By pursuing your navigation on this site, you accept the use of Cookies allowing to realize statistics of visits.Learn more I accept

Personal data protection policy

Version Date Object
V1 25 May 2018 Original version
V2 01 September 2018 Update of the information regarding the data protection officer
V3 1 September 2020 Update following the coming into force of Decree No. 2020-946 of 30 July 2020 designating the National institute of industrial property as the single body referred to in paragraph 9 of Article 1 of Act No. 2019-486 of 22 May 2019 on growth and the transformation of businesses, and entrusting this institute with the management of the computer services referred to in Articles R. 123-21 and R. 123-30-9 of the Commercial Code
V4 3 June 2021 Update concerning the personal data retention period and the processing of applications

The personal data protection policy (hereinafter the "policy") provides you with information on the way your data are collected and processed by the National Institute of Industrial Property (INPI), on the security measures implemented to guarantee their integrity and confidentiality, and on your rights to control their use.

This document complements the terms of use and, where necessary, the legal notice . Consequently, the present document is deemed to be incorporated in the said documents.

As part of the development of our services and the implementation of new regulatory standards, we may modify the present document. We therefore recommend that you read it on a regular basis.

About us

The guichet-qualifications.fr website is operated by the Guichet Entreprises service of the INPI, pursuant to Decree No. 2020-946 of 30 July 2020.

The INPI implements an online service called guichet-qualifications.fr (hereinafter the "online Guichet Qualifications Professionnelles service") for users.

The online Guichet Qualifications Professionnelles service is intended for all the nationals of the European Union and of the European Economic Area. It provides them with information on the possibilities to obtain the recognition of their professional qualifications and to practise a regulated profession in France with a view to working on the long term (freedom of establishment) or temporarily (freedom to provide services) in France.

It also provides French nationals with information on the possibilities to access and practise a regulated profession in another member state.

The online Guichet Qualifications Professionnelles service fits into the legal framework of:

What measures do we implement to protect your data?

The data protection officer of the INPI ensures that the provisions applicable to personal data protection are respected and implemented.

How to contact us

If you have any question about the use of your personal data by the INPI, please read the present document and contact our data protection officer:

  • By mail. The mail should be addressed to:

   Institut national de la propriété industrielle
   À l’attention du délégué à la protection des données personnelles
   15 rue des Minimes - CS50001
   92677 Courbevoie Cedex

  • By email, with the following subject line: "Protection des données" (Data protection). The email should be sent to this address .

What are personal data?

Personal data are pieces of information that can be used to identify you directly or indirectly. These can be your surname, first name, address, telephone number or email address, but also your computer's IP address, for instance, or the information related to the use of the online Guichet Qualifications Professionnelles service.

When do we collect personal data?

The INPI collects personal data when you:

  • create an account,
  • complete a procedure via the online Guichet Qualifications Professionnelles service.

What personal data do we process?

We process personal data that only concern business formalities in accordance with the regulatory provisions of Articles R. 123-30-10 to R. 123-30-14 of the Commercial Code.

The data that are collected are used to compile the application defined in Article R. 123-30-10 of the Commercial Code.

The data that are collected are used in particular to complete the CERFA documents related to the necessary formalities and procedures to have one's professional qualifications recognised or to obtain a European Professional Card.

The following list sums up the personal data that we process.

To manage the access to their account on the service, users share the following information:

  • Their user ID
  • Their password
  • Their email address
  • Their mobile phone number
  • Their IP address.

To use their personal storage account, users share the following information:

  • Family name
  • Name used/married name
  • Professional name
  • First name
  • Birthdate
  • Birthplace
  • Nationality
  • Social security number
  • Home adress (including the country)
  • Phone number
  • Email adress
  • Degrees, diplomas, certificates
  • Professional experience
  • Professional project
  • Current position
  • Job location (town, city)
  • Job title.

What personal supporting documents do we process?

We only process personal supporting documents that concern the formalities necessary for the recognition of professional qualifications or to obtain the European Professional Card, in accordance with the regulatory provisions relating to the relevant regulated activity.

The supporting documents are used to compile the application defined in Article R. 123-30-10 of the Commercial code.

The list of supporting documents is subject to approval by the authority in charge of processing the application.

The documents proving the user's identity and home address are part of the personal supporting documents. These supporting documents are stored according to the same modalities as personal data.

They are stored on storage spaces that cannot be accessed from outside (Internet). Encryption enables a secure downloading and transfer in accordance with the provisions of the section entitled "How are your personal data protected?" below.

How do we manage cookies?

Our management of cookies is described here .

All the cookies we manage are secure cookies.

Secure cookies are exclusively sent via encrypted connections (https).

Technical cookies contain the following information: surname, first name, email, telephone number.

Analytical cookies contain the connection IP address.

What are your rights concerning the protection of your personal data?

You have the right to access and rectify your personal data. However, the person in charge of your application must process it to comply with legal requirements. Therefore, you cannot oppose the processing of your application, pursuant to the provisions of Article 6.1 c) of Regulation (UE) 2016/679 of the European Parliament and of the Council of 27 April 2016, and to Article 56 of the consolidated version of Act No. 78-17 of 6 January 1978 on information technology, data files and civil liberties.

If you think the use of your personal date goes against the regulation on the protection of personal data, you may file a complaint with the Commission nationale de l'informatique et des libertés (CNIL or National commission on information technologies and civil liberties).

You may also provide instructions concerning the processing of your personal data in the event of your death. Specific instructions can be recorded with the person in charge of data processing. General instructions can be recorded with a digital trusted third party certified by the CNIL. You may modify or delete these instructions at any moment.

If need be, you may also ask us to send you the personal data you provided in a readable format.

You may send your requests to the following address:

  • By mail. The mail should be addressed to:

   Institut national de la propriété industrielle
   À l’attention du délégué à la protection des données personnelles
   15 rue des Minimes - CS50001
   92677 Courbevoie Cedex

  • By email, with the following subject line: "Protection des données" (Data protection). The email should be sent to this address .

How are your personal data protected?

The INPI implements all the standard industry practices and security procedures to prevent any personal data breach.

All the information provided by users are stored on secure servers hosted by our web hosting providers.

When the transmission of data is necessary and authorised by users, the INPI ensures that these third parties offer enough guarantees to provide an adequate level of protection. Exchanges are encrypted and servers are authenticated by mutual recognition.

Pursuant to the General Data Protection Regulation, should a data breach occur, the INPI undertakes to inform the relevant supervisory authority of the data breach and, where required, the persons concerned.

User account

All the data transferred to your account are encrypted and accessed securely via the use of a personal password. You must keep this password confidential and you must not disclose it to anyone.

Personal data retention period and processing of applications

Collected personal data are necessary for the processing of applications.

These pieces of information are collected by the INPI in accordance with Decree No. 2020-946 of 30 July 2020 and regulatory provisions of Articles R. 123-1 to R. 123-27 of the Commercial Code. The data that are collected by the service are used to compile the "single application" defined in Article R. 123-7 of the Commercial Code. Personal data collected during the creation of an account and the completion of an application on guichet-entreprises.fr are stored for one year (Articles R. 123-18 to R. 123-27 of the Commercial Code).

In accordance with Article R. 123-18 of the Commercial Code, the Guichet Entreprises is no longer in charge of an application once it has been transferred to relevant authorities. In this context, the applications that have been completed and validated will be deleted from the portal within three months. Once the applications have been processed by relevant authorities, the information concerning non-trading and commercial companies will be published in the National registry of trade and companies. They will be made available to the public as open data and disseminated for further use as part of accredited licences for further use.

As soon as users' applications have been transferred to relevant authorities, users may contact them to access their applications or access them directly on Guichet Entreprises within three months.

Users can modify or delete applications online as long as they have not been validated. However, the deletion of a validated application, prior to its automatic deletion within three months, must be requested to the INPI via the contact form . The modification of a validated application must be done via the completion of a new application.

Any application that has been started but not validated will automatically be deleted from the portal within three months.

If you have any question regarding the protection of personal data, please contact the data protection officer of the INPI . You will need to prove your identity. You may contact the CNIL (Commission Nationale de l'Informatique et des Libertés or National commission on information technologies and civil liberties) as a means of redress.

Credit card data

The INPI does not store or keep the credit card data of users who need to make a payment as part of their online procedure. Our payment service provider manages transaction data on behalf of the INPI, in accordance with the strictest security rules applying to online payment via the use of encrypted processes.

To whom are your personal data transferred?

The data that are collected are used to compile the application defined in Article R. 123-30-10 of the Commercial Code.

Pursuant to Article R. 123-30-12 of the Commercial Code, the data collected by the service are transferred to recipient authorities in order to be processed.

Latest update: September 2020