may have access to personal data, such as the identity and contact details of your ASN contacts. You should treat such personal data in a confidential manner, for example by only providing it to persons who need to have access to it.

If you provide personal data about your family members or other third parties (for example, for emergency contacts), ASN will ask you to give them information about the processing of their personal data.

Scroll to Top

Contact us

*Required field

Alain Biston

Alain Biston

President & CEO

Alain has been working for more than 25 years in telecoms, with Nortel, then Alcatel-Lucent / Nokia, holding management and leadership positions in R&D, Product Line, Industrial Operations, Sales & Marketing, Business Unit P&L accountability.

He brings to ASN his thorough knowledge of the telecoms industry, his extensive international management background with several postings overseas, and his field-proven customer-facing acumen.

Since 2016, as a Nokia executive, Alain has been Senior VP Customer Operations End2End and until now Senior Vice President in charge of Mobile Network business management.

Alain holds a degree in Information Technology from INSA, Rennes, France. He was also honored with the National Order of Merit in 2006 from the French Minister of Industry.

Linkedin