POLICY ON RESPECT FOR THE PROTECTION OF PERSONAL DATA
For the purposes of this policy, the following definitions apply:
“Personal Data” refers to all information relating to natural persons involved in the execution of the Contract in any capacity, including individuals participating in contract management, such as placing orders, preparing and issuing invoices, or managing payments under the Contract.
“File” refers to any electronic, graphic, or paper medium containing Personal Data.
“Data Controller” refers to the person responsible for supervising the Processing of Personal Data.
“Processing” refers to any operation or set of operations, whether or not carried out using automated or computerized processes, aimed at the collection, recording, organization, structuring, storage, adaptation, modification, extraction, consultation, use, or communication of Personal Data.
OBJECTIVE
This policy aims to define the terms of use or exchange, by the company, of the Personal Data it receives and must process.
PROCESSING
We guarantee to anyone providing us with Personal Data:
(i) That we will process them in accordance with Law No. 78-17 of January 6, 1978, relating to information technology, files, and freedoms; and
(ii) That Personal Data will only be processed for the sole purpose of properly fulfilling the obligations we have undertaken towards the person who has transmitted this data to us; and
(iii) That we will protect the confidentiality of the Personal Data transmitted to us by taking security measures that are reasonably required to prevent unauthorized access to our Files by a third party; and
(iv) That if we need to grant access to Personal Data to affiliated companies or partners, consultants, or employees who require access for the proper performance of their obligations towards the company, such access will be limited to what is strictly necessary for the execution of their tasks, and individuals with access to Personal Data will be required to commit to respecting the obligations of Personal Data protection in accordance with this policy; and
(v) That if Personal Data must be transmitted to a subcontractor, we will ensure that this subcontractor provides sufficient guarantees regarding the implementation of appropriate technical and organizational measures, so that the Processing of Personal Data entrusted to it complies with the provisions of Law No. 78-17 of January 6, 1978, relating to information technology, files, and freedoms, and that a written contract governs the Processing entrusted to it, ensuring that this Processing is carried out in accordance with the law; and
(vi) That we will ensure that any person receiving Personal Data, in either of the aforementioned cases, will proceed to their destruction once the mission that required the transmission of Personal Data to them is completed.
You can contact our Data Controller at any time during normal business hours on working days to inquire about the Personal Data concerning you that is kept in our Files, as well as the Processing carried out on it.
You have the right to obtain a copy of the Personal Data we hold about you. You also have the right to lodge a complaint with the CNIL if you believe that the Processing of Personal Data concerning you is not in compliance with the law.
If we become aware of a breach of the confidentiality of Personal Data concerning you that is in our possession, we will notify you as soon as possible. Our Data Controller will also notify the CNIL promptly. The information transmitted: (i) will describe the nature of the violation, (ii) the Personal Data whose confidentiality has been violated, and (iii) if this Personal Data has been extracted from the File containing it. If it is not possible to provide all this information at the same time, the information may be communicated in stages without undue delay. We will ensure that, in accordance with the law, the register of all categories of Processing activities carried out by us, or on our behalf if a Subcontractor has been involved for this purpose, is kept up to date.