1. SCOPE OF THE PERSONAL DATA PROTECTION POLICY
The purpose of this data protection policy is to inform you of the commitments made by the Data Controller to ensure that your Personal Data is respected.
Personal data (or “Data”): any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier.
Processing of Personal Data: any operation or set of operations, whether or not carried out by means of automated processes and applied to Data or sets of Data of a personal nature.
Website : www.fileurope.com
Person in charge of processing : The person in charge of processing is the company FILEUROPE.
2. DATA COLLECTED
In general, you can visit the Websites without providing any Data.
However, in order to be able to provide you with certain services, the Data Controller may ask you to provide certain Data, for example, to respond to a contact request or to follow up an application.
In particular, some or all of the following Data may be collected when you use the Websites :
- Data relating to your identity (surname, first name, email address, telephone number)
- Data relating to your personal and professional life that you choose to communicate to us, particularly in the context of job applications.
- In all cases, we limit ourselves to collecting and processing Data that is relevant, adequate, not excessive and strictly necessary to achieve the purposes that have been previously determined.
3. PURPOSES OF THE PROCESSING CARRIED OUT BY FILEUROPE AND LEGAL BASIS FOR THE PROCESSING
The Data Controller undertakes to collect and process your Personal Data in a fair, lawful and transparent way.
The use of your Data by the Data Controller for the purposes listed below is authorised by legal and regulatory provisions because it is :
- Necessary to comply with our legal and regulatory obligations towards public institutions or competent authorities (Art.6, 1, c) of the GDPR – General Data Protection Regulation) or,
- Necessary for the conclusion or performance of a contract (Art.6, 1, b) GDPR) or,
- In some cases, necessary for our legitimate interests in pursuing the purposes described below (Art.6, 1, a) GDPR) or,
- In certain circumstances, carried out with your consent (Art.6, 1, a) GDPR in conjunction with Art.7 GDPR).
The processing operations carried out by the Data Controller are carried out for explicit, legitimate and specific purposes.
Your Data may in particular be processed for the following purposes :
- Follow-up of your application filed online on the Websites;
- Responding to your requests for contact and sending of commercial documentation.
- The purpose of the collection will be precisely indicated to you at the time of collection.
4. THE DURATION OF DATA CONSERVATION
The length of time we keep your Data depends on the purposes for which they are used.
Processing and follow-up of applications :
We undertake to delete your Data within a maximum of 2 years after our last contact with you.
Communication, management of your contact requests :
We undertake to delete your Data within a maximum of 3 years after our last contact with you.
After this period, the Data may be anonymised and kept for statistical purposes only and will not be used in any way whatsoever.
5. CATEGORIES OF RECIPIENTS OF THE DATA COLLECTED
The data controller will only pass on your personal data to authorised and specified recipients.
No transfer to third parties for commercial use will be made without your prior consent.
The recipients of your Data are the relevant departments of the Data Controller, as well as, where applicable, authorised personnel :
- Our subsidiaries for internal management or recruitment purposes;
- Our suppliers, service providers and in particular our technical service providers to provide you with the service or information you have requested (Mailing, data storage, etc.). Under their contract, these service providers are not permitted to use or disclose this information except to the extent necessary to provide the services or comply with legal requirements;
- A judicial or administrative authority when the Data Controller is obliged to do so by law.
In application of the applicable regulations, any subcontractor who may process Personal Data on behalf of the Data Controller undertakes in particular to :
- process the Data only for the one purpose(s) for which it is processed,
- to process the Data in accordance with the instructions of the Data Controller,
- to guarantee the confidentiality and security of the Data.
6. DATA TRANSFERS
In the event that your Data is transferred outside the European Union, we ensure that :
- The Data is transferred to countries recognised as offering an equivalent level of protection.
- Data is transferred to entities certified under the Privacy Shield.
For Data transferred outside countries recognised by the CNIL as having an adequate level of protection, recourse is made to one of the mechanisms ensuring appropriate guarantees as provided for by the applicable regulations, and in particular the adoption of standard contractual clauses.
8. YOUR RIGHTS REGARDING THE DATA WE COLLECT
8.1. Your rights
You have all of the following rights in relation to the Data we collect :
Right to access your Data: You have the right to obtain confirmation that your Data is or is not being processed and, where it is, the right to obtain access to it. This right also includes the right to obtain a copy of the Data being processed (Art.15 GDPR).
Right to request rectification of your Data if it is inaccurate: You have the right to request that your Data be rectified, updated or completed when it is found to be inaccurate, erroneous, incomplete or obsolete (Art.16 RGPD).
Right to request the deletion of your Data: According to Article 17 of the GDPR, you have the right to request the deletion of your Data only on the grounds provided for by the applicable regulations and in particular when :
- the Data are no longer necessary for the purposes for which they were collected or otherwise processed;
- you withdraw the consent on which the processing is based, and there is no other legal basis for the processing;
- you object to the processing and there is no compelling legitimate reason for the processing;
- you consider that your Data has been processed unlawfully;
- your Data must be erased to comply with a legal obligation.
Right to restrict the processing of your Data: According to Article 18 of the GDPR, you have the right to obtain from the Controller the restriction of the use of your Data only on the grounds provided for by the applicable regulation and in particular when :
- you contest the accuracy of the Data concerning you;
- you consider that the processing is unlawful and object to the erasure of your Data;
- the Data is still necessary for the establishment, exercise or defence of legal rights, even though FILEUROPE no longer needs it.
Right to object to the processing by withdrawing your consent (it being recalled that such withdrawal will not affect the lawfulness of the processing based on the consent carried out prior to the withdrawal thereof) (Art.7, 3 GDPR).
Right to benefit from the portability of your Data: You have the right to retrieve the Data you have provided to FILEUROPE in a structured, commonly used and machine-readable format, and the right to transmit that Data to another controller (Art.20 RGPD).
Right to lodge a complaint with the CNIL: If you consider that the Data Controller is not complying with its obligations with regard to your Personal Data, you may at any time lodge a complaint or a request with the competent authority. In France, the competent authority is the CNIL to which you can send a request electronically by clicking on the following link : https://www.cnil.fr/fr/plaintes/internet.
8.2. Terms and conditions for exercising rights
You may exercise the aforementioned rights by sending a detailed written request to the following address Fileurope, Zone Industrielle N°4 La Boulée, 88700 Rambervillers.
Due to the Data Controller’s obligation of security and confidentiality in the processing of Data, you are informed that your request will be processed subject to you providing proof of your identity, in particular by producing a scan of your valid identity document or a signed photocopy of your valid identity document.
The Data Controller shall determine within a period of one month from receipt of the request whether the latter is admissible or not. In the event that the said request is admissible, FILEUROPE shall provide the information requested or implement the rights invoked within the aforementioned period.
If, due to the complexity of the request or the number of requests received, the above-mentioned deadline cannot be met, the Controller will inform you before the expiry of this deadline. the postponement of its decision for a maximum of two months.
The Data Controller informs you that it will be entitled, if necessary, to object to manifestly abusive requests (due to their number, repetitive or systematic nature).
In the event that the Data Controller does not comply with your request, we will inform you within the above-mentioned time limits of the reasons for our decision, reminding you of your right to submit a complaint to the CNIL.
9. SECURITY OF PERSONAL DATA
We implement all necessary security measures to prevent, as far as possible, any alteration, loss or unauthorised access to your Data.
In the event that we become aware of any unlawful access to your Data, we will notify you of the incident as soon as possible if this is required by law.
10. UPDATING OF THIS POLICY
This policy may be updated at any time, particularly in application of legal and/or regulatory provisions and/or any recommendations made by the CNIL. We therefore invite you to consult this page regularly.