Personal Data Protection Policy
We thank you for your visit on our website.
For clarification purposes, We propose below definitions of terms used herein. These definitions here provided are proposed in order to simplify the comprehension of the present document. Such definitions do not replace those, more accurate and complete, provided by the LIL and / or the GDPR. Accordingly, the following terms are defined as follow :
CNIL : refers to the Commission Nationale de l’Informatique et des Libertés (CNIL), which is the supervisory authority in France, as described by the GDPR, and shall notably on its territory monitor and enforce the application of the Law, and shall promote public awareness and understanding of the risks, rules, safeguards and rights in relation to processing.
Controller: means the entity that determines the Purpose(s) and the means used to process the Personal Data. For the purposes hereof, LYNRED a company incorporated under laws of France, whose headquarters are located Avenue de la Vauve – CS 20018 – 91127 Palaiseau, France, is the Controller. No other members of the consortium HELIAUS will process your personal data through this web-site
Cookies : A cookie is a small computer file, a plotter, deposited for example during the consultation of a website, the reading of an email, the installation or use of a software or a mobile application, whatever the type of the means used (computer, smartphone, etc.).
Personal Data: refers to any data that identifies a natural person.
Purposes: refers to the purposes of the Processing, the reasons why your Personal Data are the subject of one or more Processing (s) by the Controller.
Processor: refers to the entity that processes the Personal Data for the account and in accordance with the written instructions of the Controller.
Processing: means any and all operation or set of operation carried out on Personal Data such as, for example: collection, storage, reading, archiving, etc … for a fixed or determinable period and for the same Purposes.
We means the Controller
PERSONAL DATA COLLECTED
We undertake to collect only the Personal Data strictly nedeed for the Purpose of Processing, and not to collect more Personal Data than necessary. We undertake to inform you, at the moment where it collect your Personal Data:
- the Purposes of the Processing ;
- how to contact the Controller
- the legal basis of the Processing ;
- if the collect of the Personal Data is mandatory ((indicated by the symbol *) or facultative;
- the duration of the Processing ;
- the recipients of your Personal Data ;
- the transfer of your Personal Data outside the European Economic Area, as the case may be;
- your rights and how to exercise them with the CNIL.
We collect your Personal Data through:
- emails you sent us ;
- letters you send us electronically or by post;
- business cards that you have voluntarily given to us;
- cookies installed on our website (see “COOKIES” below);
WHAT ARE THE PURPOSES AND THEIR LEGAL BASIS?
Regardless of the Processing of your Personal Data, We agree that the Purpose (s) of each Processing of your Personal Data will be defined at the time we collect your Personal Data. The objectives of the Processing implemented will be described to you so that you understand clearly the reasons for which we use them. We undertake to treat your Personal Data strictly in accordance with the Purposes communicated to you. In no event We will use your Personal Data for any other Purpose(s).
Thus, the main Purposes for which your Personal Data are collected are the following (this list is not exhaustive):
On the legal basis of your consent:
- To manage your request you sent us by email;
In the event that your Personal Data are processed for Purposes not here listed, We will inform you prior the Processing of your Personal Data and, where applicable, will collect your prior consent.
Access to your Personal Data is strictly limited to the authorized and determined persons members of the staff of the Controller, and the competent organizations / companies when the performance of the Processing requires the intervention of such a third party. In these latter cases, you will be informed prior to Processing of the identity of the recipient (s) of your Personal Data. In all cases, these persons are those who, by their function, are legitimate to receive your Personal Data in order to achieve the Purposes for which they were lawfully collected. It is possible that your Personal Data may, if necessary, be transmitted to institutions, public bodies, administrative or judicial authorities, when they ask us to disclose them your Personal Data.
We do not transfer your Personal Data outside the European Economic Area and/or countries currently recognized as having an adequate level of protection by the CNIL, unless the processing of your personal data requires it or if the Law requires it; in this case, We will inform you prior the Processing, and will collect, as the case may be, your consent.
For the Purposes of the Processing (s), your Personal Data may be entrusted to third parties to whom we authorize the Processing. We require from these third parties, in their role as a Processor, to be in compliance with the Law and with the clause that we insert in our contract. These Processors may be providers of technical services (hosting of data, functionality of our website, etc.). We also require our Processors to provide us with sufficient warrantees regarding the security and confidentiality of the Personal Data we entrust to them. We ensure that our Processor take all technical and organizational measures to ensure the confidentiality, integrity and security of your Personal Data. We undertake not to disclose Personal Data to such third party if this latter is unable to provide us such warranties.
In any case, We agree not to sell your Personal Data. We agree not to share or otherwise communicate your Personal Data to third parties for marketing / marketing purposes without your prior express consent.
HOW LONG YOUR PERSONNAL DATA ARE RETAINED?
Your Personal Data are retained only for the time necessary to achieve the Purposes for which it was collected, in accordance with the recommendations of the CNIL.
Once this/these Purpose(s) is/are reached, your Personal Data will be placed in intermediate filing to enable us to fulfill our legal, accounting and tax obligations and / or at least during the applicable limitation period.
SAFETY MEASURES IMPLEMENTED
We are concerned about the protection of your Personal Data, that is why we implement a set of security measures, both organizational and technical, to avoid:
- the unexpected destruction or loss of your Personal Data,
- The disclosure of your Personal Data to natural persons or entity who do not have a need to know your Personal Data to achieve the Purposes of Processing;
- Leaks, violation of your Personal Data, and more broadly, unauthorized access and use of your Personal Data
On the organizational level:
We commits that your Personal Data will only be processed by our staff and third parties (only the third party described under section “Recipient” as above mentioned) who need to know about it to achieve the Purposes, being specified that these persons are subject to a confidentiality agreement, either through their contract of employment, either through a contract in which we have set high requirements (see Section “Recipients”). We require these people to use your Personal Data only for Purposes only. We remind you that the administrative and / or judicial authorities may have access to your Personal Data even if we do not have a contract with them – these authorities warrant the respect of your Personal Data according to their own procedures.
On the technical level:
all the information systems we use are hosted on European territory and operated by European stakeholders. All the necessary means of protection necessary to warrant you an appropriate protection of your Personal Data are implemented, both on the physical and the computer consideration. Depending on the platforms considered and the information concerned, these means may vary. For instance, the use of encryption of sensitive Personal Data during storage or transmission through the Internet is used.
What kind of cookies do we use?
Cookies needed at the site to work
This type of cookie activates the essential functions without which our website cannot work. This type of cookie does not collect personal data for commercial purposes, and cannot be disabled. As such, we use the following cookies:
– Google Analytics. The data collected by these cookies are automatically deleted one year after their collect.
We are committed to enabling you to exercise your rights in the protection of your Personal Data. In line with our commitment to safety, the exercise of your rights is subject to the proof of your identity. We reserve the right to carry out any other legitimate and proportionate verification to ensure your identity. In the absence of presentation of the requested supporting documents, We reserve the right to refuse, without fault of our part, to accede to your request. The purpose of such measures is to protect the access to your Personal Data, and to make sur that no unauthorized person has access to your Personal Data.
The Law gives you the following rights:
This right allows you to contact us in order to obtain various information related to the existence of a Processing pertaining to your Personal Data, and if such Processing exists, you will be able to have access to the Purposes of the Processing which concern you, to the categories of Personal Data processed, the recipient (see Section Recipient above) subject to respecting the rights of the latter, etc.
We will provide you for free a copy of your Personal Data processed. It should be noted that we reserve the right, in case of unfounded and obviously untimely requests on your part, to charge you for the production of additional copies.
Right of rectification
This right allows you to contact us in order to complete, correct, and/or update the Personal Data that we processed, if such Personal Data were inaccurate.
Right of opposition
This right allows you to ask us to cease at any time the processing of your Personal Data that we may processed, when your particular situation requires it, which we undertake to do as soon as possible.
Nevertheless, We inform you that We can legally refuse your request:
- in the event of legitimate and/or compelling reasons We may have and that prevail over your rights ;
- for the need of finding, exercise or the defense of rights in court
Regarding commercial prospection, you have the right of opposition to the Processing at any time, without having to motivate it. You can exercise your right by clicking on the unsubscribe link in each of our newsletters or solicitations or by contacting the person who solicited you.
RIGHT TO LIMITATION OF TREATMENT
This right allows you to ask us to restrict the processing of your Personal Data that we may process in the following cases:
- If you disagree with the accuracy of your Personal Data. In such a case, We undertake to limit the Processing of your Personal Data for the period needed to verify the accuracy of your Personal Data, and to correct it as the case may be;
- If the Processing is unlawful, but you have expressly requested us to not delete your Personal Data;
- When you opposed the Treatment (see section above). In this case, We will limit the Processing for the period needed to check whether our legitimate and/or compelling reasons to process your Personal Data prevail or not over your rights;
- When your Personal Data are no longer necessary for the Processing, but are still necessary for the finding, exercise or defense of rights in court.
This limitation of Processing can result, for example, by transferring your Personal Data to another file, and to make it inaccessible to certain users.
RIGHT TO ERASURE (“RIGHT TO BE FORGOTTEN”).
This right allows you, subject to certain conditions, to ask us to delete your Personal Data that We may process as soon as possible.
You can exercise this right when:
- You withdraw your consent to the Processing, on the express condition that this Processing was initiated solely on the legal basis of your consent (and if there is no other legal basis for the Processing);
- When you have objected to the Processing and we have no compelling and/or legitimate reasons prevailing over your rights to oppose;
- When you objected to Processing for commercial prospection (see above)
- When the Processing is unlawful;
- Where a legal obligation and /or a European regulatory obligation required the erasure from the Controller.
We remind you that We may refuse your request to erase your Personal Data when a legal and mandatory provision imposes to the Controller to perform the Processing of such Personal Data or when we need your Personal Data to enable the recognition, exercise or defense of rights in court.
PORTABILITY OF PERSONAL DATA
This right entitles you to request us to provide you with a structured, commonly used and machine readable format, subject to the following conditions:
- The Processing is legally based on your sole and express consent or legally based on a specific agreement
- The Processing is performed through automated methods.
The exercise of this right does not affect the exercise of the right to the erasure of your Personal Data, provided that the conditions of the right of erasure are met.
HOW TO EXERCISE YOUR RIGHTS
In accordance with the Law, you can exercise each of the above rights above by contacting us at the following address : firstname.lastname@example.org, and/or by registered letter to the attention of the DPO, at the postal following adress : 364, Route de Valence, Actipole – CS 10027, 38113 Veurey-Voroize, France.
In order that we may reply to your request in the best manners, we need you to indicate precisely the purpose of your request. In addition, to help us to reply as quickly as possible, we invite you to provide us with any records which may prove your identity.
In case you may consider that We do not comply with our obligations resulting from the Law, especially regarding the performance of your rights (as listed above) and/or the security and the care given to your Personal Data, you may introduce a claim to the CNIL, which has the power to treat and check any breaches pertaining to the protection of Personal Data