Legal info & Privacy policy

1. Introduction

Testia is fully conscious of its data protection responsibilities and committed to respecting the private life of everyone whose personal data it processes. This privacy policy aims to explain how we process your personal data and inform you about your data protection rights.

2. Data controller

The data controller of personal data processed on this website is Testia, a French-law simplified joint stock company with a single shareholder, with a share capital of 2,396 €, whose registered office is at 1 rue Gaye-Marie, 31300 Toulouse, France, registered at the Toulouse trade and companies register under the number 383 475 605 (referred to in this policy as “Testia”, or “us”). The Testia group has different entities around the world, and the entity you enter into business or communicate with is the data controller for the activities we mention below. The list of the Testia entities can be accessed on our contact page.

If you have any questions about this policy or the way we process your personal data, please contact us by email at dataprivacy@testia.com.

3. Personal data processing activities

Our main data processing activities related to your personal data, as well as the purpose and the legal bases for such processing, are summarized below:

3.1 Website

3.1.1 Cookies

Our website, www.testia.com, uses electronic trackers known as cookies. These trackers are placed on your device (e.g. computer, tablet or smartphone) when you first access the site and enable the identification of your device when you visit the site again.

Cookies, and other similar trackers, have various different purposes. These may include, for example, saving your preferred language settings when you visit the site for the first time or carrying out statistical analysis of our website traffic.

The use of cookies generally implies the processing of some personal data relating to you, in particular the electronic address of your device (IP address) and information about your browser preferences.

The Testia website only uses technical cookies required for the functioning of the site. Because these cookies are strictly necessary to enable you to browse the site, their use does not require your prior consent.

The table below lists the cookies which we consider to be strictly necessary for the provision of a service and the functioning of our website.

Name	Supplier	Objective	Duration	Type
Cookie Consent	testia.com	Stores cookies usage authorisation for the current domain by the user	1 year	HTTP Cookie
elementor	testia.com	Used by WordPress for this site. The cookie allows the website owner to implement or modify the website’s content in real time	Persistent	HTML Local Storage
PHPSESSID	testia.com	Preserves user session state across page requests.	Session	HTTP Cookie
1.gif	Cookiebot	Used to count the number of sessions to the website, necessary for optimizing CMP product delivery.	Session	Pixel

If you wish to, you may be able to block the use of technical cookies of this type by changing your browser settings. Please note that if you deactivate cookies entirely, you may not be able to benefit from all site functions.

Depending on the web browser you use (e.g. Microsoft Internet Explorer or Edge, Mozilla Firefox, Google Chrome, etc.) you may be able to disable the usage of cookies and other web trackers, including those already present on your device, by changing your browser settings.

You may also be able to install additional modules or plug-ins on your browser to receive extra information about the use of cookies and potentially block them.

3.1.2 Contact form

On our website, we make available (via an external link) a contact form to allow you to contact Testia for business-related questions or any information. If you use our contact form, we process personal data to process your request, route your request internally, and respond to your request.

In these forms you may provide us with the following data:

Contact details and identification data, such as: your name, phone number and email address, preferred language; and
Professional data, such as: your company, your location and topic of interest.

If you use the form during a contractual relationship with us or to take steps prior to it, we process your personal data for the purposes of such business relationship and under the legal basis provided for that purpose. In all other cases, we will process your personal data for our legitimate interest to process and respond to your request. We will delete your information when it is no longer required for the purpose for which it was collected and when there is no legal obligation to retain it.

The contact form that we use and link to from our website is provided by and managed by an external service provider. Your data may be transferred to servers based in the USA, those transfers are secured by the EU standard contractual clauses (SCC) and the certification of the provider under the EU-US Data Privacy Framework (DPF).

We use IT systems and support of service providers for the functioning and management of the website, and we may transfer personal data to these service providers in the process, according to applicable laws.

3.2 Business relations

3.2.1 Management of contracts with clients/customers

In the context of our services, in particular the provision of non-destructive testing, training and products, we process the personal data of our clients and clients’ staff members. Processing activities in this context may include, for example: managing our contractual relation, sending communications and invoices, ensuring effective operational and administrative management of our client files and our different services (inspections, training, products etc.)

Personal data collected and processed for this purpose are:

Contact details and identification data, such as: your name, phone number and email address;
Professional data, such as: your company, your business title; and
Financial data such as bank accounts.

We process your personal data for our legitimate interest in the management of our client matters. Or, if you sign a contract with us, for the purposes of managing the contractual relation we have with you.

3.2.2 Participation to training

When we provide our services, we process the personal data of participants in our training programs. Testia has facilities worldwide to provide training courses for all non-destructive testing methods.

Processing of personal data for this activity consists in: collecting training booking forms, management of subscriptions to training sessions, management of training and courses, supervision and reporting in respect of training participants, communications with training participants.

Personal data we collect from the training participants are:

Contact details and identification data, such as: your name, phone number and email address;
Professional data, such as: your company, your business title; invoicing address;
Financial data such as: payment method, VAT number or purchase order number.
(optional) emergency contact details: name, contact information and relationship with the person;
(optional, if applicable) Special categories of personal data: dietary requirements, religious requirements, mobility requirements

We process your personal data for the purposes of managing the contractual relation we have with you, following your registration to the training. If you provide optional data and/or special categories of personal data, you do it based on your consent. You can revoke your consent at any time with effect for the future by sending an email to dataprivacy@testia.com.

3.2.3 Sanctions list check (KYC process) on business partners

As part of the “know your customer” (KYC) process and prior to entering into the business relationship, a customer screening and a corresponding comparison of the sanctions and embargo lists to be observed is carried out.

The KYC process serves to combat money laundering, terrorist financing and other white-collar crime. As part of this process, future business partners must complete corresponding end-user statements and customer information forms.

The forms include the following categories of personal data:

Full Name, Function, Nationality, Birth date

We process data within the KYC program to comply with legal obligations to which we are subject and for our legitimate interest to respect business compliance obligations.

3.2.4 Business communication

We may process your personal data when we initiate and execute a contractual relationship with you, whether you are a (potential) customer, partner or supplier of Testia. In this context, the following data is regularly processed by email and/or in our internal IT systems (for example in our enterprise resource management systems):

Contact details and identification data, such as: your name, phone number and email address;
Professional data, such as: your company, your business title; invoicing address;
Financial data such as: payment method, bank account, VAT number or purchase order number; and
Potentially any information you chose to include in the communication.

We process your data to communicate with you to manage (or take steps prior to) the contract we have in place with you as a customer, partner or supplier. If no contractual relationship has yet been indicated, you have given us your consent to process your personal data for communication with you. You can withdraw this consent at any time by sending an email to dataprivacy@testia.com.

3.2.5 Business sales and acquisitions

In the event of future investment or merger and acquisition activities involving our business, your personal data may be processed in the context of due diligence exercises, under which potential buyers and investors and their professional advisors carry out a preliminary analysis of the business in order to assess its value.

Personal data in your file (such as: contact details and identification data, your name, phone number and email address; professional data, your company, your business title; invoicing address; financial data, payment method, bank account, VAT number or purchase order number, training that you have attended, etc.) could be processed to assess the company’s valuation.

We process your data for the legitimate interests of Testia, its shareholders and third-party investors to carry out due diligence processes.

We use the support of IT, consultants, and other types of service providers for the management of the clients, training participants and business partners data and we may transfer data to these service providers, according to applicable laws. We always have appropriate data protection agreements with third parties processing personal data on our behalf.

3.3 Marketing

We may contact you to inform you about our news, products and services or to send you other communications not strictly related to the contract we have (or we are about to have) in place, such as optional surveys. We send those marketing communications with the purpose to promote commercial relations with existing and potential clients.

For marketing purposes, we may process:

Contact details and identification data, such as: your name, phone number and email address, preferred language; and
Professional data, such as: your company, your title, your location and topic of interest.

We process your data either for our legitimate interest in marketing our products and services; or if you have given us your consent.

You can withdraw your consent at any time or object to this processing by sending an email to dataprivacy@testia.com.

You will be given the possibility to unsubscribe to marketing emails every time you receive a marketing email from us.

3.4 Recruitment

We process the personal data of candidates who would like to apply for a role within Testia. In order to manage your application, review your profile and assess if the profile fits the position we offer, we process personal data you provide to us within the application process. Those data include CV information, cover letter information, job profile, education, experience, qualifications and relevant applicant information.

We process personal data that is required for preliminary steps before entering a contract with you. The full privacy information notice for recruitment is available here: https://www.airbus.com/en/careers/candidate-privacy-statement

4. Defense in legal claims

We may process your personal data to respect our legal obligations or to respond to requests from public authorities or tribunals, or in order to defend Testia in lawsuits or legal claims.

We process personal data either to comply with our legal obligations or for our legitimate interest in responding to legal claims.

5. Sharing of your personal data

5.1 Intra-group recipients

We may in certain circumstances share your personal data, in particular with other members of the Testia group and the wider Airbus group, in order to ensure full and effective service provision to our clients. Testia is part of the Airbus group. Airbus group companies transfer personal data to the entities of the same group by having approved binding corporate rules (BCRs). This transfer mechanism allows sharing of personal data among the group entities within or outside of the European Economic Area.

5.2 External recipients

In specific circumstances and if allowed by law, we might share your personal data with:

Public authorities, if we are under an obligation to disclose or to share your personal data in order to respect a legal obligation;
Our professional legal and financial advisers, such as lawyers, accountants and auditors;
Potential third-party buyers and investors and their professional advisors, in the event that we buy or sell companies or assets;
IT vendors, consultants, and other types of service providers that support us with services, systems and applications in the performance of our business.

Where required, we make sure that we have appropriate data protection agreements with third parties processing personal data on our behalf.

Furthermore, personal data are transferred to third parties based outside of the European Economic Area (EEA) only if the European Commission has decided that the third country recipient territory or the international organisation in question ensures an adequate level of protection (such as data transferred to companies certified under the EU-US Data Privacy Framework (DPF). Alternatively, we transfer personal data outside of the EEA with an appropriate transfer mechanism, that is: if we have concluded EU Commissions Standard Contractual Clauses (SCCs) with the recipient, under the existence of a mutual legal assistance treaty or international agreement between the involved countries or under specific conditions provided by the GDPR. If you wish to obtain a copy of the SCCs, please, send an email to dataprivacy@testia.com.

6. Social media

We operate official social media pages to promote our company on LinkedIn and YouTube under the following URLs:

https://www.linkedin.com/company/testia

https://www.youtube.com/user/testiaworldwide

It is in our legitimate interest to present Testia to partners and customers as a modern market participant with corresponding social media presences and thus to achieve publicity to support our business efforts.

The data you enter on our social media pages, such as comments, videos or images, will not be used or processed by us at any time for any other purpose.

YouTube and LinkedIn use web tracking methods on those sites. Please be aware that they may use your profile data to evaluate your habits, personal relationships, preferences, etc. We have no influence on the processing of your data by the platforms.

7. Data retention

We keep your personal data only for the time required to complete the purposes for which they are collected or respect Testia’s legal and commercial obligations, taking into account in particular the following criteria:

The nature and the purpose of the processing activities in question,
The categories of data processed,
The applicable legal limitation periods,
Applicable contract terms,
Industry standards applicable to Testia,
The recommendations of the French national data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL).

8. Your rights as a data subject

Your rights as regards your personal data include, in particular, those set out below. These rights may apply to your situation depending on the precise circumstances (for example, the right to withdraw your consent only applies where consent is the legal basis for the processing).

These data protection rights are as follows:

The right to ask us:
- For access to the personal we hold about you and information about our processing of that data (“right of access”);
- To correct or complete the personal data we hold about you if it is inaccurate (“right to rectification”);
- To erase your personal data (“right to be forgotten”);
- To restrict or limit our processing of your personal data (“right to restriction of processing”);
The right to object to the processing of your personal data by Testia (“right to object”);
The right to receive your personal data in a structured, commonly-used and machine-readable format and to transmit the data to another data controller (“Right to data portability”);
The right to set out instructions regarding the retention, the deletion and the communication of your personal data after your death;
The right to withdraw your consent to the processing of your personal data, to the extent that the processing is based on your consent. In such a case, the legality of the processing carried out before you withdrew your consent is not affected.

If you wish to exercise your rights, please contact us at dataprivacy@testia.com.

You also have the right to lodge a complaint with a competent supervisory authority, in particular the authority of the member state of your residence, place of work or place where you believe an infringement of data protection law has taken place.

9. Storage of the personal data

All your personal data is held on our internal servers in France and on external cloud servers located in the European Union

From time to time, in connection with a specific professional matter, your personal data may be stored in one or more Testia subsidiaries or establishments located outside the European Union (currently these include Canada, Mexico, Singapore, Malaysia and the United Arab Emirates). If a transfer of this nature is required to deal with a particular request or situation, we will inform the individuals involved and provide information about the legal framework for the transfer (for example, an adequacy decision by the European Commission or the provision of appropriate safeguards).

Testia works hard to protect the security of your personal data, by adopting the appropriate technical, legal and organisational measures.