Personal data protection

Efalia’s Personal Data Protection Policy
Last updated: November 27, 2018

Scope of application

The Efalia group and its subsidiaries: C-log and Appic (hereinafter “Efalia”, “Group”) is committed to respecting and protecting personal data. We undertake to define and apply appropriate measures to guarantee that the personal data of our customers, contacts, suppliers, users and employees (hereinafter “users”) is processed securely. Efalia has committed itself to a continuous process of compliance with the General Data Protection Regulation of April 27, 2016 (hereinafter the “GDPR”). With this new regulation, Efalia is strengthening its personal data protection policy to ensure that its Users’ data is collected and used transparently, confidentially and securely.

This policy describes the measures put in place to protect personal data and the purposes for which personal data is collected, used and shared, including in the following cases:

  • When browsing the Group’s websites and/or
  • When purchasing and/or using the software published by the Group and/or
  • When purchasing our products and/or
  • When using hosted solutions and/or
  • In communication with Efalia’s staff

Purposes of processing

Personal data is collected during several processes, whose purposes are to:

  • Respond to requests expressed through forms or using the contact methods available,
  • Contact the user with regard to satisfaction surveys or market research, marketing, providing information or inviting them to events,
  • Personalize interaction with our sites, facilitate browsing and prepare statistics on the use of our sites,
  • Develop partnerships,
  • Process transactions with various contacts within Efalia in the context of a contract or a purchase and during the use of Efalia sites and services,
  • Collect users’ opinions about all of Efalia’s services,
  • Apply for work at Efalia,
  • Carry out maintenance on Efalia sites and services,
  • Ensure and improve the operation of Efalia’s sites and services to respond better to the needs of all customers,
  • Manage the use of Efalia’s sites and services while providing customer service and support,
  • Analyse the use of Efalia’s sites and services for trend monitoring, marketing and advertising purposes,
  • Send customers alerts about technical or administrative issues relating to the use of Efalia sites and services,
  • Monitor site activity to avoid fraudulent or illegal use and
  • Inform customers for any other reason to which Efalia is committed.

Efalia puts the following processes in place to respond appropriately to the requests it receives, except for marketing activities, which are based on users’ prior consent.

Browsing the website, completing forms and receiving communications and marketing materials from Efalia are of course optional. The data described as mandatory in the forms is required to enable us to contact users and address their needs and requests as closely as possible.

Relevance of data

Efalia collects and processes personal data fairly and legally. The data collected by Efalia includes the following categories:

  • Identity (e.g. first names and last names, contact details)
  • Personal details (e.g. contact details, hobbies if you provide them in a CV)
  • Professional life (e.g. function, job title, company)
  • Connection data (e.g. cookies)
  • Location data (e.g. deduced from the IP address you are using to browse the site)

Efalia takes care to keep data up to date throughout its processing to prevent it becoming obsolete.

Efalia does not keep personal data any longer than is needed to complete the purpose of its processing, and complies with the applicable legal and regulatory limits.

  • If you are an Efalia Customer or Partner, your data is conserved throughout the term of your contract and for three years after its termination, unless particular legal requirements specify otherwise.
  • If you are a Prospective Customer of Efalia, your data is conserved for three years after your last contact with us, unless particular legal requirements specify otherwise.
  • If you are a candidate for a job offered by Efalia, your application data is kept for two years, unless you are hired by Efalia.
  • Finally, cookies have a validity period of 100 days.

In connection with the access management policy, only duly authorized recipients can access the information required for their activity. Efalia defines the rules of access and confidentiality applicable to the personal data processed.

Efalia determines and implements the means required to protect the processing of personal data, to avoid any access by an unauthorized third party and prevent any loss, corruption or disclosure of data.

Efalia informs the people concerned before implementing any processing. This takes place via this policy on Efalia’s websites.

In accordance with the laws and regulations in force, including the GDPR, you have the right to access, correct, delete, limit or oppose the information held about you, to make a complaint to the CNIL (the French data protection authority), and, where applicable, to transfer your data, withdraw your consent and organize what happens to your data after your death.

To exercise these rights, you can use a contact form or write to the department responsible for respect for personal rights (see below).

To prove the legitimacy of your request, you may be asked for a signed letter of request accompanied by a photocopy of a valid identity document bearing your signature. We will also ask you to provide your contact details so that we can respond.

To optimize and improve the quality of the services offered and ensure they meet your needs, Efalia may use “cookies”. By accessing and browsing the Efalia website, you agree to accept and use cookies on your device, and acknowledge that you have read the information given to you concerning the use of cookies and the means available to you in particular for disabling them.

The tools that enable us to process your information involve its transfer outside the EU:

  • PipeDrive, in the USA, which adheres to the Privacy Shield framework, for management of our prospects, partners and customers

Data protection players

Efalia has appointed a Data Protection Officer (DPO). The DPO ensures compliance with the GDPR within Efalia, supports the teams in implementing processes, helps in the examination of requests relating to personal data protection, informs staff and raises employee awareness.

The DPO has the organizational measures and resources required to manage the compliance of Efalia.

Other players

The Controller determines the purposes and means of the processing.

For processing via the Efalia websites, the Controller is Efalia, domiciled at 210 avenue Jean Jaurès 69007 LYON represented by its Chairman.

On the authority of the Controller, the Efalia Marketing Department runs the Efalia website.

It processes personal data on behalf of the controller. It acts on instructions from Efalia. It has signed an agreement with Efalia, which must contain Efalia’s requirements regarding the protection of personal data.

The following processors are involved in connection with Efalia’s website: PipeDrive, MailChimp.

It is authorized to receive data communicated on a need-to-know basis and the principle of least privilege.

The data collected on Efalia’s website are solely for use by Efalia, and will not be transferred to third parties. In order to respond to your requests and needs as effectively as possible (for example to select the most suitable tender for services etc.) the data collected may be shared within the Efalia Group.

Person to whom the personal data being processed belongs. This is you, if you want to give us your contact details: customer, prospective customer, partner, supplier, candidate, user.

Efalia always takes its Users’ data very seriously. We may therefore need to modify, supplement or update the Personal Data Protection Policy. We invite you to look regularly at the latest version in force, which can be found on our Website. If major changes are made, we will inform you by email or your usual means of contact so that you can examine the changes before they take effect. If you continue to use our Services after notice is published or sent out about changes to the Personal Data Protection Policy, this means that you accept the updates.