Personal data protection policy

Direction RH is committed to protecting your personal data and ensuring a high level of data protection in accordance with European Regulation 2016/679 and the French Data Protection Act No. 78-17.

As such, you will find below our personal data protection policy, which explains, in particular, the personal data we collect, how it is processed and on what basis, its retention, and your personal rights. We invite you to review it carefully.

Our Data Protection Officer is available to answer any questions you may have. You can contact them at the following address: rgpd@directionrh.fr.

Vous  pourrez  retrouver  le  texte  du  Règlement  européen  applicable  ici → https://eur-lex.europa.eu/legal- content/FR/TXT/?uri=CELEX%3A32016R0679 ou  interroger/saisir  l’autorité  de  régulation  (CNIL)  via  son  site internet www.CNIL.fr.

This version of the personal data policy may be modified by us if necessary, and you will be informed accordingly.

Direction RH is the data controller for your personal data. You can find our contact details below: Address: 2 Allée des Bouleaux, 77123 Noisy-sur-École. In this document, Direction RH is referred to as "Direction RH" or "We."

Your personal data may be collected during:

• Your visit to our website,
• Our communications,
•  Our prospecting activities,
•  The formation or execution of our contracts.

We do not collect any data that is unnecessary for the processing purpose specified at the time of collection, nor any data prohibited by law or regulations.

The collection of certain data may be mandatory or optional, and you will be informed of the required information. Your personal data may also be collected by third-party service providers or partners, who commit to complying with European and national data protection regulations.

Our policy is not to transfer your data outside the European Union. However, if an exception were to occur, such a transfer would only take place to a country or organization covered by an adequacy decision (Article 45 GDPR) or offering appropriate sufficient safeguards (Article 46 GDPR).

We do not make any automated decisions.

We may potentially collect the following personal data:

• Civil status, identity, contact details, images
• Professional life
• Personal economic and financial data Connection data
• Internet & telephony data

We process your personal data by entering it into databases; it is stored, retained, and, if necessary, corrected, deleted, archived, anonymized, or pseudonymized, and may be transferred to trusted third parties.

We process your personal data for the following purposes or for purposes specified to you at the time of collection:

1. Informing you about our commercial offers (products, services, etc.) and promotional offers.

Communicating with you.

We may use your personal data for commercial prospecting purposes, including sending you information about our products/services, commercial and promotional offers, quotes and other pre-contractual documents, as well as our latest news via email, postal mail, or phone.

2. The execution of your ongoing contracts and customer relationship management. 

We use your personal data to ensure the execution of ongoing contracts in accordance with your requests. We may also send you information regarding your order or current contracts, their execution, invoices, and contractual documents, as well as advice, the fulfillment of our guarantees if applicable, and our legal obligations. Additionally, we use your personal data to manage our customer relationship, respond to your requests or complaints, handle disputes if necessary, and track your customer history.

3. Improving the use of our services and enhancing our offers. 

We process your personal data to enable you to make optimal use of our services, improve our offers and products/services, track your user journey, and conduct satisfaction surveys, polls, and anonymous statistics.

4. Your Payments 

Your banking details may be collected either directly by us or by a dedicated and selected service provider, who ensures the complete confidentiality of your banking data. These details are retained only for the duration necessary for the contractual relationship or within the legal limits.

5. Protection Against Fraudulent Activities 

The personal data collected may be used to combat fraud, particularly in relation to payments or withdrawals. In this regard, our payment security providers may receive these data.

6. Ensuring Compliance with the Law and Court Decisions
Your data may be used to:

• Respond to a request from an administrative or judicial authority, a law enforcement representative, or a legal officer. Comply with a court decision.
• Ensure compliance with our general terms and conditions of sale/service.
• Protect our rights and/or seek compensation for damages we may incur or mitigate their consequences.
• Prevent any actions contrary to applicable laws, particularly in the context of fraud risk prevention.

We may also process your personal data for the following purposes:

• Miscellaneous

- Dissemination of administrative and scientific information

- Management of schedules

- Execution of legal or contractual warranties

• Cookie Management

- Necessary cookies – Essential for the optimized use of the website (e.g., identification, shopping cart)

- Performance cookies – Allowing the creation of anonymous statistics and measuring website traffic. - Tracking and personalization cookies – Collecting information about your use of the site to personalize our offers.

- Third-party cookies – Used to target advertisements that may interest you based on your identified preferences. These cookies are managed according to the policies of third parties, not the policy of Direction RH.

- Analytical cookies – Allow us to understand and analyze your browsing behavior on our website

In accordance with regulations, the processing of your personal data by us is justified if it is based on one of the following legal grounds:

• Votre consentement au traitement de vos données par nos soins : vous acceptez le traitement de vos données personnelles par le biais d’un consentement exprès. Vous pouvez retirer ce consentement à tout moment auprès de notre DPO ; ou
• The existence of a contract between you and us: The processing of data is justified by the necessity of executing the contract.
• Our legitimate interest in processing your personal data: Provided that this interest is proportionate and respects your fundamental rights and privacy.
• The law or applicable regulations: When they require us to process and retain your personal data.

We manage your personal data in three phases:

• An active phase, during which data is stored in an "active" database for the duration specified below. Your personal data remains accessible only to individuals with an operational need to access it for authorized processing.
• An archiving phase, during which your personal data is stored for an additional period beyond the active database retention when a legitimate reason justifies it. During this phase, data is archived with restricted access and retained for a limited duration.
• A deletion or anonymization phase, during which, after the additional archiving period specified below, your personal data is either deleted or anonymized (so that it can no longer be considered personal data identifying you).

Your personal data is retained for as long as necessary for processing purposes, customer relationship management if applicable, contract execution, and within the specific regulatory limits. We may also archive your personal data for accounting, tax, or evidentiary purposes, in accordance with applicable statutory retention periods. For example, below are the retention periods applied to the following types of processing (subject to regulatory requirements mandating a different retention period):

Your consent given for the collection of your personal data can be withdrawn by writing to our DPO via email or postal mail at the addresses listed in the header. Please include your full name, email, and address, along with the precise nature and subject of your withdrawal request.

You can also send us any comments regarding your personal data at the following address: Direction RH 2 Allée des Bouleaux 77123 Noisy-sur-École.

You have the following rights:

• D’un droit d’accès, qui vous permet d’obtenir :

 - Confirmation of whether or not data concerning you is being processed.

 - The provision of a copy of all personal data held by the data controller.

• D’un droit de demander la portabilité de certaines données: il vous permet de récupérer vos données personnelles dans un format structuré, couramment utilisé et lisible par une machine.
• A right to object: this allows you to no longer be subject to commercial prospecting from us or our partners. Additionally, for reasons related to your particular situation, you can request the cessation of data processing for research and development, fraud prevention, and security purposes.
• D’un droit de rectification : il vous permet de faire rectifier une information vous concernant lorsque celle-ci est obsolète ou erronée. Il vous permet également de faire compléter des informations incomplètes vous concernant.
• D’un droit d’effacement : il vous permet d’obtenir l’effacement de vos données personnelles sous réserve des durées légales de conservation. Il peut notamment trouver à s’appliquer dans le cas où vos données ne seraient plus nécessaires au traitement.
• D’un droit de limitation : Il vous permet de limiter le traitement de vos données dans les cas suivants :

- In case of unlawful use of your data.

- If you dispute the accuracy of your data.

- If you need the data to establish, exercise, or defend your rights.

They will no longer be actively processed and cannot be modified during the period in which this right is exercised.

• D’un droit d’obtenir une intervention humaine : les responsables de traitement peuvent avoir recours à une prise de décision automatisée en vue de la souscription ou de la gestion de votre contrat. Dans ce cas, vous pouvez demander quels ont été les critères déterminants de la décision auprès du Délégué à la Protection des Donnée

Vous pouvez exercer ces droits par courrier électronique : rgpd@directionrh.fr ou par lettre à l’adresse suivante : 2 allée des bouleaux 77123 NOISY SUR ECOLE en indiquant votre nom, prénom, domicile et e-mail (le cas échéant vos références client) ainsi que l’objet de votre demande dans des termes clairs et lisibles. Direction RH s’engage à donner suite à votre demande vérifiée sous un délai d’un mois à compter de sa réception.

En cas de difficulté, vous pouvez vous adresser directement à notre délégué à la protection des données personnelles directement par mail : rgpd@directionrh.fr ou saisir la  Commission  Nationale  de  l’Informatique et des Libertés (CNIL).

Direction RH may transmit your personal data to subcontractors who perform services involving data processing, in compliance with the purposes outlined in this policy. These subcontractors are required to ensure the same level of confidentiality for your personal data as Direction RH and have committed to full compliance with data protection regulations, particularly the GDPR.

Nous ne faisons aucun commerce de vos données personnelles ; si vous souhaitez en savoir plus et connaitre spécifiquement l’identité des prestataires ou partenaires à qui vos données personnelles ont été transmises, vous pouvez contacter notre DPO à l’adresse suivante : rgpd@directionrh.fr

• The service providers or partners who may have access to your personal data may include:
• Service providers responsible for managing outsourced services for the execution of our services and contracts.
• Service providers assisting us in improving our services, conducting data analysis, optimizing our offers, and carrying out surveys and statistical studies.
• Auditors, accountants, consultants, lawyers, audit firms, IT service providers, managed service providers, and security providers.
• Investors and potential buyers.

We may also be required to transmit your personal data to French authorities, administrations, and courts, particularly in the context of legal proceedings or legal formalities requiring such communication.