Personal data management policy
Personal Data or Data: Any information relating to an identified or identifiable natural person (hereinafter referred to as “Data Subject”) directly or indirectly, in particular by reference to an identifier, such as a name, an identification number , location data, an online identifier, or one or more specific elements specific to their physical, physiological, genetic, psychological, economic, cultural or social identity.
Data controller: The natural or legal person who determines the purposes and means of processing.
Subcontractor: The natural or legal person, who processes personal data on behalf of the controller.
Recipient: The natural or legal person who receives communication of personal data, whether or not it is a third party.
Third parties: a natural or legal person, a public authority, a service or a body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the sub – processor, are authorized to process personal data.
Consent: any free, specific, enlightened and unambiguous manifestation of will by which the person concerned by the processing of personal data accepts, by a declaration or by a clear positive act, that personal data concerning him / her are the subject of ‘a treatment.
This personal data protection policy applies to all personal data processed by Sensi Ateliers Arts & Sens as data controller. This can be data concerning their employees, service providers, prospects, customers, etc.
Sensi Ateliers Arts & Sens may collect data such as: first and last name; email address ; sex; phone number; address ; age / date of birth; billing data; prospecting; connection data …
THE GUIDING PRINCIPLES
Personal Data is processed by Sensi Ateliers Arts & Sens in accordance with the principles of lawfulness, loyalty, transparency and proportionality.
Personal Data is collected for specific, explicit and legitimate purposes, and processed in an adequate, relevant and limited manner to what is necessary with regard to the purposes for which they are used.
Personal Data is kept in a form allowing the identification of the persons concerned for a period not exceeding that necessary for the purposes for which they are processed.
INFORMATION FOR THE PERSONS CONCERNED
When Personal Data relating to a Data Subject is collected from this person or from a third party, the Data Controller provides the following information in particular:
– the identity and contact details of the Data Controller.
– the purposes of the processing for which the Data are intended as well as the legal basis for the processing.
– the recipients of the Data.
– the possible intention of the Data Controller to transfer Data to a country outside the EU.
– the retention period of the Data or, when this is not possible, the criteria used to determine this period.
– where applicable, the implementation of a profiling mechanism or massive processing of personalized data
– if applicable, the source from which the Data come
As far as possible and subject to other legal or contractual obligations, this information will be communicated at the time of collection or at the time of the first communication with the Data Subject.
THE RIGHTS OF THE PERSONS CONCERNED
Data subjects may exercise their right to request access to Data, rectification or erasure of Data, portability of Data to a Third Party, limitation of processing as well as to oppose Processing by requesting it. by email to the following address:
Any request must be clear, precise and justified and accompanied by a copy of an identity document and made in accordance with the applicable legal framework.
The persons concerned may lodge a complaint with the CNIL:
3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07
Phone: 01 53 73 22 22 / Fax: 01 53 73 22 00
Or at www.cnil.fr/fr/plaintes or www.cnil.fr
The Data Subject is informed that in the event of opposition to the Processing or if he or she transmits erroneous or fanciful Data, the services related to the collection of the Data cannot be rendered, the Data Controller not being able to engage his responsibility under any circumstances. as such.
In addition, the collection of certain Data may be required for regulatory or contractual reasons. The data subject is thus required to provide the Personal Data requested.
The Data collected will be processed by the employees of the companies of Sensi Ateliers Arts & Sens who are authorized according to their position to have access to and process said Data.
In certain cases, the data collected may be processed by subcontractors or partners of the company Sensi Ateliers Arts & Sens, and this only to the extent necessary for the accomplishment of the tasks entrusted to them.
Sensi Ateliers Arts & Sens strictly requires that its subcontractors or partners process Personal Data only to manage the services for which they are responsible. Sensi Ateliers Arts & Sens also asks these service providers or partners to always act in accordance with the applicable laws on the protection of personal data and to pay particular attention to the confidentiality of this data.
The data may be communicated by Sensi Ateliers Arts & Sens to the administration, courts, state services in compliance with legal and regulatory provisions.
Personal Data is stored either in the databases of Sensi Ateliers Arts & Sens or in those of its service providers.
In certain cases, and mainly for technical reasons, these databases may be stored on servers located outside the territory of the European Union.
Personal Data is processed in such a way as to guarantee appropriate security by means of physical, technical or organizational measures relevant to the rules of the art in the matter, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.
Depending on the needs, the risks, the costs and the purpose of the Processing, these measures may include the pseudonymization and encryption of Data.
Each Data Controller sets up a procedure to test, analyze and regularly assess the effectiveness of technical and organizational measures to ensure the security of processing.
In the event of a Personal Data breach, each Data Controller will do their best to notify the CNIL as soon as possible and, if possible, 72 hours at the latest after becoming aware of it.
If this violation of Personal Data is likely to generate a high risk for the rights and freedoms of the Data Subjects, the Data Controller will inform them by any means as soon as possible unless the Data Controller has taken technical measures to sufficient protection to stop this violation.