Data Protection Policy
1. Preamble
Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“RGPD”) sets out the legal framework applicable to the processing of personal data.
The RGPD strengthens the rights and obligations of data controllers, processors, data subjects and data recipients.
Processing of personal data resulting from the consultation, browsing and use of the website www.geeng.fr (hereinafter referred to as the “Site”) and the services it offers are governed by this privacy policy. For a better understanding of the present policy, it is specified that :
- the "data controller": Geeng Genetic Genius (hereinafter referred to as
“Geeng” or “we”); - "processor" means any natural or legal person who processes personal data on
behalf of Geeng; - "data subjects": refers to customers, prospects and partners of Geeng (hereinafter referred to as “customers, prospects and partners” or “you”);
- "recipients": refers to the natural or legal persons who receive personal data
from Geeng. Data recipients may therefore include both Geeng employees
and external organizations (partners, exhibitors, banks, speakers, etc.).
2. Object
The purpose of this policy is to satisfy the information obligation to which Geeng is
bound pursuant to Article 12 of the RGPD and to formalize the rights and obligations
of Geeng’s customers, prospects and partners with regard to the processing of their
personal data.
3. Scope
This policy applies to all processing of personal data relating to customers, prospects
and partners.
Geeng makes every effort to ensure that data is processed within the framework of
precise internal governance. The processing of personal data may be managed
directly by Geeng or through a subcontractor specifically appointed by Geeng.
This policy is independent of any other document that may apply within the
contractual relationship between Geeng and customers, prospects and partners.
4. Treatment identification
4.1 Types of data collected and purposes
The personal data processed by Geeng is mainly collected from its customers, prospects and partners when using the Site, but also when executing the contracts that bind us.
We undertake to respect the principle of data minimization, which consists of collecting only the data strictly necessary for the purpose of the processing carried out by Geeng.
Consequently, we only collect and use the following personal data:
Data Type : E-mail address, Contact details: telephone, address
Person concerned : Prospects / Internal site visitors, Customers
Purpose : Newsletter subscription and receipt of promotional offers, Manage unsubscribe and unsubscribe requests, Demonstration supply
Lebal Basis : Consent if prospect, Legitimate interest if customer
Data Type : Identification data (IP address), Acceptance data (click)
Person concerned : Site visitors
Purpose : Technical data management
Lebal Basis : Legitimate interest or consent depending on data
Data Type : Identification (Last name, first name), Contact details: e-mail, telephone
Person concerned : Site visitors
Purpose : Managing and improving relationships ; To enable the Site to function; Respond to requests from users of the Site and provide them with any useful information (contact form); Send publications, press releases and information to users at their request; Prospecting and sales
events.
Lebal Basis : Consent
4.2 Data recipients – authorization and traceability
Geeng ensures that data is only accessible to authorized internal or external recipients.The personal data processed by Geeng is mainly collected from its customers, prospects and partners when using the Site, but also when executing the contracts that bind us.
- Internal recipients
Authorized personnel in the relevant Geeng (customer/prospect/partner relationship
management), administrative and IT departments, as well as their line managers;£
Aauthorized staff of audit departments (statutory auditors, departments responsible
for internal audit procedures, etc.). - External recipients
Any competent supervisory authority, accountants, court officers and ministerial
officers;
The organization in charge of managing the “Do Not Contact” list;
Authorized subcontractor personnel.
Recipients of customer, prospect and partner personal data are bound by a
confidentiality obligation.
In addition, personal data may be communicated to any authority legally empowered
to deal with it. In this case, Geeng is not responsible for the conditions under which
the staff of these authorities access and use the data.
4.3 Shelf life
The duration of data retention is defined by Geeng with regard to the legal and
contractual constraints which weigh on it and failing that according to its needs and in
particular according to the following principles:
- Customer data
For the duration of the contractual relationship with Geeng, plus 5
years from the closure of the account or termination of the business
relationship for data and documents relating to customer identity. - Statistics
Duration of statistical study - Site usage data
For the duration of the services provided by Geeng and 1 year after the last intervention
Cookies: 13 months - Data relating to prospects3 years from the date of collection by Geeng or last contact with the prospect
- Technical data
1 year
After the set deadlines, data is either deleted or kept after being anonymized, notably
for statistical purposes. They may be kept for pre-litigation and litigation purposes.
Customers, prospects and partners are reminded that deletion or anonymization are
irreversible operations and that Geeng is subsequently unable to restore them.
5. Personal rights management
5.1 Access and copy rights
You have the right to ask us whether we are processing your personal data. You can
also ask us to provide you with a copy of your data being processed.
However, if additional copies are required, we may require you to pay the cost of the
new copy.
If you submit your request electronically, the information requested will be provided in
a commonly used electronic format, unless you request otherwise.
You are hereby informed that this right of access and copying does not apply to
information or data that is confidential or for which communication is not authorized
by law.
The right of access must not be exercised in an abusive manner, i.e. on a regular
basis with the sole aim of destabilizing the proper performance of our services.
5.2 Right of rectification
You have the right to ask us to rectify any data concerning you that may be obsolete
or incorrect. To do this, please specify the data to be corrected and the data to be
replaced.
5.3 Right to erasure
The right to erasure is not applicable in cases where processing is carried out to
meet a legal obligation.
Apart from this situation, you may request the deletion of your data in the following
limited cases:
- your data is no longer required for the purposes for which it was collected or otherwise processed;
- you object to processing carried out by us on the basis of a legitimate interest when there is no compelling legitimate reason for such processing;
- you object to the processing of your data for canvassing purposes;
- your data has been processed unlawfully.
5.4 Right to limitation and portability
You are informed that these rights are not intended to apply insofar as the conditions required by the applicable regulations for each of them are not fulfilled with regard to the processing of personal data by us.
5.5 Right of objection
You are entitled to exercise your right to object only to processing based on Geeng’s legitimate interests, provided that you give a reason relating to your particular situation. In such a case, Geeng may refuse your request if it has compelling legitimate reasons that override your personal interest and, in particular, the reason you gave for your request.
5.6 Post-mortem rights
We inform you that you have the right to formulate directives concerning the conservation, deletion and communication of your post-mortem data.
5.7 Exercising rights
The above rights may be exercised, at the option of the interested party, by e-mail to the following address: contact@geeng.fr
Please note that only the person concerned by the processing may exercise the rights set out above. In case of doubt, we may ask you for a copy of your current identity document. Failure to do so may result in your application being rejected.
We do our best to respond to requests within a reasonable time and, at best, within
one month of receipt of the request.
However, if the processing of requests proves complex, or if we are faced with a
large number of requests to exercise rights simultaneously, the processing time may
be extended to two months.
6. Additional provisions
6.1 Subcontracting
We may use any subcontractor of our choice to process the personal data of our customers, prospects and partners.
Within the meaning of the RGPD, a processor is any natural or legal person who processes personal data on behalf of the controller. In practice, these are the service providers with whom we work and who handle the personal data we process;
In this case, we ensure that the processor complies with its obligations under the RGPD and undertake to sign a written contract with all our processors imposing on them the same data protection obligations that we impose on ourselves. In addition, we reserve the right to audit our subcontractors to ensure their compliance with the provisions of the RGPD.
6.2 Processing register
We undertake, in our capacity as data controller, to keep an up-to-date register of all processing activities carried out, which includes the processing of data relating to our customers, prospects and partners.
This register is a document or application that lists all the processing operations we carry out as data controller.
In addition we undertake to provide the CNIL, at its first request, with information enabling it to verify the compliance of data processing with current data protection regulations.
6.3 Safety measures
We implement the physical or logical technical security measures we deem appropriate to protect against the accidental or unlawful destruction, loss, alteration or unauthorized disclosure of data.
These measures include the following:
- individual access with complex login and password, regularly renewed,
- security measures for accessing customer databases, including rights management procedures,
- traceability system,
- confidentiality clause,
- maintaining the security and confidentiality of processed data, in particular to prevent it from being distorted, damaged or accessed by unauthorized third parties,
- secure servers.
In any event, we undertake, in the event of a change in the means used to ensure the security and confidentiality of your personal data, to replace them with means of superior performance. No development can lead to a reduction in the level of safety.
6.4 Data breach
We undertake to notify the CNIL of any data breach that we may suffer, in accordance with the conditions laid down in the regulations governing personal data.
Our contacts with customers, prospects and partners are informed of any data breach that could pose a high risk to their privacy.
6.5 Cross-border flows
We reserve the right to implement cross-border flows outside the EU of the data we process, of which you will be informed. In such a case, we will ensure that your rights are respected and, if necessary, we will sign one or more contracts with the recipient country(ies) to regulate these flows.
7. Contacts
7.1 RGPD representative
Geeng has appointed an RGPD referent who can be contacted via the following email and postal addresses:
E-mail address: contact@geeng.fr
If customers, prospects and partners wish to obtain particular information or wish to ask a particular question, they will be able to contact the RGPD referent, who will give them an answer within a reasonable timeframe with regard to the question asked or the information required.
7.2 Right to lodge a complaint with Cnil
Customers, prospects and partners concerned by the processing of their personal data are informed of their right to lodge a complaint with a supervisory authority, namely the CNIL in France, if they consider that the processing of personal data concerning them does not comply with European data protection regulations, at the following address:
CNIL – Complaints department
3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07
Tél : 01 53 73 22 22
7.3 Evolution
The present policy may be modified or amended at any time in the event of changes in legislation, case law, CNIL decisions and recommendations or usage. Any new version of the present policy will be brought to the attention of customers and contacts by any means defined by Geeng, including electronic means (e.g. distribution by e-mail or online).
