Privacy – GDPR
GDPR Compliance – Anderlaine
The General Data Protection Regulation (GDPR) came into force on May 25, 2018. It aims to strengthen individuals’ rights over their personal data and better protect it.
Anderlaine has always attached particular importance to protecting the data of its customers and employees. Our GDPR compliance is continuously maintained with the support of DPO CONSULTING.
Privacy Policy – GDPR
In the course of its business, the simplified joint stock company, Anderlaine, whose registered office is located at 82 rue de la petite eau 73290 la Motte-Servolex and registered with the Chambéry Trade and Companies Register under number 325 568 558, is required to process personal data.
The purpose of this privacy policy is to provide you with simple, clear and complete information on how Anderlaine processes and uses your personal data.
Cette politique de confidentialité a pour objectif de vous fournir une information simple, claire et complète sur la façon dont Anderlaine traite et utilise vos données personnelles.
Reference texts
- French Data Protection Act of January 6, 1978, amended in 2004
- General Data Protection Regulation (EU 2016/679 of the European Parliament and of the Council of April 27, 2016) (GDPR)
Definitions
Personal Data : Any information relating to a data subject, in particular by reference to an identifier such as a name, identification number, identity card number, salary, health records, bank account information, driving or consumption habits, location data, online identifier, etc. The term “personal data” includes sensitive personal data.
Data processing: Any operation or set of operations performed on personal data, whether or not by automated means, such as collecting, accessing, recording, copying, transferring, keeping, storing, cross-referencing, modifying, structuring, making available, communicating, recording or destroying, whether automatically, semi-automatically or otherwise. This list is not exhaustive.
Data controller : Natural or legal person who, individually or jointly, decides what personal data is collected, why and how it is collected and processed.
Processor: Any natural or legal person, public authority, department or other body that processes Personal Data on behalf of the Data Controller and in accordance with its instructions (e.g. service providers or suppliers).
Consent: Any free, specific, informed and unambiguous expression of will by which the Data Subject accepts, by a declaration or by a clear positive act, that personal data concerning him or her may be processed.
Data Transfer: Any communication, copying or moving of data via a network, or any communication, copying or moving of such data from one medium to another, irrespective of the medium, of personal data to a country outside the European Union or to an international organization, which is or is intended to be processed after such transfer.
Data Protection Officer (or “DPO”): This is the person in charge of personal data protection at Anderlaine. If you have any questions about the protection of your personal data, you can contact Anderlaine’s DPO at the following address: rgpd@anderlaine.com.
Cookies: A cookie is a small file stored on your computer that allows you to move from one web page to another while retaining your browsing settings.
Processing purposes and legal basis
Your personal data is processed for specific purposes which correspond to different legal bases. Your personal data may be processed :
Either as part of a contractual relationship between our company and you, your organization or the organization employing you, in which case the purposes of the processing must enable us to:
– To meet our contractual obligations, particularly in terms of human resources management (responding to a job offer, consulting a curriculum vitae, drawing up an employment contract, etc.);
– To carry out the tasks entrusted to us by you, your organization or the organization employing you (management of customer files, etc.);
Or because you have given us your consent.
This will be the case in particular in the context of our commercial prospecting, where this purpose will enable us, for example:
– send you our newsletter and keep you informed of our latest news; – invite you to events;
– Propose offers identified as being likely to meet your needs;
Or as part of our legitimate interest:
We consider that we have a legitimate interest in processing some of your personal data, in particular in the following cases:
– Recruitment (responding to a job offer, consulting a curriculum vitae)
– For production monitoring purposes;
– To resolve a dispute: we may need to process your personal data to respond to requests or defend our rights in the event of legal action;
– For administrative purposes (scheduling, training, profitability calculations, etc.);
– To follow up prospects’ or customers’ files;
– To provide the most complete and relevant response possible to your request, regardless of the form it takes (telephone call, contact form, e-mail, fax, etc.);
Or as part of our legal obligations:
In certain cases, we need to collect, transmit or retain certain information about you to meet our own legal obligations, for example in relation to:
– Pre-employment declarations
– Sending administrative and tax documents, etc.
Data recipients
We may share your personal data with the following recipients:
Our employees:
Your personal data is intended for any employee of our company whose duties may require access to this data for the purposes set out above. The procedures in force within our company aim to guarantee individualized access to your personal data, in order to limit an employee’s access to only those data necessary for the performance of his or her duties and the accomplishment of our missions.
All our employees are contractually bound to discretion and professional secrecy. These obligations of discretion and professional secrecy continue after the end of an employee’s employment contract.
Our service providers and subcontractors:
We may transfer some of your personal data to our service providers and subcontractors if this is necessary for the performance of their tasks. This is particularly the case for our hosting platform suppliers when providing IT services. These service providers are selected with regard to the guarantees presented in terms of personal data protection and contractually framed in accordance with the provisions of Article 28 of the RGPD.
Fraud detection and prevention entities.
Or as part of a contractual relationship between our company and you, your organization or the organization employing you, in which case the purposes of the processing must enable us to:
– Meet our contractual obligations, particularly in terms of human resources management (responding to a job offer, consulting a curriculum vitae, drawing up an employment contract, etc.);
– To carry out the tasks entrusted to us by you, your organization or the organization employing you (management of customer files, etc.);
Or because you have given us your consent.
This will be the case in particular in the context of our commercial prospecting, where this purpose will enable us, for example:
– send you our newsletter and keep you informed of our latest news; – invite you to events;
– Propose offers identified as being likely to meet your needs;
Or as part of our legitimate interest:
We consider that we have a legitimate interest in processing some of your personal data, in particular in the following cases:
– For recruitment purposes (responding to a job offer, consulting a curriculum vitae)
– For production monitoring purposes;
– To resolve a dispute: we may need to process your personal data to respond to requests or defend our rights in legal proceedings;
– For administrative purposes (keeping schedules, training, calculating profitability, etc.);
– To follow up prospects’ or customers’ files;
– To provide as complete and relevant a response as possible to your request, regardless of the form it takes (telephone call, contact form, e-mail, fax, etc.);
Or as part of our legal obligations:
In certain cases, we need to collect, transmit or retain certain information about you to meet our own legal obligations, for example in relation to:
– Pre-employment declarations
– Sending administrative and tax documents, etc.
Recipients of data
We may share your personal data with the following recipients:
- Our employees:
Your personal data is intended for any employee of our company whose duties may require access to this data for the purposes set out above. The procedures in force within our company aim to guarantee individualized access to your personal data, in order to limit an employee’s access to only those data necessary for the performance of his or her duties and the accomplishment of our missions. All our employees are contractually bound to discretion and professional secrecy. These obligations of discretion and professional secrecy continue after the end of an employee’s employment contract. - Our service providers and subcontractors:
We may transfer some of your personal data to our service providers and subcontractors if this is necessary for the performance of their tasks. This will notably be the case for our hosting platform suppliers when providing IT services. These service providers are selected with regard to the guarantees presented in terms of personal data protection and contractually framed in accordance with the provisions of Article 28 of the RGPD. - Fraud detection and prevention entities.
The processing of your personal data is carried out for specific purposes that correspond to different legal bases. Your personal data processing may be carried out:
Either as part of a contractual relationship between our company and you, your organization or the organization employing you, in which case the purposes of the processing must enable us to:
– To meet our contractual obligations, particularly in terms of human resources management (responding to a job offer, consulting a curriculum vitae, drawing up an employment contract, etc.);
– To carry out the tasks entrusted to us by you, your organization or the organization employing you (management of customer files, etc.);
Or because you have given us your consent.
This will be the case in particular in the context of our commercial prospecting, where this purpose will enable us, for example:
– Send you our newsletter and keep you informed of our latest news; – invite you to events;
– Propose offers identified as being likely to meet your needs;
Or as part of our legitimate interest:
We consider that we have a legitimate interest in processing some of your personal data, in particular in the following cases:
– For recruitment purposes (responding to a job offer, consulting a curriculum vitae)
– For production monitoring purposes;
– To resolve a dispute: we may need to process your personal data to respond to requests or defend our rights in legal proceedings;
– For administrative purposes (scheduling, training, profitability calculations, etc.);
– To follow up prospects’ or customers’ files;
– To provide the most complete and relevant response possible to your request, regardless of the form it takes (telephone call, contact form, e-mail, fax, etc.);
Or as part of our legal obligations:
In certain cases, we need to collect, transmit or retain certain information about you to meet our own legal obligations, for example in relation to:
– Pre-employment declarations
– Sending administrative and tax documents, etc.
Data localization
Our processing and storage platforms are hosted in datacenters located in France.
In order to operate certain services, Anderlaine may communicate some of your personal data to its subcontractors. Anderlaine naturally undertakes to take appropriate measures to maintain a level of confidentiality and security of your personal data during the transfer and receipt thereof.
In any case, your personal data will not be transferred outside the European Union.
Should data be transferred to Subcontractors located outside the European Union, in a country that does not have adequate regulation within the meaning of the Personal Data Regulation (https://www.cnil.fr/fr/la-protection-des-donnees-dans-le-monde), the contractual relationship with this Subcontractor is governed by an appropriate contractual arrangement.
Retention periods
Anderlaine retains your personal data:
- In compliance with its legal obligations and/or the recommendations of the CNIL regarding retention periods;
- In relation to its contractual obligations and the applicable requirements with regard to the purposes of processing;
- At least for the time necessary to achieve the purposes for which they were collected.
Without prejudice to the exercise of your right to rectification, deletion, limitation or opposition.
After these periods, Anderlaine will delete your personal data from its system or anonymize it so that it can no longer be used to identify you.
Should you have any questions concerning the time limits for storing your personal data, or should you become aware of any shortcomings on the part of Anderlaine in this respect, we undertake to do everything in our power to make the necessary corrections, and to do so as soon as possible on receipt of your request, to the following e-mail address: rgpd@anderlaine.fr.
Automated individual decision-making
Anderlaine does not use your personal data for processing that gives rise to automated individual decision-making.
Your rights
Your personal data belongs to you, and as such you have a number of rights. In accordance with current laws and regulations on the protection of personal data, you have the following rights with regard to your personal data:
-
Right of access or information: (Article 15 of the GDPR)
You have the right to consult and obtain a copy of your personal data processed by Anderlaine. You will therefore be able to access the following information:
a) the purposes of the processing ;
b) the categories of Data;
c) the recipients or categories of recipients to whom the Data has been or will be communicated;
d) where possible, the period for which the Data will be kept, or, where this is not possible, the criteria used to determine this period;
e) the existence of the right to request from Anderlaine the rectification or deletion of Data, or a limitation of the processing of your Data, or the right to object to such processing;
f) the right to lodge a complaint with the CNIL;
g) where Data is not collected from you, any available information as to its source;
h) the existence of automated decision-making, including profiling, and, at least in such cases, useful information concerning the underlying logic, as well as the significance and anticipated consequences of such processing for you.
Your right to obtain a copy of your personal data must not prejudice the rights and freedoms of others.
- Right of rectification: (Article 16 of the RGPD)
If you become aware of any inaccuracy relating to your personal data, you have the right to obtain from Anderlaine the rectification of such data as soon as possible. You may also obtain that your personal data be completed, including by providing an additional declaration.
- Right to erasure: (Article 17 of the RGPD)
You have the right to obtain from Anderlaine the erasure of your personal data as soon as possible if one of the following reasons applies:
a) Your data is no longer required for the purposes for which it was collected or processed;
b) you have withdrawn your consent to the processing of such data and there is no other legal basis for the processing;
c) you exercise your right to object under the conditions set out below and there is no compelling legitimate reason for the processing;
d) your data has been processed unlawfully;
e) your data must be deleted to comply with a legal obligation;
f) your data has been collected from a child.
- Right of limitation: (Article 18 of the RGPD)
You will be able to ask Anderlaine to limit the use that is made of your personal data in the following cases:
a) While the data controller is verifying the accuracy of your data following a challenge from you concerning the accuracy of the data concerning you ;
b) When the processing of your data is unlawful and you prefer to assert your right to the restriction of processing rather than your right to deletion;
c) If Anderlaine no longer needs your data to carry out a processing operation, but it is still required for the establishment, exercise or defense of legal claims;
d) When you have objected to the processing of your data under the conditions set out below (see: Right to object) and Anderlaine verifies whether the legitimate reasons it is pursuing override yours.
-
Right to portability: (Article 20 of the RGPD)
You have the right to request that Anderlaine transmit to you or to another controller, the personal data you had provided to Anderlaine, in a structured, commonly used and machine-readable format, without Anderlaine objecting if:
a) the processing of your data is based on consent or on a contract
b) Your data is processed by automated means.
- Right to object: (Article 21 of the RGPD)
For reasons relating to your particular situation, you may object at any time to processing of your personal data if:
– The processing in question is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Anderlaine.
– The processing in question is necessary for the purposes of the legitimate interests pursued by Anderlaine; unless Anderlaine demonstrates that there are compelling legitimate grounds for processing your data which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
You may also object to the processing of your personal data when it is used :
– For canvassing or profiling purposes;
– For statistical purposes or for scientific or historical research, unless the data processing is necessary for the performance of a mission of public interest.
You can find out more about your rights on the CNIL website.
To exercise these rights, you can send your request :
By e-mail to our DPO at the following address: rgpd@anderlaine.com;
By post to the following address
Anderlaine
DPO – RGPD Correspondent
82 rue de la Petite Eau
73290 La Motte-Servolex
FRANCE
A reply will be sent to you within a maximum of one month from the date of receipt of your request. If necessary, this period may be extended by two months by Groupe SR Conseil, which will notify you accordingly, taking into account the complexity and/or number of requests.
In the event of reasonable doubt as to the identity of the person making the request, a photocopy of an identity document may be requested.
Making a complaint
We make every effort to ensure that our personal data protection policy complies with the RGPD, and to guarantee the security of this data as well as your rights concerning your personal data. Nevertheless, in the event that you become aware of a failure to comply with this regulation, you are entitled to lodge a complaint with the competent supervisory authority, the CNIL.
Security
Anderlaine implements appropriate technical and organizational measures, in view of the nature of the data and the risks involved in processing them, to preserve the security and confidentiality of your personal data.
These measures may include practices such as limited access to data by service personnel, contractual guarantees in the event of recourse to an external service provider, regular reviews of practices and procedures, physical and/or logical security measures (secure physical access, computer authentication process, antivirus software, etc.).
Cookies
Discover the website cookies policy