Terms of service

This charter – “The Charter” has been drawn up to define the commitments for data protection and specify the implementation of the General Data Protection Regulation - "RGPD" within the company - "La Greka".

The Company attaches particular importance to the protection of the personal data of its employees , its customers, its partners, as well as users of its websites and mobile applications.

The Company informs about the procedures for collecting personal data, their use as well as the options available to the persons concerned. This Charter may be modified by laGreka in the event of regulatory, jurisprudential or technical developments.

The Greka complies with the “Informatique & Libertés" n° 78-17 of January 6, 1978 as amended, as well as the law "for confidence in the digital economy" n° 2004-575 of June 21, 2004, as well as the General Regulations on Data Protection, n° 2016/679 of April 27, 2016.

This General Data Protection Regulation, n° 2016/679 of 27 April 2016 has become applicable in the European Union since May 25, 2018.

 

ARTICLE 1 – DEFINITION

The General Data Protection Regulation concerns the processing and circulation of data personal, this information on which companies rely to offer services and products.

It establishes rules relating to the protection of natural persons with regard to the processing of personal data and the rules relating to the free movement of such data.

It protects the fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.

The main objectives of the GDPR are to increase both the protection of individuals concerned by the processing of their personal data and the accountability of the actors of this processing.

The aim is also to harmonize the European legal standard for the protection personal data, so that there is one and the same framework applying to all Member States.

 

ARTICLE 2 – CONCEPT PERSONAL DATA

Personal data is information which makes it possible to identify a natural person, directly or indirectly. This may be a name, photograph, IP address, telephone number, computer login, postal address, fingerprint, voice recording, social security number, email address, etc.

Some data is sensitive because it relates to information that may give rise to discrimination or prejudice: a political opinion, a religious sensibility, a trade union commitment, an ethnicity, a sexual orientation, a medical situation or philosophical ideas are sensitive data.

They have a particular framework, which prohibits any prior collection without clear, written consent and explicit, and for specific cases, validated by the National Commission for Computing and Freedoms - "CNIL" and whose public interest is proven.

 

ARTICLE 3 – DATA COLLECTED WITHIN THE COMPANY

The collection of personal data is the purpose of and a declaration to the French authority for the protection of personal data, the CNIL.

Information can be collected in different ways

Consent b>

Greka does not collect any personal data without obtaining express consent and giving the prior information concerning in particular the type of data collected, their purposes, the person responsible for their processing, and the various rights that the persons at the origin of the data are able to exercise over them.

Site visits internet

Greka may also collect information during various exchanges, or with external companies via a dynamic internet or mobile application and/or interactive with Internet users,  Employees or not of the Company.

Cookies b>

The Company's sites and services may issue cookies. They make it possible to recognize the terminal concerned each time this terminal accesses digital content containing cookies from the same issuer.

They allow services to operate efficiently, and to remember preferences.< /span>

There is still a possibility to erase the cookies stored on the connection terminal in order to permanently delete the information they contain.

 

ARTICLE 4 – L 'OBLIGATION INFORMATION AND RESPECT FOR CONSENT

Greka guarantees the rights of access, rectification and opposition of their data that already existed before the application of the GDPR.

It also guarantees the right to restriction of processing, the right to oblivion, the right to data portability or the right to erasure of data.

The protection of minors under 16 is also reinforced. The consent of the holder of parental authority must be given.

Whenever data is collected, the data subject must be informed of the legal basis on which the processing is carried out, of his rights on the processing (limitation, portability and recourse) and of the exact methods of the processing of his data.

This information must be visible and accessible on the website where the data is collected , or where appropriate, on the media that allow the collection of data signed contracts, etc.

 

ARTICLE 5 – PURPOSES DATA COLLECTED

Only the data necessary and relevant to the purposes pursued are collected, in the compliance with the principle of proportionality in order to improve the quality of the products or services that the Company offers.

The Company will only collect adequate, relevant and strictly necessary data for the purpose treatment.

The data identified as mandatory are necessary in order to benefit from the corresponding functionalities and more specifically operations on the content offered within the company.

This policy applies to the Company and its sites, applications, software and services published by the Company and/or using its interface or its functionalities.

ARTICLE 6 – USE DATA COLLECTED

The Data collected by the company is processed for the purposes of performing the operations on the contents of the service.

This use is based on one of the legal bases provided by law, namely:

  • the protection of legitimate business interests, li>
  • the performance of a concluded contract or commitment, span>
  • compliance with a legal or regulatory obligation, li>
  • the preservation of the public interest, such as the prevention or detection of fraud or financial crime.

Under no circumstances will data be processed in a manner inconsistent with these purposes, except with prior agreement.

 

ARTICLE 7 – SECURITY DATA

The personal data collected by the Company are under no circumstances transferred, rented or exchanged to third parties, with the exception of the Company's partners and subsidiaries, unless this was clearly specified when collecting the data concerned.

However, the data may be disclosed pursuant to a law, a regulation or pursuant to a decision of a competent regulatory or judicial authority or, if necessary, for the purpose of preserving its rights and interests.

In addition, Greka may, if necessary, transmit information if it acquires another company or is the subject of a takeover, merger, absorption, amalgamation or reorganization of any kind.

Any user opening an account is invited to create an identifier or nickname and a word outmoded. This password must remain secret and he must limit access to his computer or mobile devices and log out at the end of the use of the services.

Personal data being confidential, the company limits access to them only to employees of the company or service providers needing to carry out the processing.

All persons having access to personal data are bound by a duty of confidentiality and expose themselves to disciplinary measures and/or other sanctions if they do not respect these obligations.

 

ARTICLE 8 – DURATION DATA RETENTION

Data is stored and retained for the time necessary to achieve the intended purposes .

Personal data will thus be kept for the period during which the Employees of the  Greka use the support services of said data.

The aforementioned data is deleted no later than 5 years from the last contact with the person or Employees from whom said data originates.

 

ARTICLE 9 – THE RIGHTS CONCERNED

The Company intends to respect all rights with respect to the processing of Personal data vis-à-vis Employees:

  • the right to be informed about the use of Personal Data; span>
  • the right to access personal information collected from Greka Employees ;
  • the right to request the correction of inaccurate, incomplete, ambiguous Personal Data; expired for Employees of the Company;
  • the ability to require portability (right to portability) des data to another service provider/user;
  • the right to set guidelines regarding the fate of Personal Data after death< span class="Apple-converted-space" data-mce-fragment="1">  ;< /li>
  • the right to lodge, where appropriate, justified and duly substantiated complaints with the national authority in charge of the protection of personal data.

 

ARTICLE 10 – SANCTION IN CASE OF NON-COMPLIANCE

In the event of breach of the obligations imposed by the GDPR, the companies concerned may be fined up to 20 million euros or 4% of worldwide turnover for the most important entities.

The CNIL may issue responses in the event of a violation of the regulations such as updates formal notice or warnings.

 

ARTICLE 11 – INFORMATION OF THE EMPLOYEE AND ADVERTISING

This Charter will be publicly displayed as an appendix to the rules of procedure and will be communicated individually to each Greka employee.

It will also be available on the Greka website.

ARTICLE 12 – ENTRY CHARTER EFFECTIVE

This Charter is applicable from the date of its publication