top of page

DATA PROTECTION



PREAMBLE
This charter - "The Charter" was drawn up with a view to defining the commitments for data protection and specifying the implementation of the General Data Protection Regulation - "RGPD" within the company - the "Company".
The Company attaches particular importance to the protection of the personal data of its employees - “Employees” -, its customers, its partners, as well as the users of its websites and mobile applications.
The Company informs about the procedures for collecting personal data, its use as well as the options available to the persons concerned. This Charter may be modified by the Company in the event of regulatory, jurisprudential or technical changes.
The Company complies with the “Informatique & Libertés” law n ° 78-17 of January 6, 1978 as amended, as well as the law “for confidence in the digital economy” n ° 2004-575 of June 21, 2004, as well as the General Regulations on Data Protection, n ° 2016/679 of April 27, 2016.
This General Data Protection Regulation, n ° 2016/679 of April 27, 2016 has become applicable in the European Union since May 25, 2018.


ARTICLE 1 - DEFINITION
The General Data Protection Regulations concern the processing and circulation of personal data, this information on which companies rely to offer services and products.
It establishes rules relating to the protection of individuals with regard to the processing of personal data and rules relating to the free movement of such data.
It protects the fundamental rights and freedoms of individuals and in particular their right to the protection of personal data.
The main objectives of the GDPR are to increase both the protection of the persons concerned by the processing of their personal data and the accountability of those involved in this processing.
The aim is also to harmonize the European legal standard for the protection of personal data, so that there is a single framework that applies to all Member States.


ARTICLE 2 - CONCEPT OF PERSONAL DATA
Personal data is information that identifies a natural person, directly or indirectly. It can be a name, a photograph, an IP address, a telephone number, a computer connection identifier, a postal address, a fingerprint, a voice recording, social security number, email address, etc.
Some data is sensitive because it relates to information that may give rise to discrimination or prejudice: political opinion, religious sensitivity, trade union involvement, ethnicity, sexual orientation, a medical situation or philosophical ideas. are sensitive data.
They have a specific framework, which prohibits any prior collection without written, clear and explicit consent, and for specific cases, validated by the National Commission for Computing and Liberties - “CNIL” and of which the public interest is proven.


ARTICLE 3 - DATA COLLECTED WITHIN THE COMPANY

The collection of personal data is the subject of a declaration to the French authority for the protection of personal data, the CNIL.
Information can be collected in different ways
The consent
The Company does not collect any personal data without obtaining the express consent and giving prior information concerning in particular the type of data collected, their purposes, the person responsible for their processing, and the various rights that the persons at the origin of the data are to. even to exercise on the latter.
Website visits
The Company may also be required to collect information during various exchanges, or from external companies via a dynamic and / or interactive internet or mobile application with Internet users, whether or not they are employees of the Company.
Cookies
The Company's sites and services may issue cookies. They make it possible to recognize the terminal concerned each time this terminal accesses digital content comprising cookies from the same issuer.
They allow services to run efficiently, and to remember preferences.
There is still a possibility of erasing the cookies stored on the connection terminal in order to permanently delete the information they contain.


ARTICLE 4 - THE OBLIGATION TO INFORM AND RESPECT FOR CONSENT

The Company guarantees the rights of access, rectification and opposition of their data which already existed before the application of the GDPR.
It also guarantees the right to limit processing, the right to be forgotten, the right to data portability or the right to erasure of data.
The protection of minors under 16 is also reinforced. The consent of the holder of parental authority must be given.
Each time data is collected, the data subject must be informed of the legal basis on which the processing is carried out, of their rights over the processing (limitation, portability and remedies) and of the exact modalities of the processing of their data.
This information must be visible and accessible on the website where the data is collected, or, where applicable, on the media which allow the collection of data on signed contracts, etc.


ARTICLE 5 - PURPOSES OF THE DATA COLLECTED

Only the necessary and relevant data with regard to the purposes pursued are collected, in compliance with the principle of proportionality and this in order to improve the quality of the products or services that the Company offers.
The Company will only collect adequate, relevant and strictly necessary data for the purpose of the processing.
The data identified as being mandatory are necessary in order to be able to benefit from the corresponding functionalities and more specifically from operations on the content offered within the company.
This policy concerns the Company and its sites, applications, software and services published by the Company and / or using its interface or its functionalities.

In addition to this, you need to know more about it.

In addition to this, you need to know more about it.

ARTICLE 6 - USE OF COLLECTED DATA

The Data collected by the company are processed for the purposes of performing operations on the content of the service.
This use is based on one of the legal foundations provided for by law, namely:

  • the protection of the legitimate interests of the company,

  • the execution of a concluded contract or a commitment,

  • compliance with a legal or regulatory obligation,

  • preservation of the public interest, such as the prevention or detection of fraud or financial crime.

Under no circumstances will the data be processed in a manner incompatible with these purposes, except for obtaining a prior agreement.


ARTICLE 7 - DATA SECURITY

The personal data collected by the Company are under no circumstances transferred, rented or exchanged to third parties, with the exception of the Company's partners and subsidiaries, unless this has been clearly specified when collecting the data concerned. .
However, the data may be disclosed in application of a law, regulation or by virtue of a decision of a competent regulatory or judicial authority or, if this proves necessary, for the purposes of preserving its rights and interests. .
In addition, the Company may, where applicable, transmit information if it acquires another company or is the subject of a buyout, merger, absorption, merger or reorganization of some nature whatsoever.
Any user opening an account is invited to create a username or nickname and a password. This password must be kept secret and he must limit access to his computer or mobile devices and disconnect at the end of using the services.
As personal data is confidential, the company limits their access to only company employees or service providers who need it in the context of processing.
All persons with access to personal data are bound by a duty of confidentiality and are liable to disciplinary measures and / or other sanctions if they do not comply with these obligations.


ARTICLE 8 - PERIOD OF DATA RETENTION

The data is stored and kept for the time necessary to achieve the intended purposes.
Personal data will thus be kept for the period during which the Company's employees use the support services for said data.
The aforementioned data is deleted at the latest 5 years from the last contact with the person or Employees who originate the said data.

ARTICLE 9 - THE RIGHTS CONCERNED

The Company intends to respect all rights with regard to the processing of Personal data vis-à-vis Employees:

  • the right to be informed about the use of Personal Data;

  • the right to access personal information collected from Company Employees;

  • the right to request the correction of inaccurate, incomplete or equivocal Personal Data; expired for the Employees of the Company;

  • the possibility of requiring the portability (right to portability) of the data to another service provider / user;

  • the right to define guidelines relating to the fate of Personal Data after death;

  • the right to lodge justified and duly motivated complaints, if necessary, with the national authority in charge of the protection of personal data.


ARTICLE 10 - SANCTION FOR NON-COMPLIANCE

In the event of a breach of the obligations imposed by the GDPR, the companies concerned can be fined up to 20 million euros or 4% of worldwide turnover for the most important entities.
The CNIL may issue responses in the event of a violation of the regulations such as formal notices or warnings.

ARTICLE 11 - EMPLOYEE INFORMATION AND PUBLICITY

This Charter will be publicly displayed as an appendix to the internal regulations and will be communicated individually to each Employee of the Company.
It will also be available on the Company's website.


ARTICLE 12 - ENTRY INTO FORCE OF THE CHARTER

This Charter is applicable from the date of its publication.

In addition to this, you need to know more about it.

In addition to this, you need to know more about it.

bottom of page