The purpose of this policy is to present the rules relating to the protection of personal data as a controller and processor of SYSTNAPS (hereinafter “SYSTNAPS”) undertakes to respect.
These rules come in particular in application of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, hereinafter “GDPR”) on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
This document may be amended, in particular where necessary, to meet the obligations
The concepts concerning the protection of personal data used in this document have the same meaning as those given by the RGPD, particularly in Article 4 of the RGPD.
General principles on the protection of personal data
Systnaps as data manager.
In accordance with Article 5 of the GDPR, SYSTNAPS guarantees that personal data are :
- Treated lawfully, fairly and transparently;
- Collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes
- Adequate, relevant and limited to what is necessary for the purposes for which they are processed
- Accurate and, where necessary, kept up to date;
- Kept for no longer than is necessary for the purposes for which they are processed;
- Processed in such a way as to ensure appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by means of appropriate technical or organizational measures appropriate to the risks.
Purpose and legal basis of the processing of personal data
In the case of SYSTNAPS acting as a data controller
For its internal needs, SYSTNAPS collects personal data for the following purposes :
- Management of its customer contacts and prospects;
- Management of its commercial contracts;
- Management of SYSTNAPS staff and recruitment;
According to these different purposes, SYSTNAPS ensures that one of the following conditions is met :
- The consent of the individual has been obtained for one or more purposes
- The processing is necessary for the performance of a contract to which an individual is party or for the performance of pre-contractual measures taken at the request of the individual
- Processing is necessary for compliance with a legal obligation to which SYSTNAPS is subject;
- Processing is necessary for the protection of the vital interests of a natural person;
- Processing is necessary for the purposes of the legitimate interests pursued by SYSTNAPS, unless the interests or fundamental rights and freedoms of the natural person concerned prevail.
Security and data breach notification
SYSTNAPS employees are subject to an IT charter appended to the internal regulations to ensure an appropriate level of security.
Pursuant to Articles 33 and 34 of the RGPD, any data breach will be notified :
- When SYSTNAPS acts as a data controller, to the French supervisory authority (CNIL) and, if necessary, to the individuals impacted by the said breach;
- When SYSTNAPS acts as a processor, to its customers affected by the breach in accordance with the terms of the contract between SYSTNAPS and its customers.
PERSONAL RIGHTS
In the case of SYSTNAPS acting as a data controller
Under the conditions of Articles 15 and 22 of the GDPR, individuals have the right to :
- Access personal data concerning them and processed by SYSTNAPS;
- Request rectification, erasure or restriction of the processing of their personal data by SYSTNAPS;
- Under certain conditions, object to the processing of their personal data;
- Request portability of personal data;
- Where consent is the legal basis for processing, to withdraw consent.
Requests related to these rights can be made by completing the “Individual Rights” form available on this page.
SYSTNAPS reserves the right to ask for details of any request and to prove the identity of the applicant.
For further information, SYSTNAPS recommends that you contact the CNIL to find out more about the regulations on the protection of personal data, the rights of individuals and the possibility of lodging a complaint with this authority.
PHYSICAL PERSONS
In the case of SYSTNAPS acting as a data controller
At the time of collection of personal data, SYSTNAPS undertakes to provide the physical persons concerned with at least the following information, as far as possible and regardless of the processing carried out :
- The contact details of the data controller;
- The purposes of the processing
- The recipients;
- Transfers outside the EU, where applicable;
- The period of retention;
- The possibility of requesting the exercise of rights that may be exercised under the applicable regulations;
- The right to lodge a complaint with the supervisory authority.
Cooperation of SYSTNAPS with its customers and the supervisory authority
In accordance with Article 28 of the RGPD and in compliance with its contractual commitments, SYSTNAPS undertakes to cooperate reasonably with its clients in order to help them meet their obligations under Articles 32 to 36 of the RGPD.
In general, SYSTNAPS undertakes to cooperate with the French supervisory authority (CNIL) where necessary and to take reasonable account of its recommendations.
Privacy by design in products and services
When SYSTNAPS plans to develop a new service or offering, SYSTNAPS, in its capacity as editor, will make its best efforts to introduce privacy by design principles at the outset of the project and thus help SYSTNAPS’s customers to comply with the requirements of the applicable regulation through specific features and means.
SYSTNAPS staff awareness
SYSTNAPS makes every effort to provide all employees with regular awareness training on data protection issues.
All new employees at SYSTNAPS are required to attend a data protection awareness training course.
Governance of personal data protection
In order to manage the protection of personal data, SYSTNAPS has set up a dedicated governance.
A Data Protection Officer (DPO) was appointed in May 2018 and declared to the CNIL. The latter leads this governance.
A strategic committee acts transversally on all of the company’s activities, supported by an operational committee made up of the DPO and relays within the various SYSTNAPS businesses lines.
Register of treatments
Pursuant to Article 30 of the GDPR, SYSTNAPS maintains two registers of personal data processing:
- A register describing the processing operations carried out in its capacity as data controller;
- A register describing the processing operations carried out on behalf of and on the instructions of its clients who are data controllers.
These registers are made available to the CNIL on request.
Contractual policy
SYSTNAPS has included the new mandatory contractual obligations under Article 28 of the RGPD in all impacted contracts.
Contact
If you have any questions about this policy, you can send your request to the following e-mail address: dpo@systnaps.com
Depending on the nature of the form, SYSTNAPS SAS, responsible for processing, located at 19 avenue Ledru ROLLIN 94170 Le Perreux sur Marne, is likely to collect the following personal data: Surname, first name, email address, telephone number, position, company, curriculum vitae.
This personal data is processed by SYSTNAPS SAS solely for the purposes of managing its customer file, commercial communication and recruitment.
This data will only be kept for the time necessary to achieve the purpose of the processing and you may exercise your rights in accordance with SYSTNAPS’ privacy policy by sending a letter to the attention of our DPO at the following address, DPO – SYSTNAPS 19 avenue Ledru Rollin 94170 Le Perreux sur Marne or by email to dpo@systnaps.com.
Cookie policy
To learn about our cookie policy and to change your cookie preferences, visit our Cookie Policy page.
