Charter on personal data

Similar documents
PROCEDURE RIGHTS OF THE DATA SUBJECT PURSUANT TO THE ARTICLES 15 TO 23 OF THE REGULATION 679/2016

Art. I Right to Access to Personal Data

(1) General information

closer look at Rights & remedies

Information leaflet about processing of personal data for Newsletter Recipients (hereinafter Data Subject)

Privacy policy. 1.1 We are committed to safeguarding the privacy of our website visitors.

Information about the Processing of Personal Data (Article 13, 14 GDPR)

SKILLSTAR 2018 NONPROFIT KFT. DATA PROTECTION POLICY

Declaration on the protection of personal data in the company TAJMAC ZPS, a.s.

Data Protection Policy. Malta Gaming Authority

REGULATION (EU) 2016/679 General Data Protection Regulation

1. Processing of personal data legal basis, purpose and scope Legal basis fulfillment of statutory legal requirements

Aalto Summer continuing education

PRIVACY POLICY STATEMENT ON THE PROCESSING OF PERSONAL AND SENSITIVE DATA OF THE CUSTOMERS WITHIN THE MEANING OF ARTICLE 13 AND FF. OF REGULATION (EU)

PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY

Data Protection Declaration in accordance with the DSGVO

Factsheet on the Right to be

16 March Purpose & Introduction

Application for a visa for a long stay in Belgium This application form is free

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April on the protection of natural persons

Address: PL 52 (Ketunpolku 1), Kajaani

General Data Protection Regulation

Individual Rights (Data Privacy) Policy

DATA PROCESSING AGREEMENT. between [Customer] (the "Controller") and LINK Mobility (the "Processor")

The Act on Processing of Personal Data

DATA PROTECTION LAWS OF THE WORLD. Romania

European Data Protection Supervisor Your personal information and the EU administration: What are your rights?

***I DRAFT REPORT. EN United in diversity EN 2012/0010(COD)

DATA PROTECTION (JERSEY) LAW 2018

DATA PROCESSING AGREEMENT

DATA PROTECTION LAWS OF THE WORLD. Ireland

DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 24 October 1995

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

PERSONAL DATA PROCESSING AGREEMENT

BASECONE DATA PROCESSING AGREEMENT (BASECONE AS PROCESSOR)

SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)... 16

9091/17 VH/np 1 DGD 2C

Adequacy Referential (updated)

EUROPEAN PARLIAMENT Committee on the Internal Market and Consumer Protection

STATOIL BINDING CORPORATE RULES - PUBLIC DOCUMENT

General Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)...

An overview of the EU General Data Protection Regulation ( GDPR ) for media organisations

Information on the Processing of Personal Data (GDPR)

5418/16 AV/NT/vm DGD 2

How we use Personal Information

Data Protection Bill [HL]

Official Gazette No. 55 issued on 8 May Data Protection Act. of 14 March 2002

THE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001 PART I GENERAL PROVISIONS

The legal framework and guidance on data protection under the. Cross-border ehealth Information Services (CBeHIS) T6.2 JAseHN draft v.2 (20.10.

THE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum

Personal Data Protection Act

Act CXII of on the Right of Informational Self-Determination and on Freedom of Information 1 CHAPTER I GENERAL PROVISIONS. 1.

A Legal Overview of the Data Protection Act By: Mrs D. Madhub Data Protection Commissioner

SUPPLIER DATA PROCESSING AGREEMENT

Data Processing Addendum

Answers to Questionnaire: Romania

Data Protection Bill [HL]

AmCham EU Proposed Amendments on the General Data Protection Regulation

COMP Article 1. Article 1 Subject matter and objectives

Terms of Business

CHAPTER I. Definitions

EU GDPR - DATA PROCESSING ADDENDUM INSTRUCTIONS FOR CDNETWORKS CUSTOMERS

This unofficial translation is provided for information purposes only and has no legal force. Data Protection Act.

The Ministry of Technology, Communication and Innovation and The Data Protection Office. Workshop On DATA PROTECTION ACT 2017

EVIDENCE ON THE DATA PROTECTION BILL. For the House of Commons Public Bill Committee by Open Rights Group and Chris Pounder

Law Enforcement processing (Part 3 of the DPA 2018)

Legal Services Privacy Notice

International Privacy Laws: Those New EU Data Protection Regulations Do Apply to You!

Brussels, 3 May 2006 (Case ) 1. Procedure

Privacy Notice 1. CONTROLLER S NAME AND DATA

SUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS

COMPLAINT FORM Exclusively for complaints regarding violations of data subject s rights (articles of GDPR)

Federal Act on Data Protection (FADP) Section 1: Aim, Scope and Definitions

DATA PROCESSING ADDENDUM

Brussels, 29 November 2007 (Case ) 1. Procedure

EQUILOR BEFEKTETÉSI ZRT. S PRELIMINARY INFORMATION ON DATA PROTECTION

Data processing agreement

Selection procedure at the European Ombudsman's Secretariat

Processor Agreement SURF Model Agreement

FUJITSU Cloud Service K5: Data Protection Addendum

Article 1. Federal Data Protection Act (BDSG)

PRIVACY STATEMENT (Everest Notariaat N.V.)

Opinion on a notification for Prior Checking received from the Data Protection Officer of the European Ombudsman on verification of telephone bills

Free and Fair elections GUIDANCE DOCUMENT. Commission guidance on the application of Union data protection law in the electoral context

GDPR: Belgium sets up new Data Protection Authority

Exhibit MC - Standard Contractual Clauses (processors)

SIMON READHEAD Q.C. PRIVACY NOTICE

Opinion 07/2016. EDPS Opinion on the First reform package on the Common European Asylum System (Eurodac, EASO and Dublin regulations)

ARTICLE 29 DATA PROTECTION WORKING PARTY

EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE

Reports of Cases. JUDGMENT OF THE COURT (Second Chamber) 20 December 2017 *

Data Processing Agreement

The NATIONAL CONGRESS decrees: CHAPTER I PRELIMINARY PROVISIONS

THE GDPR AND DFIR THE IMPACT OF THE EU GENERAL DATA PROTECTION REGULATION ON DIGITAL FORENSICS AND INCIDENT RESPONSE

Model Data Processing Agreement (GDPR)

Data Processing Addendum

Fragomen Privacy Notice

GENERAL CONDITIONS OF USE OF THE SUPPLIER PORTAL

PROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013

MARITEC-X MARINE AND MARITIME RESEARCH, INNOVATION, TECHNOLOGY CENTRE OF EXCELLENCE. Consortium Agreement

Transcription:

Charter on personal data Paris, May 24 th of 2018 The purpose of this present Charter (hereinafter «the Charter») is to inform the clients, suppliers and more globally any concerned person (hereinafter called «Concerned Person») on the processing of personal data which can be made by LEOSPHERE (hereinafter «LEOSPHERE»). With this Charter, LEOSPHERE commits to comply with the European Regulation 2016/679 (or GDPR). For this purpose, the Charter can be modified at any time by LEOSPHERE, in particular to be compliant with any development and/or amendment in regulation, case law or technical. ARTICLE 1 : IDENTITY AND CONTACT OF THE CONTROLLER The Controller is the company LEOSPHERE, Société par Action Simplifiée, which registered office is located at 43, rue de Liege, 75008, Paris, France, registered in the registre du commerce et des sociétés of Paris under the number 452 972 649 represented by its President, Mr. Alexandre Sauvage. For the purpose to respect his or her rights and for any complementary information, the Concerned Person can send a complaint to the e-mail address : rgdp@leosphere.com ARTICLE 2 : COLLECTED DATA As part of its activity, LEOSPHERE can process data or data set which could lead to someone s identification (hereinafter called Personal Data ). The type of Personal Data processed by LEOSPHERE can fluctuate from an Concerned Person to another. That Personal Data, in particular, includes: - Last name and first name, e-mails, gender, the address and the name of the company for which the concerned person work for, the nationality or the residential country of the Concerned Person; - Data LEOSPHERE obtained from business cards; - Data LEOSPHERE obtained following a recommendation and more globally through the conduction of its business relationships. 1/7

These personal data are not restrictively listed and can vary according to the information the Concerned Person consented to give. ARTICLE 3 : PURPOSES OF THE PROCESSEING Personal Data collected by LEOSPHERE are possessed in order to reach business operations, in particular: inform on content updates (for products and services), send a newsletter, scientific studies and invitation to events, to make annual customer survey Personal Data can also be stored to allow the identification of the Concerned Person in the case of technical, business or scientific exchanges. ARTICLE 4 : LEGAL BASIS FOR THE PROCEEDING Personal Data processing by LEOSPHERE can be made for several reasons, in particular: - the processing is necessary for the execution of an on-going contract; - the processing is necessary to comply with a legal obligation of LEOSPHERE; - the processing is necessary legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data; - the concerned person has given consent to the processing of his or her personal data for one or more specific purpose. ARTICLE 5 : LEGITIMATE INTERESTS The processing of Personal Data is considered as legal because necessary for the purpose of legitimate interest of LEOSPHERE and/or by a third party acting on behalf of LEOSPHERE and/or any administration, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. In Particular, the legitimates interests followed up by LEOSPHERE can be : commercial prospection, performance of a contract or the continuation of the relations, management project, management of the client service. ARTICLE 6 : THE RECIPIENTS The Recipients or categories of recipients of the personal data regroup, in particular: 2/7

- LEOSPHERE, for the purposes described in the article 3 of this present Charter; - The public authorities and organisms; In accordance with the current regulation, personal data can be transmitted to the competent authority on request and in particular public organisms, exclusively to meet legal obligations. - Third Parties. Data can be transmitted to third parties to ensure the company activity and the purpose described above. ARTICLE 7 : TRANSFERT OF PERSONAL DATA TO A THIRD COUNTRY LEOSPHERE can carry out a transfer of Personal Data to those locations: Countries the European Commission considered, at the time of the transmission, ensuring an adequate level of protection for Personal data, at the date of the Charter s signature. Countries the European Union did not considered ensuring an adequate level of protection for Personal data, at the date of signature of this present Charter. For those countries, LEOSPHERE can transfer Personal Data by using standard contractual clauses adopted by the European Commission. The Concerned person can find these standard contractual clauses adopted by the European Commission on the web site of the Commission Nationale Informatique et Liberté, ( CNIL ). ARTICLE 8 : PROCESSOR LEOSPHERE can resort to a processor to have Personal Data possessed. For that purpose, LEOPSPHERE commits to have a responsible approach when it contract with such processor, and, in particular, commits that the processor respect this present Charter. LEOSPHERE ensure that the processor offer necessary guaranties to respect the European regulation on general data protection. ARTICLE 9 : STORAGE PERIOD Personal Data will not be stored over the necessary duration of the purpose described above, according to the Law. Personal data of the Concerned Person are erased when the storage period expired. 3/7

In the strict respect of applicable laws and regulations, Personal Data could be archived beyond the forecasted duration, for purposes in the scientific interest, or in the case of a prosecution in criminal law, for the only purpose to allow the provision of those Personal Data to the judicial authority. Archiving involve that those Personal Data will be anonymized and not searchable online but will be extracted and stored on an autonomous and secured support, only accessible to identified person legitimately recipient of these information. ARTICLE 10 : Concerned Person Rights The Concerned Person has the right to request to LEOSPHERE the Personal Data, the access to and rectification or erasure of personal data or restriction of processing concerning the concerned person or to object to processing as well as the right to data portability; For the purpose to respect his or her rights, the Concerned Person can send a complaint to the e-mail address: rgdp@leosphere.com. ARTICLE 10.1 RIGHT OF ACCESS The Concerned Person shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information listed in the article 15 of the European Regulation 2016/679 (GRDP). ARTICLE 10.2 RIGHT TO RECTIFICATE The Concerned Person has the right to obtain from LEOSPHERE without undue delay the rectification or the complement of inaccurate personal data concerning him or her. ARTICLE 10.3 RIGHT OF ERASURE The Concerned Person has the right to obtain from LEOSPHERE erasure of personal data concerning him or her without undue delay. For this purpose, LEOSPHERE shall have the obligation to erase Personal Data without undue delay where one of the following grounds applies: -The Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; -The Person Concerned withdraws consent on which the processing is based and there is no other legal ground for the processing; -The Person concerned objects to the processing and there are no overriding legitimate grounds for the processing, or the Person Concerned objects to the processing; -The Personal Data have been unlawfully processed; 4/7

-The Personal Data have to be erased for compliance with a legal obligation. ARTICLE 10.4 : RIGHT TO REESTRICTION OF PROCESSING The Concerned Person has the right to obtain from LEOSPHERE the restriction of processing if : - The accuracy of the personal data is contested by the data subject, for a period enabling LEOSPHERE to verify the accuracy of the personal data; - The processing is unlawful and the Concerned Person opposes the erasure of the personal data and requests the restriction of their use instead; - LEOSPHERE no longer needs the Personal Data for the purposes of the processing, but they are required by the Concerned Person for the establishment, exercise or defence of legal claims; - The Concerned Person has objected to processing, pending the verification whether the legitimate grounds of the controller override those of the Concerned Person. Where processing has been restricted under this article, such Personal Data shall, with the exception of storage, only be processed with the Concerned Person s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of one of its Member State. The Concerned Person who has obtained restriction of processing pursuant to this article shall be informed by the controller before the restriction of processing is lifted. ARTICLE 10.5 : RIGHT TO DATA PORTABILITY The Concerned Person have the right to receive the Personal Data concerning him or her, which he or she has provided to LEOSPHERE, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from LEOSPHERE to which the personal data have been provided, where the processing is based on consent In exercising his or her right to data portability, the Concerned Person shall have the right to have the Personal Data transmitted directly from one controller to another, where technically feasible. ARTICLE 10.6: RIGHT TO ENFORCE THE PERSONS RIGHTS Upon request to LEOSPHERE, any Concerned Person shall have the right to receive a detailed process explaining how to enforce those rights. That detailed process is released at the same time as the Charter. Furthermore and for that 5/7

purpose, each Concerned Person can submit a request at rgdp@leosphere.com for any question linked to that process. ARTICLE 11 : RIGHT TO OBJECT The Concerned Person shall have the right to object, on grounds relating to his or her particular situation, at any time, to processing of Personal Data concerning him or her if the processing is based on the purposes of the legitimate interests pursued by LEOSPHERE or by a third party. LEOSPHERE will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the Concerned Person shall have the right to object at any time to processing of Personal Data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. ARTICLE 12 : RIGHT TO WITHDRAW HIS OR HER CONSENT When the Concerned Person consented to the processing of its personal data, the Concerned Person has the right to withdraw consent at any time, without any justification and without affecting the lawfulness of processing based on consent before its withdrawal. ARTICLE 13 : RIGHT TO LODGE A COMPLAINT The Concerned Person has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation. The supervisory authority in France is the CNIL The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy 6/7

ARTICLE 14 : INFORMATION ON POTENTIAL CONSEQUENCES OF THE ABSENCE OF DATA SUPPLY Requirement of the supply of Personal Data can be regulatory (requirement from public authorities or contractual, for the purpose of the proper functioning of LEOPSPHERE. For this purpose, the Concerned Person could, in some cases, have to supply Personal Data. The absence of supply of these data could conduct to an impossibility to follow the contract or contracts execution. This absence may even conduct LEOSPHERE to bring a legal action in justice against the Concerned Person, if LEOSPHERE suffered damage from this absence. 7/7

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback