This document details what personal data we collect and that you provide to us, why we do so, when we disclose it to third parties, how we store it, secure it, and how you can exercise your rights over your data.
If you have any questions about this policy, please contact our Data Protection Officer (DPO) at the following email address: firstname.lastname@example.org
We collect personal data directly from you or through your employer or an authorized person to :
– to ensure the execution of a contract or the general conditions of an online service SICA Nucléaire (follow-up of the contract, preparation and execution of the intervention and the service, quality control),
– comply with our legal or regulatory obligations,
– for specific purposes after having obtained your explicit and positive consent,
– our legitimate interests such as customizing our offers to your needs, ensuring the security of our information system.
Moreover, if you contact us, we will keep a record of your request so that we can process it as well as possible.
When you contact us, or ask us to contact you again for the services you are interested in, you agree to provide us with the following personal data: last name, first name, e-mail, telephone number, information shared by yourself, such as your function, activity, cookies.
In order to provide our services, we collect personal and professional identification data such as name, first name, business telephone number, date of birth (trainees and professional training), business e-mail, signature, job title, photograph if applicable; data concerning technical skills; financial data related to billing.
We also use personal data generated as a result of the training: attendance sheet, date of certificate issuance, training evaluation.
When you want to access the online services you have subscribed to, you provide the following personal data: last name, first name, business email, business phone number.
We also store your consents to receive information, such as the news you subscribe to, as well as your withdrawals of consent to the processing to which you have previously consented.
We will only disclose your personal data to third parties in the following cases:
– To SICA Nucléaire’s internal departments in charge of the execution of the purposes.
– For administrative reasons: we may share personal data to comply with administrative requirements, to detect, prevent or investigate fraudulent activity, security breaches or technical problems, or for external evaluations and audits by authorities (or their representatives).
We implement the necessary and appropriate organizational and technical security measures against unauthorized access, modification, disclosure or destruction of the data we store. The Information System Security Policy (ISSP) can be forwarded to you for further details on the measures.
These measures include the following:
– Collect only the data necessary for the stated, explicit and legitimate purposes.
– Only provide access to SICA Nucléaire’s employees, subcontractors, service providers and interlocutors who need access to personal data in order to carry out their roles, functions and responsibilities if they are authorized and have access that is strictly reserved for them, have been made aware of and/or trained, depending on their roles, functions and responsibilities, have signed a confidentiality agreement and have been informed of the risks and sanctions in the event of a breach of this obligation.
– Encrypt data when necessary.
– Carry out internal audits and audits of our suppliers who process personal data on behalf of SICA Nucléaire.
We keep personal data for the duration of the business relationship and then archive or delete them. In some cases, we reserve the right to keep it for a longer period, in particular to prevent possible litigation and to meet our legal and regulatory obligations.
For data processed in the context of a treatment subject to consent, we delete it as soon as the consent is withdrawn.
We do not transfer personal data outside the European Union. In the event that we are required to do so for contractual purposes, we undertake to put in place appropriate safeguards and to obtain prior consent for the transfer. In any case, we remain responsible for our commitments on these personal data.
In accordance with the law transposing the General Data Protection Regulation, you have rights that we are required to respect:
– A right to information about the processing of your data in a clear, fair and transparent manner,
– A right of access to your personal information transmitted : you have the right to obtain from us confirmation as to whether or not your data is being processed, the purposes of the processing, the recipient of the data, the possible transfer of the data and a copy of the data ;
– A right to rectify inaccurate or incomplete data: you can obtain from us the rectification of your data if they prove to be erroneous or inaccurate,
– A right to object to certain processing operations, in particular those for the purpose of commercial prospecting,
– A right to withdraw consent to data processing, without the effects of such withdrawal being retroactive,
– A right to erase your unlawfully processed data: you have a right to be forgotten only when the processing of your data does not relate to the performance of the contract and you have cancelled the contract,
– A right to limit processing,
– A right to give instructions regarding the retention, deletion and disclosure of your data after death.
To exercise your rights,
simply contact the DPO at the following email address : email@example.com,
or by post at : SICA Nucléaire to the attention of the Data Protection Officer at 4 Chemin de la Chêneraie, 13710 FUVEAU.
There is also the possibility of filing a complaint with a Data Protection Control Authority, in France: CNIL.
In the event of a violation of your personal data that may pose a risk to your rights and freedoms, SICA Nucléaire’s DPO will notify the CNIL of the violation as soon as possible, and, if possible 72 hours at the latest after becoming aware of it. SICA Nucléaire shall also inform the person concerned, as soon as possible, in accordance with the provisions of l’article 34 du RGPD.
We undertake to process personal data in accordance with the legal provisions in force.
This policy will be reviewed as the law evolves. You will be regularly informed of this update.
(Mise à jour en 10/2021)