EFINOR attaches great importance to the respect of privacy and, as such, to the personal data that you entrust to it in the context of the relations established with it. This is one of the reasons why EFINOR has chosen to adopt a policy on the confidentiality and protection of your personal data.
Through this policy, EFINOR is committed to processing your data in a responsible, secure and transparent manner, in accordance with the EU Regulation No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Individuals with regard to the processing of personal data and on the free movement of such data and the provisions of the applicable French regulations.
This policy also aims to inform you about the personal data processed by EFINOR, the conditions under which such data is processed and the rights and means of action you have with respect to such data.
The purpose of this policy is to explain our vision and commitments regarding the protection of personal data, as well as the measures taken to guarantee their security.
Specifically, this policy details the processing of personal data relating to the use of EFINOR's websites, which are
Any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier.
Examples: name, identification number (social security, driver's license, passport, personnel number), location data, online identifier, an element relating to physical, physiological, genetic, psychological, economic, cultural or social identity.
Any operation or set of operations, whether or not carried out using automated processes, applied to personal data or data sets
Examples: collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, communicating by transmission, disseminating or otherwise making available, matching or linking, limiting, erasing or destroying
The natural or legal person, public authority, department or other body which, alone or jointly with others, determines the purposes and means of the processing.
Any person whose data is being processed.
The natural or legal person, public authority, department or other body that processes personal data on behalf of the controller.
The natural or legal person, public authority, service or any other body that receives personal data, whether or not it is a third party.
The person who is responsible for ensuring compliance with the regulations on the protection of personal data.
A breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
In this policy, the terms "EFINOR", "we", "us" or "our" refer to EFINOR, a simplified joint stock company with a capital of 2,000,000 Euros, established at 2, rue Grande Rue. 50100 Cherbourg-en-Cotentin, registered with the Cherbourg Trade and Companies Register, under the number SIRET 429 420 474 00034.
For all the processing activities described below, EFINOR is the entity that decides on the purposes and means used to carry them out. As such, it acts as the data controller in the sense of the applicable regulations on personal data.
For more information about EFINOR, please refer to our legal notice(https://www.efinor.fr/mentions-legales/ )
EFINOR is committed to ensuring that each of the personal data processing operations it carries out respects the fundamental principles of personal data protection. This article informs you of EFINOR's commitments to the fundamental principles of personal data protection.
These aspects are common to all treatments described in this Policy.
EFINOR is committed to processing personal data in a lawful manner.
Each of the personal data processing operations carried out by EFINOR is based on one of the six legal bases mentioned in Article 6 of the General Data Protection Regulation.
EFINOR informs you of this legal basis at the time of data collection.
The processing carried out by EFINOR via its website does not require the collection or processing of personal data known as "sensitive" in the sense of Article 9 of the General Data Protection Regulation. Therefore, none of the legal bases mentioned in the same article are required.
EFINOR is committed to processing your data in a fair and transparent manner.
To this end, EFINOR :
EFINOR is committed to processing your data for specific, explicit and legitimate purposes.
It undertakes to clearly identify the purposes for which it collects and uses your personal data, and to respect the scope defined by these purposes.
EFINOR informs you of these purposes and will inform you of any changes that may affect them.
It undertakes to ensure that the data processing that it implements has purposes that comply with the applicable laws and regulations.
EFINOR undertakes to collect only data that is adequate, relevant and necessary to achieve the purpose of the processing.
Each of the forms present on our sites gives you the possibility to fill in only the information strictly necessary to achieve the intended purpose. Each form includes a statement specifying the purpose, the legal basis for the processing, the length of time the data is kept and the possible recipients of the data.
The data required to process your requests is marked with an asterisk. If you do not fill in these fields, EFINOR will not be able to respond to your request and/or provide you with the desired service. The other fields are optional and allow us to better understand your request and respond to you in a more appropriate manner.
EFINOR is committed to ensuring that the data it processes is accurate, complete and kept up to date.
It acts to update the data as soon as it becomes aware of their obsolescence or inaccuracy.
To this end, it puts in place systems and procedures to allow data subjects to have the data used corrected or updated.
EFINOR undertakes to keep the personal data used for processing in a form that allows the identification of the data subject only for as long as is strictly necessary to achieve the purposes for which they are processed.
EFINOR undertakes to securely and definitively delete the data at the end of the retention periods set according to the purposes of the processing and the legal, regulatory or contractual requirements to which it is bound.
It also means that EFINOR may, at its discretion, at the end of the same period, keep the data in question if it manages to eliminate the identifying character of the data by means of anonymization processes, thus making them lose their personal character.
EFINOR attaches great importance to information security issues and, in this regard, to the security of personal data.
EFINOR is committed to protecting your personal data from loss, destruction, alteration, unauthorized access or disclosure. To this end, EFINOR implements appropriate technical, organizational and human resources measures, taking into account the nature of the data as well as the risks that the processing generates, to protect and guarantee the availability, integrity and confidentiality of your personal data, and in particular, against any modification or damage, or against any unauthorized access by third parties.
These measures include, but are not limited to,
Under technical measures :
Under organizational measures :
EFINOR never shares your personal information with other companies (except for those EFINOR entities that may be involved in the management of operations involving you).
Your data may potentially be transmitted to technical intermediaries (IT service providers, hosts of our servers, etc.) that EFINOR chooses because of their expertise and reliability, who act under its control and according to its instructions
We allow these intermediaries to process your data only to the extent necessary to provide the service concerned or to comply with a legal or regulatory obligation. In any event, we ensure that your data is protected, end-to-end, throughout the processing.
EFINOR may also be required to provide your data to third parties in order to comply with a legal obligation, to enforce a court order or if such disclosure is necessary to defend our legal rights.
All such third parties may be located in EU and non-EU countries, including countries that do not offer the same level of protection as your country of residence. In such cases, and to the extent required by applicable law, we will either obtain your express and unequivocal consent to share your data with such third parties, or enter into data transfer agreements that comply at least with the standard clauses adopted by the European Commission, or, for third parties established in countries benefiting from adequacy decisions, that such third parties have complied with the requirements set out in such decisions.
EFINOR's services are not intended for minors. Furthermore, we do not knowingly collect or process personal data about minors. In the event that we come into possession of such data without the prior consent of their parents, we will take the appropriate measures to delete them from our servers and those of the intermediaries we use
You will find details of the purposes and conditions of the processing of your data in the following table:
In the event that, despite EFINOR's precautions and diligence, your personal data is accessed, lost or stolen by an unauthorized third party, EFINOR will take such steps as are within its power to mitigate the impact of the personal data breach.
EFINOR has technical and organizational measures in place to monitor, detect, identify and deal with security incidents that may occur. Each incident is analyzed in order to identify its causes and to define the measures to be implemented to prevent its repetition.
In addition, as required by the regulations, EFINOR keeps a register of personal data breaches. In addition, EFINOR notifies the CNIL of any breach that poses a risk to the individuals concerned.
Finally, in the event that the breach creates a high risk to the data subjects, it will take reasonable steps to inform them of the circumstances and consequences of the breach, to the extent required by law. To this end, it will use the contact information provided to it, or any other reasonable means.
EFINOR reminds you that you have the rights described below and that you can exercise them by sending an e-mail to mailto:privacy@efinor.com or by using the dedicated forms available on its website.
Pursuant to Article 15 of the European Data Protection Regulation (RGPD), you have the right to access your personal data processed by EFINOR.
This right allows you to obtain confirmation from EFINOR that your personal data is being processed by the company and, if necessary, to obtain a copy of such data (any other copy may entail costs which you may have to bear).
As part of its response to your request, EFINOR will also provide you with information regarding:
Upon receipt of the response, you will have the option to:
In accordance with Article 12.3 of the RGPD, EFINOR has one month to respond to your request. This period may be extended to two months in the event of a complex request. In this case, EFINOR will inform you within one month of receiving your request of this extension and the reason for it.
In accordance with Article 16 of the European Data Protection Regulation (RGPD), EFINOR informs you that you have the right to rectify your personal data.
This right allows you to obtain the rectification of personal data concerning you that are processed by the company and that are inaccurate.
This right also allows you to ask the company, in view of the purpose of the processing, to complete your personal data.
In accordance with Article 12.3 of the RGPD, EFINOR has one month to respond to your request. This period may be extended to two months in the event of a complex request. In this case, EFINOR will inform you within one month of receiving your request of this extension and the reason for it
In accordance with Article 17 of the European Data Protection Regulation, EFINOR informs you that you have the right to have your data erased (also called the right to be forgotten).
This right allows you to obtain the deletion of your personal data processed by the company in one of the following cases:
EFINOR may refuse to carry out the erasure in cases where the processing is necessary:
In accordance with Article 12.3 of the RGPD, EFINOR has one month to respond to your request. This period may be extended to two months in the event of a complex request. In this case, EFINOR will inform you within one month of receiving your request of this extension and the reason for it.
In accordance with Article 21 of the European Data Protection Regulation, EFINOR informs you that you have the right to object to the processing of your personal data.
This right allows you to object, at any time, for reasons related to your particular situation, to the processing of your personal data by EFINOR in cases where:
In accordance with Article 12.3 of the RGPD, EFINOR has one month to respond to your request. This period may be extended to two months in the event of a complex request. In this case, EFINOR will inform you within one month of receiving your request of this extension and the reason for it.
In accordance with Article 18 of the European Data Protection Regulation, EFINOR informs you that you have the right to limit the processing of your personal data.
This right allows you to obtain the limitation of the processing of your personal data in one of the following cases:
Where processing has been restricted, your personal data may, with the exception of storage, only be processed:
You will be informed by EFINOR before the processing restriction is lifted.
In accordance with Article 12.3 of the RGPD, EFINOR has one month to respond to your request. This period may be extended to two months in the event of a complex request. In this case, EFINOR will inform you within one month of receiving your request of this extension and the reason for it
In accordance with Article 20 of the European Data Protection Regulation, EFINOR informs you that you have a right to the portability of your personal data.
This right allows you to receive your personal data, collected by EFINOR, in a structured, commonly used and machine-readable format and to transmit them to another controller without EFINOR being able to prevent it, if the following three conditions are met
As part of the right to portability of your personal data, you have the possibility to have your personal data transmitted directly by EFINOR to another data controller of your choice when technically possible.
The exercise of this right does not prevent you from exercising your right to the deletion of personal data.
This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
In accordance with Article 12.3 of the RGPD, EFINOR has one month to respond to your request. This period may be extended to two months in the event of a complex request. In this case, EFINOR will inform you within one month of receiving your request of this extension and the reason for it.
EFINOR's sites may contain links to social networks operated by third parties over whom EFINOR has no control.
In this regard, EFINOR will not be responsible for how your data is used or stored on the servers of these third parties. We recommend that you read the privacy policy of the third parties you access through our sites to understand how your data will be used.
Any dispute to which the privacy policy could give rise, particularly concerning its validity, interpretation and execution, their consequences and their consequences will be submitted to the competent courts in the jurisdiction of Cherbourg-en-Cotentin.
Any questions regarding EFINOR's Privacy Policy should be directed to this e-mail mailto:privacy@efinor.com or by sending a letter to the following address
EFINOR
2, rue Grande Rue
50100 Cherbourg-en-Cotentin
EFINOR may change this privacy policy as our needs and applicable laws change. We ensure that you will be informed of any changes by a notice on our site or by any other means deemed appropriate. EFINOR's privacy policy was last updated on 11/06/2019.