RGPD Policy

1. DEFINITION

This privacy policy informs you of COLLAB 365’s commitments when personal information about you is collected via its website and how COLLAB 365 uses this information.

2. PREAMBLE

The present charter (hereinafter  “Charter”) provides a framework for the Processing of Personal Data in the context of COLLAB 365’s relations with its partners.

COLLAB 365, concerned about the protection of Personal Data, undertakes to comply with the regulations in force applicable to the Processing of Personal Data and in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter the  “RGPD” ) as well as any applicable national regulations (hereinafter the  “).

All COLLAB 365 partners undertake to read and take full cognizance of all the commitments listed in this Charter, as well as to respect all its principles and accept that failure to do so may be considered a serious breach of their contractual obligations.

All partners undertake to inform all their direct partners and strongly encourage them to follow these same principles and rules of good conduct.

3. DATA PROCESSING PRINCIPLES

As part of its business relationships with partners, COLLAB 365  makes every effort to be in permanent compliance with the essential principles of the RGPD and assures all its partners that the Personal Data communicated to it is processed lawfully, fairly and transparently.

Personal Data is collected for specific, explicit and legitimate purposes and COLLAB 365 undertakes not to process it for purposes incompatible with these purposes.

COLLAB 365 respects the principle of Data minimization, in accordance with Article 5-c of the RGPD stipulating that only Personal Data that is adequate, relevant and limited to what is necessary for the purposes hereinafter defined shall be processed.

4. PURPOSES AND LEGAL BASIS OF DATA PROCESSING BY COLLAB 365

FOR ANY SPECIFIC PROCESSING, NOTABLY IN CONNECTION WITH SECURITY (VIDEO SURVEILLANCE, BADGES, ETC.) OR WITH THE USE OF IT RESOURCES MADE AVAILABLE TO A BUSINESS PARTNER BY COLLAB 365 (SOFTWARE, HARDWARE, ETC.), DATA SUBJECTS WILL RECEIVE A SPECIFIC NOTICE INFORMING THEM OF THE WAY IN WHICH THEIR PERSONAL DATA IS PROCESSED.

5. PERSONAL DATA PROCESSED

In the context of our business relations with our partners, the latter may communicate to COLLAB 365 the Data of the persons concerned, including the Data of their employees, mentioned in the table above. For more information about the processing of your data, please consult the data protection policy of the partner concerned.

6. MAIL TO

COLLAB 365 undertakes to maintain the confidentiality and security of your personal Data in accordance with the regulations in force and to verify that each Recipient complies with appropriate security and confidentiality guarantees.

Within COLLAB 365 entities, the recipients who may receive your personal data are:

– Personnel authorized within COLLAB 365 to process Data;
– Auditors (statutory auditors, chartered accountants) ;
– External companies contractually bound to perform a contract ;
– Public and financial bodies, exclusively to meet legal obligations;

– In the event of a dispute, Personal Data may be passed on, where appropriate, to persons working to resolve the conflict; to judicial and legal officers as part of their debt recovery mission or for any other legal actions; to the judicial or administrative courts in order to establish, exercise or defend the rights of COLLAB 365; to the judicial or administrative courts in execution of an enforceable court decision against COLLAB 365; to any individual or legal entity in execution of an enforceable court decision against COLLAB 365.

Authorized service providers may also have access to your Personal Data as part of the services they provide in connection with the software solutions or IT resources used to process your Personal Data (maintenance, support, hosting, security and control of IT resources, etc.).

7. SHELF LIFE

The length of time we keep your personal data is determined by the legal and regulatory retention periods and by the type of data concerned.

By way of illustration, the retention periods for the main documents relating to the Economic Partners are as follows:

COLLAB 365 WILL NOT STORE PERSONAL DATA IN A FORM THAT PERMITS IDENTIFICATION OF THE DATA SUBJECTS FOR A LONGER PERIOD THAN IS NECESSARY FOR THE PURPOSE FOR WHICH THE DATA WAS ORIGINALLY COLLECTED.

COLLAB 365 may store Data for longer periods if the Personal Data is processed for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, subject to the application of appropriate technical and organizational measures to safeguard the rights and freedoms of the data subject.

8. SECURITY AND CONFIDENTIALITY

COLLAB 365 implements all the technical and organizational measures it deems appropriate, in accordance with Article 32 of the RGPD in order to guarantee the security and confidentiality of your Personal Data.

We verify that each Recipient complies with appropriate security and confidentiality guarantees. COLLAB 365 makes its staff aware of the need to protect personal data. For more information about the security of your Personal Data, please contact our Data Protection Officer (DPO).

9. TRANSFER OF DATA TO A THIRD COUNTRY

In the event of the transfer of your Personal Data to a recipient located in a State that is not a member of the European Community, appropriate safeguards will be put in place, in accordance with the provisions of the RGPD and COLLAB 365 will inform you by any means.

Transfers of Personal Data within COLLAB 365 entities not covered by an adequacy decision of the European Commission are generally covered by the signature of standard contractual clauses.

COLLAB 365 has implemented a Data transfer policy. For further information, please contact our DPO.

10. RIGHTS OF PERSONS CONCERNED

In accordance with the law, you may access your personal data and request that it be corrected or deleted. You also have the right to object, the right to limit the Processing of your Personal Data and the right to the portability of your Personal Data, where applicable. You can find out all about these rights and how to exercise them by sending your questions and/or requests to our Data Protection Officer (DPO) by :

• Mail to COLLAB 365 – 2 Rue Averroes, 93000 Bobigny, with  “Personal data” in the subject line. 
• Mail to contact@collab365.fr, you also have the right to lodge a complaint with the CNIL as supervisory authority, whose current address is: 3 Place de Fontenay, 75007 Paris.

 

11.BUSINESS PARTNERS’ COMMITMENT TO COLLAB 365

Any partner carrying out Processing of Personal Data as a Subcontractor within the meaning of the RGPD on behalf of COLLAB 365 or as a subsequent Subcontractor on behalf of one of its clients undertakes to:

– Sign the Personal Data Processing contract proposed by COLLAB 365, in order to comply with the provisions of Article 28 of the RGPD.

– Complying with regulations

– Process Data solely for the purpose(s) defined by the Data Controller

– Process the Data in accordance with the Data Controller’s documented instructions – If the Business Partner considers that an instruction constitutes a breach of the regulations, it shall inform the Data Controller immediately – If the Business Partner is required to transfer Data to a third country or to an international organization, by virtue of Union law or the law of the Member State to which it is subject, it shall inform the Data Controller of this legal obligation prior to Processing, unless the law concerned prohibits such information for important reasons of public interest

– Guaranteeing the confidentiality and security of processed Data

– Ensure that the persons authorized to process the Data are committed to respecting the confidentiality of the Data and receive the necessary training in Data protection.

– Take into account, with regard to its tools, products, applications or services, the principles of data protection by design and data protection by default.

– Insofar as possible, the Economic Partner shall assist the Data Controller in fulfilling its obligation to comply with requests to exercise the rights of data subjects: right of access, rectification, erasure and objection, right to the restriction of Processing, right to Data portability, right not to be subject to an automated individual decision.

– If the data subjects make requests to the Economic Partner to exercise their rights, the Economic Partner will notify the Data Controller of these requests in writing as soon as they are received.

– The Business Partner shall immediately notify the Data Controller in writing of any Data breach after becoming aware of it. This notification shall be accompanied by all relevant documentation to enable the Data Controller, if necessary, to notify the breach to the competent supervisory authority.

– If necessary, the Economic Partner will provide the necessary assistance (i) the carrying out by the Data Controller of impact analyses relating to Data protection, and (ii) the data controller has carried out prior consultation with the supervisory authority

– The Economic Partner undertakes to implement the appropriate technical and organizational measures in accordance with the RGPD and to communicate them on first request

– On completion of the services, the Business Partner undertakes, at the option of the Data Controller, to (i) destroy all Data; or (ii) return all Data to the address provided. In the event of return of the Data, the Economic Partner shall destroy all existing copies in its possession and shall inform the Data Controller of such destruction.

– The Economic Partner communicates to the Data Controller the name and contact details of its Data Protection Officer, if it has appointed one in accordance with Article37 of the RGPD

– The Business Partner shall not recruit another Subcontractor without the prior written consent of the Data Controller and/or the Subcontractor, if a subsequent Subcontractor. If it is agreed that a subsequent Subcontractor will carry out specific Processing activities on its behalf, the same Data protection obligations as those set out in the contract signed with the Data Controller will be contractually imposed on such subsequent Subcontractor, in particular as regards presenting sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the Processing meets the requirements of the RGPD. The Economic Partner remains fully responsible for the subsequent Subcontractor’s performance of its Data protection obligations.

– The Economic Partner undertakes to process the Data only within the European Union. If the Business Partner is authorized by the Data Controller to transfer Data outside the European Union to a country that is not adequate according to the European Commission, the Business Partner undertakes to implement appropriate safeguards for such transfer and to inform the Data Controller of the appropriate safeguards taken.

– The Economic Partner guarantees to assist the Data Controller and the Subcontractor, if it is a Subsequent Subcontractor in keeping its register of all categories of Processing activities.

– The Business Partner shall provide COLLAB 365 with the documentation necessary to demonstrate compliance with all its obligations.

– The Economic Partner accepts that the Data Controller and/or the Subcontractor, if it is a subsequent Subcontractor, may carry out audits, including inspections, by itself or a third-party auditor it has commissioned and guarantees its contribution to such audits or inspections.

12. CLAUSE NULLITY

If one or more stipulations of the present Charter are held to be invalid or declared as such in application of a law or other legislative text or following a final decision of a competent jurisdiction, the other stipulations will retain all their force and scope.

13. CHARTER EVOLUTION

The Charter may be amended by COLLAB 365’s management in order to take account of recommendations from the CNIL, changes in the law, case law, computer techniques and, more generally, any changes in information and communication technologies.