Safety of people and property - management of personal data
The manager for processing personal data is ProcSea, domiciled at: 4 rue Jean Lemaistre, 35000 Rennes. ProcSea has appointed a Data Protection Officer (DPO), who can be reached at the following e-mail address: email@example.com. The DPO's mission is to ensure compliance with provisions of regulations on the protection of personal data. He must be consulted by ProcSea prior to the implementation of data processing. It lists in a register all ProcSea's personal data processing operations as and when they are implemented. The Data Protection Officer ensures the respect of individuals’s right (right of access, rectification, opposition, deletion, limitation of processing and portability). In case of difficulties encountered in exercising these rights, the persons concerned may refer the matter to the Data Protection Officer by e-mail at firstname.lastname@example.org.
ProcSea ensures that it only collects data that is strictly necessary for the purpose of the processing operations carried out. Depending on the case, personal data can be collected in two ways:
● Directly : user, prospect and/or customer freely communicates personal data to ProcSea, in particular via :
- the Platform, and via filled forms in by the person concerned (access request, account creation request, service subscription, etc.); - commercial documents (estimate, order form, etc.)
- the conclusion of General Terms and Conditions of Services ;
The User is informed that the information collected is subject to computer processing intended to carry out operations relating to the creation of an Account and the management of the Services ordered by the Customer, i.e. contracts, orders, invoices, accounting and account management, monitoring of the relationship.
ProcSea indicates to the User required fields to ensure its Services by following this sign: " * ".
If the User does not answer the fields mentioned as required, he will not be able to benefit from the Services provided by PROCSEA.
● Indirectly/automatically: user, prospect, and/or the customer are collected via the software and/or technologies set up on the Platform.
Who are recipients of the data?
● Internally, within ProcSea
Personal data is communicated within ProcSea in order to fulfill contractual obligations, to comply with its legal obligations, to prevent fraud and/or to secure its services, to improve its services or after obtained the consent of the concerned person. The recipients of the data are persons in charge of the marketing department, the sales department, the departments in charge of customer relations, the administrative departments, the IT and technical departments and their line managers.
In the event of restructuring, merger, acquisition by a third party, sale of a business or assets in particular, ProcSea may communicate personal data to the purchaser or potential purchaser. In these cases, the personal data held concerning the prospects may be one of the transferred assets. The acquirer who will act as the new data controller will then process the data and its personal data protection policy will govern the processing of personal data.
ProcSea does not rent or sell its Customers' personal data, including for commercial prospecting purposes. Personal data may be processed in the name and on behalf of ProcSea by trusted service providers. In this case, ProcSea ensures that all the service providers it works with preserve the confidentiality and security of the data. ProcSea may, for example, request to provide services that require the processing of its Clients' personal data to :
- service providers who assist ProcSea in customer relationship management (CRM) and web analytics (audience analysis);
- third parties who assist and help ProcSea to provide Services (hosting services, maintenance and technical support services for databases, software and applications which may contain data concerning ProcSea's customers or prospects (these services may sometimes require access to data to perform the tasks requested) ;
- service providers who provide an advisory function to ProcSea (auditor, chartered accountant, lawyer, etc.). Finally, ProcSea may communicate data to third parties if it is obliged to disclose or share the data for :
- comply with a legal obligation,
- to protect its rights, intellectual property or safety, or those of its customers or employees,
- if it has the consent of the person concerned,
- if permitted by law.
How long is personal data kept?
ProcSea only keeps personal data for the time necessary for the operations for which they were collected and in compliance with the regulations. ProcSea will keep the data transmitted according to the criteria and recommendations of the CNIL available in its reference standard : simplified standard n°48.
What physical and logical security for your personal data?
ProcSea determines and implements necessary ressources to protect personal data processing systems to avoid any malicious intrusion and
prevent any loss, alteration or disclosure of data to unauthorised persons.
Thus, ProcSea has established and regularly updates its personal data processing registers with all technical and operational security measures to take.
ProcSea determines and implements measures to guarantee the confidentiality of data, in particular through actions to raise staff awareness and recommendations of good practice regarding the use of their computer workstations.
ProcSea requires its IT service providers to present sufficient guarantees to ensure the security and confidentiality of personal data.
ProcSea ensures that the IT service providers take all measures to prevent the disclosure or alteration of data, do not carry out remote maintenance operations without its control and return the data at the end of the contract.
Where is the data stored? Is there a data transfer?
ProcSea doesn’t transfer data outside the European Union.
What are the rights of the data subject ?
Right of access, rectification, limitation and deletion In accordance with the law "Informatique et Libertés" of 6 January 1978 as amended and the General Regulation on Data Protection, every individual has the right to access, rectify, limit and delete data:
- access to data (limited to two access requests per year and subject to proof of identity),
- to rectify the data;
- to the deletion of information concerning her under the conditions laid down in Article 17 of the General Regulations on Data Protection;
- the limitation of the processing;
- to define general and specific guidelines defining the manner in which she intends to exercise these rights after her death.
Right of opposition
The person also has the right to object to the processing of his/her personal data and the right to object to the use of such data for commercial prospecting purposes.
Right to data portability
The person also has a right to the portability of his data. In accordance with Article 20 of the DPMR, the person concerned has the right to receive the personal data relating to him or her which he or she has supplied to ProcSea, in a structured, commonly used and machine-readable format, and has the right to transmit these data to another controller without ProcSea, to whom the personal data have been communicated, obstructing this.
Right to lodge a complaint with the CNIL
The person concerned may, if necessary, submit a complaint with the CNIL: https://www.cnil.fr/en/home
To do so, she can contact the CNIL by mail or by telephone : https://www.cnil.fr/en/contact-cnil
She can exercise these rights by proving her identity and by contacting ProcSea at the following e-mail address email@example.com or by post at the following address:
ProcSea France, 4 rue Jean Lemaistre, 35000 Rennes.