Personal data

POLICY FOR THE PROTECTION OF THE PERSONAL DATA OF THE TEREOS GROUP

Tereos Participations is a part of The Tereos Group which is very committed to the protection of personal data and to your privacy, which are two principles protected by the Charter of Fundamental Rights of the European Union.

The processing of personal data carried out within the framework of Tereos Group’s activities complies with the rules on privacy, particularly the General Data Protection Regulation (EU Regulation 2016/679) known as the “GDPR” and the amended Act of 6 January 1978 relating to data processing, records and privacy known as the “French Data Protection Act”.

Therefore, within the exercise of its activities, the Tereos Group may be required to collect and process your personal data, whatever the type of contract that binds us.
The Tereos Group has set up a department dedicated to the protection of personal data, which ensures the effective implementation of specific procedures and processes, in order to raise awareness among its employees, involve its partners and sub-contractors in the protection of personal data and ensure the compliance of the personal data processing for which it is responsible.

This policy (hereinafter “the Policy”) aims to inform you of the reasons why the Tereos Group may process your personal data, the way in which the Tereos Group does this and your rights in this matter.

THE TEREOS GROUP’S COMMITMENTS FOR THE PROTECTION OF PERSONAL DATA

In order to ensure the best level of protection of your personal data, the Tereos Group undertakes, to comply with the GDPR by setting a number of basic principles for the processing of personal data and in particular:

  • Lawfulness, fairness, transparency:your personal data is processed lawfully, fairly and transparently;
  • Purpose limitation:your personal data is collected for specified, explicit and legitimate purposes and is not subsequently processed in a manner incompatible with those purposes;
  • Data minimisation:only the adequate and relevant data is collected and is limited to what is necessary in view of the purposes for which it is processed;
  • Limitation of retention: your personal data is retained for a limited time that does not exceed the time necessary to achieve the purpose of the processing. These times comply with the legal retention periods;
  • Accuracy: your personal data is accurate, kept up-to-date and all reasonable steps are taken to ensure that any inaccurate data, having regard to the purposes for which it is processed, is erased or corrected as soon as possible;
  • Security: your personal data is subject to security through effective technical and organisational measures that are adapted to the risks of the processing for your right to privacy and your other rights and freedoms.

Internal procedures are planned to comply with the guiding principles of the regulations on the protection of personal data from its design and by default. If necessary, our relationships with external service providers are secured through contracts that meet a real level of security of your personal data.
The majority of our services, service providers, remote applications and servers required for the processing of your personal data are located in the territory of the European Union. When your personal data needs to be transferred outside the European Union, we adopt the appropriate guarantees provided by the applicable regulations. If necessary, you can have access to relevant documents (i.e.: standard contract clauses of the European Commission).

RIGHTS OF DATA SUBJECTS

In terms of the processing of personal data, you enjoy a number of rights in accordance with the applicable regulations:

  • Right to information about processing: in order to respect the principle of fairness and transparency, the Tereos Group, must inform you prior to the collection of your personal data. This information allows you to understand and, where appropriate, to consent to the processing that the Tereos Group offers;
  • Right of access to your personal data: once your data has been collected and processed by the Tereos Group, you have the opportunity to obtain a copy of your personal data held by the Tereos Group;
  • Right of correction: to the extent that your data will not always be up-to-date, you have the right to correct data about you that is not accurate;
  • Right to withdraw consent: If you have consented to processing, you can withdraw this consent at any time, without this affecting the lawfulness of the processing before this withdrawal;
  • Right to object to processing: when processing is not based on your consent, but on legitimate interests that we pursue or those of a third party, you can oppose the processing given your particular situation;
  • Right to limitation of processing: you have the option of limiting the processing in the following cases:
    • You dispute the accuracy of the personal data for a period enabling the Tereos Group to verify the accuracy of the personal data;
    • The processing is unlawful and you want the use of the data to be limited instead of erasing it
    • Tereos no longer needs the personal data for processing, but you want it to be retained for the establishment, exercise or defence of your rights in court;
    • You objected to the processing under your right to object during the verification as to whether the legitimate reasons pursued by Tereos prevail over your own.
  • Right to erase data: you can request to erase the data we process for a legitimate reason in the following cases:
    • The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
    • You wish to withdraw your consent (see right to withdraw consent)
    • You object to the processing of your personal data for a legitimate reason
    • The personal data has been unlawfully processed;
    • The personal data must be erased to comply with a legal obligation, as required by EU law or the law of the Member State to which the data controller is subject;
  • Right to portability: when processing is not based on your consent, you may request the transfer of the personal data to another data controller, or receive said data in a structured, commonly used and machine-readable format;
  • Right not to be subject to automated individual decisions (including profiling): save in exceptional cases, you have the right not to be subject to automated individual decisions, such as profiling, which produces legal effects, or significantly affects you.

You also have the right to lodge a complaint with the Commission Nationale Informatique et Libertés (CNIL – the French Data Protection Authority). For more information, please visit the website of the CNILhttps://www.cnil.fr/fr/plaintes

Any request, whether relating to the exercise of your rights or relating to this Policy, must be sent by email or registered letter with acknowledgement of receipt for the attention of the GDPR contact person. The GDPR contact person will review your request and get back to you as soon as possible. He/she can be contacted at the following address:

  • By email: contactgdpr@tereos.com
  • By post: Tereos Group – Legal and Compliance Department – GDPR Contact Person – 12-14 Rue Médéric 75017 Paris, France

To process your request, please:

  • Include your family name(s) first name(s)
  • If the request is regarding a right of access, specify the categories of data you want to access
  • If the request is regarding another right, specify the reason for your request (which right you want to exercise and for what reason)
  • Attach/enclose proof of identity

If the request is made by a representative:

  • Provide a proof of mandate and identity for the agent
  • Provide proof of identity of the person representing

PROCESSING CARRIED OUT BY THE TEREOS GROUP

  1. Identity and contact details of the data controller

TEREOS PARTICIPATIONS
11 RUE PASTEUR
02390 ORIGNY SAINTE BENOITE

FRANCE

  1. Purpose of the processing of personal data and categories of collected personal data

For each purpose identified, the categories of personal data collected, processed and stored by the Tereos Group are as follows:

  • Respond to requests received via the form in the “Contact” tab: Country of residence, Last name, First name, E-mail, Phone number (optional);
  • Compiling browsing statistics using cookies and other tracers: IP address, browsing history, interaction website, socio-demographic category;
  • Getting information about the terminal (email routing): IP address, operating system, internet browser, other terminal information, applications or connections;
  • Managing the exercise of rights by data subjects: identity data, email address. A photocopy of your ID may be required to access your request;
  • Establishing, exercising or defending the rights of the Tereos Group: identity data, data required to establish, exercise or defend the rights of the Tereos Group.
  1. Categories of persons
  • Visitors of the website tereos.com

LEGAL BASES

The legal justifications on the basis of which we can process your personal data are:

  • Consent;
  • The legitimate interest of the data controller.

RETENTION PERIOD

Your personal data is retained for the time necessary to achieve the purposes described in this Policy. It is then archived in accordance with the legal and/or regulatory requirements, and/or to enable the Tereos Group to establish proof of a right or contract (deadlines applicable to prescription).

COMPUTER SECURITY

Security of processing of personal data is one of the Tereos Group’s priorities. We make every effort to implement technical and organisational measures adapted to the issues and risks associated with the protection of personal data. Training sessions on personal data protection are offered to our employees. Our employees are subject to a confidentiality obligation. Our websites are subject to technical protection and communications with your computer are encrypted by an HTTPS (TLS) stream.