The ACTIPAPER Company (hereinafter “ACTIPAPER”) is very concerned about the question of the management of Personal Data that it may have to process.
These conditions are intended to establish the guidelines that regulate the processing of Personal Data by ACTIPAPER.
This policy applies to the processing of Data conducted by ACTIPAPER as Processing Manager.
This policy for the protection of Personal Data can be modified at any time. In this case, the new version will be communicated to the Persons concerned by any means and shall be automatically opposable to them.
Personal Data or Data: Any information relating to a natural person identified or identifiable (hereinafter called “Person concerned”) directly or indirectly, notably by reference to an identifier such as a name, an identification number, location data, an online identifier or one or several particular elements specific to his physical, physiological, genetic, psychological, economic, cultural or social identity.
Processing Manager: The natural person or company who determines the purposes and means of the processing.
Sub-Contractor: The natural person or company, who processes personal data on behalf of the Processing Manager.
Recipient: The natural person or company who receives personal data, whether it is a Third Party or not.
Third Party: A natural person or company, a public authority, a service or a body other than the Person concerned, the Processing Manager, the Sub-Contractor and the persons who, placed under the direct authority of the Processing Manager or sub-contractor are authorised to process the Personal Data.
Consent: any expression of desire, free, specific, informed and unambiguous, by which Person concerned by the processing of Personal Data accepts by a declaration or by a clear positive act that Personal Data la concerning him is the subject of processing.
THE DATA COLLECTED
This policy for the protection of Personal Data applies to all of the Personal Data processed by ACTIPAPER as Processing Manager. This can involve data concerning their employees, service providers, prospects, customers, etc.
-ACTIPAPER may collect data such as: first name and family name; e-mail address; gender; telephone number; postal address; age/date of birth; invoicing data; prospection ; data of connection, etc.
THE GUIDING PRINCIPLES
The Personal Data is processed by ACTIPAPER according to the principles of lawfulness, fairness, transparency and proportionality.
The Personal Data is collected for specific, explicit and legitimate purposes and processed in a suitable and relevant manner restricted to what is necessary in regard to the purposes for which it is used.
The Personal Data is kept in a form allowing the identification of the Persons concerned for a period not exceeding that necessary in regard to the purposes for which is processed.
INFORMING OF THE PERSONS CONCERNED
When Personal Data concerning a Person concerned is collected from this person or from a Third Party, the Processing Manager provides him, in particular, with the following information:
– the identity and address details of the Processing Manager.
– the purposes of the processing for which the Data is intended as well as the legal basis of the processing.
– the recipients of the Data.
– the eventual intention of the Processing Manager to make a transfer of Data to a country outside of the EU.
– the duration of conservation of the Data or, when this is not possible, the criteria used to determine this duration.
– if need be, the establishing of a mechanism for profiling or massive processing of personalised data
– if need be, the source from which the Data comes.
As far as possible and subject to other statutory or contractual obligations, this information shall be communicated at the time of the collection or at the time of the first communication with the Person concerned.
RIGHTS OF THE PERSONS CONCERNED
The Persons concerned can claim their right to request access to the Data, the rectification or the deletion of the Data, the portability of the Data to a Third Party, the restriction of the processing as well as to object to the Processing by making the request by e-mail to the following address: firstname.lastname@example.org
Every request must be clear, precise and justified and accompanied by a copy of an identity document and made in accordance with the legal framework applicable.
The Persons concerned can make a complaint to the CNIL to:
3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07
Tel: 01 53 73 22 22 /Fax: 01 53 73 22 00
Or to the address www.cnil.fr/fr/plaintes or www.cnil.fr
The Person concerned is informed that, in the event of objection to the Processing or if he transfers inaccurate or misleading Data, the services relating to the collection of the Data cannot be provided, with the Processing Manager not being able in any event to involve its liability in this regard.
Furthermore, the collection of certain Data can be imposed for a regulatory or contractual reason. The Person concerned is thus obliged to provide the Personal Data sought.
THE RECIPIENTS OF THE DATA
The Data collected shall be processed by the employees of the companies of ACTIPAPER, which are authorised depending on their position to have access to and process the said Data.
In certain cases, the data collected can be processed by sub-contractors or partners or by other subsidiaries of ACTIPAPER S.A., uniquely within the limit necessary to carry out the tasks that are entrusted to them.
ACTIPAPER strictly requires that its sub-contractors or partners process the Personal Data uniquely to manage the services for which they are responsible. ACTIPAPER also asks these service providers or partners to always act in compliance with the applicable laws concerning the protection of Personal Data and to take particular care about the confidentiality of this data.
The data can be communicated by ACTIPAPER to the Administration, Courts and departments of the Government in compliance with the statutory and regulatory provisions.
STORAGE OF THE DATA
The Personal Data is stored either in the databases of ACTIPAPER or in those of its service providers.
In certain cases and mainly for technical reasons, these databases can be stored on servers located outside of the territory of the European Union.
SECURING OF THE DATA
The Personal Data is processed so as to guarantee appropriate security with the assistance of physical, technical or organisational measures relevant in the light of professional rules in the matter, including the protection against unauthorised or illegal processing and against the loss, destruction or damage caused accidentally.
Depending on the needs, risks, costs and purpose of the Processing, these measures can include the pseudonymisation and quantification of the Data.
Every Processing Manager establishes a procedure aimed at regularly testing, analysing and assessing the effectiveness of the technical and organisational measures to ensure the security of the processing.
In the event of breach of the Personal Data, every Processing Manager shall use his best efforts to send a notification to the CNIL as soon as possible and, if possible, within 72 hours at the latest from having become aware thereof.
If this breach of the Personal Data is capable of causing a high risk for the rights and freedoms of the Persons concerned, the Processing Manager shall inform them by any means as soon as possible unless the Processing Manager has taken technical measures for the protection sufficient to have this breach stopped.
TRANSFER OF THE DATA OUTSIDE OF THE EUROPEAN ECONOMIC AREA
Because, in particular, of the international dimension of the activities of ACTIPAPER and in order to optimise the quality of service, the communications of information stipulated above can involve transfers of personal data to non-Member countries of the European Economic Area, the legislation of which concerning the protection of personal data differs from that of the European Union.
In this case, contractual, organisational and procedural measures concerning the staff or companies concerned permit the guaranteeing of an adequate level of protection, security and confidentiality of the Personal Data.