Personal Data Processing Policy
PERSONAL DATA
The data used or collected includes identification data (surname, first name, email address, telephone number) and professional data (position in the company, company name, company email address, business phone number, business address, city, postal code, country.
We collect and process personal data about you for the following purposes:
- Manage, process and follow up of your information requests, support, contact and providing you with an answer;
- Contact with Sales representatives if you complete the information request questionnaire;
- Prospecting, communicating and raising awareness on our products;
- Produce studies, reports and statistics;
- Manage the requests you may have to exercise your rights with regard to the personal data protection;
- Comply with our legal and regulatory obligations resulting from our activities.
Data may be transmitted to service providers and subcontractors under contract with SEQENS, for the sole purposes set out above. They are kept for the durations set out by the CNIL guidelines or in compliance with legal requirements.
In accordance with the French law “informatique et libertés” and the European union General Data Protection Regulation (GDPR), you can access, rectify, request the deletion of your data or exercise your right to limit its processing. You can withdraw your consent to the processing of your data at any time; You can also refuse the processing of your data; You can also exercise your right to the portability of your data by using the contact details at the bottom of the page.
PURPOSE OF THE PROCEDURE
The Seqens Group is committed to conducting its activities in compliance with applicable laws and regulations applicable to the protection of personal data and with the Seqens Group’s ethical rules on the management of internal and external relations.
This procedure defines the conditions under which the Seqens Group’s employees and its subcontractors proceed with the collection, use, conservation, transfer, communication and destruction of any personal data related to the Seqens Group’s activities.
Personal data is any information that relates to a specific or identifiable individual. This personal data must be protected, which requires the implementation of strict processes to manage it. The organization making decisions regarding the use of this data is considered as the Data Controller. The Seqens Group, as data controller, ensures that its processes comply with the rules set out in this procedure regarding the data processing. Failure to comply with these rules exposes the Group to legal sanctions.
The Seqens Group governance body represented by the Data Protection Officer is committed to ensuring the compliance and deployment of this procedure and expects all its employees and subcontractors to share this commitment.
Any violation may result in disciplinary action or liability for the person or company that fails to comply with this procedure.
SCOPE AND AMENDEMENT
This procedure applies to all the employees and subcontractors of the Seqens Group.
It applies generally to all the companies of the Seqens Group, including companies or establishments outside the European Union that process, transfer or receive personal data relating to activities in the European Union.
LEGAL FRAMEWORK AND REGULATIONS
This procedure is in line with the 2016/679 European union General Data Protection Regulation (GDPR) from April, 27th 2016 and the French law “Informatique et Libertés” from January, 6th 1978. These legislations apply by default.
It cannot apply in the event of discrepancies with the laws and regulations of countries outside the European Union where the Seqens Group carries out its activities.
PRINCIPLES OF PERSONAL DATA PROCESSING
Equity and fairness
The Seqens Group processes personal data in accordance with the following principles:
- Personal data are fairly and lawfully collected, for a specific purpose and for the needs of the controller’s activities.
- All measures ensuring the accuracy of personal data will be taken.
- Personal data is used for the sole purpose for which it was originally collected. Any other use must be considered as a new processing and be subject to prior information of the persons involved.
- Personal data is kept for a defined period of time, depending more specifically on limitation periods and/or the legal or recommended statutory retention periods.
Limitation of use to clearly defined objectives
Before implementing a new personal data processing operation or modifying an existing one, the project is brought to the attention of the local personal Data Protection Officer who will ensure the compliance of the planned processing operation with the RGPD.
The categories of collected personal data by the Seqens Group companies are necessary to their activities.
Only the relevant, adequate and non-excessive data are collected for the purpose.
Essentially, the data is related to customers, suppliers, subcontractors and employees of the Seqens Group, within the framework of contractual relationships, the management of contracts and the management of the website. The Seqens Group also uses cookies and other tracers on its websites with the aim of facilitating the navigation of users or for statistical purposes.
Transparency
The Seqens Group collects personal data either directly from the involved persons or as a result of the use of products or services.
The Seqens Group is also likely to be the recipient of data that has been collected from data subjects by a third party.
Only relevant and strictly necessary data for the purpose of the processing are collected, in compliance with the principle of proportionality.
Deletion
Seqens Group does not store personal data longer than necessary. Retention periods may vary depending on the categories of data and processing.
At any time, the Seqens Group processes and uses this data in compliance with the law and will keep the personal data:
(i) only for as long as it is reasonably necessary to achieve the stated purposes, including the necessary time to respond to any request from the data subject,
(ii) as long as required by operational, regulatory and legal constraints, to comply in particular with obligations of certain documents retention (for example, the obligation to retain certain documents for ten years to comply with accounting and tax obligations in France), and in accordance with applicable limitation periods. Similarly, data will be retained in order to ensure the rights of defense and to respond to legal claims and requests from authorities and regulators until the end of the relevant retention period or until the claims are finally decided.
In this sense and to comply with Article 17 of the RGPD, the Seqens Group undertakes to respond to any request for deletion of personal data collected in any of the following cases:
- When the data subject to the deletion request is used for marketing purposes;
- When the personal data to be deleted no longer serves the purpose for which it was originally collected or when it has been processed in a different way by the controller;
- When the data subject, i.e. the owner of the data to be deleted, withdraws his or her own consent to the processing of the said data, and above all, when there is no legal basis for the processing. This generally concerns sensitive data;
- As soon as the concerned data are used or processed unlawfully;
- When a legal obligation makes the deletion of data unavoidable;
- When the data subject objected to the processing of his or her data and the Seqens Group does not have a valid reason for not complying with the request for deletion.
Data reduction and saving
Before processing personal data, the Seqens Group determines whether and to what extent the processing of personal data is necessary to achieve the purpose for which it is collected.
Where possible, the use of statistical and/or anonymized data should be preferred to the use of personal data. Personal data may not be collected in advance and stored for potential future purposes, unless required or permitted by national law.
Accuracy and update
Personal data must be accurate, complete and – if necessary – kept up to date. Appropriate measures must be taken to ensure that inaccurate or incomplete data are deleted, corrected, completed or updated.
Privacy and security
Personal data are subject to data secrecy. They must be treated as personally confidential and protected by appropriate organizational and technical measures to prevent unauthorized access, unlawful processing or distribution, and accidental loss, alteration or destruction.
PERSONAL DATA TRANSFER
Personal data may be accessible to some of the Seqens Group’s employees or service providers established in countries outside the European Union, subject to the provisions mentioned below. For these recipients located outside the European Union, the transfer is limited to the countries listed by the European Commission as providing sufficient protection for personal data or to recipients who respect either the standard contractual clauses proposed by the CNIL or the Seqens Group’s internal data protection rules (BCR).
Any data transfer outside of the EU is subject to prior validation by the Data Privacy Officer.
SECURITY AND PRIVACY
Seqens Group implements and maintains appropriate technical and organizational measures to prevent unauthorized or accidental access, collection, processing, disclosure, copying, modification, making available or any other similar risk.
Technical measures include protecting networks, servers and terminals against external attacks as well as penetration and/or restoration tests.
Organizational measures are based on the assignment of IDs and passwords to personalize access to data.
Tracking connection records helps to detect illegal access.
The Seqens Group will alert the competent authority, and if necessary, the persons concerned, in the event of a personal data breach.
SEQENS POLICY UPDATES
This procedure may be updated to reflect changes in the management of personal data by the Seqens Group. Any major changes will be communicated internally.
The version in force is the one appearing on the Seqens Group intranet site.
DATA PROTECTION BY DESIGN
The Seqens Group ensures the respect of privacy. As such, it ensures that all its projects comply with the GDPR from the very first stages of their design.
To ensure that all data protection requirements are identified and taken into account when designing new systems or processes and/or reviewing existing systems or processes, the RGPD must be involved and be part of the project team when the project involves a system or process that directly or indirectly relates to or impacts the processing of personal data.
RESPECT FOR HUMAN RIGHTS
Each person whose personal data is held by the Seqens Group has the following rights regarding the collection and processing of his/her personal data. These rights can be exercised in certain circumstances:
- Right to the access to personal data and in particular the right to obtain information about the processing of such data;
- Right to obtain rectification of personal data; It is indeed important that the personal data held by the Seqens Group are up to date;
- Right to obtain the deletion of personal data;
- Right to obtain the limitation of the processing of personal data;
- Right to portability of personal data;
- Right to oppose to the processing of personal data (especially in the case of processing such data for marketing purposes).
The exercise of these rights is free of charge. No fee may be charged for this. However, the Seqens Group may charge a reasonable fee if the exercise of these access rights is clearly unfounded or excessive. Alternatively, the Seqens Group may, if necessary, refuse such a request.
To exercise these rights, the persons concerned can address their request:
Either by mail at privacy@seqens.com
Or by post mail at:
SEQENS
Personal Data Protection Officer
21 chemin de la Sauvegarde
“21 Ecully Parc”
CS 33167
69134 ECULLY Cedex
Each person also has the right to submit a complaint with the CNIL or any competent supervisory authority.