EFINOR attaches great importance to the respect of privacy and, as such, to the personal data that you entrust to it in the context of the relationship established with it. This is one of the reasons why EFINOR has chosen to adopt its own policy on the confidentiality and protection of your personal data.
Through this policy, EFINOR is committed to processing your data in a responsible, secure and transparent manner, in accordance with EU Regulation No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Individuals with regard to the processing of personal data and on the free movement of such data and the provisions of the applicable French regulations.
The present policy also aims to inform you about the personal data processed by EFINOR, the conditions under which these data are processed and the rights and means of action available to you in relation to these data.
The purpose of this policy is to explain our vision and commitments regarding the protection of personal data, as well as the measures taken to guarantee their security.
More specifically, this policy details the processing of personal data relating to the use of EFINOR's websites, which are
Any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier.
Examples: name, identification number (social security, driving licence, passport, personnel number), location data, online identifier, an element relating to physical, physiological, genetic, psychological, economic, cultural or social identity.
Any operation or set of operations, whether or not by automatic means, on personal data or sets of personal data
Examples: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
The natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing.
Any person whose data are being processed.
The natural or legal person, public authority, department or other body which processes personal data on behalf of the controller.
The natural or legal person, public authority, department or any other body that receives personal data, whether or not it is a third party.
The person who is responsible for ensuring compliance with personal data protection regulations.
A breach of security which results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.
In this policy, the terms "EFINOR", "we", "us" or "our" refer to EFINOR, a simplified joint stock company with a capital of 2,000,000 euros, established at 2, rue Grande Rue 50100 Cherbourg-En-Cotentin. As such, it acts as the data controller within the meaning of the regulations applicable to personal data.
For more information on EFINOR, please refer to our legal notice(https://www.efinor.fr/mentions-legales/ )
EFINOR is committed to ensuring that each of the personal data processing operations it carries out respects the fundamental principles of personal data protection. This article informs you of EFINOR's commitments with regard to the fundamental principles of personal data protection.
These aspects are common to all treatments described in this Policy.
EFINOR is committed to processing personal data in a lawful manner.
Each of the personal data processing operations carried out by EFINOR is based on one of the six legal bases mentioned in Article 6 of the General Data Protection Regulation.
EFINOR informs you of this legal basis at the time of data collection.
The processing carried out by EFINOR via its website does not require the collection or processing of "sensitive" personal data within the meaning of Article 9 of the General Data Protection Regulation. Consequently, none of the legal bases mentioned in the same article are required.
EFINOR is committed to processing your data in a fair and transparent manner.
To this end, EFINOR :
EFINOR undertakes to process your data for specific, explicit and legitimate purposes.
It undertakes to clearly identify the purposes for which it collects and uses your personal data, and to respect the scope defined by these purposes.
EFINOR informs you of these purposes and will inform you of any changes that may affect them.
It undertakes to ensure that the data processing that it implements has purposes that comply with the applicable laws and regulations.
EFINOR undertakes to collect only data that is adequate, relevant and necessary to achieve the purpose of the processing.
Each of the forms on our sites allows you to provide only the information that is strictly necessary to achieve the purpose for which it is being used. Each form includes a statement specifying the purpose, the legal basis for the processing, the period for which the data is kept and the possible recipients of the data.
The data required to process your request is marked with an asterisk. If you do not fill in these fields, EFINOR will not be able to respond to your request and/or provide you with the desired service. The other fields are optional and allow us to better understand your request and provide you with a more appropriate response.
EFINOR undertakes to ensure that the data it processes is accurate, complete and kept up to date.
It shall act to update the data as soon as it becomes aware of their obsolescence or inaccuracy.
To this end, it shall put in place mechanisms and procedures enabling data subjects to have the data used rectified or updated.
EFINOR undertakes to keep the personal data used for processing in a form that allows the identification of the data subject only for as long as is strictly necessary to achieve the purposes for which they are processed.
EFINOR undertakes to securely and definitively delete the data at the end of the retention periods set according to the purposes of the processing and the legal, regulatory or contractual requirements to which it is bound.
It also means that EFINOR may, at its discretion, at the end of the same period, retain the data concerned if it succeeds in eliminating the identifying character of the data by means of anonymisation processes, thus making them lose their personal character.
EFINOR attaches great importance to information security issues and, in this respect, to the security of personal data.
EFINOR is committed to protecting your personal data against loss, destruction, alteration, unauthorised access or disclosure. To this end, EFINOR implements appropriate technical, organisational and human resources measures, taking into account the nature of the data as well as the risks that the processing generates, to protect and guarantee the availability, integrity and confidentiality of your personal data, and in particular, against any modification or damage, or against any unauthorised access by third parties.
These measures include, inter alia,
Under technical measures :
Under organisational measures :
EFINOR never shares your personal data with other companies (except for those EFINOR entities that may be involved in the management of operations involving you).
Your data may potentially be transmitted to technical intermediaries (IT service providers, hosts of our servers, etc.) that EFINOR chooses because of their expertise and reliability, who act under its control and according to its instructions
We allow these intermediaries to process your data only to the extent necessary to provide the service concerned or to comply with a legal or regulatory obligation. In any event, we will ensure that your data is protected, end-to-end, for the duration of the processing.
EFINOR may also be required to provide your data to third parties in order to comply with a legal obligation, to enforce a court order or if such disclosure is necessary for the defence of our legal rights.
All such third parties may be located in EU and non-EU countries, including countries that do not offer the same level of protection as your country of residence. In such cases, and to the extent required by applicable law, we will either obtain your express and unequivocal consent to share your data with such third parties, or enter into data transfer agreements that comply at least with the standard clauses adopted by the European Commission, or, in the case of third parties established in countries benefiting from adequacy decisions, that such third parties have complied with the requirements set out in such decisions.
EFINOR's services are not intended for minors. Furthermore, we do not knowingly collect or process personal data relating to minors. In the event that we come into possession of such data without the prior consent of their parents, we will take the appropriate measures to delete them from our servers and those of the intermediaries we use
You will find details of the purposes and conditions of processing your data in the following table:
In the event that, despite the precautions and diligence of EFINOR, your personal data is accessed, lost or stolen by an unauthorized third party, EFINOR will take the necessary steps within its power to mitigate the impact of the personal data breach.
EFINOR has technical and organisational measures in place to monitor, detect, identify and deal with security incidents that may occur. Each incident is analysed in order to identify its causes and to define the measures to be implemented to prevent its recurrence.
Furthermore, as required by the regulations, EFINOR keeps a register of personal data breaches. Similarly, it notifies the CNIL of any breach that poses a risk to the persons concerned.
Finally, in the event that the breach creates a high risk for the data subjects, it will take reasonable steps to inform them of the circumstances and consequences of the breach, to the extent required by law. To this end, it will use the contact information provided to it, or any other reasonable means.
EFINOR reminds you that you have the rights described below and that you can exercise them by sending an e-mail to mailto:privacy@efinor.com or by using the dedicated forms available on its website.
Pursuant to Article 15 of the European Data Protection Regulation (RGPD), you have the right to access your personal data processed by EFINOR.
This right allows you to obtain confirmation from EFINOR that your personal data is being processed by the company and, if necessary, to obtain a copy of such data (any other copy may incur costs which you may have to bear).
As part of its response to your request, EFINOR will also provide you with information on
Upon receipt of the response, you will have the opportunity to :
In accordance with Article 12.3 of the RGPD, EFINOR has a period of one month to respond to your request. This period may be extended to two months in the event of a complex request. In this case EFINOR will inform you within one month of receiving your request of this extension and the reason for it.
In accordance with Article 16 of the European Data Protection Regulation (RGPD), EFINOR informs you that you have the right to rectify your personal data.
This right allows you to obtain the rectification of personal data concerning you that are processed by the company and that are inaccurate.
This right also allows you to ask the company, in view of the purpose of the processing, to complete your personal data.
In accordance with Article 12.3 of the RGPD, EFINOR has one month to respond to your request. This period may be extended to two months in the event of a complex request. In this case EFINOR will inform you within one month of receiving your request of this extension and the reason for it
In accordance with Article 17 of the European Data Protection Regulation, EFINOR informs you that you have the right to erase your data (also known as the right to be forgotten).
This right allows you to obtain the deletion of your personal data processed by the company in one of the following cases:
EFINOR may refuse to erase in cases where the processing is necessary:
In accordance with Article 12.3 of the RGPD, EFINOR has one month to respond to your request. This period may be extended to two months in the event of a complex request. In this case EFINOR will inform you within one month of receiving your request of this extension and the reason for it.
In accordance with Article 21 of the European Data Protection Regulation, EFINOR informs you that you have the right to object to the processing of your personal data.
This right allows you to object, at any time, on grounds relating to your particular situation, to the processing of your personal data by EFINOR in cases where :
In accordance with Article 12.3 of the RGPD, EFINOR has one month to respond to your request. This period may be extended to two months in the event of a complex request. In this case EFINOR will inform you within one month of receiving your request of this extension and the reason for it.
In accordance with Article 18 of the European Data Protection Regulation, EFINOR informs you that you have the right to limit the processing of your personal data.
This right allows you to obtain a restriction on the processing of your personal data in one of the following cases:
Where processing has been restricted, your personal data may not, with the exception of storage, be processed:
You will be informed by EFINOR before the processing restriction is lifted.
In accordance with Article 12.3 of the RGPD, EFINOR has one month to respond to your request. This period may be extended to two months in the event of a complex request. In this case EFINOR will inform you within one month of receiving your request of this extension and the reason for it
In accordance with Article 20 of the European Data Protection Regulation, EFINOR informs you that you have the right to the portability of your personal data.
This right allows you to receive your personal data collected by EFINOR in a structured, commonly used and machine-readable format and to transmit them to another controller without EFINOR being able to prevent this, if the following three conditions are met
In the context of the right to portability of your personal data, you have the possibility of having your data transmitted directly by EFINOR to another data controller of your choice, where this is technically possible.
The exercise of this right does not prevent you from exercising your right to the deletion of personal data.
This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
In accordance with Article 12.3 of the RGPD, EFINOR has one month to respond to your request. This period may be extended to two months in the event of a complex request. In this case, EFINOR will inform you within one month of receiving your request of this extension and the reason for it.
EFINOR's sites may contain links to social networks operated by third parties over whom EFINOR has no control.
In this regard, EFINOR shall not be responsible for how your data is used or stored on the servers of such third parties. We advise you to read the privacy policy of the third parties you access through our sites to understand how your data will be used.
Any dispute to which the confidentiality policy may give rise, in particular concerning its validity, interpretation and execution, their consequences and their aftermath, shall be submitted to the competent courts in the jurisdiction of Cherbourg-en-Cotentin.
Any questions regarding EFINOR's Privacy Policy should be directed to this e-mail mailto:privacy@efinor.com or by sending a letter to the following address
EFINOR
BCRM Cherbourg - CC 300
50115 CHERBOURG-EN-COTENTIN
EFINOR may change this privacy policy as our needs and applicable laws change. We ensure that you will be informed of any changes by a notice on our site or by any other means deemed appropriate. EFINOR's privacy policy was last updated on 11/06/2019