PERSONAL DATA PROTECTION POLICY
General Data Protection Regulation (« GDPR »)
EPSA considers that the protection of personal data is essential.
This is why EPSA undertakes, within the framework of its activities and in accordance with the legislation in force in France and Europe, to ensure the protection, confidentiality and security of the personal data of persons likely to be concerned by the collection of personal data.
Directive 95/46/EC will be repealed with effect from May 25th, 2018 with the entry into force of the General Data Protection Regulation (the “GDPR”) (Regulation (EU) 2016/679) with the aim of strengthening your rights regarding your personal data protection.
This Policy informs you about how EPSA, its subcontractors and potential partners process your Personal Data.
This Policy is applicable to clients, prospects, candidates and www.epsagroupe.com, www.7partners.fr, www.epsa-advisory.com, www.agriateconseil.fr, www.faretrade.fr, airrefund.com and www.montvallon.com.
|WE CHOOSE AN INTUITIVE 8 QUESTION/ANSWER FORMAT:|
1. What is a personal data?
2. For which “purpose of the processing” do we collect your personal data?
3. How do we collect your personal data?
4. To whom do we transfer your personal data?
5. For how long do we keep your personal data?
6. How do we protect your personal data?
7. What are your rights and how may you exercise them?
The notion of personal data (“Personal Data”) means any information relating to an identified or identifiable person. An identifiable person can be identified, directly or indirectly. (For example, the personal email address filled in as part of an application to an offer published through this website).
- FOR WHICH “PURPOSE OF THE PROCESSING” DO WE COLLECT YOUR PERSONAL DATA?
Our professions within EPSA are very diversified. Indeed, we are likely to process various Personal Data according to the expertise. Furthermore, we inform you that EPSA may collect “sensitive” Personal Data through its cost optimisation missions (social benefit charges, TA/MP). EPSA ne traite les Données Personnelles que pour des finalités déterminées, explicites et légitimes. Nous ne traitons pas ces données de manière incompatible avec ces finalités.
We only collect the strictly necessary personal data to achieve the purpose of the processing (for example: the purposes of processing will differ in the context of the execution of a contract or an application).
- HOW DO WE COLLECT YOUR PERSONAL DATA?
Depending on the case, EPSA may collect your Personal Data directly from you or may receive your Personal Data collected from you by a third party.
- TO WHOM DO WE TRANSFER YOUR PERSONAL DATA?
The collected Personal Data are intended for EPSA’s internal services and its subcontractors.
Personal Data may also be processed by EPSA affiliates. These are situations where affiliates are involved in the provision of services.
The processed data may finally be transmitted to the competent authorities, upon request, in case of judicial proceedings, judicial inquiries and requests for information from the authorities or in order to comply with other legal obligations.
- FOR HOW LONG DO WE KEEP YOUR PERSONAL DATA?
Your personal data will be kept for a period necessary for the fulfilment of the collecting purpose. With regard to processing relating to the performance of the contract, Personal Data may be kept for a maximum period of three years from the end of the relationship.
- HOW DO WE PROTECT YOUR PERSONAL DATA?
We aim to treat your personal data in the most secure way. To this end, we take all appropriate physical, technical and organisational measures to guarantee their confidentiality and prevent, as far as possible, any alteration, los or unauthorised access to your data.
These measures are adapted according to the level of sensitivity of the Personal Data processed and according to the level of risk presented by the processing or its implementation.
Finally, we inform you that all persons who have access to your Personal Data are bound by an obligation of confidentiality and are subject to disciplinary measures and/or other sanctions if they do not respect their obligations.
- WHAT ARE YOUT RIGHTS AND HOW MAY YOU EXERCISE THEM?
Each concerned person by the processing of Personal Data has a right of access, rectification, opposition, portability, deletion and limitation.
You may exercise any of these rights at any time with EPSA, in its capacity as controller of your personal data. Any request relating to the use of these rights must be made by email and sent to firstname.lastname@example.org and will be processed within 30 working days from receipt of your request.
MORE QUESTIONS? CONTACT OUR « DPO »
If you have any questions about this Policy, you may contact our Data Protection Officer at DPO@epsagroupe.com.