Efalia Personal Data Protection Policy
Last updated on: 25 May 2018
The Efalia group (hereinafter “Efalia”) is committed to respecting and protecting personal data. We undertake to define and take appropriate steps to ensure the security of processing of your personal data. The Efalia group implements a continuous process for compliance with the General Data Protection Regulation of 27 April 2016 (hereinafter the “GDPR”). With this new regulation, Efalia is strengthening its personal data protection policy to ensure that the data of our users (hereinafter the “Users”) is collected and used in a transparent, confidential and secure manner. To ensure that these rules are properly applied, Efalia has appointed a Data Protection Officer (DPO) who is the special representative for these matters.
The policy presented is intended to control the compliance of the processing of personal data and respect for the rights of the persons concerned, for creation of the website www.efalia.com (hereinafter the “Website”) by Efalia. The notions used in the policy are defined in the GDPR, in particular the notions of processing, personal data, persons concerned and controller.
Efalia continually takes care of its Users’ data. We may therefore be required to modify, complete or update the Personal Data Protection Policy. Please regularly consult the last version in force, accessible on our Website. If major changes are made, we will inform you by email or via your usual contacts, to enable you to examine the changes before they enter into effect. Continued use of our Services after the publication or sending of notice concerning changes made to the Personal Data Protection Policy implies acceptance of the updates.
Purpose of processing
The personal data collected via the Website is collected by means of several types of processing, in order to:
- answer your requests made via the forms or by using the methods of contact available on the Website,
- contact you concerning customer satisfaction surveys or market studies,
- carry out market research, pass on information or send invitations to events if you have authorised us to do so,
- personalise your interaction with our websites, facilitate browsing and draw up statistics concerning use of the Website,
- apply for a job at the Website,
- develop a partnership.
Efalia puts in place the following types of processing to provide an appropriate response to the requests that you send us, except for the canvassing activities which are based on the prior consent of the Users.
Consulting the website, filling in the forms, receiving messages and taking part in Efalia canvassing campaigns are of course optional. The data to be entered on the forms is compulsory to enable us to re-contact you and meet your needs and requests as effectively as possible.
Relevance of the data
Efalia collects and processes personal data in an honest and lawful manner. The data collected by Efalia include the following categories:
- Identity (e.g. surname, first name, contact details)
- Private life (e.g. contact details, hobbies when you specify them on a CV)
- Professional life (e.g. post, company)
- Connection data (e.g. cookies)
- Location data (e.g. based on the IP address used to visit the website)
Efalia makes sure that the data are updated throughout the processing so that they do not become obsolete.
Limited retention of data
Efalia does not keep the personal data longer than required for the purposes of processing, while respecting the legal and statutory limits applicable.
If you are a Customer or Partner of Efalia, you data will be retained for the term of the agreement and for three years after its expiry, unless there are specific legal constraints.
If you are a Prospect of Efalia, your data will be retained for three years from the date of your last contact with us, unless there are specific legal constraints.
If you are applying for a vacancy at Efalia, your application data will be retained for two years, unless you are hired by Efalia.
Finally, cookies have a period of validity of 100 days.
Limited access to data
In connection with the access management policy, only duly authorised recipients can access the information required for their activity. Efalia defines the rules of access and confidentiality applicable to the personal data processed.
Eflalia determines and implements the means required to protect the processing of personal data, to avoid any access by an unauthorised third party and prevent any loss, corruption or disclosure of data.
Notification and rights of individuals
Before processing the data, Efalia informs the persons concerned. They are notified via this policy for the Website.
In accordance with the laws and regulations in force, and in particular the GDPR, you have the following rights: to access, modify, delete, limit, oppose, make a complaint to the French Data Protection Authority (CNIL); and when applicable: portability, withdrawal of consent, determine the fate of your personal data after your death.
To exercise these rights you can use a contact form or write to the department responsible for compliance with the rights of individuals (cf. below).
In order to check the legitimacy of your request, you may be asked to provide a signed request accompanied by a photocopy of a valid identity card bearing your signature. We also ask you to give us your contact details in order to send you a reply.
The tools that enable us to process your information involve their transfer outside the EU:
* PipeDrive, in the USA, which adheres to the Privacy Shield, for management of our prospects, partners and customers
Data protection players
Data Protection Officer (DPO)
Efalia has appointed a Data Protection Officer (DPO). The DPO ensures compliance with the GDPR within Efalia, supports the teams during processing, helps to investigate requests linked to the protection of personal data, and informs and raises the awareness of employees.
The DPO has the organisational measures and means required to manage the compliance of Efalia.
Determines the aims and means of the processing. For processing via the website www.efalia.com, the controller is Efalia, domiciled at 49, rue de la République 69200 VÉNISSIEUX, FRANCE, represented by its Chairman.
- Department responsible for carrying out the processing
On the authority of the controller, the Efalia Marketing Department runs the Efalia website.
- Department responsible for the rights of individuals
To exercise your rights, you can contact the Efalia DPO, by sending a letter to: DPO Efalia, 49 rue de la République, 69200 VÉNISSIEUX, FRANCE.
Processes the personal data on behalf of the controller. Acts on instructions from Efalia. It has signed an agreement with Efalia which must contain Efalia’s requirements regarding the protection of personal data.
The following processors are involved in connection with Efalia’s website: PipeDrive, MailChimp.
Person authorised to receive the data, on a need-to-know basis and according to the principle of least privilege.
The data collected on Efalia’s website are solely for use by Efalia, and will not be transferred to third parties. In order to meet your requests and needs as effectively as possible (for example to select the most suitable tender for services etc.) the data collected may be shared within the Efalia Group.
- Persons concerned
Persons to whom the personal data processed belong, i.e. you, who wish to give us your contact details: customers, prospects, partners, suppliers, applicants.