Policy

Introduction

EFINOR attaches great importance to the respect of privacy and, as such, to the personal data that you entrust to it in the context of the relations established with it. This is one of the reasons why EFINOR has chosen to adopt a policy on the confidentiality and protection of your personal data.

Through this policy, EFINOR is committed to processing your data in a responsible, secure and transparent manner, in accordance with the EU Regulation No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Individuals with regard to the processing of personal data and on the free movement of such data and the provisions of the applicable French regulations.

This policy also aims to inform you about the personal data processed by EFINOR, the conditions under which such data is processed and the rights and means of action you have with respect to such data.

Fields of application

The purpose of this policy is to explain our vision and commitments regarding the protection of personal data, as well as the measures taken to guarantee their security.

Specifically, this policy details the processing of personal data relating to the use of EFINOR's websites, which are

Definition

Personal data

Any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier.

Examples: name, identification number (social security, driver's license, passport, personnel number), location data, online identifier, an element relating to physical, physiological, genetic, psychological, economic, cultural or social identity.

Processing of personal data

Any operation or set of operations, whether or not carried out using automated processes, applied to personal data or data sets

Examples: collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, communicating by transmission, disseminating or otherwise making available, matching or linking, limiting, erasing or destroying

Person in charge of the treatment

The natural or legal person, public authority, department or other body which, alone or jointly with others, determines the purposes and means of the processing.

Person concerned

Any person whose data is being processed.

Subcontractor

The natural or legal person, public authority, department or other body that processes personal data on behalf of the controller.

Recipient

The natural or legal person, public authority, service or any other body that receives personal data, whether or not it is a third party.

Data Protection Officer

The person who is responsible for ensuring compliance with the regulations on the protection of personal data.

Personal data breaches

A breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Identity of the actors

In this policy, the terms "EFINOR", "we", "us" or "our" refer to EFINOR, a simplified joint stock company with a capital of 2,000,000 Euros, established at 2, rue Grande Rue. 50100 Cherbourg-en-Cotentin, registered with the Cherbourg Trade and Companies Register, under the number SIRET 429 420 474 00034.

For all the processing activities described below, EFINOR is the entity that decides on the purposes and means used to carry them out. As such, it acts as the data controller in the sense of the applicable regulations on personal data.

For more information about EFINOR, please refer to our legal notice(https://www.efinor.fr/mentions-legales/ )

Basic principles

EFINOR is committed to ensuring that each of the personal data processing operations it carries out respects the fundamental principles of personal data protection. This article informs you of EFINOR's commitments to the fundamental principles of personal data protection.

These aspects are common to all treatments described in this Policy.

Legality, Loyalty and Transparency

Legality of treatment

EFINOR is committed to processing personal data in a lawful manner.

Each of the personal data processing operations carried out by EFINOR is based on one of the six legal bases mentioned in Article 6 of the General Data Protection Regulation.

EFINOR informs you of this legal basis at the time of data collection.

The processing carried out by EFINOR via its website does not require the collection or processing of personal data known as "sensitive" in the sense of Article 9 of the General Data Protection Regulation. Therefore, none of the legal bases mentioned in the same article are required.

Fairness and transparency of treatment

EFINOR is committed to processing your data in a fair and transparent manner.

To this end, EFINOR :

  • Informs you of the existence of personal data processing, the reasons, terms and conditions thereof.
  • Informs you of your rights and facilitates your steps in the exercise of these rights.
  • Informs you of security events and incidents that may affect your personal data.
Purpose limitation

EFINOR is committed to processing your data for specific, explicit and legitimate purposes.

It undertakes to clearly identify the purposes for which it collects and uses your personal data, and to respect the scope defined by these purposes.

EFINOR informs you of these purposes and will inform you of any changes that may affect them.

It undertakes to ensure that the data processing that it implements has purposes that comply with the applicable laws and regulations.

Data minimization

EFINOR undertakes to collect only data that is adequate, relevant and necessary to achieve the purpose of the processing.

Each of the forms present on our sites gives you the possibility to fill in only the information strictly necessary to achieve the intended purpose. Each form includes a statement specifying the purpose, the legal basis for the processing, the length of time the data is kept and the possible recipients of the data.

The data required to process your requests is marked with an asterisk. If you do not fill in these fields, EFINOR will not be able to respond to your request and/or provide you with the desired service. The other fields are optional and allow us to better understand your request and respond to you in a more appropriate manner.

Data accuracy

EFINOR is committed to ensuring that the data it processes is accurate, complete and kept up to date.

It acts to update the data as soon as it becomes aware of their obsolescence or inaccuracy.

To this end, it puts in place systems and procedures to allow data subjects to have the data used corrected or updated.

Limited retention

EFINOR undertakes to keep the personal data used for processing in a form that allows the identification of the data subject only for as long as is strictly necessary to achieve the purposes for which they are processed.

EFINOR undertakes to securely and definitively delete the data at the end of the retention periods set according to the purposes of the processing and the legal, regulatory or contractual requirements to which it is bound.

It also means that EFINOR may, at its discretion, at the end of the same period, keep the data in question if it manages to eliminate the identifying character of the data by means of anonymization processes, thus making them lose their personal character.

Data security

EFINOR attaches great importance to information security issues and, in this regard, to the security of personal data.

EFINOR is committed to protecting your personal data from loss, destruction, alteration, unauthorized access or disclosure. To this end, EFINOR implements appropriate technical, organizational and human resources measures, taking into account the nature of the data as well as the risks that the processing generates, to protect and guarantee the availability, integrity and confidentiality of your personal data, and in particular, against any modification or damage, or against any unauthorized access by third parties.

These measures include, but are not limited to,

Under technical measures :

  • Logical restriction of data access to authorized and authenticated individuals based on their need to know and their level of responsibility within EFINOR.
  • The protection of the elements of the information system (hardware, software, network equipment) against malicious software and external threats (firewall, antivirus, connection filtering, etc.).
  • Secure data storage with backup and recovery procedures in case of an incident
  • The use of the TLS protocol to secure connections to the various EFINOR websites

Under organizational measures :

  • The integration within the perimeter of our Management System of issues related to the protection of personal data
  • The implementation of specific policies, processes and procedures, audited and reviewed on a regular basis, to continuously improve the protection of personal data.
  • The contractual commitment of our employees to protect the confidentiality of personal data to which they may have access in the course of their duties.
  • Specific contractual guarantees in the case of the use of an intermediary
  • The implementation of Data Protection Impact Analysis (DPIA)
  • Physical access control to the premises

Other general provisions

Data sharing with third parties and data transfers outside the European Union

EFINOR never shares your personal information with other companies (except for those EFINOR entities that may be involved in the management of operations involving you).

Your data may potentially be transmitted to technical intermediaries (IT service providers, hosts of our servers, etc.) that EFINOR chooses because of their expertise and reliability, who act under its control and according to its instructions

We allow these intermediaries to process your data only to the extent necessary to provide the service concerned or to comply with a legal or regulatory obligation. In any event, we ensure that your data is protected, end-to-end, throughout the processing.

EFINOR may also be required to provide your data to third parties in order to comply with a legal obligation, to enforce a court order or if such disclosure is necessary to defend our legal rights.

All such third parties may be located in EU and non-EU countries, including countries that do not offer the same level of protection as your country of residence. In such cases, and to the extent required by applicable law, we will either obtain your express and unequivocal consent to share your data with such third parties, or enter into data transfer agreements that comply at least with the standard clauses adopted by the European Commission, or, for third parties established in countries benefiting from adequacy decisions, that such third parties have complied with the requirements set out in such decisions.

Data relating to minors

EFINOR's services are not intended for minors. Furthermore, we do not knowingly collect or process personal data about minors. In the event that we come into possession of such data without the prior consent of their parents, we will take the appropriate measures to delete them from our servers and those of the intermediaries we use

Processing of personal data by EFINOR

You will find details of the purposes and conditions of the processing of your data in the following table:

Personal data breaches

In the event that, despite EFINOR's precautions and diligence, your personal data is accessed, lost or stolen by an unauthorized third party, EFINOR will take such steps as are within its power to mitigate the impact of the personal data breach.

EFINOR has technical and organizational measures in place to monitor, detect, identify and deal with security incidents that may occur. Each incident is analyzed in order to identify its causes and to define the measures to be implemented to prevent its repetition.

In addition, as required by the regulations, EFINOR keeps a register of personal data breaches. In addition, EFINOR notifies the CNIL of any breach that poses a risk to the individuals concerned.

Finally, in the event that the breach creates a high risk to the data subjects, it will take reasonable steps to inform them of the circumstances and consequences of the breach, to the extent required by law. To this end, it will use the contact information provided to it, or any other reasonable means.

Rights of the persons concerned

EFINOR reminds you that you have the rights described below and that you can exercise them by sending an e-mail to mailto:privacy@efinor.com or by using the dedicated forms available on its website.

Right of access

Pursuant to Article 15 of the European Data Protection Regulation (RGPD), you have the right to access your personal data processed by EFINOR.

This right allows you to obtain confirmation from EFINOR that your personal data is being processed by the company and, if necessary, to obtain a copy of such data (any other copy may entail costs which you may have to bear).

As part of its response to your request, EFINOR will also provide you with information regarding:

  • The purpose of the processing of your data,
  • The categories of personal data concerned,
  • To the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular recipients who are established outside the European Union,
  • The length of time for which the data will be kept (if it cannot be estimated at the time of the request, EFINOR will inform you of the criteria used to determine this length of time).

Upon receipt of the response, you will have the option to:

  • Request the correction or deletion of your data,
  • Requesting the limitation of the processing of your data
  • To lodge an appeal with the Commission Nationale Informatique et Liberté (CNIL).

In accordance with Article 12.3 of the RGPD, EFINOR has one month to respond to your request. This period may be extended to two months in the event of a complex request. In this case, EFINOR will inform you within one month of receiving your request of this extension and the reason for it.

Right of rectification

In accordance with Article 16 of the European Data Protection Regulation (RGPD), EFINOR informs you that you have the right to rectify your personal data.

This right allows you to obtain the rectification of personal data concerning you that are processed by the company and that are inaccurate.

This right also allows you to ask the company, in view of the purpose of the processing, to complete your personal data.

In accordance with Article 12.3 of the RGPD, EFINOR has one month to respond to your request. This period may be extended to two months in the event of a complex request. In this case, EFINOR will inform you within one month of receiving your request of this extension and the reason for it

Right to erasure

In accordance with Article 17 of the European Data Protection Regulation, EFINOR informs you that you have the right to have your data erased (also called the right to be forgotten).

This right allows you to obtain the deletion of your personal data processed by the company in one of the following cases:

  • Personal data are no longer necessary for the purpose of the processing or are processed in another way
  • You decide to withdraw your consent to the processing of such data (if this is the legal basis for the processing in question)
  • You object to the processing
  • Personal data have been processed unlawfully
  • Personal data must be deleted to comply with a legal obligation
  • You are a minor

EFINOR may refuse to carry out the erasure in cases where the processing is necessary:

  • To the exercise of the right to freedom of expression
  • To respect a legal obligation or the execution of a mission of public interest or the exercise of public authority
  • For reasons of public interest in the field of health
  • For archival purposes in the public interest, for scientific research or for statistical purposes
  • To the establishment or exercise of rights or legal action

In accordance with Article 12.3 of the RGPD, EFINOR has one month to respond to your request. This period may be extended to two months in the event of a complex request. In this case, EFINOR will inform you within one month of receiving your request of this extension and the reason for it.

Right to object

In accordance with Article 21 of the European Data Protection Regulation, EFINOR informs you that you have the right to object to the processing of your personal data.

This right allows you to object, at any time, for reasons related to your particular situation, to the processing of your personal data by EFINOR in cases where:

  • The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority or for the purposes of the legitimate interests pursued by EFINOR or a third party. EFINOR will then no longer process the personal data, unless the company demonstrates that there are compelling legitimate grounds for the processing that override your interests and rights and freedoms, or for the establishment, exercise or defence of legal claims.
  • If personal data are processed for the purpose of marketing, you have the right to object at any time to the processing of personal data, including profiling insofar as this is related to such marketing. The personal data will then no longer be processed for these purposes.
  • Where personal data are processed for scientific or historical research or statistical purposes, you have the right to object, on grounds relating to your particular situation, to the processing of personal data, unless the processing is necessary for the performance of a task in the public interest.

In accordance with Article 12.3 of the RGPD, EFINOR has one month to respond to your request. This period may be extended to two months in the event of a complex request. In this case, EFINOR will inform you within one month of receiving your request of this extension and the reason for it.

Right to limit processing

In accordance with Article 18 of the European Data Protection Regulation, EFINOR informs you that you have the right to limit the processing of your personal data.

This right allows you to obtain the limitation of the processing of your personal data in one of the following cases:

  • You dispute the accuracy of the personal data collected by EFINOR. The processing will then be limited for the time necessary to verify this
  • The processing is unlawful but you object to the deletion of your data and prefer the limitation of their use
  • EFINOR no longer needs your data but it is necessary for the establishment, exercise or defense of legal rights
  • You have objected to the processing of your data by EFINOR and you request the limitation of such processing for the time necessary to verify whether the data controller has legitimate and compelling reasons that prevail over your rights and freedoms and allow the processing to be resumed.

Where processing has been restricted, your personal data may, with the exception of storage, only be processed:

  • Either with your consent
  • For the establishment, exercise or defense of legal rights
  • for the protection of the rights of another natural or legal person, or
  • Or for important reasons of public interest.

You will be informed by EFINOR before the processing restriction is lifted.

In accordance with Article 12.3 of the RGPD, EFINOR has one month to respond to your request. This period may be extended to two months in the event of a complex request. In this case, EFINOR will inform you within one month of receiving your request of this extension and the reason for it

Right to data portability

In accordance with Article 20 of the European Data Protection Regulation, EFINOR informs you that you have a right to the portability of your personal data.

This right allows you to receive your personal data, collected by EFINOR, in a structured, commonly used and machine-readable format and to transmit them to another controller without EFINOR being able to prevent it, if the following three conditions are met

  • You have given your consent to EFINOR to process this data, or it was collected because it was necessary for the performance of a contract or pre-contractual measures.
  • The treatment is carried out using automated processes.
  • The exercise of this right must not infringe the rights and freedoms of third parties.

As part of the right to portability of your personal data, you have the possibility to have your personal data transmitted directly by EFINOR to another data controller of your choice when technically possible.

The exercise of this right does not prevent you from exercising your right to the deletion of personal data.

This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

In accordance with Article 12.3 of the RGPD, EFINOR has one month to respond to your request. This period may be extended to two months in the event of a complex request. In this case, EFINOR will inform you within one month of receiving your request of this extension and the reason for it.

Links to third party sites

EFINOR's sites may contain links to social networks operated by third parties over whom EFINOR has no control.

In this regard, EFINOR will not be responsible for how your data is used or stored on the servers of these third parties. We recommend that you read the privacy policy of the third parties you access through our sites to understand how your data will be used.

Conflict resolution

Any dispute to which the privacy policy could give rise, particularly concerning its validity, interpretation and execution, their consequences and their consequences will be submitted to the competent courts in the jurisdiction of Cherbourg-en-Cotentin.

Contact

Any questions regarding EFINOR's Privacy Policy should be directed to this e-mail mailto:privacy@efinor.com or by sending a letter to the following address

EFINOR

2, rue Grande Rue
50100 Cherbourg-en-Cotentin

Review of the privacy policy

EFINOR may change this privacy policy as our needs and applicable laws change. We ensure that you will be informed of any changes by a notice on our site or by any other means deemed appropriate. EFINOR's privacy policy was last updated on 11/06/2019.

CONTACT

EFINOR ALLAIS is a builder of professional aluminum and steel vessels, particularly known for its Crewboats SURFER, vessels specialized in the transport of offshore personnel.

Vessel ranges

Shipyard

Contact us

Copyright © 2022 EFINOR -
Legal informationPrivacy PolicyCookie Policy