GDPR Compliance
PREAMBLE
This charter – “The Charter” has been developed in order to define the commitments for data protection and specify the implementation of the General Data Protection Regulations – “GDPR” within the company – Greka.
The Company attaches particular importance to the protection of the personal data of its employees, its customers, its partners, as well as the users of its websites and mobile applications.
The Company informs of the processes for collecting personal data, their use as well as the options available to the persons concerned. This Charter may be subject to modification by the Company in the event of regulatory, jurisprudential or technical developments.
The Company complies with the “Informatique & Libertés” law n° 78-17 of January 6, 1978 as amended, as well as the law “for confidence in the digital economy” n° 2004-575 of June 21, 2004, as well as the General Regulations on Data Protection, n° 2016/679 of April 27, 2016.
This General Data Protection Regulation, no. 2016/679 of April 27, 2016, has become applicable in the European Union since May 25, 2018.
ARTICLE 1 – DEFINITION
The General Data Protection Regulation concerns the processing and circulation of personal data, information on which companies rely to offer services and products.
It establishes rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of such data.
It protects the fundamental freedoms and rights of individuals and in particular their right to the protection of personal data.
The main objectives of the GDPR are to increase both the protection of people concerned by the processing of their personal data and the accountability of those involved in this processing.
The objective is also to harmonize the European legal standard for the protection of personal data, so that there is a single framework applying to all Member States.
ARTICLE 2 – CONCEPT OF PERSONAL DATA
Personal data is information that allows a natural person to be identified, directly or indirectly. This may include a name, photograph, IP address, telephone number, computer login, postal address, fingerprint, voice recording, a social security number, an email address, etc.
Some data is sensitive because it concerns information that may give rise to discrimination or prejudice: a political opinion, a religious sensitivity, a union commitment, an ethnicity, a sexual orientation, a medical situation or philosophical ideas. are sensitive data.
They have a specific framework, which prohibits any prior collection without written, clear and explicit consent, and for specific cases, validated by the National Commission for Information Technology and Liberties – “CNIL” and whose public interest is proven.
ARTICLE 3 – DATA COLLECTED WITHIN THE COMPANY
The collection of personal data is subject to a declaration to the French authority for the protection of personal data, the CNIL.
Information may be collected in different ways
The consent
The Company does not collect any personal data without obtaining express consent and first providing information concerning in particular the type of data collected, their purposes, the person responsible for their processing, and the various rights that the people at the origin of the data have. even to exercise on the latter.
Website visits
The Company may also collect information during various exchanges, or from external companies via a dynamic and/or interactive internet or mobile application with Internet users, whether or not Employees of the Company.
Cookies
The Company's sites and services may issue cookies. They make it possible to recognize the terminal concerned each time this terminal accesses digital content containing cookies from the same issuer.
They allow services to operate efficiently, and to remember preferences.
There is still the possibility of deleting the cookies stored on the connection terminal in order to permanently delete the information they contain.
ARTICLE 4 – THE INFORMATION OBLIGATION AND RESPECT FOR CONSENT
The Company guarantees the rights of access, rectification and opposition to their data which already existed before the application of the GDPR.
It also guarantees the right to limitation of processing, the right to be forgotten, the right to data portability or the right to erasure of data.
The protection of minors under 16 is also reinforced. The consent of the holder of parental authority must be given.
Each time data is collected, the data subject must be informed of the legal basis on which the processing is carried out, of their rights regarding the processing (limitation, portability and recourse) and the exact terms of the processing of their data.
This information must be visible and accessible on the website where the data is collected, or where applicable, on the media which allow the collection of signed contract data, etc.
ARTICLE 5 – PURPOSES OF COLLECTED DATA
Only the data necessary and relevant to the purposes pursued are collected, in compliance with the principle of proportionality, in order to improve the quality of the products or services that the Company offers.
The Company will only collect data that is adequate, relevant and strictly necessary for the purpose of the processing.
The data identified as mandatory are necessary in order to benefit from the corresponding functionalities and more specifically from operations on the content offered within the company.
This policy concerns the Company and its sites, applications, software and services published by the Company and/or using its interface or its functionalities.
ARTICLE 6 – USE OF COLLECTED DATA
The Data collected by the company is processed for the purposes of carrying out operations on the content of the service.
This use is based on one of the legal bases provided for by law:
protection of the legitimate interests of the company,
the execution of a concluded contract or commitment,
compliance with a legal or regulatory obligation,
the preservation of the public interest, such as the prevention or detection of fraud or financial crime.
Under no circumstances will data be processed in a manner incompatible with these purposes, unless prior consent is obtained.
ARTICLE 7 – DATA SECURITY
Personal data collected by the Company is under no circumstances transferred, rented or exchanged to third parties, with the exception of the Company's partners and subsidiaries, unless this was clearly specified during the collection of the data concerned. .
However, the data may be disclosed in application of a law, a regulation or under a decision of a competent regulatory or judicial authority or, if necessary, for the purposes of preserving its rights and interests. .
Furthermore, the Company may, where applicable, transmit information if it acquires another company or is subject to a takeover, merger, absorption, regrouping or reorganization of any nature whatsoever.
Any user opening an account is invited to create a username or nickname and a password. This password must remain secret and he must limit access to his computer or mobile devices and log out at the end of use of the services.
As personal data is confidential, the company limits their access only to company employees or service providers who need it in the context of carrying out the processing.
All persons with access to personal data are bound by a duty of confidentiality and are subject to disciplinary measures and/or other sanctions if they do not respect these obligations.
ARTICLE 8 – DATA STORAGE DURATION
The data is stored and kept for the duration necessary to achieve the intended purposes.
Personal data will thus be kept for the period during which the Company's Employees use the services supporting said data.
The aforementioned data is deleted no later than 5 years from the last contact with the person or Employees at the origin of said data.
ARTICLE 9 – THE RIGHTS CONCERNED
The Company intends to respect all rights with regard to the processing of Personal data vis-à-vis Employees:
the right to be informed about the use of Personal Data;
the right to access personal information collected from Company Employees;
the right to request the correction of inaccurate, incomplete or ambiguous Personal Data; expired for Company Employees;
the possibility of requiring transferability (right to portability) of data to another service provider/user;
the right to define directives relating to the fate of Personal Data after death;
the right to file, where applicable, justified and duly reasoned complaints with the national authority responsible for the protection of Personal data.
ARTICLE 10 – SANCTION IN CASE OF NON-COMPLIANCE
In the event of failure to comply with the obligations imposed by the GDPR, the companies concerned may be fined up to 20 million euros or 4% of global turnover for the largest entities.
The CNIL may issue responses in the event of a violation of the regulations, such as formal notices or warnings.
ARTICLE 11 – EMPLOYEE INFORMATION AND ADVERTISING
This Charter will be publicly displayed as an appendix to the internal regulations and will be communicated individually to each Employee of the Company.
It will also be available on the Company's website.
ARTICLE 12 – ENTRY INTO FORCE OF THE CHARTER
This Charter is applicable from the date of its publication.
©Copyright 2022, La Greka SASU
All rights reserved. BV with capital of 100€