Privacy policy

1          Introduction

The EFINOR Group gives a great importance to the respect of the private life, as such, to the personal data you provide within the framework of the relationship you establish with it. This is one of the reasons why it has been chosen to adopt a policy specific to the confidentiality and the protection of your personal data.

With this policy, the EFINOR Group commits itself to process your data in a responsible, secure and transparent way, in accordance with the EU Regulation n°2016/679 of the European Parliament and of the Council of 27 April 2016 related to the Protection of Natural Persons in relation with the processing of personal data and the free movement of such data and the provisions of the applicable French legislation.

This policy also aims at informing you about the personal data processed by the EFINOR Group, the conditions under which these data are processed as well as the rights and means of action you own with respect to such data.

1.1         Scope

The purpose of this policy is to clarify our vision and our commitments to the protection of personal data, as well as the measures taken to ensure their security.

More specifically, this policy details the personal data processing related to the use of the EFINOR Group websites which are:

It also informs you of the use made of your personal data if you choose to use the forms available on the websites in order to contact us, submit your application for recruitment, contract with us or exercise your rights relating to your personal data.

Lastly, it aims at informing all customers and suppliers about the processing of personal data carried out on them and their employees in the framework of the commercial relations established with the EFINOR Group.

1.2         Definition

1.2.1         Personal data

Any information related to a natural person identified or identifiable, directly or indirectly, in particular by reference to an identifier.

Examples: name, identification number (social security, driver’s license, passport, registration number), location data, online identifier, an element relating to physical, physiological, genetic, psychological, economic, cultural or social identity.

1.2.2         Personal data processing

Any operation or set of operations performed or not using automated processes and applied to data or sets of personal data.

Examples: the gathering of information, recording, organization, structuring, storage, adaptation or alteration, extraction/retrieval, consultation, use, disclosure by transmission, broadcast/dissemination or otherwise making available, alignment or interconnection, restriction, erasure or destruction.

 

1.2.3         Processing Manager

The natural or legal person, the public authority, the agency or any other body which, alone or in conjunction with others, determines the purposes and the means of process.

 

1.2.4         Person concerned

 

Anyone whose data is being processed.

1.2.5         Subcontractor

The natural or legal person, the public authority, the agency or any other body which processes personal data on behalf of the controller.

1.2.6         Recipient

The natural or legal person, the public authority, the agency or any other body which receives personal data, whether from a a third party or not.

 

1.2.7         Data Protection Officer

The person in charge of ensuring compliance with the regulations on the protection of personal data.

 

1.2.8         Violations of personal data

A security breach which, accidentally or unlawfully, causes the destruction, loss, alteration, unauthorized disclosure of personal data transmitted, stored or otherwise processed, or unauthorized access to such data.

2          Identity of the actors

In this policy, the terms “The EFINOR Group”, “we”, “us” or “our” refer to EFINOR, a simplified joint-stock company with a capital of 2,000,000 euros, established at ZA Maison Georges 50440 BEAUMONT- HAGUE, registered at the RCS of Cherbourg, under the SIRET number 429 420 474 00034.

For all processing activities described below, the EFINOR Group is the entity which decides on the purposes and the means used to achieve them. As such, the Group acts as processing controller in the sense of the applicable regulations regarding personal data.

For more information on the EFINOR group, please refer to our legal notices (https://www.efinor.fr/mentions-legales/)

 

3          Fundamental principles

The EFINOR Group commits itself to ensure that each of the personal data processing it implements respects the fundamental principles of the protection of personal data. This article informs you about the EFINOR Group’s commitments to the fundamental principles of the protection of personal data. These aspects are common to all processing described in this Policy.

 

3.1         Legality, Loyalty et Transparency

3.1.1         Legality of the processing

The EFINOR Group commits itself to process personal data lawfully.

Each personal data processing implemented by the EFINOR Group is based on one of the six legal bases mentioned in Article 6 of the General Data Protection Regulations.

The EFINOR Group informs you of this legal basis when collecting data.

The processing implemented by the EFINOR Group via its website do not require the collection or personal data processing referred as “sensitive” within the meaning of Article 9 of the General Data Protection Regulation. Therefore none of the legal bases mentioned in the same article is required.

 

3.1.2         Loyalty and transparency of the processing

The EFINOR Group commits itself to treat your data fairly and transparently.

For this purpose, the EFINOR Group:

  • Informs you of the existence of a personal data processing, the reasons, terms and conditions of it.
  • Informs you of the rights you own and facilitates your steps in the exercise of these rights.
  • Informs you of safety incidents and events which might affect your personal data.

 

3.2         Purpose limitations

The EFINOR Group commits itself to process your data for specific, explicit and legitimate purposes.

It commits itself to clearly identify the purposes for which it collects and uses your personal data, and to respect the scope defined by these purposes.

The EFINOR Group informs you of these purposes and will inform you of any change which may affect them.

It commits itself that the data processing it implements own purposes in compliance with the applicable laws and regulations.

3.3         Data minimization

The EFINOR group commits itself to collect only the accurate, relevant and necessary data for the accomplishment of the processing purpose.

Each of the forms on our sites give you the opportunity to only provide information strictly necessary to achieve the purpose pursued. Each form includes a statement specifying the latter, the legal basis on which the processing is based, the duration during which the data are kept and the possible recipients of the data.

The data required to manage your requests are marked with an asterisk. If you do not complete these fields, the EFINOR Group will not be able to answer your request and / or provide you with the expected service. The other fields are optional and allow us to better understand your request and answer more appropriately.

3.4         Data accuracy

The EFINOR Group commits itself to ensure that the data it processes are accurate, complete and updated.

It acts to update the data as soon as it becomes aware of their obsolescence or their inaccuracy.

For this to happen, it implements systems and procedures allowing data subjects to rectify or update the data used.

 

3.5         Limited storage

The EFINOR Group commits itself to keep personal data used for processing in a way which allows the identification of the data subject, only during the period strictly necessary for the fulfilment of the purposes for which they are processed.

The EFINOR Group commits itself to delete, definitively and in a secure way, the data at the expiration of the retention periods set according to the purposes of the processing and the legal, regulatory or contractual requirements the Group is subject to.

It also means that the EFINOR Group may, at its discretion, at the end of this same period, keep the data concerned if it succeeds in eliminating its identifying nature via anonymisation processes, thereby depriving them of their personal nature.

 

3.6         Data safety

The EFINOR Group gives a huge importance to the issues of information security & safety and, in this respect, the personal data safety.

The EFINOR Group is concerned to protect your personal data against unauthorized loss, destruction, alteration, access or disclosure. To this end, it implements appropriate technical, organizational and human measures, considering the nature of the data as well as the risks that the processing generates, to protect and guarantee the availability, the integrity and the confidentiality of your personal data, and particularly, against any modification or damage, or against any unauthorized access by third parties.

These measures include, in particular,

As technical measures:

  • The logical restriction of data access to authorized and authenticated individuals based on their need to know and their level of responsibility within the EFINOR Group.
  • The protection of information system elements (hardware, software, network equipment) against malware and external threats (firewall, antivirus, connection filtering, etc.).
  • A secure data storage including a backup and restore procedure in the event of an incident.
  • The use of the TLS protocol to secure connections to EFINOR Group websites.

 

 

As organizational measures:

  • The integration, within the scope of our Management System, of all issues related to the protection of personal data.
  • The implementation of specific policies, processes and procedures, audited and regularly reviewed with a view to continuously improving the protection granted to personal data.
  • The contractual commitment of our employees to protect the confidentiality of personal data to which they would have access in the context of their function.
  • Specific contractual guarantees in the case of a recourse to an intermediary.
  • The implementation of Impact Analysis on Data Protection (IADP).
  • The physical access control to the premises.

 

4          Other general provisions

4.1         Data sharing with third parties and data transfers outside the European Union

The EFINOR Group never shares your personal data with other companies (with the exception of the EFINOR Group entities which may be involved in the management transactions involving you).

Your data can potentially be transmitted to technical intermediaries (IT service providers, hosts of our servers, etc.) that the EFINOR Group chooses because of their expertise and reliability, which act under its control and according to its instructions

We authorize these intermediaries to process your data only within the scope necessary to provide the service concerned or to comply with a legal or regulatory obligation. In any case, we ensure your data to be protected, end-to-end, throughout the duration of the treatment.

The EFINOR Group may also be required to provide your data to third parties because of a legal obligation, as part of the execution of a court order or if such communication is necessary in the defence of our rights in the court.

All these third parties may be established in EU or non-EU member states, including in states which do not offer the same level of protection as your country of residence. In this case, and within the limits required by the applicable regulations, we will make sure to obtain your express and unequivocal consent for the sharing of your data with these third parties, or to conclude data transfer contracts complying with at least the standard clauses adopted by the European Commission, ie, for third parties established in States benefiting from adequacy decisions, that these third parties have complied with the requirements laid down in those decisions.

4.2         Data on minors

The services of the EFINOR Group are not intended for minors. In addition, we do not collect or treat any personal data relating to minors on a voluntary or conscious basis. In the event that we are in possession of such data without the prior permission of their parents, we will take appropriate measures to delete them from our servers and those intermediaries we would use.

 

5          Processing of personal data by the EFINOR Group

You will find details of the purposes and conditions of your data processing via the following link:

Insert here a link to the list of personal data processing

6          Violations of personal data

In the event that, despite the precautions taken and the due diligence carried out by the EFINOR Group, your personal data are made accessible, lost or stolen by an unauthorized third party, the EFINOR Group commits itself to take the necessary measures, which are in its power, to reduce the impact of this personal data breach.

The EFINOR Group owns technical and organizational measures enabling it to monitor, detect, identify and deal with any safety incidents which may occur. Each incident is analysed in order to identify the causes and define the measures to be implemented to prevent reiteration.

In addition, as required by the regulations, the EFINOR Group keeps a register of personal data breaches. Likewise, it notifies the CNIL of any violation presenting a risk for the persons concerned.

Finally, in the event that the violation creates a huge risk for the persons concerned, it will take reasonable measures to inform them of the circumstances and consequences of this violation, within the limits required by law. To this purpose, it will use the contact information you provided him, or any other reasonable means.

7          Right of the persons concerned

The EFINOR Group reminds you that you have the rights described below and that you can exercise them via the dedicated forms accessible on its website.

7.1         Access rights

In accordance with Article 15 of the European Data Protection Regulation (RGPD), you have a right of access to your personal data processed by the EFINOR Group.

This right enables you to obtain confirmation from the EFINOR Group that your personal data are processed by the company and, if necessary, to obtain a copy of these data (any other copy may incur costs of which the eventual charge will come back to you).

As part of its answer to your request, the EFINOR Group will also send you information on:

  • The purposes of your personal data processing,
  • The categories of personal data concerned,
  • The recipients or categories of recipients to whom the personal data have been or will be communicated, in particular recipients who are established outside the European Union,
  • The time during which the data will be kept (if it cannot be estimated at the time of the request, the EFINOR Group will inform you of the criterion used to determine this duration).

Conformément à l’article 12.3 du RGPD, le Groupe EFINOR dispose d’un délai d’un mois pour répondre à votre requête. Ce délai pourra être porté à deux mois en cas de demande complexe. Dans ce cas le Groupe EFINOR vous informera dans un délai d’un mois à compter de la réception de votre demande de cette prolongation et du motif de celle-ci.

 

From the reception of the answer, you will have the possibility to:

  • Request the rectification or erasure of your data,
  • Request the limitation of the processing of your data
  • To lodge an appeal before the “Commission Nationale Informatique et Liberté” (CNIL).

In accordance with article 12.3 of the RGPD, the EFINOR Group has one month to answer your request. This period may be extended to two months in case of a complex request. In this case the EFINOR Group will inform you within one month of receipt of your request for this extension and the reason for it.

7.2         Right of rectification

In accordance with Article 16 of the European Data Protection Regulation (RGPD), the EFINOR Group informs you that you have the right to rectify your personal data.

This right allows you to obtain the correction of your personal data which are processed by the company and which are inaccurate.

This right also allows you to ask the company, given the purpose of the processing, for your personal data to be completed.

In accordance with article 12.3 of the RGPD, the EFINOR Group has one month to answer your request. This period may be extended to two months in case of a complex request. In this case the EFINOR Group will inform you within one month of receipt of your request for this extension and the reason for it.

7.3         Right of data erasure

In accordance with Article 17 of the European Data Protection Regulation, the EFINOR Group informs you that you have a right to erase data (also called the right to be forgotten).

This right allows you to obtain the deletion/erasure of your personal data, and processed by the company, in one of the following cases:

  • The Personal data are no longer necessary for the purpose of the processing, or are treated in another way.
  • You decide to withdraw your consent to the processing of these data (if it is the legal basis applicable to the treatment in question).
  • You oppose the processing.
  • Your Personal data have been subject to unlawful processing.
  • Personal data must be erased in order to comply with a legal obligation.
  • You are a minor.

 

The EFINOR Group may refuse to proceed with the erasure in cases where processing is necessary:

  • The exercise of the right to freedom of expression
  • The respect for a legal obligation or the completion of a mission of public interest or the exercise of public authority.
  • For reasons of public interest in the field of health.
  • For archival purposes in the public interest, for scientific research purposes or for statistical purposes.
  • For an exercise of rights or legal action.

 

In accordance with article 12.3 of the RGPD, the EFINOR Group has one month to answer your request. This period may be extended to two months in case of a complex request. In this case the EFINOR Group will inform you within one month of receipt of your request for this extension and the reason for it.

7.4         Right of opposition

In accordance with Article 21 of the European Data Protection Regulation, the EFINOR Group informs you that you have the right to object to the processing of your personal data.

This right enables you to oppose, at any time, for reasons related to your particular situation, to the processing of your personal data by the EFINOR Group in cases when:

  • The processing is necessary for the completion of a mission of public interest or the exercise of public authority or for the legitimate interests pursued by the EFINOR Group or a third party. The EFINOR Group will no longer process personal data unless the company demonstrates that there are legitimate and compelling reasons for the treatment that prevails over your interests and your rights and freedoms, or for the purpose of statement, exercise or defence of rights in court.
  • When personal data are processed for the purpose of prospecting, you have the right to object at any time to the processing of your personal data, including profiling, to the extent that they are related to such prospecting. Personal data are then no longer processed for these purposes.
  • When personal data are processed for scientific or historical research purposes or for statistical purposes, you have the right to object, for reasons relating to your particular situation, to the processing of your personal data, unless the processing is necessary for the performance of a mission of public interest.

In accordance with article 12.3 of the RGPD, the EFINOR Group has one month to answer your request. This period may be extended to two months in case of a complex request. In this case the EFINOR Group will inform you within one month of receipt of your request for this extension and the reason for it.

7.5         Right to processing limitation

In accordance with Article 18 of the European Data Protection Regulation, the EFINOR Group informs you that you have a right to limit the processing of your personal data.

This right enables you to obtain the limitation of the processing of your personal data in one of the following cases:

  • You dispute the accuracy of the personal data collected by the EFINOR Group. The processing will then be limited for the whole duration in order to verify it.
  • The processing is illegal but you oppose the erasure of your data and prefer the limitation of their use.
  • The EFINOR Group no longer needs your data but your data necessary for the statement, exercise or defence of rights in court.
  • You objected to the processing of your personal data by the EFINOR Group and you now ask for its limitation for the duration necessary to verify whether the controller has legitimated and compelling reasons, overriding your rights and freedoms and allowing the resumption of the processing.

Where processing has been restricted, your personal data may, with the exception of storage, only be processed:

  • With your consent.
  • With the statement, exercise or defence of rights in court.
  • For the protection of the rights of another natural or legal person.
  • For important reasons of public interest.

You will be informed by the EFINOR Group before the limitation of the processing is rised.

In accordance with article 12.3 of the RGPD, the EFINOR Group has one month to answer your request. This period may be extended to two months in case of a complex request. In this case the EFINOR Group will inform you within one month of receipt of your request for this extension and the reason for it.

7.6         Right to data portability

In accordance with Article 20 of the European Data Protection Regulation, the EFINOR Group informs you that you have a right to the portability of your personal data.

This right enables you to receive your personal data, collected by the EFINOR Group, in a structured, commonly used and machine-readable format and to transmit the data to another controller without the EFINOR Group being able to obstruct it, in the case when the following three conditions are met:

  • You have given the EFINOR Group your consent to the processing of the data, or the data have been collected because necessary for the performance of a contract or pre-contractual measures.
  • The processing is done using automated processes.
  • The exercise of this right must not affect the rights and freedoms of third parties.

In the framework of the right to portability of your personal data, you have the option of having the data transmitted directly by the EFINOR Group to another data controller of your choice when it is technically possible.

The exercise of this right does not prevent you from exercising, in addition, your right to the personal data erasure.

This right does not apply to the processing necessary to perform a mission of public interest or related to the exercise of public authority of which the controller is responsible.

In accordance with Article 12.3 of the RGPD, the EFINOR Group has one month to answer your request. This period may be extended to two months in case of a complex request. In this case the EFINOR Group will inform you within one month of receipt of your request for this extension and the reason for it.

8          Cookies

This section of our Privacy Policy aims to show you what cookies are, what we use, how we use them and how you can set them.

8.1         General information on cookies

A cookie (also called connection indicator) is a small text file placed on the device (computer, mobile phone, tablet …) that you use to access Internet (when you visit a site via your browser).

This file allows us to identify your computer, tablet, smartphone or other equipment that you use to view our sites, in order to customize the services we offer.

8.2          Cookies present in the EFINOR Group websites

8.2.1          Technical and navigation cookies

Some cookies deployed on our websites are necessary for their proper functioning.

These are technical cookies whose sole purpose is to allow the proper display of the site and to optimize navigation.

These cookies expire when you close your browser to Internet.

 

8.2.2          Analytics cookies

We measure the audience of our websites thanks to the Google Analytics service.

Via the latter, we collect the following data:

  • IP address.
  • Type / version of the device and internet browser used.
  • Activities on the site (pages consulted, origin of the visitor, time of presence, clicked buttons, etc.).

The traffic data and the cookie files that we implement on your computer via Google Analytics are solely for the purpose of enabling us to analyse the frequency of our information pages in order to improve their content.

The data related to the navigation of the visitors are not exploited by name; they are automatically aggregated into statistics allowing to know the most and least popular pages, the preferred paths, the activity levels per day of the week and per hour of the day, the main customer or server errors.

These cookies are kept for a maximum of 13 months, in accordance with the recommendations of the CNIL in this regard.

For more information on how Google Analytics works and the ability to disable the audience measurement cookies, please visit the following links:

8.2.3           Social networks cookies

Social networks (Facebook, Twitter, Google +, LinkedIn, Pinterest, etc.) offer the possibility of sharing our content by means of sharing buttons integrated on our pages. These social buttons deposit cookies on your devices.

Cookies can also be used on sites that offer the ability to share our content, including social networking sites directly.

Cookies posted by social networking sites are of their sole responsibility. You can consult the privacy conditions of each of these sites at the following addresses:

8.3          Cookies management

8.3.1          Consent by continuing navigation

During your first visit to our Website, an information banner will appear at the bottom of the page. By continuing your navigation on the Site or after clicking on “it is noted, thank you”, you consent that the EFINOR group can deposit cookies on your computer or device.

The banner will remain displayed until you have not continued your navigation, that is to say until you have visited another page of the Site or have not clicked on another element of the Site.

8.3.2         Settings via the browser

Most Internet browsers are configured by default so that cookies are allowed to be posted.

Your browser offers you the opportunity to change these standard settings at any time to accept, set, or at the contrary, refuse cookies.

Several options are available to you:

  • Accept all cookies.
  • Accept only part of the cookies according to their issuer.
  • Systematically refuse all cookies.

Your browser also allows you to delete existing cookies on your device or to notify you when new cookies may be placed on your device.

These settings do not affect your navigation but make you lose all the benefit of the cookie.

Each internet browser offers different configuration modes for managing cookies. Generally speaking, they are described in the “Help” menu of each browser.

To find out how to modify your cookie preferences according to your browser, you will find below the links to the help needed to access the menu of your browser provided for this purpose:

If you use a browser type or version different from those listed above, we invite you to consult the “Help” menu of your browser.

However, we would like to inform you that the refusal of the deposit of cookies on your device may alter your user experience and your access to certain services or features of this website. If applicable, the EFINOR group declines any responsibility concerning the consequences related to the degradation of your navigation conditions that occur due to your choice to refuse, delete or block the cookies necessary for the operation of the site. These consequences cannot constitute damage and you cannot claim any compensation for this fact.

Finally, if you have deactivated one or more cookies, we can always use the information collected by these cookies before they are deactivated. Nevertheless, we stop collecting data via the refused cookie.

For further information on the tools of cookies control, you can consult the website of the CNIL : https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser.

9          Links to third parties’ sites

The EFINOR Group websites may contain links to social networks managed by third parties over which the EFINOR Group has no control.

In this respect, the EFINOR Group cannot be held responsible for the way your data will be used or stored on the servers of these third parties. We advise you to read the privacy policy of these third parties that you access through our websites to analyse how your data will be used.

10     Conflicts resolution

Any dispute to which the privacy policy could give rise, in particular concerning its validity, its interpretation and its execution, their consequences and their consequences will be submitted to the competent courts within the jurisdiction of Cherbourg-en-Cotentin.

11     Point of contact

Any questions regarding the EFINOR Group Privacy Policy should be addressed to this email address privacy@efinor.com or by sending an email to the following address:

Efinor

ZA Maison Georges

50440 BEAUMONT-HAGUE

12     Privacy policy review

The EFINOR Group may modify this privacy policy according to the evolution of its needs and the applicable legislation. We guarantee that you will be informed of any changes by a mention on our website or any other means deemed appropriate. The EFINOR Group Privacy Policy was updated on 11/06/2019.