Privacy policy
- PREAMBLE – DEFINITIONS Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, also known as the General Data Protection Regulation (hereinafter “GDPR”), establishes legal framework applicable to the processing of personal data.
- personal data: any information relating to an identified or identifiable natural person (data subject); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more specific elements related to their physical, physiological, genetic, mental, economic, cultural, or social identity;
- data subjects (hereinafter “Data Subjects”): individuals whose data are processed by CHR NUMERIQUE (excluding employees), including job applicants, clients, prospects, and suppliers;
- processing of personal data: any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed;
- data controller: refers to the company CHR NUMERIQUE, Immeuble La Coursive, 60 Avenue Baron Lacrosse, 29850 GOUESNOU, hereinafter referred to as “CHR NUMERIQUE”;
- processor: refers to any natural or legal person who processes personal data on behalf of the data controller;
- recipients: refers to the natural or legal persons who receive personal data from the data controller.
- PURPOSE OF THE PRESENT POLICY To ensure its proper operation, CHR NUMERIQUE is required to implement and manage personal data processing activities.
- SCOPE This Policy applies to all personal data processing activities related to Data Subjects, with the exception of CHR NUMERIQUE employees (who are subject to a specific data protection policy).
- GENERAL PRINCIPLES & DATA COLLECTION No processing is performed by CHR NUMERIQUE unless it involves personal data collected by or for our services or processed in connection with our services and complies with the general principles of the GDPR.
- Management and monitoring of the commercial relationship with our clients All procedures related to the setup and monitoring of contracts, orders, subscriptions, deliveries, management of your client account, handling of complaints; sending personalized information and newsletters about our products and services and their evolution, about our news, and about your professional activities, when these information and newsletters are directly related to your subscriptions and are an integral part of your subscriptions; preparation of commercial statistics
- Management and monitoring of the commercial relationship with our suppliers and service providers All procedures related to the setup and monitoring of contracts, orders, subscriptions, deliveries, and handling of complaints.
- Management of invoicing and accounting All procedures related to invoicing and accounting for products or services.
- Debt collection and litigation management All procedures aimed at enabling us to recover amounts owed to us
- Providing our products and services All procedures related to the provision of our products and services and the execution of subscription contracts
- Management of applications Monitoring of applications, evaluating the candidate’s ability to hold the proposed position, invitations to interviews.
- Contests Any entertaining procedure aimed at awarding a prize to clients or prospects of CHR NUMERIQUE, whether performed directly by CHR NUMERIQUE or its partners. The collected data include those necessary for managing participation, identifying participants, and awarding prizes or gifts.
- Prospecting and marketing All commercial procedures, follow-up of commercial relations; prospecting, usually by email, SMS, phone; sponsorship operations, promotional offers; conducting surveys, studies, satisfaction surveys, and product tests; improving your user experience with our products, services, websites, and/or applications; sending personalized information and newsletters about our products and services and their evolution, about our news, and your professional activities; analysis of your purchasing preferences.
- Events Events organized by CHR NUMERIQUE or in which CHR NUMERIQUE participates or sponsors; data are generally collected during registration for the event (directly or via a partner) or during the event itself (form, questionnaire, business card, dedicated mobile applications, etc.).
- Social media All social selling operations, including the collection of data related to registrations, posts, likes, replies and forwards, comments, reviews, etc.
- Cookies Please refer to our Cookie Policy for more information.
- TYPES OF DATA COLLECTED
- Non-technical data (depending on use cases) Identification (name, first name, etc.) Landline/mobile phone numbers Email address Bank details Photo, when you grant us this right Personal/professional life, when necessary Home address, when necessary
- Technical data (depending on use cases) Identification data (IP) Connection data (logs, etc.) Acceptance data (click)
- ORIGINS OF DATA Data relating to Data Subjects are generally collected directly from them (direct collection).
- via specialized companies (purchase or rental of databases) or via partners and suppliers of CHR NUMERIQUE. In this case, CHR NUMERIQUE takes great care to ensure the quality of the data provided;
- via sponsorship. In this case, the sponsor ensures that they can provide us with personal data.
- PURPOSES AND LEGAL BASIS OF PERSONAL DATA PROCESSING
- supply of our products and services, performance of the subscription contract;
- management of the customer/prospect relationship, commercial prospecting;
- management of the supplier relationship, subscription to products or services;
- managing job applications;
- management of invoicing and accounting;
- management of complaints, pre-litigation and litigation;
- management of requests to unsubscribe and unsubscribe from newsletters;
- improving our products and services, satisfaction surveys, opinion polls, product and service tests;
- marketing and communication operations;
- marketing analysis ;
- statistics;
- archiving.
- DATA RECIPIENTS CHR NUMERIQUE ensures that data are only accessible to authorized internal or external recipients.
- Internal recipients Authorized personnel (in particular : Marketing & Communication department, the Sales department, HR department, Client relations and prospecting departments, administrative services, logistics and IT departments, as well as their hierarchical superiors). Authorized personnel from the audit services (auditors, personnel in charge of internal control procedures, etc.).
- External recipients Partners and service providers of CHR NUMERIQUE. Affiliates of CHR NUMERIQUE or other entities belonging to the same corporate group. Organizations, judicial auxiliaries, and legal officers, within the framework of debt collection. Authorized personnel of subcontractors.
- DATA RETENTION PERIOD The retention period for your data is determined by CHR NUMERIQUE according to its legal and contractual obligations, or in their absence, according to its needs and, in particular, based on the following principles:
- Client data During the duration of the contractual relationship with CHR NUMERIQUE, extended by 3 years for marketing and prospecting purposes, without prejudice to retention obligations and limitation periods.
- Prospect data 3 years from their collection by CHR NUMERIQUE or the last contact from the prospect.
- Supplier and service provider data During the duration of the contractual relationship with CHR NUMERIQUE, extended by the limitation periods and retention obligations.
- Data processed for managing contest participation 6 months from their collection.
- Data processed for commercial and marketing statistics 3 years after the end of the contractual relationship.
- Data processed for surveys, studies, satisfaction surveys, and product tests 2 years from their collection.
- Applications and recruitment Immediate deletion if the candidate is not selected for the position. Option to retain the CV for 2 years after the last contact with the candidate if informed.
- Technical data 1 year.
- Bank details During the duration of the contractual relationship with CHR NUMERIQUE, extended by the limitation periods and retention obligations.
- RIGHT TO CONFIRMATION AND ACCESS You have the right to ask CHR NUMERIQUE for confirmation as to whether personal data concerning you are being processed.
- The request must come from the Data Subject, and there should be no doubt about their identity. Otherwise, CHR NUMERIQUE reserves the right to request any element that can verify their identity, such as a copy of an identity card or passport;
- The request must be made in writing to the DPO address indicated in Article 23 of this Policy.
- UPDATING – MODIFICATION AND RECTIFICATION CHR NUMERIQUE responds to update requests:
- Automatically for online changes in fields that can be updated technically or legally;
- Upon written request from the Data Subject themselves, who must justify their identity.
- RIGHT TO ERASURE The right to erasure will not apply in cases where processing is performed to comply with a legal obligation.
- Personal data are no longer necessary for the purposes for which they were collected or processed;
- The Data Subject withdraws consent on which the processing is based, and there is no other legal basis for the processing;
- The Data Subject objects to processing necessary for CHR NUMERIQUE’s legitimate interests, and there is no overriding legitimate reason for the processing;
- The Data Subject objects to the processing of their personal data for direct marketing purposes, including profiling;
- The personal data have been unlawfully processed.
- RIGHT TO RESTRICTION Data Subjects are informed that this right does not apply if the processing performed by CHR NUMERIQUE is lawful and the personal data collected is necessary to comply with the provisions of a contract.
- RIGHT TO DATA PORTABILITY The right to portability can only be exercised in the specific case of data provided by the Data Subject themselves, on online services offered by CHR NUMERIQUE, and for purposes based solely on the consent of the individuals. In this case, the data will be provided in a structured, commonly used, and machine-readable format.
- RIGHT TO OBJECT AN AUTOMATED INDIVIDUAL DECISION
- POST-MORTEM RIGHTS Data Subjects are informed that they have the right to formulate directives concerning the retention, deletion, and communication of their data after death. Specific post-mortem directives are addressed to the DPO (whose contact details are indicated in Article 23 of this Policy) by written request.
- OPTIONAL OR MANDATORY NATURE OF RESPONSES Data Subjects are informed on each personal data collection form whether the responses are mandatory or optional.
- RIGHT OF USE CHR NUMERIQUE is granted the right by Data Subjects to use and process their personal data for the purposes outlined above.
- PROCESSOR CHR NUMERIQUE may involve any processor of its choice in the processing of personal data.
- TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES
- SECURITY It is the responsibility of CHR NUMERIQUE to define and implement technical, physical, or logical security measures that it deems appropriate to combat the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of data.
- The use of security measures for access to premises (office locks, badges, etc.);
- Security of access to our computers and smartphones;
- Login and password for our business applications;
- Authorization management for access to data;
- VPN for remote connections.
- DATA PROTECTION OFFICER (DPO)
- RECORD OF PROCESSING ACTIVITIES CHR NUMERIQUE, as the data controller, undertakes to maintain an up-to-date record of the processing activities performed.
- RIGHT TO LODGE A COMPLAINT in accordance with GDPR, Data Subjects are informed of their right to lodge a complaint with a supervisory authority, in particular in the EU Member State of his or her habitual residence, place of work or place of the alleged infringement if the Data Subject considers that the processing of personal data relating to him or her infringes the GDPR.
- EVOLUTION This Policy may be amended or adjusted at any time.