Introduction and Definitions
COHERIS is strongly committed to the protection of personal data.
The purpose of this Privacy Policy is to inform individuals of the rights and obligations applicable to personal data.
COHERIS, as the receiver of these data, is responsible for the processing of personal data useful to the website.
This policy may change depending on the legal and regulatory context and the doctrine of the National Commission for Informatics and Liberties (CNIL).
Personal data: it is defined as any information about an individual, identified or who can be identified, directly or indirectly, by matching an identification number or any other fact related to this same person.
Processing of personal Data: Any operation or set of operations on these data, regardless of the method used, including collecting, recording, curating, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other mean of making it available, adaptation or association, blocking, erasing or destruction.
Data collected
COHERIS collects and processes the following data from the users of its website: name, last name, email address, phone number, role and if applicable, mailing address, the name of your company, your industry activity and your country.
When visitors apply for jobs at COHERIS, we can also ask them to provide additional information, such as a resume (“applicant’s information”).
COHERIS websites may also collect information using specialized tools commonly used, such as cookies and web beacons. Information about how the user is browsing the pages of the website include standard information from the Web browser (e.g. title and language), the user’s IP address and the actions taken (for example, the Web pages visited and the links clicked on). For more information on how COHERIS and third-parties receive information as the user browse the website, click here.
We are careful to collect only the information needed to process data.
Collection purposes
The processing operations fulfill clear, legitimate and established purposes. The processing of personal data is carried out to support the performance of COHERIS’ services or to initiate pre-contractual checks taken at the request of the data subject.
The purpose of data processing is mainly of legal interest for COHERIS and is needed to deliver services you need;
- The registration to COHERIS events;
- Your subscription to Coheris newsletter;
- Demo applications;
- Public forums and social networks hosted online;
- A technical and commercial proposal or contract;
Information to users
Every user can ask for the following information:
- The identity of the controller;
- The intended purpose of the data processing;
- The receivers of his data;
- His/her rights to access, request, modify and correct his/her own information; how to express his/her opposition to commercial prospection and set guidelines to dispose of his/her personal data after his/her death;
- The retention period by categories of data.
Receivers of data
COHERIS is the main receiver of your data. Although COHERIS may ask a partner or subcontractor to process your personal data on his behalf, COHERIS shall ensure your data remains confidential.
COHERIS requires from its service providers that they strictly use personal data in order to provide its contracted services. We also require from these service providers to work in compliance with applicable laws on personal data and privacy protection.
COHERIS undertakes not to sell or rent the collected data.
The disclosure to third parties of the personal data provided may only take place in the following cases:
- With the authorization of the data holder;
- At the request of the competent judicial authorities, on judicial requisition or in the context of a dispute.
Where do we store personal data?
The personal data of our customers are recorded either in our databases or in those of our service providers.
The hosting servers on which COHERIS processes and stores the databases are located exclusively in the European Union.
If, for technical reasons, and in particular because of COHERIS international scope of business activity, these databases were stored on servers located outside the country (or outside the European Union) or if the disclosures referred to above were to result in transfers of personal data outside the European Union, there shall be standard contractual clauses or “Binding Corporate Rules” signed with these suppliers.
Data retention
COHERIS only keeps personal data for the time necessary to achieve the purpose for which they were collected, which usually lasts during the time of contract and business relationship.
However, information may remain for a longer period in our database in order to process client claims, protect COHERIS legitimate interests, comply with legal obligations, follow regulations, exercise rights.
Safety and security
COHERIS ensures the security of your personal data by implementing enhanced data protection based on applying physical and digital security measures.
Information about your rights
The personal data owners have the right to access, rectify or erase their personal data, limit its processing, request the portability of data and oppose any data commercial use.
These rights can be exercised by sending an email to the attention of our DPO at the following address: dpo@coheris.com or by mail to COHERIS, DPO, 4 rue du Port aux Vins, 92150 SURESNES.
COHERIS answers within one or two months from the time of receipt of the request to exercise any of the aforementioned data subject’s rights.
In case of a negative reply from the Data Processing Entity, the person may file a claim with the French Organization for the Protection of Personal data and Digital Freedoms (CNIL) or the Authority of the EU Member State of his/her residence to pursue a court remedy.
Exercise of access rights
To know if the controller processed any personal data.
If yes, the data subject can obtain a copy of his/her personal data and ask the following information about the process:
- Purposes of the process;
- Categories of personal data concerned;
- Receivers of the data;
- As far as possible, the intended period of data retention or, if this is not possible, the criteria used to determine this period;
- Where personal data are not collected from the data subject, all available information on the origin of the data;
- Where appropriate, the existence of an automated decision-making process, including profiling, and relevant information on the underlying logic, as well as the significance and expected consequences for the data subject.
Right of rectification
Anyone whose personal data are processed has the right to obtain the correction of inaccurate personal data and to have them completed if the purpose of the processing so requires.
Right of cancellation
Anyone whose personal data are processed has the right to obtain from the data controller the deletion of such data if:
- Personal data are no longer necessary for the purposes for which they were collected or processed;
- The owner of the data concerned has withdrawn his/her consent to further processing of his/her data and there is no other legal basis to continue this commercial data processing
- The processing is based on the legitimate interest of the controller, but the data subject has objected to the processing and there are no compelling legitimate reasons to it,
- The purpose of the processing is deemed for the prospecting or profiling of a survey and the data subject has objected to it;
- The personal data processing is not permitted by the law;
- The personal data must be erased according to the Law of the European Union or any EU Member State to which the controller must oblige;
However, the controller may refuse to erase the data if:
- Retaining the data is justified by the legitimate interest of the company;
- The entity processing the data must comply with a legal obligation under the EU law or French law;
- The processing is limited to statistical purposes;
- The process is needed to establish, exercise or defend the entity’s rights in court.
Right of LIMITATION
Anyone whose personal data is processed may request the controller to limit his/her data processing if:
- He/she disputes the accuracy of his/her personal data and the controller needs to verify the accuracy of the data;
- The processing does not comply with the GDPR but the data holder cannot delete them;
- The data controller no longer needs to process these personal data but keeps them user to establish, exercise or defend a case in court;
- The data subject objected to the processing, but an inquiry has nto stated whether the controller’s rights override those of the data subject.
When the processing has been limited, with the exception of storage, data can be processed only if:
- The data subject has given his/her consent,
- The data are needed to establish, exercise or defend the entity’s legal rights,
- The data are needed to support the rights of another natural or legal person in court or the data are of public interest in the European Union or a EU Member State.
If the limitation is subsequently lifted, the controller shall inform the data subject in advance
Right to portability
Anyone whose personal data is processed may request the data controller to provide the data or to send it to another person if:
- The process was carried out with the consent of the person concerned
- The data processing is needed for a contract to which the data subject is party or for pre-contractual measures taken at his/her request
- The process is automated
Right of opposition
Anyone whose personal data are processed has the right to oppose it under the following conditions:
- The data processing is intended to support a legitimate interest of the controller or a third party, but the controller cannot demonstrate the legitimate and imperative grounds for this process and make his interest prevail over the rights of the data subject concerned, or miss to establish, assert or defend his rights to retain data in court;
- The process is intended to support prospecting or profiling purposes related to a survey;
- The processing is done for statistical purposes.
CONTACT
If you have any queries regarding our data protection policy, you can send a letter to COHERIS Data Protection Officer (DPO), accompanied by a photocopy of an ID card bearing your signature. the following postal address: COHERIS, DPO, 4 rue du Port aux Vins, 92150 SURESNES or the e-mail address dpo@coheris.com.