SECTION 1 – VERSION AND DATE OF APPLICABILITY
To comply with the principle of transparency, this privacy statement is the version of the first of December 2020 implemented on the same day. It does not replace a previous version of its initial version. This privacy statement may be modified or supplemented at any time, in particular, to comply with any legislative, regulatory, jurisprudential, or technological development.
SECTION 2 – CONTEXT
This privacy statement describes why and how we collect and use personal data, and provides information about the rights of data subjects. It applies to personal data which is transmitted to us either directly by the persons concerned, or indirectly. We may only use the personal data transmitted to us for one or more of the purposes described in this declaration or for any other purpose duly indicated at the time of collection. It allows us to inform you and help you exercise your rights, so we kindly ask you to take note of it.
Personal data relates to any information relating to an identified or identifiable natural person. OPPSCIENCE collects and processes personal data for different purposes. The means of collection, the legal bases for processing, use, disclosure, and retention period are varied because they are specific to each purpose.
Our goal is to be transparent about why and how we process personal data when we collect and use it. To find out more about our data processing activities, we invite you to refer to the relevant sections of this declaration.
SECTION 3 – LEGAL BASIS
The data that OPPSCIENCE collects is subject to processing, if you have consented to it and have not withdrawn this consent, or if the processing is based on at least one of the following legal grounds:
- necessary for the performance of a contract,
- falls within the legitimate interest of OPPSCIENCE,
- is subject to a legal obligation to which OPPSCIENCE may be subject (order of a judge for example),
- necessary for the performance of a public interest mission,
- necessary for the protection of a vital interest which concerns you.
SECTION 4 – SECURITY IMPLEMENTATION
We attach great importance to the security of your data. Strategies, procedures, and training covering data protection, confidentiality, and security have been defined and are implemented within OPPSCIENCE. These measures are regularly reviewed and updated to ensure that the data transmitted to us is protected against destruction, loss, alteration, and unauthorized disclosure.
The personal data collected is treated in compliance with the “IT and liberties” law of January 6, 1978, modified by the law of June 20, 2018, relating to the protection of personal data taken in application of EU regulation 2016/679. This regulation is more commonly called “General Data Protection Regulation” with the French acronym RGPD.
In the event of a data breach, the controller undertakes to notify the CNIL and any persons concerned in accordance with articles 33 and 34 of the GDPR.
SECTION 5 – RECIPIENTS AND DATA PROCESSING
Depending on the processing, the recipients can be internal or external, in both cases to the extent necessary for the performance of the tasks entrusted to them.
Internally: the recipients are the employees of our company who carry out tasks serving the purposes of the processing using technical devices controlled by our company or our subsidiaries.
Externally: the recipients are the employees of our service providers (ex: accounting firm, subcontractor, partner) who carry out tasks serving the purposes of the processing using technical devices that they master or that they offer by the fact of the very nature of their service.
The treatments carried out internally and externally are likely to be of different types, such as collection, recording, organization, structuring, conservation, extraction, consultation, use, storage available, reconciliation, limitation, deletion, anonymization, pseudonymization, or encryption.
SECTION 6 – DATA TRANSFER
OPPSCIENCE applies the GDPR regulations, and as such, in the eventuality that data transfers to countries to the European Commission would not have recognized as adequate had to be carried out, in any case, they will be operated and supervised in a way that protects the personal data of the persons concerned.
A transfer can be carried out by
- Derogation is provided in Article 49 of the GDPR (contractual obligation serving the interests of a data subject, for example).
- The use of a contract that conforms to standard contractual clauses (STCs)
- The use of Binding Corporate Rules (BCR)
SECTION 7 – DURATION OF DATA PROCESSING
The data processing carried out by our company are only for a limited period. Therefore, in the general case, it is the time necessary to achieve the objectives pursued. In some cases, longer treatments may be required by European Union law or applicable national law, or by a contractual provision.
In the absence of contrary provisions:
Customer data is kept for the duration of the contractual relationship with OPPSCIENCE, increased by 5 years corresponding to legal requirements
Data relating to contacts and prospects are kept for 3 years from the collection or last contact from the contact or prospect.
SECTION 8 – EXERCISE YOUR RIGHTS
To exercise your rights it is necessary to prove your identity, several cases are possible, and supporting documents will be requested by email or post. The request cannot be the subject of a mandate it must come from you exclusively.
In the absence of unfounded, excessive, or repetitive demand the exercise of your rights is free. Otherwise, you will have to pay a reasonable fee based on the administrative or organizational costs incurred.
The following rights are acquired by the persons concerned about their data:
- The right of access (to know the details of the data, the treatments, and their purposes)
- The right to rectify (correct any inaccuracies noted or report a change)
- The right to erasure (also called the right to be forgotten: in compliance with the legal provisions,
- the persons concerned can request the deletion of their data)
- The right to limit (freeze all or part of the data processing)
- The right to portability (receive in a structured format the data which you have provided to us)
- The right to object (stop all or part of the data processing)
For more information concerning the exercise of your rights please go to this address: https://www.cnil.fr/fr/reglement-europeen-protection-donnees/chapitre3
SECTION 9 – CONTACT THE RIGHT CONTACT
To simplify the process for requesting to exercise your rights, we invite you to contact firstname.lastname@example.org by email or by post:
14 Avenue Trudaine
To file a complaint, you must contact the CNIL on the internet https://www.cnil.fr/fr/plaintes/internet
Or by post: CNIL Complaints Service, 3 Place de Fontenoy – TSA 80 751 75334 Paris cedex 07