GIREVE, in its function as the data controller, collects and processes personal data relating to its partners, customers, and prospects, employees, suppliers, and users of its website.
To build long-lasting relationships of trust with these users, GIREVE has put in place the technical and organizational means necessary to protect the personal data it processes.
The purpose of this policy is to present the commitments made by GIREVE in terms of personal data protection.
2.Principles applying to personal data.
GIREVE is committed to the following principles in the collection and use of personal data.
2.1 Legitimate and proportionate use
Personal data are collected within the framework of its economic activities by GIREVE. This collection is only carried out for specific, explicit, and legitimate purposes.
The collection of personal data within GIREVE has the following purposes:
- management of relations and contracts concluded with its partners, clients, suppliers, and service providers;
- management of its human resources and recruitment operations;
- management of its financial and accounting obligations;
- management of its commercial activities;
- management of its external communication tools;
- respect of its legal obligations.
These data cannot be used subsequently in a way that is incompatible with these purposes.
For each processing, GIREVE undertakes to collect and process only data that is strictly necessary for the purpose.
2.2 Fair and transparent data collection
In the interest of fairness and transparency regarding its members, partners, suppliers, and service providers, GIREVE informs the persons concerned of each processing operation that it implements using appropriate information. This information is communicated to the persons concerned but can also be obtained from this address: email@example.com
Data is collected fairly; no collection is made without the knowledge of the persons concerned.
GIREVE is also available at the following address to provide any necessary clarification about its personal data protection policy: firstname.lastname@example.org.
2.3 Relevance, adequacy, and minimization of the data collected
The personal data collected is strictly necessary for processing. GIREVE strives to minimize the data collected and to keep it accurate and up to date.
The personal data collected is regularly updated and stored by GIREVE in its databases.
2.4 Personal Data Protection by Design and by Default
GIREVE has adopted internal policies and processes and is committed to implementing measures that respect the principles of privacy by design and by default.
Thus, when developing, designing, selecting, and using applications, services, and products that rely on the processing of personal data, GIREVE considers the right to the protection of personal data.
If GIREVE uses applications, services, or products provided by third parties, GIREVE ensures with their publishers that they meet the legal requirements and ensure the protection of the data processed.
GIREVE can use encryption techniques for personal data whenever possible or necessary.
3. Information for individuals
GIREVE respects the legal provisions regarding the protection of personal data, in particular the General Data Protection Regulation (GDPR). To guarantee the highest level of protection, GIREVE has appointed a Data Protection Officer.
GIREVE, as the data controller, implements within the framework of this website the processing of personal data relating to users for the following purposes:
- management of information requests and exchanges with visitors to the website;
- management of prospects;
- management of relations with the press.
The legal basis for the data processing is:
- The legitimate interest of GIREVE to manage its external communication via its institutional website;
- the consent of the users when required by the regulations.
Les données collectées sont indispensables aux traitements et seulement destinées au service en charge des relations clients et de la communication de GIREVE, le cas échéant, aux sous-traitants de GIREVE.
The duration of data retention is set at 3 years starting from the last contact with the users.
Any user concerned by the processing has the right to query, access, rectify, delete data, limit the processing, a right to data portability, as well as a right of opposition.
When the data processing that we implement is based on the user’s consent, the user can withdraw it at any time. We will then stop processing his or her personal data without affecting the previous operations for which he or she had consented.
Also, every user concerned has the right to formulate specific and general directives concerning the retention, deletion, and communication of his or her data post-mortem.
The person concerned can exercise these rights by sending an e-mail to the following address: GIREVE, 108-110 avenue du général Leclerc, 78220 VIROFLAY, or by sending an e-mail to email@example.com.
The user may also file a complaint with the “Commission Nationale de l’Informatique et des Libertés”.
The user of this site is required to respect the provisions of the law n°78-17 regarding data processing, files, and freedoms of January 6, 1978, modified, the violation of which is liable to penal sanctions. In particular, he must refrain from any collection, any misuse, and, in general, any act likely to affect the privacy or reputation of persons.
4 Security of personal data
GIREVE attaches particular importance to the security of personal data.
It implements technical and organizational measures adapted to the degree of sensitivity of the personal data, to ensure the integrity and confidentiality of the data and to protect them against any malicious intrusion, loss, alteration, or disclosure to unauthorized third parties.
GIREVE conducts regular audits to verify the proper operational application of data security rules.
Thus, GIREVE commits to take the physical, technical, and organizational security measures necessary to:
- protect its activities ;
- preserve the security of the personal data of its members, partners, Internet users, suppliers, and service providers;
- prevent any unauthorized access, modification, distortion, disclosure, destruction, or access to the personal data it holds.
Nevertheless, the security and confidentiality of personal data rely on the good practices of each individual, and the person concerned is invited to remain vigilant on issues that may involve the use of his or her personal data.
Following its commitments, GIREVE chooses its subcontractors and service providers with care and requires them in particular:
- a level of personal data protection equivalent to its own;
- Use of personal data or information only to ensure the management of the services they must provide;
- Strict compliance with applicable legislation and regulations on confidentiality, banking secrecy, and personal data;
- the definition of technical and organizational measures necessary to ensure security.
Thus, GIREVE commits to conclude contracts with its subcontractors that comply with the obligations imposed by the regulations and that precisely define the conditions and modalities of the processing of personal data.