Data protection general policy

INADVANS

Thanks to its commitments in terms of personal data protection and its expertise in the development of good practices in this area, INADVANS engages in the protection of personal data processed within its businesses.

For purposes of full transparency and pedagogy, INADVANS set out the present Data protection general policy, allowing any natural person, at any time, to be aware of the commitments made and of the practices conducted by INADVANS regarding personal data.

 

INADVANS undertakes to process all the data collected in compliance with texts applicable to data protection (Law n°78-17 of 6 of January 1978 modified and the General European Regulation 2016/679 of 27 April 2016 relating to data protection, these two texts being hereinafter referred to as the « Regulation »).

 

  1. Glossary

A personal data processing operation is an operation or an organized set of operations performed on personal data  (collection, structuring, storage, modification, communication…).

A personal data is information allowing a human person identification (natural person), directly (for instance name/surname), or indirectly (for instance phone number, contract number, alias).

The subject person is the person whose identification can be made through the data used within the personal data processing.

The data processor decides the way of implementation of the personal data processing, notably by identifying the purpose of the data and which tools will be implemented for processing operations.

The processor carries out data processing operations on behalf of the data controller, entering into an agreement with the data controller who entrusts the latter with certain tasks and ensures that technical and organizational guarantees are provided, allowing to process the transferred personal data in compliance with the Regulation.

The recipient receives authorized communication of the personal data.

INADVANS is the data controller of the processing operations implemented within its businesses under French Act number 78-17 of 6 January 1978 modified relating to information technology, files and freedoms (referred to as « Data protection Act ») and the General European Regulation 2016/679 of 27 April 2016 relating to data protection (referred to as « GDPR »), these two texts being referred to as the « Regulation ».

The applications and digital services developed by INADVANS on behalf of its clients fail under their own data control and are not concerned by the Privacy policy herein.

 

  1. INADVANS key commitments

INADVANS, in its capacity of data controller, observes the following principles:

  • Personal data is used only for explicit, specific and legitimate purposes (objectives):
  • Professional contacts management,
  • Commercial prospection management.
  • Only strictly useful personal data is collected and processed : INADVANS thus applies the concept of privacy by default protecting the data subjects from excessive collection of data.
  • The data shall not be stored beyond the period necessary to the processing operations for which it was collected, and taking into account the nature of the processing operations, or of the one set out by the French data protection authority (CNIL) standards and authorizations or by the Regulation.
  • We do not share nor transfer personal data to third parties, but only to authorized recipients within the strict framework of the purposes defined in advance.
  • We pass personal data on to processors providing suitable technical and organizational guarantees, ensuring the protection of the data entrusted to them under INADVANS’s
  • The data subjects are informed, in advance and frequently, in a clear and transparent manner, notably of the data purpose of usage, the obligatory or voluntary nature of their answers in the forms, of their data protection rights and the modalities of effective exercise of such rights, of the recipients.
  • Whenever stipulated by the Regulation, an explicit, informed, active and unambiguous consent of the data subject is collected with regard to the processing of personal data.
  • Suitable security measures, on the technical, logic, organizational and legal plan, have been set out based on a risks analysis of the various personal data processing operations involved, and are implemented by INADVANS and its contractually committed processors, to ensure personal data protection.
  • Whenever required by the risks involved in a processing operation, INADVANS performed an impact analysis on data subjects’ private life and personal data protection, in order to implement and manage concrete actions suitable for such risks.
  • INADVANS and its processors have undertaken to design tools and systems which fully integrate the compliance with the Regulation and data subjects private life protection, by incorporating the compliance with these rules at the design and development stage: INADVANS thus applies the concept of privacy by design allowing the development of responsible tools and systems.
  • INADVANS and its processors commit to ensure that any possible and exceptional violation of data be addressed with the implementation of any protection and corrective actions subsequent to a violation and notably the information of the French data protection authority (CNIL) and, as the case may be, of the data subject.

 

At INADVANS, all employees and actors are made aware of data protection principles, through regular training sessions suitable to their activity and duties.

The associates only have access to information necessary to their activity, sensitive data are subject to specific clearances and controls, and, in particular, health data processed within the framework of Applications implemented on behalf of clients are entrusted to an accredited or certified health data service provider within the meaning of article L. 1111-8 of the French Public Health Code.

 

  1. The Data Protection Officer, the DPO

INADVANS appointed a data protection officer to ensure compliance with the Regulations and rules set out in the Data protection general policy herein.

The data protection officer notably :

  • draws up and update a register of personal data processing operations implemented within the company,
  • ensures the compliance of the practices with the regulation and its changes,
  • raises awareness among the teams about the requirements and good practices in terms of personal data protection,
  • ensures the effective exercise of their rights by the data subjects.

The data protection officer is Solène PONTHIEU, who can be contacted:

  • By email : dpo@inadvans.com
  • By phone : +33 (0) 6 70 43 52 01
  • By mail :

DPO – InAdvans
8 rue de l’Arcade
75008 PARIS

 

  1. Data collection

INADVANS collects the personal data of data subjects  in the following manner :

  • Through the contact form offered on the Website,
  • Through professional social networks,
  • Through our clients professional websites,
  • Through business directories,
  • During business meetings, congresses, conferences, work shop,
  • During networking from partners.

 

  1. The collected Data

Within its businesses, INADVANS collects data belonging to the following categories of personal data :

Categories of personal data involved

  • Surname, name, position, company,
  • Businesses, specialties,
  • Email address, professional address,
  • Desk and mobile phone, professionals,
  • Connection data (IP address, logs, etc.),
  • Contact data

 

  1. Usage of the data

INADVANS uses the collective personal data for the main following purposes:

  • Processing – Management of the clients relationships
  • Processing – Management of the clients prospects relationships

 

Processing operations presented above are necessary to the performance of activities and services offered by INADVANS. They are based on INADVANS’ legitimate interest.

 

  1. The recipients of the data

For each processing described in article « The usage of the data » above, the applications and digital services developed by INADVANS on behalf of its clients fall under their data control and are not concerned by the  Privacy policy.

INADVANS selects the data recipients based on their missions and authorizations to receive the data in compliance with the specified purposes.

Depending on the situation, these recipients may be :

  • InAdvans team
  • Processor in charge of the organization of an event or professional meeting
  • InAdvans partners

 

  1. The data storage period

Definite rules, with regard to the duration of storage of data subjects’ personal data, are set out by INADVANS in order to limit the retention to a strictly necessary duration.

The personal data processed within the processing operations specified above is stored for the whole duration of the contractual relationship + 3 years, except in case of objection from the data subject.

Once such period has expired, and on a case-by-case basis, the personal data is subject in compliance with the applicable Regulation to one of the following measure:

  • Suppression,
  • Irreversible anonymization,

 

  1. The data security

The security of the data refers to actions undertaken to protect the data from :

  • destruction,
  • loss,
  • deterioration,
  • non-authorized disclosure of personal data transferred, stored or processed,
  • unlawful or accidental non-authorized access to such data.

 

To ensure personal data security, INADVANS and its processors implement suitable technical and organizational actions in light of the state of knowledge, costs, the nature, reach, context and the processing operations purposes to ensure a security level suitable to the risks.

In particular and whenever necessary, the following actions were taken :

  • pseudonymisation and encryption of personal data ;
  • deployment of means ensuring the confidentiality, integrity, the availability and the permanent resilience of the systems and processing operations;
  • deployment of means ensuring to restore the availability of the personal data and their access in a timely manner in case of technical or physical incident;
  • the implementation of a process intended to frequently check, analyze and evaluate the efficiency of the technical and organizational actions taken to ensure the processing operations security.

 

Consequently, INADVANS and its processors set up features suitable and compliant to the state of the art and to  applicable standards, to ensure your personal data protection.

 

  1. The rights of the data subjects

Each data subject has the following rights:

  • access his/her data (right of access) : the data subject may directly ask INADVANS whether or not some of his/her personal data is stored, and request for the communication of a list of data,
  • to request the rectification (rectification right) : the data subject may request the rectification of his/her inaccurate personal data. The rectification right supplements the right of access.
  • to request erasure (right to erasure): the data subject may request the erasure of his/her personal data, for a cause provided by the Regulation.
  • to request the restriction of his/her data processing (right to restriction of processing) : the data subject may request the limitation of his/her data processing, for a cause provided by the Regulation.
  • to request the portability of his/her data (right to data portability): the data subject may request to receive the data he/she provided to INADVANS, or request INADVANS that they be transferred to another data controller for a cause provided by the Regulation,
  • to define advance directives regarding the fate of the data after the death.

 

The data subject may additionally object, for legitimate reasons, that his/her personal data be processed, disseminated, transferred, stored or hosted.

For additional information on the meaning of the rights ; the French data protection authority (CNIL) created a section dedicated to the proper understanding of the rights : https://www.cnil.fr/fr/comprendre-vos-droits

To exercise the rights, the data subject may contact INADVANS data protection officer :

  • By email : dpo@inadvans.com
  • By phone : +33 (0) 6 70 43 52 01
  • By mail :

DPO – InAdvans
8 rue de l’Arcade,
75008 PARIS

 

To ease such formalities, each data subject is invited by INADVANS, when sending a request to exercise the rights to :

  • Indicate which right(s) she/he wishes to exercise,
  • Clearly indicate his/her name / surname / contact details where she/he wishes to receive the answer,
  • Enclose a copy of a proof of identity.

 

  1. The consent of the data subjects

Every data processing operations are implemented by INADVANS in compliance with the data subjects consent, and in some cases provided for by Regulation, the explicit consent, otherwise referred to as the express consent of the data subject is required.

Whenever the explicit consent of the person is required by Regulation, it is collected in advance by INADVANS and the data subject may at any time withdraw his/her consent, by contacting the persons referred to above.

 

  • The claims before the French data protection authority (CNIL)

Each data subject has the right to file a claim before a data protection supervisory authority.

In France, such supervisory authority is the Data protection authority (CNIL), which contact details are as follows:

CNIL
3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07

 

  1. The transfers of data outside of the European Union

INADVANS may share personal data of data subjects in order to perform the activities specified within the present Policy. Such data may be transferred in a country located outside of the European Union.

In such case, INADVANS ensures that personal data transfer is carried out in compliance with the Regulation relating to data protection.

INADVANS implements actions to ensure the data enjoys equivalent protection, and in particular by implementing suitable contractual provisions as the standard data protection clauses adopted by the European Commission.

 

  1. The Cookies
  1. What is a Cookie ?

A cookie is a small file containing letters and numbers, stored on the web browser or on the computer, smartphone or tablet hard drive of a User of any INADVANS Website, should he/she accepts the cookie.

INADVANS uses cookies on the Website: files temporarily or permanently stored on the User computer, tablet or smartphone in order to recognize him/her during subsequent visits.

 

  1. What are cookies used for?

By continuing to browse the INADVANS Website, the User gave his/her consent to the use of the following   cookies:

  • Navigation cookies
  • Performance and audience measurement cookies

Learning the behavior of web users on the Website allows INADVANS to :

  • Produce reliable statistics about traffic, traffic volumes, and the usage of the various website contents (browsed sections and Contents, clickpath, etc.), allowing to improve the services interest and usability,
  • Adapt the presentation of the websites to the display preferences of the computer or mobile device (display resolution, operating system, etc.) of the User during his/her visits,
  • To save information relating to forms (subscription or access to an account,.);
  • To implement security measures,

For additional information about the cookies used by INADVANS, and on the reason why we use it, please refer to the chart below :

Name of the Cookies

 

  1. How to block cookies ?

The website User may block cookies by activating a filter on his/her web browser or his/her computer or smartphone or tablet.

The User may reject all cookies or only part of them.

However, should the User choose to block all cookies, some part of the Websites may become unavailable.

 

  • On a computer

The User can set up his/her browser software:

– to save the cookies in his/her computer, or, on the contrary, to systematically reject cookies or depending on their issuer,

OR

– to periodically ask the cookies acceptance or rejection, before any cookie is saved in the computer.

For the management of cookies and choices, the setup of each navigation browser differs. It is described in the browser « help » menu :

 

  • On a smartphone

For the management of cookies and choices, the setup of each operating system differs. Its is described in the documentation :

 

 

  1. Amendments to the personal data general general policy

The data protection policy may evolve. In case of evolution of some of the confidentiality policy elements, INADVANS undertakes to make amendments to the latter and to inform data subjects, before the implementation of modifications that may affect the personal data.

INADVANS will do its best to indicate what adjustments such amendments imply.

The present document has been validated before diffusion by INADVANS Data protection officer. It is reviewed at least once a year.

 

  1. Questions and comments : contact us

We thank you for reading our data protection policy. For any questions, comments and concerns regarding this policy, please contact our data protection officer :

  • By email : dpo@inadvans.com
  • By phone : +33 (0) 6 70 43 52 01
  • By mail :

DPO – InAdvans
8 rue de l’Arcade,
75008 PARIS