Protection of goods and people - management of personal data
The personal data processing manager is ProcSea, domiciled at: 4 rue Jean Lemaistre, 35000 Rennes. ProcSea has appointed a Data Protection Officer (DPO), reachable at the email address firstname.lastname@example.org. The latter's mission is to ensure compliance with the provisions of the regulations on the protection of personal data. It must be consulted by ProcSea prior to the implementation of data processing. It records in a register the list of all of ProcSea's personal data processing operations as and when they are implemented. The Data Protection Officer ensures that the rights of individuals are respected (right of access, rectification, opposition, erasure, limitation of processing and portability). In the event of difficulties encountered during the exercise of these rights, the data subjects can contact the Data Protection Officer by e-mail at the address email@example.com.
ProcSea takes care to collect only the data strictly necessary for the purpose of the processing operations implemented. Depending on the case, personal data can be collected in two ways:
● Directly: the Internet user, the prospect, the user and / or the client freely communicates his personal data to ProcSea, in particular via:
- the Platform, and more specifically through the collection forms filled in by the person concerned (request for access, creation of an Account, subscription to a service, etc.); - commercial documents (estimate, order form, etc.)
- the conclusion of General Conditions of Services;
The User who is a natural person is informed that the information collected is subject to computer processing intended to carry out operations relating to the creation of an Account and the management of the Services ordered by the Customer, namely contracts, orders, invoices, accounting and account management, relationship monitoring.
ProcSea indicates to the User the data required to provide its Services by affixing the following sign: "*". In the absence of a response from the User on the fields mentioned as mandatory, the latter will not be able to benefit from the Services provided by PROCSEA.
● Indirectly / automatically: the data of the Internet user, the prospect, the User and / or the customer are collected via the software and / or technologies set up on the Platform
Who are the recipients of the data?
● Internally, within ProcSea
Personal data is communicated within ProcSea in order to fulfill its contractual obligations, comply with its legal obligations, prevent fraud and / or secure its services, improve its services or after have obtained the consent of the data subject. The recipients of the data are the people in charge of the marketing department, the sales department, the departments responsible for handling customer relations and prospecting, the administrative departments, the IT and technical departments as well as their line managers.
In the event of restructuring, merger, acquisition by a third party, sale of an activity or assets in particular, ProcSea may communicate the personal data to the buyer or the potential buyer. In these cases, personal data held concerning prospects may be one of the transferred assets. The purchaser who will act as the new data controller will then process the data and its personal data protection policy will govern the processing of personal data.
ProcSea does not rent or sell the personal data of its Customers, including for commercial prospecting purposes. Personal data may be processed in the name and on behalf of ProcSea by trusted service providers. In this case, ProcSea ensures that all the service providers with whom it works preserve the confidentiality and security of the data. ProcSea may, for example, request to provide services which require the processing of the personal data of its Customers to:
- service providers who assist with customer relationship management (CRM) and web analytics (audience analysis); - third parties who assist and help ProcSea to provide the Services (hosting services, maintenance services and technical support for databases as well as for software and applications which may contain data concerning ProcSea customers or prospects (these services may sometimes require access to data in order to perform the requested tasks);
- service providers who provide advice to ProcSea (auditor, accountant, lawyer, etc.). ProcSea can finally communicate the data to third parties if it is forced to disclose or share the data to:
- comply with a legal obligation,
- enforce or apply its general conditions of use and / or services, - protect its rights, intellectual property or security, or those of its customers or employees,
- if it has the consent of the data subject,
- if the law allows it.
What is the retention period for personal data?
ProcSea only keeps personal data for the time necessary for the operations for which it was collected and in compliance with the regulations in force. The natural person is also informed that ProcSea will keep the data transmitted according to the criteria and recommendations of the CNIL available in its reference standard: simplified standard n ° 48.
What physical and logical security for your personal data?
ProcSea determines and implements the means necessary to protect personal data processing systems to avoid any malicious intrusion and prevent any loss, alteration or disclosure of data to unauthorized persons.
Thus, ProcSea has established and regularly updates its personal data processing registers which list the technical and operational security measures taken.
ProcSea determines and implements measures to guarantee the confidentiality of data, in particular through actions to raise employee awareness and recommend best practices regarding the use of their IT workstations.
ProcSea requires its IT service providers to present sufficient guarantees to ensure the security and confidentiality of personal data.
ProcSea ensures that IT service providers take all measures to prevent the disclosure or alteration of data, do not perform remote maintenance operations without its control and return the data at the end of the contract.
Where is the data stored? Is there a data transfer?
ProcSea does not transfer data outside of the European Union.
What are the rights of the data subject?
Right of access, rectification, limitation and erasure In accordance with the law "Informatique et Libertés" of January 6, 1978 as amended and the General Data Protection Regulations, any natural person has a right:
- access to data (limited to two access requests per year and subject to proof of identity),
- rectification of data;
- the erasure of information concerning him under the conditions set out in Article 17 of the General Data Protection Regulations;
- restriction of processing;
- to define general and specific directives defining the manner in which it intends to exercise these rights, after his death.
Right of opposition
The natural person also has a right to object to the processing of his personal data as well as a right to object to this data being used for commercial prospecting purposes.
Right to data portability The data subject also has a right to data portability. In accordance with Article 20 of the GDPR, the data subject has the right to receive the personal data concerning him that he has provided to ProcSea, in a structured, commonly used and machine-readable format, and has the right to transmit these data to another controller without ProcSea, to whom the personal data have been communicated, obstructing it.
Right to lodge a complaint with the CNIL
Finally, the person concerned can, if necessary, lodge a complaint with the services of the CNIL (https://www.cnil.fr/fr/plaintes).
To do this, it can contact the Cnil by mail or by telephone (information available here: https://www.cnil.fr/fr/vous-souhaitez-contacter-la-cnil). It can exercise these rights by proving its identity and by contacting ProcSea at the email address firstname.lastname@example.org or by post at the following address:
ProcSea France, 4 rue Jean Lemaistre, 35000 Rennes.