1. What is the purpose of the data protection policy?
1. Digital Virgo SA has wished to set out its personal data protection policy with regard to data protection regulations by taking into account the European Union standards in this matter and more particularly the General Data Protection Regulation (“GDPR”) [1].
2. With this data protection policy, Digital Virgo SA undertakes, within the framework of its activities and in accordance with the regulations in force, to protect the privacy of its prospects and customers (the “data subjects”) by ensuring the protection, confidentiality and security of the personal data collected.
3. Digital Virgo SA further undertakes to have suitable financial, human and technical means to safeguard the data subjects human dignity, legitimate interests and fundamental rights.
4. The main objective of this data protection policy is to concentrate in a single document clear, simple and precise information concerning the data processing operations carried out by Digital Virgo SA, in order to enable the data subjects to understand what information and personal data (hereinafter referred to as the “personal data”) are collected, how they are used and what their rights are with regard to these personal data.
5. Digital Virgo SA reserves the right to amend this data protection policy at its sole discretion and at any time, in accordance with applicable data protection regulations.
[1] Reg. (EU) 2016/679 of 27 April 2016
2. Governance of personal data
6. Digital Virgo SA has developed a personal data governance policy.
7. This policy includes all the guidelines, rules, procedures, and practices implemented by Digital Virgo SA to take into account the requirements of regulations relating to the use and protection of personal data, whose guiding principles are presented in this policy.
8. In this context, Digital Virgo SA has designated a Data Protection Officer (DPO).
9. The task of the DPO is to ensure compliance with data protection regulations and to liaise with the Data Protection Authorities and all data subjects in relation to the collection or processing of personal data.
10. The DPO can be contacted by any interested person at the following postal address: «Service RGPD – 350 rue Denis Papin CS 90554 13594 Aix en Provence Cedex 3 France » or at the following email address “service-rgpd@digitalvirgo.com”.
3. Definitions
– “anonymisation” means “the result from processing personal data in order to irreversibly prevent identification”[2];
‐ “collect” means to obtain personal data. Data may be collected in particular by means of questionnaires or replies to messages;
‐ “consent” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
– “providers” should be construed in the broadest sense and means in particular service providers, subcontractors working with Digital Virgo SA;
– “products or services” means all products and services, including technological products and services (websites, applications and associated services) offered or to be offered by Digital Virgo SA and its subsidiaries;
– “prospect” means any person who has contacted Digital Virgo SA to obtain information about a product or service offered by Digital Virgo SA.
– “controller” means the person or body which, alone or jointly with others, determines the purposes and means of the processing of your personal data;
– “processing of personal data”: means any operation or set of operations in relation to such data, whatever the mechanism used.
[2] WP29 Opinion 05/2014 on Anonymisation Techniques of 10 April 2014
4. When does Digital Virgo SA collect personal data?
11. Personal data may be collected primarily in the context of:
- the management of applications addressed to Digital Virgo SA and/or its subsidiaries;
- the entry into contact with Digital Virgo SA;
- the customer’s use of any Digital Virgo group’s products and services, including technological services (website, application, and associated services);
- the relationship between Digital Virgo SA, its prospects, and its customers;
- the performance of contracts;
- the performance of legal or regulatory obligations relating to the activity of the Digital Virgo group and having an impact on the protection of personal data, such as tax obligations, audit, fight against fraud,…;
- and those relating to the management of the commercial relationship in particular at the time of complaints, or satisfaction surveys; …
5. What are the categories of data processed by Digital Virgo SA?
12. Personal data means any information relating to a natural person which permits to identify him or her, directly or indirectly.
13. The data collected by Digital Virgo SA may be filed under the following main categories: contact data, identification data, photos, data linked to the use of the services, payment data, data related to applications for job offers.
14. Personal data may include an individual’s first and last name, telephone number, photograph, video recording, messages exchanged, postal address, email address, computer’s IP address, type of device used.
5.1 Declarative personal data
15. Declarative personal data is any data provided by the data subjects and collected by Digital Virgo SA in the context of commercial or contractual relationships or when applying to Digital Virgo SA and/or its subsidiaries.
16. The data come mainly from the data subjects and the persons authorised by the data subjects to transmit them to Digital Virgo SA.
17. For example, the data subject may be asked to provide personal data about his company, his name, first name, contact information, his professional training, his professional experience, his photograph. This data can be collected through electronic forms (on website or mobile applications), paper forms or verbally through answers to questions asked for example by an employee of Digital Virgo SA.
5.2 Personal data from third parties
18. The personal data processed may also come from:
- service providers;
- public or supervisory authorities;
- subcontractors, providers of the Digital Virgo SA or third parties if their personal data protection policies allow it;
- other products or services provided by third parties to which the data subjects have subscribed and/or for which they have authorised sharing with Digital Virgo SA.
6. What are the personal data processed by Digital Virgo SA?
19. Digital Virgo SA processes the following main personal data in relation to user:
- last name, first name
- country of origin of the applicant
- email address
- mailing address
- telephone number
- curriculum vitae
- connection and consultation data of electronic applications (IP, device, logs, tracers)
- photographs
- messages exchanged with employees of Digital Virgo SA
7. Who are the recipients of the data collected by Digital Virgo SA?
20. The personal data collected, as well as those that will be obtained later, are intended for Digital Virgo SA in its capacity as the data controller.
21. Digital Virgo SA ensures that the personal data of the data subjects are only accessed by authorised persons and only when necessary for the performance of their tasks.
22. Some personal data may be sent to third parties to comply with legal, regulatory or contractual obligations or to legally authorised authorities.
23. The categories of recipients of the data include: customers, Digital Virgo SA companies, the human resources department, legal department, sales department, internal customer relations, technical providers, and any other competent services of the Digital Virgo SA subsidiaries concerned by the requests.
Each subsidiary of Digital Virgo SA processes the data in accordance with the provisions of the RGPD, which are governed by a confidentiality policy, accessible from the subsidiary concerned.
8. How long does Digital Virgo SA keep the personal data?
24. Personal data is stored in Digital Virgo SA’s information systems or those of its subcontractors or providers. Subject to transmission to third parties, personal data is stored in a data centre and processed in Europe.
25. As a matter of principle, Digital Virgo SA undertakes to choose subcontractors and providers who meet the best quality and security criteria and provide sufficient guarantees in terms of reliability, security and resources to implement technical and organisational measures.
26. Lastly, Digital Virgo SA knows at all times the place where its data are hosted in order to be able to demonstrate compliance to the competent supervisory authorities.
27. The GDPR has strengthened the duty to provide information to data subjects whose personal data are collected.
9. Guiding principles for the protection of personal data
9.1 Lawfulness, fairness and transparency
9.1.1 Lawfulness
28. Digital Virgo SA will not process data unlawfully, with the understanding that lawfulness is assessed in the light of one of the conditions described below.
29. Consent of data subject. Digital Virgo SA may carry out processing where the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
30. Such consent may be given by a written statement, including by electronic means, or an oral statement, or when using the services.
31. The legitimate interests of Digital Virgo SA or a third party may be such as to warrant Digital Virgo SA’s processing of the data of the data subject.
32. The legitimate interests pursued by Digital Virgo SA are diverse but may consist in particular of:
- the improvement of the marketing knowledge of the data subjects;
- the improvement of products and services;
- marketing prospects.
33. Such processing operations are carried out taking into account the interests and fundamental rights of the data subjects. As such, they are accompanied by measures and guarantees to ensure the protection of the interests and rights of the data subjects and allow a balance with the legitimate interests pursued by Digital Virgo SA.
9.1.2 Fairness and transparency
34. Digital Virgo SA undertakes to provide fair, clear and transparent information.
35. Digital Virgo SA undertakes to inform the data subjects of each processing operation it carries out by means of information notices.
9.2 Specified, explicit and legitimate purposes
36. Personal data are collected and processed by Digital Virgo SA for specified, explicit and legitimate purposes at all times.
37. Committed to guaranteeing the ethics and security of the personal data of its customers, Digital Virgo SA uses personal data in accordance with the terms of this data protection policy.
38. Digital Virgo SA uses all or part of the personal data for the following main purposes:
- the management of the applications;
- the reception of the requests in the form of contact addressed to the publisher and the webmaster;
- the management of the follow-up given to the requests received;
- communication about events or news;
- managing exchanges with Digital Virgo group’s partners in the context of complaints or requests sent to it;
- managing, protecting and securing tools, websites and applications;
- measuring quality and satisfaction;
- improving the services provided;
- developing service innovation;
- executing solicitation operations;
- developing trade statistics;
- managing data subject’s requests in relation to their rights;
- managing people’s opinions on products, services or content;
9.3 Adequacy, relevance and restriction
39. For each processing operation, Digital Virgo SA undertakes to ensure that the processing operations are adequate and to collect and process only data that are strictly necessary for the purpose pursued.
9.4 Data accuracy
40. Digital Virgo SA is committed to ensuring that the data collected are complete and as up-to-date as circumstances permit.
41. Data subjects have the right to exercise their right to rectification, under the conditions given below, if they become aware of the existence of inaccurate data.
9.5 Storage period and restriction
42. Digital Virgo SA undertakes that it will not keep personal data longer than is necessary to fulfil the purposes for which they are stored or no longer than the period provided for by the regulations relating to the protection of personal data.
N° | Categories of personal data | Rules of active conservation |
---|---|---|
1. | Requests for information | 1 year |
2. | Applications | Retention of 2 years maximum starting from the time of last contact with the applicant. In case of complaints of the applicant on the refusal of his application within this period: conservation for a total duration of 5 years starting from the sending of the refusal letter to the applicant |
3. | Analytics statistics | 26 months |
4. | Newsletter management | Until unsubscription |
5. | Photographs (excluding applications) | 5 years |
6. | Messages | 1 year |
43. After the end of the retention period, the data will be deleted from Digital Virgo SA’s information system.
9.6 Commitment to security and confidentiality
44. Digital Virgo SA undertakes to implement security measures appropriate to the degree of sensitivity of the personal data to protect them against any malicious intrusion, loss, alteration or disclosure to unauthorised third parties.
45. All Digital Virgo SA’s premises in which personal data are processed are protected electronically and/or manually against intrusion by unauthorized third parties.
46. Digital Virgo SA has adopted internal policies and processes implementing measures that comply with the principles of personal data protection by design and by default.
47. For example, it may apply pseudonymisation of personal data as soon as this is possible or necessary.
9.7 Rights of data subjects
48. The individuals whose data are processed are granted the following rights, unless otherwise legally required from Digital Virgo SA:
- the right of information;
- the right of access;
- the right to rectification;
- the right to erasure or the right to be forgotten;
- the right to portability;
- the right to object;
- the right to restriction of processing;
- the right to give guidelines for the storage, erasure and communication of personal data after their death.
9.7.1 Procedures for exercising these rights
49. If you have any questions or requests regarding the processing of personal data by Digital Virgo SA, please contact: service-rgpd@digitalvirgo.com
9.7.2 Right to lodge a complaint
50. The data subjects have the right to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy.
51. The data subjects may lodge this appeal with the Data Protection Authorities: Information Commissioner’s Office (ICO).
9.8 Framework for transfers outside the European Union
52. The personal data that European citizens have transmitted to Digital Virgo SA in accordance with the agreed purposes are transferred to a country inside the European Union or outside the European Union.
53. In case of transfers to a country outside the European Union, rules have been put in place to ensure the protection and security of the data.
54. In all cases, Digital Virgo SA undertakes to take all necessary and appropriate measures to ensure the security of personal data.
55. These personal data may be communicated, at the request of the data subjects, to official bodies and to authorized administrative or judicial authorities, or to third parties.
10. Special processing
10.1 Cookies and other tracking technology
56. When we talk about cookies or other tracking technology, we mean the technology placed and read for example when you consult a website, read an email, install or use software or a mobile application, whatever the type of device used.
57. In order to improve the use and functionalities of its websites, Digital Virgo SA uses various types of cookies or other trackers such as pixel tags, some of which may automatically record and transmit personal data to Digital Virgo SA’s websites.
58. Digital Virgo SA has set up a cookies policy for its websites. For more information please refer to the Cookie Policy available on the site during your visit.