CHRYSO is required to process personal data in the context of its business activities. Since respect for privacy is an important concern for our company, and in order to comply with the General Data Protection Regulation ("GDPR"), CHRYSO has put procedures in place to meet the new requirements imposed by the GDPR.
This document contains an explanation of these new procedures and the commitments made by CHRYSO with respect to the various ways our company processes personal data.
In this document, the following terms will have the meanings specified below:
“Personal Data”: any data that may directly or indirectly identify a natural person
“Controller”: entity which determines the purposes of data processing and the means used to attain them
“Processor”: entity which processes personal data on behalf of a controller
“Non-Adequate Country”: country that does not belong to the European Union, in which local regulations do not offer an adequate level of protection for Personal Data to be transferred there without additional guarantees
In the context of its business activities, CHRYSO will process some of your Personal Data such as (without limitation):
- First and last names;
- Personal and professional e-mail addresses;
- Telephone numbers;
- Postal addresses;
- Candidacy information;
- Web cookies;
- Bank account details.
Stemming from our wish to process our employees' Personal Data in the best possible manner, we have made a certain number of commitments, both with respect to the collection of Personal Data and the measures taken to guarantee a high level of security.
1) Purposes of processing
The Personal Data processed by CHRYSO are used in a defined framework and for a precise purpose. Every time processing is done, it shall be legitimate under the GDPR, including for the following reasons:
- Processing is justified by legal obligations imposed on us;
- Processing is justified by contractual obligations defined in our various activities;
- You have consented to the processing of your Personal Data;
- The processing is necessary to preserve the legitimate interests of the enterprise
CHRYSO undertakes not to use your data except within the limits of the defined processing or, in the case of processing based on your consent, to notify you of any planned additional processing.
2) Restriction and proportionality
CHRYSO undertakes to collect and to use Personal Data only to the extent strictly necessary for the intended purposes, and to store these data only for the time needed to carry out the processing or for the storage periods imposed by law. The information concerning the storage periods shall be available from the start of the processing, as these periods may vary depending on the applicable laws or the type of processing.
3) Data security
We undertake to take all physical, logistical and organisational measures to prevent any alteration, deterioration and/or unauthorised access to the data. This includes ensuring the security of access to premises, data encryption and network security policies.
In addition, CHRYSO requires guarantees from all entities processing Personal Data on its behalf, to ensure their compliance with respect to the GDPR.
4) Data transfers
Due to its presence in a number of countries, CHRYSO may be led to transfer your data to foreign countries, including countries which are considered to be “non-adequate” by European Union bodies. In this case, our company ensures that the necessary guarantees are put in place to maintain a level of protection that is equivalent to that of the European Union.
5) Rights of data subjects
The GDPR provides numerous rights concerning your data. A brief outline of these rights is provided below:
Right of access
You may request confirmation of the processing, or not, of your Personal Data by CHRYSO and if so, obtain access to the data via the address firstname.lastname@example.org
Right to rectification
You may request the rectification of information concerning you if it is erroneous, and the completion of data that are incomplete.
Right to erasure
It is possible to demand the erasure of Personal Data under certain conditions, in particular for data that are processed in the framework of consent.
Right to restriction of processing
It is possible for you to demand the interruption of processing, in particular in the event that your Personal Data are clearly erroneous and require an update.
Right to data portability
Under certain conditions, you may request to receive the Personal Data that you have provided to CHRYSO in a predefined format, or to have them transferred to a third party of your choice.
Right to object
You may request the halting of processing of your Personal Data for reasons pertaining to your particular situation. A notification will be sent to you confirming that the processing of your data has been halted, or informing you of the reasons which prevent compliance with your request. This right cannot be refused in the context of processing for direct marketing purposes and/or processing based on consent.
Right to bring a complaint before a supervisory authority
You have the right to contact the supervisory authority (which for France is the CNIL) to bring a complaint procedure concerning practices connected with CHRYSO's management of personal data.
To request information or to exercise your rights, you may contact CHRYSO in the following manner:
- Send an e-mail to email@example.com
- Send a letter to CHRYSO Legal Department (GDPR) - 19 Place de la Résistance - CS 50053 - 92445 Issy-les-Moulineaux Cedex – France
Naturally, you must specify your last name, first name and the nature of your request (additional information may be requested of you in order to process your request effectively, to provide a speedier response and/or to confirm your identity).