External data protection policy
Updated: March 31, 2023
1. Introduction
FFBV is committed to ensuring that the collection and processing of personal data complies with the General Data Protection Regulation 2016/679 (RGPD) and the French Data Protection Act of January 6, 1978, as amended.
In the course of its activities, FFBV, as data controller, is required to collect and process personal data relating in particular to its suppliers, service providers, partners, visitors to its websites.
Anxious to build lasting relationships of trust with the latter, FFBV has put in place the technical and organizational means necessary to protect the personal data it processes.
The purpose of this policy is to present the commitments made by FFBV with regard to the protection of personal data.
The main objective of this policy is to concentrate in a single document clear, simple and precise information concerning the data processing carried out by FFBV, to enable data subjects to understand what personal data is collected, how it is used and what rights they have over it.
2. Principles applicable to personal data
FFBV is committed to respecting the following principles when collecting and using personal data.
2.1 Purpose of processing: legitimate and proportionate use
Personal data are collected by FFBV as data controller for the following specific, explicit and legitimate purposes:
- management of information relating to FFBV prospects and customers;
- quality management ;
- recruitment ;
- management of pre-litigation or litigation ;
- compliance with legal and regulatory obligations.
Such data may not be used subsequently in a way that is incompatible with these purposes.
For each processing operation, FFBV undertakes to collect and process only data that is strictly necessary for the objective pursued.
2.2 Fair and transparent data collection
In the interests of fairness and transparency vis-à-vis the persons concerned, FFBV takes care to inform them of each processing operation it implements by means of information notices under each contact form.
This data is collected fairly; it is not collected without the knowledge of individuals.
2.3 Matching and minimizing the data collected
The personal data collected is strictly necessary for the purpose for which it is collected. FFBV endeavors to minimize the data collected and to keep it accurate and up to date.
The personal data collected is regularly updated and stored by FFBV in its databases.
3. The legal basis of the processing carried out by FFBV
Any processing carried out by FFBV has a legal basis:
- The data subject's consent: FFBV may carry out processing operations when any data subject has consented to the processing of their personal data for one or more specific purposes, validly obtained by a positive act;
- Performance of a contract or pre-contractual measures: Processing may also be carried out when it is necessary for the performance of a contract between FFBV and the data subject;
- FFBV's legitimate interests: FFBV's legitimate interests may justify the processing of personal data.
4. Data recipients
FFBV ensures that only authorized company personnel and any subcontractors (service providers or suppliers) have access to the data collected.
5. Limiting shelf life
FFBV keeps the personal data it collects only for as long as is necessary for the purposes of the processing in question and in accordance with applicable national legislation, in particular with regard to statutory or regulatory limitation periods.
6. Transferring your data
FFBV does not transfer your data outside the European Union unless such transfer is based on exemptions for specific situations (your consent, transfer necessary for the performance of a contract between you and FFBV or for the implementation of pre-contractual measures taken at your request etc.).
Should FFBV need to transfer data outside the European Union outside these exceptions, it will only do so after taking the necessary and appropriate measures to ensure a level of protection and security of personal data equivalent to that offered in Europe.
7. Your rights
FFBV is particularly concerned about respecting the rights granted to you in connection with the data processing it implements, in order to guarantee fair and transparent processing taking into account the particular circumstances and context in which your personal data is processed.
7.1 Your right of access
As such, you have confirmation as to whether or not your personal data is being processed, and where it is, you have the right to request a copy of your data and information concerning :
- the purposes of the processing ;
- the categories of personal data concerned;
- the recipients or categories of recipients and, where appropriate, if such communications are to be made, the international organizations to which the personal data have been or will be communicated, in particular recipients established in third countries;
- where possible, the intended retention period for personal data or, where this is not possible, the criteria used to determine this period ;
- the existence of the right to ask the data controller to rectify or erase your personal data, the right to request a restriction on the processing of your personal data, the right to object to such processing;
- the right to lodge a complaint with a supervisory authority;
information on the source of the data when it is not collected directly from the data subjects; - the existence of automated decision-making, including profiling, and in the latter case, useful information concerning the underlying logic, as well as the importance and expected consequences of this processing for the data subjects.
7.2 Your right to rectify your data
You may request that your personal data be corrected or completed if it is inaccurate, incomplete, ambiguous or out of date.
7.3 Your right to erase your data
You can ask us to delete your personal data if one of the following reasons applies:
- the personal data is no longer required for the purposes for which it was collected or otherwise processed;
- you withdraw the consent previously given ;
- you object to the processing of your personal data if there are no compelling legitimate grounds for the processing;
- the processing of personal data does not comply with applicable laws and regulations.
Please note that the right to data deletion is not a general right, and can only be exercised if one of the reasons provided for in the applicable regulations is present.
Thus, if none of these reasons is present, FFBV will not be able to respond favorably to your request; such will be the case if it is required to retain data because of a legal or regulatory obligation or for the establishment, exercise or defense of legal rights.
7.4 Your right to limit data processing
You may request the restriction of the processing of your personal data in the cases provided for by legislation and regulations.
7.5 Your right to object to data processing
You have the right to object at any time, for reasons relating to your particular situation, to the processing of your personal data by FFBV.
If you exercise your right to object, we will no longer process your personal data in connection with the processing concerned, unless we can demonstrate compelling legitimate grounds for continuing such processing. These grounds must outweigh your interests and your rights and freedoms, or the processing must be justified for the establishment, exercise or defense of legal claims.
7.6 Your right to data portability
You have the right to the portability of your personal data. Please note that this is not a general right. In fact, not all data from all processing operations is portable, and this right only applies to automated processing, to the exclusion of manual or paper processing.
This right is limited to processing for which the legal basis is your consent or the performance of pre-contractual measures or a contract.
This right does not include derived or inferred data, which are personal data created by FFBV. The data on which this right may be exercised are :
- only your personal data, which excludes anonymized personal data or data that does not concern you;
- declarative personal data and the personal operating data mentioned above.
The right to portability may not infringe the rights and freedoms of third parties, such as those protected by business secrecy.
You can request data portability by specifying whether you wish to receive the data yourself or, if it is technically possible for us, for us to forward it directly to another data controller.
In the latter case, please indicate the exact name of the person responsible, his or her contact details and the department or person to whom the data should be sent. To facilitate the exercise of this right, you must inform the recipient of your request to our services.
7.7 Your right to withdraw your consent
When the data processing that we implement is based on your consent, you can withdraw it at any time. We will then stop processing your personal data without affecting the previous operations to which you have consented.
7.8 Your right to make a complaint
You have the right to lodge a complaint with the Cnil (3, place de Fontenoy 75007 Paris) on French territory, without prejudice to any other administrative or legal remedy.
7.9 Your right to define post-mortem directives
You have the possibility of defining specific directives relating to the conservation, deletion and communication of your personal data after your death with our services according to the modalities hereafter defined. These particular directives will only concern the processing carried out by us and will be limited to this perimeter.
You will also have when this person has been designated by the executive branch define general guidelines for the same purposes.
7.10 How to exercise your rights
Requests relating to the exercise of your rights can be made to the following postal address FFBV - Délégué à la Protection des Données - 7 Rue Mathurin Brissonneau, 44100 Nantes or at the following e-mail address: dpo@mrsuricate.com
Persons exercising their rights must provide proof of their identity by any means.
8. Personal data security
FFBV attaches particular importance to the security of personal data.
It has put in place technical and organizational measures appropriate to the sensitivity of personal data, with a view to ensuring the integrity and confidentiality of such data and protecting it against any malicious intrusion, loss, alteration or disclosure to unauthorized third parties.
It therefore undertakes to take the physical, technical and organizational security measures necessary to :
- protect your business ;
- protect the security of personal data held by the company;
against any unauthorized access, modification, distortion, disclosure, destruction or access to personal data held by the company.
Nevertheless, the security and confidentiality of personal data depends on the good practices of each individual, and so the person concerned is invited to remain vigilant.