Personal Data Protection Policy
Respect for privacy and the protection of personal data is a factor of trust, a value that is particularly important to Cooptalis Group, which is committed to respect for the fundamental rights and freedoms of each individual.
The present personal data protection policy reflects the commitments implemented by Cooptalis Group and all its employees in the context of its daily activities for a responsible use of personal data.
1) Data Protection Officer (DPO)
In order to preserve the privacy and protection of personal data, Cooptalis Group has appointed a Data Protection Officer (DPO) in December, 2018.
The DPO is a pledge of trust; a contact specialized in the protection of personal data, responsible for ensuring the preservation of privacy and the proper application of rules for the protection of personal data, the privileged contact of the Commission Nationale Informatique et Libertés (CNIL), and all persons concerned by the collection or processing of personal data.
To contact the DPO: write to “DPO Cooptalis Group 992b Avenue de la République 59700 Marcq-en-Baroeul” or by e-mail at [email protected]
The DPO keeps the records of the processing activities of Cooptalis Group company, which is available to the CNIL if necessary.
2) Principles applicable to the protection of personal data
Cooptalis Group provides a solution to its customers to process personal data in compliance with applicable laws and regulations, in particular the European General Data Protection Regulation n°2016/679 of 27th of April 2016.
According to the accountability principle, a personal data accountability policy is implemented in the company and compliance is monitored.
2.1 Specific, explicit and legitimate purpose of the processing operation
Personal data are stored in our solution for specific purposes, brought to the attention of the persons concerned at the time of first contact by our customers. Such data may not be used subsequently in a manner incompatible with those purposes.
These data must be processed lawfully, fairly and transparently by our customers.
Cooptalis Group may collect data relating to racial origin, religious or racial beliefs.
Cooptalis Group does not collect data relating to political, opinions or philosophical beliefs. Similarly, it does not collect genetic or biometric data or data concerning the health, sex life or sexual orientation of the person concerned.
2.2 Proportion and relevance of data collected
The personal data collected are strictly necessary for the purpose for which they are collected. Cooptalis Group strives to minimize the data collected, to keep them accurate and up to date by facilitating the rights of data subjects.
2.3 Limited retention period for personal data
Personal data shall be kept for a limited period which shall not exceed the period necessary for the purposes of collection.
Data retention periods are implemented according to our customers’ needs and vary according to the nature of the data, the purpose of the processing, or legal or regulatory requirements.
2.4 Confidentiality / Data security
Information system protection measures are implemented, adapted to the nature of the data processed and the company’s activities.
Appropriate physical, logical and organizational security measures are in place to ensure data confidentiality, including the prevention of unauthorized access.
Cooptalis Group has implemented a procedure for notifying the CNIL and / or individuals concerned of a violation of personal data.
Cooptalis Group also requires any subcontractor to provide appropriate guarantees to ensure the security, protection and confidentiality of personal data. This requirement requires the establishment of contracts, which include for the subcontractor the obligation to respect the content of the European Regulation. These contracts provide for controls and audits to be carried out where necessary.
Personal data may be transferred to countries within or outside the European Union. If this is the case, the persons concerned are precisely informed, and specific measures, for example European contractual clauses, are taken to regulate these transfers.
2.5 Lawfulness of the processing
The company’s processing operations are based either on your consent, on the performance of the contract binding us, on compliance with a legal obligation, or on the pursuit of our company’s legitimate interests.
2.6 Rights of individuals
All necessary means to guarantee the effectiveness of individuals’ rights over their personal data are implemented.
Cooptalis Group doesn’t collect personal data directly but manages personal data on behalf of our customers.
All persons have rights over the data concerning them, which they can exercise at any time and free of charge, proving their identity. Thus, people can access their personal data, and in some cases have them corrected, transferred in a structured format or deleted. Any person also has the right to limit the processing of his data or to oppose such processing. Finally, every person has the right to decide the fate of his data after his death.
These rights may be exercised according to the procedures brought to the attention of the persons concerned by our customers, Cooptalis Group will help them to bring the best answer to each client.
Such requests may also be addressed to the DPO.
3) Monitoring of the Personal Data Protection Policy
This policy is updated regularly to consider legislative and regulatory changes, and any changes in the organization of Cooptalis Group or in the offers, products and services offered.
In case of new processing or modification of an existing processing that could have an impact on the rights and freedoms of the data subjects, Cooptalis Group will work with its customers to carry out a data protection impact assessment.