PERSONAL DATA – CONFIDENTIALITY CHARTER
The present charter (hereafter referred to as the “Charter”) is applicable to the company Laboratoire GEFA SAS (hereafter referred to as “GEFA”). The Charter describes the practices implemented by GEFA concerning the use and protection of personal data.
GEFA seeks to build a relationship with its clients and all of its contacts founded on confidence and mutual benefit. To that end, GEFA is committed to protecting their personal data and privacy.
All uses of personal data undertaken as part of the services made available comply with all pertinent local regulations concerning personal data protection, in particular the stipulations of the French Data Protection Act of January 6, 1978 (amended) and the European Union General Data Protection Regulation (Regulation EU 2016/679) or “GDPR.”
GEFA is committed to complying with all pertinent regulations in all of its operations involving personal data. In particular, GEFA promises to comply with the following principles:
- Your personal data will be processed in a lawful, fair and transparent way (lawfulness, fairness, transparency).
- Your personal data are collected for specified, explicit and legitimate purposes, and will not be further processed in any way that is incompatible with these purposes (purposes limitation).
- Your personal data will be stored in an adequate, relevant way, limited to what is necessary in relation to the purposes for which they are processed (data minimization).
- Your personal data are accurate and kept up to date. All reasonable measures are taken to ensure that any inaccurate data, in relation to the purposes for which they are processed, are deleted or corrected without delay (accuracy).
GEFA takes all appropriate technical and organizational measures, starting from the initial conception of its processing operations, to ensure a level of security commensurate with the inherent risk of its processing operations, comply with all regulatory requirements, and protect the rights and data of all persons concerned.
Lastly, GEFA promises to comply with all other appropriate principles in relation to the pertinent regulations concerning personal data protection, and more specifically regarding the rights granted to the persons concerned, the storage time of personal data, and obligations relating to the cross-border transfer of personal data.
GEFA promises to store your personal data for a period not exceeding the time needed for the purposes for which they are processed. In addition, GEFA stores your personal data in compliance with the storage time limits stipulated by all pertinent laws in force.
These storage time limits are defined in relation to the purposes of processing implemented by GEFA, in particular taking into account all pertinent legal measures imposing a specific storage time for certain types of data, any pertinent limitation periods, as well as the recommendations of the CNIL (Commission Nationale de l’Informatique et des Libertés, the French Data Protection Authority) concerning certain types of data processing (for example, deliberation n° 2016-264 of July 21, 2016 amending a simplified standard concerning the automated processing of data of a personal nature as part of the management of clients and prospects (NS-048), article L.232-7 of the Interior Security Code concerning the transmission of passenger data to the French administration, the storage of cookies for 13 months in compliance with the CNIL recommendation, etc.).
Ensuring the security and confidentiality of the personal data that you have entrusted to us is a priority for GEFA. To this end, we implement all appropriate technical and organizational measures, in view of the nature, scope and context of the personal data that you submit to us, as well as the risks inherent in their processing, in order to maintain the security of your personal data and, in particular, prevent any deletion, loss, modification, disclosure, intrusion or unauthorized access to this data, whether accidental or unlawful.
For the purposes of this Charter, the term “personal data” designates all information that makes it possible to identify an individual, directly or indirectly, such as that person’s name or any information making it possible to contact him or her.
For all questions concerning the use of your personal data, feel free to contact us at one of the addresses given below or through our website(s).
SPECIFICATION OF PROCEDURES
Collection, use, disclosure
In this context, the submission of personal data is voluntary. A user who
does not supply this personal data cannot benefit from the corresponding
services offered on the GEFA group’s websites, such as communication, the
downloading of documents or job recruitment.
When a user submits personal data on a GEFA website, he or she acknowledges having received all necessary authorizations and consent from the persons concerned by this personal data, if they concern other persons, and, whenever applicable, for the purposes described in the present general terms and conditions of use.
We process your personal data for the purpose of (i) processing your orders, (ii) collecting payments and combating fraud, (iii) communicating with you:
- The processing of your orders also encompasses (i) the management of client relations, after-sales service and mediation services, (ii) the management, when applicable, of the telesales service, (iii) the management of marketing/commercial prospecting operations, (iv) the management of shipping and deliveries resulting from sales, and (v) the management of payments for orders. The fulfillment of the contract between us provides the legal basis for this processing.
- Concerning the management of product recalls, the legal basis for this processing is the GEFA company’s legal obligation.
- Concerning marketing and commercial prospecting operations, the legal basis for this processing is, depending on the case, your consent or our legitimate interest.
- The processing of your personal data in order to collect outstanding payments and combat fraud encompasses (i) ensuring the security of payments, (ii) the detection and prevention of fraud, and (iii) the management of payment collection. The fulfillment of the contract between us, as well as the GEFA company’s legitimate interest in its capacity as the party responsible for processing, provide the legal bases for this processing.
However, under certain circumstances, GEFA could need to collect certain elements of your personal data, in particular when you sign up for services that allow you to obtain information that is regularly updated by GEFA.
In this case, GEFA can use your data to invite you to events that may be of interest to you, or to send you information concerning its services, publications and products.
For example, you can sign up on our website to obtain the following services:
1. E-mail alerts
GEFA could offer a service consisting of notifying, via e-mail message, persons who have expressed the desire to receive e-mail alerts when new information is posted on a website that they have visited. If you decide to sign up for such a service, we will collect the personal data needed to contact you (for example, your name and e-mail address).
If you wish to unsubscribe from GEFA e-mail alerts, the personal data making it possible to contact you will be stored on our unsubscribe list for a maximum of three years in order to ensure that you no longer receive these communications.
2. Desire to join GEFA
You can inform us of your desire to join our company by sending a postal letter or an e-mail message, or via our website by filling out a contact form. If a user submits a résumé or job application online, GEFA will use this personal data for recruitment purposes, which can imply that GEFA will contact the user by e-mail, telephone or postal letter. In certain cases, the user could be asked to register on a GEFA website. Unless the user specifically requests otherwise, GEFA can store this personal data in its files for a maximum of three years in order to contact the user in the future for other possible employment opportunities at GEFA.
3. Registering to receive GEFA documentation (e.g. newsletters)
Your prior registration can also be required in order to receive certain documents, such as booklets, newsletters and other publications that are the property of GEFA, bearing in mind that the content of the registration forms can vary depending on the nature of the documents in question. GEFA reserves the right not to fulfill the requests of persons who refuse to submit elements of information that are identified as required in the registration form.
If you wish to unsubscribe from any GEFA newsletter or other publication, the data making it possible to contact you will be stored on our unsubscribe list for a maximum of three years in order to ensure that you no longer receive these communications.
If you register on one of our websites, your personal data will be stored in our client relations management database. The personal data of registered persons will be deleted from our database when the persons concerned have not interacted with GEFA for a period of more than three years.
GEFA does not collect sensitive personal data of any kind, except as required by legal and regulatory conditions (e.g. for recruitment purposes). By voluntarily supplying unsolicited sensitive personal data to GEFA (for example by submitting a résumé or job application online), the user expressly agrees that this personal data can be used as described in the present general terms and conditions of use.
“Sensitive personal data” is understood to mean all information concerning an individual that indicates: racial or ethnic origins, political, philosophical or religious opinions, union membership, genetic or biometric data processed for the purpose of identifying specific individuals, information concerning an individual’s health and/or sexual activity and/or criminal record, and in certain cases his or her national identification number or financial information.
GEFA has implemented all pertinent measures to protect the security and confidentiality of the personal data collected in the course of its operations. Access to such data is limited and specific policies and procedures have been implemented to prevent any loss, fraudulent use or other improper use of this data.
We are committed to implementing all appropriate technical and organizational measures needed to guarantee a sufficient degree of security in relation to the risk incurred concerning personal rights and freedoms in the context of the data processing covered by this charter. These measures are defined taking into account the current state of knowledge, the related implementation costs and the nature, scope, context and purposes of this data processing, as well as the known risks.
However, it is important that the user understand that, given the fact that the Internet is an unsecured network open to the public, GEFA cannot be held responsible for the security of personal data transmission over the Internet. We seek to take all reasonable administrative, technical and organizational measures to protect personal information within our organization. Unfortunately, no data storage or transmission system can be guaranteed to be 100% secure. If you have any reason to suspect that your interactions with us are not secure, please notify us immediately.
Various internal departments of GEFA can have access to your personal data.
We do not share your personal data with third parties (any parties outside of the GEFA internal departments that process this type of data) except under the following specific circumstances: for the processing of your orders, we transmit your data to certain service providers specializing in (i) bank transactions (example: banks, payment service providers), (ii) the management of client relations (possible example: call centers), (iii) after-sales service (possible example: repair centers), (iv) the delivery of products (example: shipping companies) and (v) digital technology development.
GEFA could therefore need to communicate your personal data to third parties for the following reasons:
- When it becomes necessary to involve an external service provider in order to fulfill your request; or
- In cases in which you expressly request the communication of your personal data; or
- In response to a court order or to comply with a legal or regulatory requirement; or
- If the communication of your data is logically needed for the sales process or for all or part of our commercial operations.
- GEFA can call upon external service providers for assistance, e.g. for administrative and technical support for one of its websites, software programs or software packages.
Transfers of personal data
GEFA has implemented a complete global program for the protection of personal data, including stipulations concerning other companies. GEFA will not divulge your personal data to any third parties that have not made a commitment in writing to ensure a sufficient degree of protection for your data.
Your personal data will not be divulged outside of the European Union.
Your rights concerning your personal data
GEFA does not collect and does not compile personal data or information obtained through this website, or through any other media or means, for the purpose of using that data for the benefit of third parties for commercial reasons as part of any marketing operation or e-mail campaign.
You have the right to ask us what personal data of yours we have on file. You can request that your personal data be corrected, be deleted, or that they not be used. You also have the right to limit the use of your personal data, the right to data portability and the right to withdraw your consent for the use of your personal data (when their use is contingent upon your consent).
To exercise your rights over your personal data, feel free to contact us by e-mail or at the following address: Laboratoire GEFA, IT Dpt, ZA Bas-Rocomps 35410 CHATEAUGIRON (France) firstname.lastname@example.org
Please attach a copy of an identity document bearing your signature.
If you request the deletion of your data, GEFA can nonetheless store them in the form of an interim archive for the time needed to fulfill our legal, accounting and fiscal obligations.
What is a cookie? Cookies are data stored on an Internet
user’s terminal equipment. They are used by the website to send information to
the user’s browser and to enable the browser to send information back to the
website (such as a session identifier, choice of language or calendar date).
Cookies can be used, during their period of validity, to store information when a browser accesses different pages of a website and/or when it returns to this same website later.
Only the issuer of a cookie can read or modify the information contained in it.
There are different types of cookies:
> Session cookies that disappear when you quit the website;
> Permanent cookies that stay on your terminal until their expiration date or until you use your browser’s functions to delete them.
What is their purpose? The purpose of the cookies used by GEFA is to analyze traffic to the site and determine how the website is used.
How can I deactivate these cookies? If you do not want to receive
cookies from one of our websites, you can change your browser preferences to
and spaces may not be accessible, an inconvenience for which we cannot be held responsible.
Similarly, when you accept the installation of cookies, a consent cookie is installed. The consent or refusal cookies must remain on your terminal equipment.
This Charter is not intended for minors. We understand the importance of data protection for minors, especially in a virtual environment. Consequently, we do not seek to collect or store any data concerning minors.
Modifications of the present Charter
GEFA reserves the right to modify this Charter as necessary. In that case, any modification will become applicable only upon the expiration of a waiting period of 30 working days after the modification. Please consult this page periodically to remain abreast of any changes.
GEFA offers you several options regarding the collection and use of the data that allows us to identify you. If you have subscribed to certain updates via one of our websites and no longer wish to receive e-mail notifications, please go to the cancellation page corresponding to the subscription in question.
If you deem that GEFA has failed to follow proper procedures concerning the protection of privacy, feel free to contact the GEFA IT department in France (see contact information given in the section “Your rights concerning your personal data” above).
In order to exercise your rights, you must send us a postal letter and enclose a photocopy of an identity document bearing your signature.
A member of the GEFA team will be assigned to examine your request and will keep you informed of its progress.
If you are not satisfied with the way GEFA has handled your complaint, you have the right to contact your country’s national data protection authorities. You can also file a complaint with the legal authority having jurisdiction.
Within the strict limits of the conditions explained above, the user authorizes GEFA to store and process the personal data communicated in the course of accessing and viewing one of the GEFA company’s websites.
For any further questions regarding the application of this Charter, please contact our IT department (see contact information and e-mail address above).
Within the strict limits of the conditions explained above, the user authorizes GEFA to store and process the personal data communicated in the course of accessing and viewing its websites.
This English language version is a translation of the French original. In the case of any dispute or litigation, only the French original can be considered binding in a court of law.