In 1978, France, ahead of the game, passed a law relating to computers, files and freedoms. In this context, long before Europe took hold of the subject, the Astek Group developed and developed solid convictions in terms of the protection of personal information.
Like any company, the Astek Group has the obligation to respect the minimum protection base offered by the public authorities at national and European level. With this in mind, we have been ensuring for many years that the information of our candidates, collaborators, partners and clients is processed in full compliance with our values and in compliance with the General Data Protection Regulation (known by the acronym “GDPR”), which entered into force on May 25, 2018.
As a player in the digital sector, we must take up the challenge of finding lasting solutions in a world where personal data is subject to mass processing that is often trivialized. Beyond simple compliance with the rules, we want to achieve a more effective model by considering protection under a professional and technical approach. We thus put our skills at the service of the GDPR by integrating the most promising protection devices into the result of our services. In this spirit, we maintain and ensure the dissemination of a true culture of respect for data.
Personal data within the Astek Group
WHY IS THE ASTEK GROUP INVOLVED?
All companies processing personal data and having their activity within the European Union must apply the European regulations and the legislation in force relating to the protection of personal data.
WHAT IS A PERSONAL DATA?
This is any information relating to an identified or identifiable natural person, thanks to an identifier or to one or more elements specific to his identity. This may be, for example, your surname, first name, email address, location, identity card number, IP address, photos, social or cultural profile.
WHAT IS THE PROCESSING OF PERSONAL DATA?
This is any operation or set of operations relating to such personal data, in particular the collection, recording, organization, storage, adaptation or modification, extraction, consultation, use, disclosure, erasure or destruction.
WHAT IS THE PURPOSE OF THE PROCESSING?
The purpose of the processing is the main objective of the use of personal data. Personal data must be collected for a well-defined and legitimate purpose and must not be further processed in a manner incompatible with this initial purpose. This principle of finality limits the way in which the data controller can use or reuse this personal data in the future.
The personal data we collect
The Astek Group, as part of its own activities, needs to collect personal data from time to time, without however relying to large-scale processing.
During that processing, the nature, the retention period and the purpose of the personal data manipulated depend on the role of our interlocutors.
In any case, your personal data may be communicated internally to employees who have been strictly individually authorized to access it, to internal or external subcontractors, and if necessary to our partners as well as to state bodies. We request from them the upmost respect for your data and check that they take all the necessary care in the processing of your personal data by rigorously controlling their purposes established in accordance with our instructions.
YOU ARE APPLYING
If you are a candidate, we may process personal data such as your email address when registering for the newsletter, your curriculum vitae and the information mentioned therein (surname, first name, address, date/place of birth , email, tel., family situation, extra-professional activities, schooling, training, diplomas, employers.).
As Data Controller, it is our responsibility to determine the purposes and means of processing.
Within the Astek Group, the collection of candidates’ personal data is for the sole purpose of allowing the recruitment department to assess your ability to hold the job offered by the company and to offer you the position that best suits you. Processing, on the other hand, takes the form of collection, storage, consultation, extraction, transfer and destruction.
Note that if you are unsuccessful, we will delete any personal data you have shared with us no later than two (2) years after the last contact with you.
YOU ARE AN EMPLOYEE (OR FORMER EMPLOYEE)
If you are one of our collaborators (or former collaborator), we are required to process the data which appear on your curriculum vitae, your personnel information sheet (form filled out by you when you are hired) or your employment contract. work.
As Data Controller, it is our responsibility to determine the purposes and means of processing.
Within the Astek Group, the processing of this data allows the management of the organization of work, administrative personnel, career management and training.
Personal data is also used for the purpose of highlighting your skills in response to calls for tenders. Processing takes the form of collection, storage, consultation, retrieval, transfer and destruction.
Note that we will keep your personal data for the duration of your employment contract and then for a maximum of five (5) years at the end of the latter.
YOU ARE A THIRD PARTY
If you are a third party (customer, prospect, supplier, etc.), our obligations and responsibilities vary depending on whether our Group acts as Data Controller and/or Subcontractor, within the meaning of the GDPR.
We are Data Controller when we collect all personal information, specific to each project and communicated by you.
As Data Controller, we process this data for the purposes of sending information on our progress, complying with the contractual and regulatory obligations in force, maintaining the relationships necessary for our business (commercial, maintenance, supply, etc.) , to maintain accessibility to the information system for the various users, to analyze an existing client product (software, platform, program, personal database, etc.) from which you wish to implement changes or to test a product developed or under development with us by receiving personal test data from you. Other purposes can also be identified but are specific to each project (for example the maintenance of software).
We will keep your personal data as long as our contractual and/or commercial relationship lasts. Then, we keep your personal data, unless otherwise stipulated in the contract, for a period of five (5) years after the end of our contractual relationship.
At the same time, we take on the quality of Subcontractor when, intervening on the customer site, we are brought within the framework of our mission, and only within this framework, to access and work on the personal data stored on the information system of the customer. We then act on written instructions from the customer: The purpose of the processing and the retention period are defined by him in his capacity as data controller. Under no circumstances may this personal data be used by our Group and we guarantee its destruction at the end of our intervention.
In this context, our employees are trained on the security measures to be implemented and are bound by the strictest confidentiality of the data which they could ensure the processing. We also ensure compliance with emergency procedures in the event of unauthorized destruction, loss, alteration or disclosure of personal data held by the Astek Group. These procedures make it possible to prevent personal data breaches but also to react appropriately and quickly in the event of an incident, in order to put an end to them and minimize their effects.
Our obligations in relation to data processing
Beyond the general obligations naturally implemented, aware of the issues, we have gone further in the implementation of the protection of your personal data thanks to effective internal tools.
OUR GENERAL OBLIGATIONS
We attach particular importance to compliance with our legal obligations regarding the protection of personal data.
He has thus been appointed a Personal Data Protection Officer (DPO) responsible for monitoring the legal compliance of processing within the Astek Group, advising employees and cooperating with customers and subcontractors. as well as with the supervisory authority.
We regularly list personal data in a register specifying the objective pursued, the categories of personal data used, the persons having access to the personal data and their retention period.
We take care to restrict the use of personal data to the purposes of the intended processing: the Astek Group cannot use personal data for purposes other than those predefined in compliance with the principle of proportionality.
We make sure to store and retain personal data for the duration necessary to achieve the intended purposes and within the limit of the retention period specific to each personal data.
We assure you of our commitment to cooperate with the supervisory authority if necessary.
Finally, appropriate security measures have been put in place to ensure the protection of personal data according to their sensitivity.
OUR SECURITY MEASURES
We have set up a Quality and Security Department responsible for ensuring the security and integrity of the personal data being processed.
As such, an ambitious program to secure our Information System was implemented in 2016.
We wanted to have our information system certified in order to secure a certain number of sensitive elements, in particular commercial and financial data as well as your personal data.
As a result, we obtained in May 2017 a dual certification ISO 27001:2013 (Safety) and ISO 9001:2015 (Quality).
The European regulation and the current laws relating to the protection of personal data have created new rights for the benefit of the persons whose data we collect. We offer everyone the opportunity to exercise them in the best conditions.
We thus guarantee the effectiveness of the right of access, the right of information, the right of modification, the right of opposition, the right to be forgotten, the right to limit processing, the right to personal data portability, the implementation of which requires contacting our DPO whose email address is given below.
For more details on your rights, go to the CNIL website: https://cnil.fr
Finally, we remind you that you have the right to lodge a complaint with
the CNIL (National Commission for IT and Liberties):
3 Place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07, France.
Whether you are a candidate, employee (or former employee) or third party, for any additional information or to assert your rights, do not hesitate to send an email to our DPO: email@example.com.