Definitions
Personal Data: Any information that directly or indirectly identifies or makes identifiable a natural person.
Legislation in Force: Particular European Regulation n°2016/679 of April 26th, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR) and Law n°78-17 of January 6, 1978 known as "Informatique et libertés" amended in 2018.
Third Country: Any country outside the European Union which does not have adequate legislation concerning the processing of Personal Data as decided by the European Commission.
Data Controller or Sicame Group: Sicame Group GIE, RCS Brive 478 874 902, 19230 Arnac-Pompadour.
Processing: Any operation or set of operations carried out using automated or manual processes on an electronic or paper medium, such as the collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission and dissemination of Personal Data.
Data Processor: The person who processes Personal Data on the instructions of the Data Controller in the context of a service or provision.
User: The natural person whose Personal Data is collected for processing hereunder, and who is a Data Subject within the meaning of Legislation in Force.
This privacy policy (hereinafter the « Policy ») applies to the Processing carried out by Sicame Group on the website accessible at the following address: sicame-transmission.com (hereinafter the « Website »).
Sicame Group undertakes to comply with the Legislation in Force.
Personal Data is processed in a lawful, fair and transparent manner.
Personal Data collected is adequate, relevant and limited to what is strictly necessary for the purposes of Processing.
1. Purposes of the Processing of Personal Data
Sicame Group collects the User’s Personal Data for:
- Meet to solicitation requests made via the e-mail address available on the Website,
- Manage requests for access, rectification and opposition rights.
2. Personal Data collected
The User is informed that Sicame Group collects and processed the Personal Data and in particular:
- When the User contacts Sicame Group, for a request of information about the activities of Sicame Group or one of its affiliates: email address and any data transmitted by the User;
- When the User formulates a request to exercise his rights: identity data, purpose of the request, e-mail address.
3. Personal Data retention period
The Data Controller will retain the Personal Data for the period necessary to achieve the purposes for which they were collected and processed. Then, the Personal Data is archived for the purposes and retention periods as defined below:
- For commercial prospecting, 3 years from the last contact with the User;
- For relationship management: duration of the relationship plus 5 years;
- To respond to the requests for access, rectification and opposition rights: calendar year of the request plus 5 years.
4. Legal basis of the Personal Data Processing
Sicame Group processed the Personnel Data on a legal basis precisely identified:
- Sicame Group's legitimate interest in Processing Personal Data;
- The performance of pre-contractual measures or the contract that Sicame Group has concluded with the User;
- Compliance with legal obligations, in particular for the management of requests to exercise rights.
5. Undertakings of the Data Controller
Sicame Group undertakes to:
- Process Personal Data solely for the purposes described above,
- Process Personal Data in accordance with the Legislation in Force,
- In the event of transfer of Personal Data to a Third Country or to an international organization, inform the User in advance,
- Guarantee the confidentiality of Personal Data by taking all appropriate technical and organizational measures to (i) prevent access to Personal Data by unauthorized persons, (ii) by carrying out identity and access controls via an authentication system and a password policy, (iii) by opting for an authorization management system, and (iv) by setting up processes and systems enabling all actions carried out on its information system to be traced and, in accordance with current regulations, to be reported in the event of an incident affecting Personal Data,
- Ensure that persons authorized to process Personal Data undertake to respect confidentialitý or are subject to an obligation of confidentialitý and receive the necessary training in the protection of Personal Data,
- Take into account, with regard to its tools, applications or services, the principles of data protection right from the design stage,
- Erase, anonymize or archive Personal Data at the end of the retention period.
Under no circumstances will the Data Controller be held responsible for security incidents linked to the use of the Internet, in particular in the event of loss, alteration, destruction, disclosure or unauthorized access to the User's data or information.
6. Data Processor/Personal Data transfers
The User accepts that Personal Data concerning him/her collected by the Data Controller may be transmitted to Data Processor/Service providers with whom he/she has a contractual relationship for the sole purpose of carrying out the aforementioned purposes, subject to these third-party recipients of Personal Data being subject to regulations guaranteeing an appropriate and adequate level of protection as defined by the Legislation in Force.
In the event of transfer of all or part of the Personal Data subject to Processing to a Third Country, i.e. one located outside the European Union or which does not present a level of protection recognized as adequate within the meaning of the Legislation in Force, or to an international organization, the Data Controller undertakes to provide the appropriate safeguards provided within the Legislation in Force and to have them respected by its Data Processor.
Under no circumstances will the Data Controller sell, rent or use the Personal Data it receives for any purpose other than that specified. The Data Processor will only disclose Personal Data to third parties for the purposes of fulfilling the purposes and to third parties acting as Data Processor under the conditions set out herein.
7. User’s exercice of rights
The following rights are guaranteed by the Data Controller to the User: right of access, rectification, deletion and opposition, right to data Processing limitation, right to data portability, right not to be the subject of an automated individual decision (including profiling).
The User may obtain a copy of his or her Personal Data by sending a written request to the Data Controller.
By sending a written request, and at any time, the User may obtain a correction or deletion of his/her Personal Data, within the limits of the rights of the Data Controller.
Any request shall be addressed to Sicame Group by writing at the following address: dpo@sicamegroup.com
If the User estimates that Sicame Group has not respected its rights with regard to the protection of Personal Data, he/she may file a complaint with the French authority, the CNIL.
8. Privacy Policy updates
Sicame Group regularly updates the Policy which is available on the Website at any time.