The purpose of this charter is to show the appropriate technical and organizational measures implemented by COVENTYA to guarantee the data protection and to meet the legal and regulatory requirements applicable to the protection of the personal data and the rights of the persons from whom the said data are collected, in particular the European Regulation (EU) 2016/679 applicable as from 25th May 2018 (hereinafter referred to as GDPR).
This new European regulation is a continuation of the French law “Informatique et Libertés” issued in 1978 and strengthens the control by citizens of the use that can be made of their data. It harmonises the rules in Europe by providing a single legal framework.
By entering into a relationship with COVENTYA, you acknowledge that you have read and understood this Privacy & Personal Data Protection Policy, as well as the practices for collecting and processing the information described in this document.
- Collection of your personal data
- Use of your personal data
- Third parties with whom we share your personal data
- Retention period of your personal data
- Your rights
- Protection of your personal data
- Information with relation to underage individuals
- International Transfers
- How to contact us
- Modification and update
This Privacy & Personal Data Protection Policy was last updated on June 05th, 2019. We may amend this Privacy & Personal Data Protection Policy. Please consult the present policy regularly to stay informed of any updates.
Article 1. DEFINITIONS
Personal Data: Refers to any information in relation to an identified or identifiable natural person. It is understood that an “identifiable natural person” is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, online identifier, or to one or more specific elements proper to its physical, physiological, genetic, psychic, economic, cultural or social identity.
A « personal data processing » is an operation, or a set of operations relating to personal data, regardless of the process used (collection, registration, organization, retention, adaptation, modification, extraction, consultation, use, communication by transmission, distribution or any other form of disposition, data reconciliation).
Charter: Refers to this present document on Privacy & Data Protection, applicable to anyone in connection with COVENTYA.
You: Refers to anyone in relation with COVENTYA, whether you are a customer, employee, candidate, visitor, business prospect or a service provider.
COVENTYA or the Company: means COVENTYA Holding and/or all of its subsidiaries.
Article 2. Collection of your personal data
COVENTYA is committed to collect only the necessary data for the proper management of the Company. Only adequate, relevant and strictly necessary data are collected for the purpose of each treatment and for the proper performance of all our business functions and departments.
During our relationship, we collect and proceed personal data in different ways. We may collect personal data from you directly but we may also collect data by recording your interaction with our services, for example by using cookies on this website.
The personal information we collect about you may include, but is not limited to: your name, email address, mailing address, phone number, invoicing information, your answers to survey, order details. And, in the case of a recruitment: your resume, cover letter, letters of references, information on salary, and other information you provide about yourself through our website, as well as your IP address and web browser.
You can choose not to provide us with your personal data. However, you must generally provide us with certain information about yourself in order to continue our relationship and/or use the features of the Website. For example, only registered guests can access to the My Coventya “Customer SDS access » and « My invoices » spaces, also the HR “Apply to vacancy” page implies your agreement on the transmission of your personal data.
Confidential and accessible only to authorized persons, your personal data will be kept and can be extended as long as the relationship between COVENTYA and you is active or necessary to comply with legal obligations, resolve disputes and enforce our agreements.
Article 3. Use of your personal data
We use the personal data we collect about you for specific purposes only including, but not limited to, providing you our services, establishing a contractual relationship, communicating with you about your account or about the use of our site and our services. We use your personal data only when you have expressly accepted that we process your personal data for one or more specific purposes or when we are authorised to do so legally.
In general, we use your personal data in the following circumstances:
- In order to execute a contract we have concluded with you,
- For commercial purposes or studies intended to improve our customer knowledge and the services the COVENTYA Group provides to its customers (refer to our Cookies Policy)
- In order to facilitate your customer relationship with the different entities of the COVENTYA Group,
- When necessary to defend your legitimate interest (or those of a third party) or those of the COVENTYA Group,
- When we must comply with a legal or regulatory obligation.
Article 4. Third parties with whom we share your personal data
To achieve the purposes described above ends and within the limits necessary to the pursuit of these purposes, your data may be transmitted to all or some of the following recipients:
- Authorized persons of the concerned services within the companies of the COVENTYA Group,
- Contractors and subcontractors of the COVENTYA Group companies (service providers in marketing, finance, IT, technical matters, legal services, human resources…),
- Companies of the COVENTYA Group for the above mentioned purposes,
- Administrative or judiciary authorities, when appropriate.
In addition, COVENTYA may share your information with other parties in the event of a sale or transfer of all or part of our business and if your personal data are related to the part of our activity sold or transferred. Or, if we operate a merger with another company, we will share your personal data with the new owner or the other party to the merger.
The companies of the COVENTYA Group choose subcontractors or service providers or third parties who offer guarantees in terms of quality, safety, reliability and resources to ensure the implementation of technical and organizational measures as well as the security of treatments.
The Data collected and processed by COVENTYA are not transferred to or rented to third parties, neither free of charge nor for a fee.
Article 5. Retention period of your personal data
In accordance with the French Data Protection Act and the GDPR, COVENTYA limits the storage of your data for a period not exceeding what is necessary for the purposes for which they are processed, in particular the fulfilment of any legal or accounting requirements and any legal obligation to submit accounts.
When determining the appropriate retention period for personal data, we take into account the quantity, nature and sensitivity of the personal data, the potential risk of harm in the event of unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and the possibility of achieving those purposes by other means, as well as the applicable legal requirements.
As an example, data can be stored for:
- 2 years for job applications,
- 5 years after the end of the employment contract for personnel data,
- 6 years for tax documents,
- 10 years for accounting documents.
Article 6. Your rights
The GDPR reaffirms the rights of the individuals to control their data by giving them rights; right of access, right to modify incorrect or incomplete data, right to erase data that no longer need to be kept, right to a limited processing, right to be notified when your data are updated, right to the portability of your data by automated processing and right for legitimate reasons to object to the processing of your data and for commercial prospecting.
Anytime, you can send a request to COVENTYA in order to obtain the information about you that is being held by COVENTYA. To exercise this right, you must prove your identity and make a request by email to COVENTYA’s Data Protection Officer. Also, for any information, or request for opposition for a legitimate reason or data portability when technically possible, please contact the COVENTYA Data Protection Officer at the following email address: DPO@COVENTYA.com.
A notification procedure has been put in place to process requests for Personal Data. We will respond as soon as possible.
Candidates have the right to oppose the collection of their personal data. They also have the right to rectify their data. Opposition to the treatment of data during a recruitment process will lead its termination.
As far as possible, we will respond to your request, unless the treatment is motivated by a serious and compelling legitimate interest or we must continue to process your personal data in order to engage, exercise, or defend a lawsuit.
Article 7. Protection of your personal data
The security of your personal information is important to COVENTYA.
COVENTYA implements security means and applies physical administrative, technical and organizational measures to guarantee a level of security adapted to the risk and to prevent in particular the destruction, the loss, the alteration, the unauthorized disclosure or the unauthorized access to your data.
For example, only authorized employees are able to access personal data, and they can only do so for legitimate business purpose. We also use firewalls and intrusion detection systems to prevent unauthorized persons to access your personal data.
COVENTYA conforms to generally accepted standards to protect personal data during transmission, storage and processing. However, COVENTYA cannot guarantee the absolute security and take responsibility for your systems, for the internet itself, or for the networks and third parties services used to transmit data.
Article 8. Information with relation to underage individuals
Apart from information relating to the children of COVENTYA staff directly collected from their parents in order to make these children benefit of the benefits granted to employees and their families (health insurance, pension,…), and the discovery of the company internships and apprenticeship contracts for which information is collected from the parents or schools/universities, COVENTYA does not offer services to children.
To the best of our knowledge, we do not collect data on minors through the website. If we know that a person is under the age of 18 and that the person sends us personal data, we will delete or destroy that information as soon as it is reasonably possible.
Article 9. International transfers
The data transmitted to the various entities of the COVENTYA Group will be processed always with similar purposes and terms as those defined in this article and in accordance with the provisions of the GDPR, in particular Chapter V thereof.
Article 10. How to contact us
If you have any questions or complaints about how we handle your personal data, please contact us by sending an e-mail to the COVENTYA Data Protection Officer at the following email address: DPO@COVENTYA.com or write to us at the following address: COVENTYA Holding, 7 rue du Commandant d’Estienne d’Orves – 92390 Villeneuve-La-Garenne, France.
Let us remind you that you can also contact the CNIL at the following address: Commission Nationale de l’Informatique et des Libertés, 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07, France. Tel.: +33 (0) 1 53 73 22 22 or directly on the CNIL website: https://www.cnil.fr/fr/agir
Article 11. Modification and update
COVENTYA may modify, update and/or replace this Privacy and Personal Data Protection Policy in accordance with the CNIL regulations, jurisprudence and doctrine.
We indicate the date on which we last made changes to this Privacy and Personal Data Protection Policy on the first page of this Policy and any changes take effect at the time of publication.
We recommend that you consult this Privacy and Personal Data Protection Policy on a regular basis in order to obtain the most recent version.