Policy on the respect of personal data protection
For the purposes of this policy, the following definitions apply:
“Personal Data” means all information relating to natural persons involved in the performance of the Contract in any capacity, including persons involved in the management of the Contract, including the placing of orders, the preparation and issuance of invoices or the management of payments under the Contract.
“File” means any electronic, graphic or paper medium that contains Personal Data.
“Processor” means the person responsible for overseeing the Processing of Personal Data.
“Processing” means any operation or set of operations, whether or not carried out by means of automated or computerized processes, the purpose of which is to collect, record, organize, structure, store, adapt, modify, extract, consult, use or communicate Personal Data.
PURPOSE
The purpose of this policy is to define the terms of use or exchange, by the company, of the Personal Data it receives and must process.
PROCESSING
We assure any person who provides us with Personal Data:
(i) That we will process it in accordance with the French Data Protection Act (Loi n° 78-17 du 6 janvier 1978 relative à l’informatique, aux fichiers et aux libertés); and
(ii) that the Personal Data will only be processed for the sole purpose of properly fulfilling our obligations to the person who provided the data to us; and
(iii) that we will protect the confidentiality of the Personal Data transmitted to us by taking such security measures as are reasonably required to prevent unauthorized access to our Files by third parties; and
(iv) that if we need to provide access to Personal Data to our affiliates or to partners, consultants or employees who require access in order to perform their obligations to the company, such access will be limited to that which is strictly necessary for the performance of their duties, and that persons having access to Personal Data will be required to agree in advance to comply with the obligations to protect Personal Data in accordance with this policy; and
(v) that if Personal Data is to be transferred to a subcontractor, we will ensure that the subcontractor presents sufficient guarantees as to the implementation of appropriate technical and organizational measures, so that the Processing of Personal Data entrusted to it complies with the provisions of Law No. 78-17 of January 6, 1978 relating to data processing, files and freedoms, and that a written contract governs the Processing entrusted to it, so that such Processing is carried out in accordance with the law; and
(vi) That we will ensure that any person who has received Personal Data in any of the above cases will destroy it once the task that required the Personal Data to be sent to him or her has been completed.
You may contact our Data Controller at any time, during normal business hours on working days, to find out what Personal Data concerning you is kept in our Files, as well as how it is processed.
You have the right to obtain a copy of the Personal Data that we hold about you. You also have the right to make a complaint to the CNIL, if you believe that the Processing of Personal Data concerning you is not in compliance with the law.
If we become aware of a breach of confidentiality of your Personal Data in our possession, we will notify you as soon as possible. Our Data Controller will also notify the CNIL as soon as possible. The information provided will: (i) describe the nature of the breach, and (ii) the Personal Data whose confidentiality has been breached, and (iii) whether such Personal Data has been extracted from the File containing it. If it is not possible to provide all of this information at once, the information may be provided in a staggered manner without undue delay. We will maintain, in accordance with the law, a record of all categories of Processing activities carried out by us, or on our behalf if a Sub-Contractor has been involved for this purpose.