Data protection can be reached at firstname.lastname@example.org.
The data processing officer has an information, advisory and internal control role. He or she is the person responsible for personal data. He/she keeps and makes accessible a register. He/she ensures IT security and simplifies formalities with the CNIL. He is the guarantor of legal obligations. He informs the data processors and subcontractors and has the full support of the Serenicity company to carry out his missions.
Our processors are informed of their obligations and responsibilities. Our personal data controller ensures the existence of contractual clauses reminding the subcontractor's obligations in terms of security, confidentiality and protection of personal data processed. The traceability of personal data entrusted to our subcontractors is operational.
The security of our information system is based on a policy that includes, among other things, the security measures implemented for the protection of personal data. It includes the following measures:
Your information is kept for a maximum of 5 years.
The processing of personal data is based on a legitimate legal basis in full compliance with the activity of our company. We only collect personal data that is strictly necessary for our business. Consent is obtained when signing our commercial documents.
In addition, you have the right to access your information (four times a year), rectify it, request its correction or deletion, and exercise your right to limit the processing and portability of your personal data.
For this, you can contact our data controller:
We have not identified any processing of personal data that is likely to result in high risks to the rights and freedoms of data subjects.
If a new processing operation were to be set up then we have planned to carry out a Data Protection Impact Assessment ( DPI).
This DPI allows for the creation of a privacy compliant processing in accordance with the RGPD. It will be carried out before the processing of personal data is implemented and will be based on an iterative process. Regular analyses will allow for corrections to be made to the processing, particularly in the event of major changes to its modalities.
This DPI will meet the following 9 criteria:
In the event of a personal data breach for which we are responsible, our personal data controller will notify the data protection authority within 72 hours and the individuals concerned as soon as possible. This notification will be made using the "Personal Data Breach Notification Form" available on the CNIL website.
Right from the design of an application or processing, the protection of personal data is systematically taken into account in our company. This process is managed by our personal data controller. Each new processing operation is reviewed and entered into our register. If a processing operation deals with sensitive data, then a PIA is set up. Unnecessary data is removed from our processing.
In the event of a change of processor, our data controller ensures that the new processor is in compliance with the GDPR. It also ensures that the replaced processor destroys all personal data in its possession.
An awareness of personal data protection for all employees of our company is carried out by our personal data controller once a quarter by electronic means.