Personal data protection policy

Direction RH is committed to protecting your personal data and ensuring a high level of data protection in accordance with European Regulation 2016/679 and the French Data Protection Act No. 78-17.

As such, you will find below our personal data protection policy, which explains, in particular, the personal data we collect, how it is processed and on what basis, its retention, and your personal rights. We invite you to review it carefully.

Our Data Protection Officer is available to answer any questions you may have. You can contact them at the following address: rgpd@directionrh.fr.

Vous  pourrez  retrouver  le  texte  du  Règlement  européen  applicable  ici → https://eur-lex.europa.eu/legal- content/FR/TXT/?uri=CELEX%3A32016R0679 ou  interroger/saisir  l’autorité  de  régulation  (CNIL)  via  son  site internet www.CNIL.fr.

This version of the personal data policy may be modified by us if necessary, and you will be informed accordingly.

Direction RH is the data controller for your personal data. You can find our contact details below: Address: 2 Allée des Bouleaux, 77123 Noisy-sur-École. In this document, Direction RH is referred to as "Direction RH" or "We."

Your personal data may be collected during:

• Your visit to our website,
• Our communications,
•  Our prospecting activities,
•  The formation or execution of our contracts.

We do not collect any data that is unnecessary for the processing purpose specified at the time of collection, nor any data prohibited by law or regulations.

The collection of certain data may be mandatory or optional, and you will be informed of the required information. Your personal data may also be collected by third-party service providers or partners, who commit to complying with European and national data protection regulations.

Our policy is not to transfer your data outside the European Union. However, if an exception were to occur, such a transfer would only take place to a country or organization covered by an adequacy decision (Article 45 GDPR) or offering appropriate sufficient safeguards (Article 46 GDPR).

We do not make any automated decisions.

We may potentially collect the following personal data:

• Civil status, identity, contact details, images
• Professional life
• Personal economic and financial data Connection data
• Internet & telephony data

We process your personal data by entering it into databases; it is stored, retained, and, if necessary, corrected, deleted, archived, anonymized, or pseudonymized, and may be transferred to trusted third parties.

We process your personal data for the following purposes or for purposes specified to you at the time of collection:

1. Informing you about our commercial offers (products, services, etc.) and promotional offers.

Communicating with you.

We may use your personal data for commercial prospecting purposes, including sending you information about our products/services, commercial and promotional offers, quotes and other pre-contractual documents, as well as our latest news via email, postal mail, or phone.

2. The execution of your ongoing contracts and customer relationship management. 

We use your personal data to ensure the execution of ongoing contracts in accordance with your requests. We may also send you information regarding your order or current contracts, their execution, invoices, and contractual documents, as well as advice, the fulfillment of our guarantees if applicable, and our legal obligations. Additionally, we use your personal data to manage our customer relationship, respond to your requests or complaints, handle disputes if necessary, and track your customer history.

3. Improving the use of our services and enhancing our offers. 

We process your personal data to enable you to make optimal use of our services, improve our offers and products/services, track your user journey, and conduct satisfaction surveys, polls, and anonymous statistics.

4. Your Payments 

Your banking details may be collected either directly by us or by a dedicated and selected service provider, who ensures the complete confidentiality of your banking data. These details are retained only for the duration necessary for the contractual relationship or within the legal limits.

5. Protection Against Fraudulent Activities 

The personal data collected may be used to combat fraud, particularly in relation to payments or withdrawals. In this regard, our payment security providers may receive these data.

6. Ensuring Compliance with the Law and Court Decisions
Your data may be used to:

• Respond to a request from an administrative or judicial authority, a law enforcement representative, or a legal officer. Comply with a court decision.
• Ensure compliance with our general terms and conditions of sale/service.
• Protect our rights and/or seek compensation for damages we may incur or mitigate their consequences.
• Prevent any actions contrary to applicable laws, particularly in the context of fraud risk prevention.

We may also process your personal data for the following purposes:

• Miscellaneous

- Dissemination of administrative and scientific information

- Management of schedules

- Execution of legal or contractual warranties

• Cookie Management

- Necessary cookies – Essential for the optimized use of the website (e.g., identification, shopping cart)

- Performance cookies – Allowing the creation of anonymous statistics and measuring website traffic. - Tracking and personalization cookies – Collecting information about your use of the site to personalize our offers.

- Third-party cookies – Used to target advertisements that may interest you based on your identified preferences. These cookies are managed according to the policies of third parties, not the policy of Direction RH.

- Analytical cookies – Allow us to understand and analyze your browsing behavior on our website

In accordance with regulations, the processing of your personal data by us is justified if it is based on one of the following legal grounds:

• Your consent to the processing of your data: You expressly agree to the processing of your personal data. You may withdraw this consent at any time by contacting our Data Protection Officer (DPO).
• The existence of a contract between you and us: The processing of data is justified by the necessity of executing the contract.
• Our legitimate interest in processing your personal data: Provided that this interest is proportionate and respects your fundamental rights and privacy.
• The law or applicable regulations: When they require us to process and retain your personal data.

We manage your personal data in three phases:

• An active phase, during which data is stored in an "active" database for the duration specified below. Your personal data remains accessible only to individuals with an operational need to access it for authorized processing.
• An archiving phase, during which your personal data is stored for an additional period beyond the active database retention when a legitimate reason justifies it. During this phase, data is archived with restricted access and retained for a limited duration.
• A deletion or anonymization phase, during which, after the additional archiving period specified below, your personal data is either deleted or anonymized (so that it can no longer be considered personal data identifying you).

Your personal data is retained for as long as necessary for processing purposes, customer relationship management if applicable, contract execution, and within the specific regulatory limits. We may also archive your personal data for accounting, tax, or evidentiary purposes, in accordance with applicable statutory retention periods. For example, below are the retention periods applied to the following types of processing (subject to regulatory requirements mandating a different retention period):

Your consent given for the collection of your personal data can be withdrawn by writing to our DPO via email or postal mail at the addresses listed in the header. Please include your full name, email, and address, along with the precise nature and subject of your withdrawal request.

You can also send us any comments regarding your personal data at the following address: Direction RH 2 Allée des Bouleaux 77123 Noisy-sur-École.

You have the following rights:

• A right of access , which allows you to obtain:

 - Confirmation of whether or not data concerning you is being processed.

 - The provision of a copy of all personal data held by the data controller.

• A right to request data portability for certain data: this allows you to retrieve your personal data in a structured, commonly used, and machine-readable format.
• A right to object: this allows you to no longer be subject to commercial prospecting from us or our partners. Additionally, for reasons related to your particular situation, you can request the cessation of data processing for research and development, fraud prevention, and security purposes.
• Right to rectification: This allows you to correct any outdated or inaccurate information about you. It also enables you to complete any incomplete information concerning you.
• Right to erasure: This allows you to request the deletion of your personal data, subject to legal retention periods. It particularly applies when your data is no longer necessary for processing.
• Right to restriction: This allows you to limit the processing of your data in the following cases:

- In case of unlawful use of your data.

- If you dispute the accuracy of your data.

- If you need the data to establish, exercise, or defend your rights.

They will no longer be actively processed and cannot be modified during the period in which this right is exercised.

• Right to obtain human intervention: Data controllers may use automated decision-making for contract subscription or management. In such cases, you can request information on the key criteria used in the decision-making process by contacting the Data Protection Officer.

You can exercise these rights by email at: rgpd@directionrh.fr or by mail at the following address: 2 Allée des Bouleaux, 77123 Noisy-sur-École. Please include your full name, address, and email (if applicable, your customer reference), along with a clear and legible explanation of your request. Direction RH commits to responding to your verified request within one month of its receipt.

In case of difficulty, you can contact our Data Protection Officer directly via email at: rgpd@directionrh.fr or file a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL).

Direction RH may transmit your personal data to subcontractors who perform services involving data processing, in compliance with the purposes outlined in this policy. These subcontractors are required to ensure the same level of confidentiality for your personal data as Direction RH and have committed to full compliance with data protection regulations, particularly the GDPR.

We do not sell your personal data. If you wish to learn more and specifically identify the service providers or partners to whom your personal data has been transmitted, you can contact our DPO at the following address: rgpd@directionrh.fr

• The service providers or partners who may have access to your personal data may include:
• Service providers responsible for managing outsourced services for the execution of our services and contracts.
• Service providers assisting us in improving our services, conducting data analysis, optimizing our offers, and carrying out surveys and statistical studies.
• Auditors, accountants, consultants, lawyers, audit firms, IT service providers, managed service providers, and security providers.
• Investors and potential buyers.

We may also be required to transmit your personal data to French authorities, administrations, and courts, particularly in the context of legal proceedings or legal formalities requiring such communication.