DERRIENNIC ASSOCIES (the “Firm”) may, in the course of its activities, process your personal data in accordance with applicable legislation.
This policy provides you with information on how your personal data is processed by the Firm.
This policy, which is accessible on our website, is updated regularly to take into account legislative and regulatory developments, and any changes in the organization of the Firm or in the processing it performs.
This policy is accompanied by a specific information notice for each processing operation carried out on your personal data, which will be made available to you as soon as possible and, in the event that we collect your data directly from you, at the time of such collection.
This policy was updated on 8 June 2020.
The Firm, when acting as data controller, is responsible for the personal data you provide us with.
In order to protect your privacy and your personal data in the most effective way possible, we have appointed a data protection officer. This person, who is the main point of contact for the supervisory authority, is responsible for ensuring that we process your data in accordance with the applicable legislation.
You can contact our Data Protection Officer at https://derriennic.com/contact/.
We are committed to ensuring the highest possible level of protection for the persons whose personal data we process (the “data subjects”). The protection of personal data, particularly those of our clients, is all the more important to us in view of our obligations in terms of professional secrecy.
We undertake to comply with the applicable regulations for all processing of personal data that we carry out. Thus, we undertake to respect the following principles:
These commitments are manifested as follows:
We remind you that personal data is information relating to an identified or identifiable natural person, such as an e-mail address, your first and last name, your IP address, etc.
We collect your personal data via the contact form on this website and by other means. In some cases, we collect your personal data directly from you. In other cases, your personal data is provided to us by a third party.
Examples of personal data that we may process:
The processing of personal data carried out by the Firm has an explicit, legitimate and specified purpose.
For example, your personal data may be processed for the following purposes:
– If you are a client or prospect, we may process your personal data for the following purposes:
– If you submit an application for a position with the Firm, we may process your data in order to manage your application.
– If you subscribe to one of our newsletters, we may also process your personal data in order to send you the newsletter by e-mail.
– If you are one of our suppliers or service providers, we may also process your data to manage our relationship with you.
The purpose of the processing will be communicated to you on a case-by-case basis, for each processing we carry out on your personal data.
We systematically ensure, when we process your personal data, that the processing has a “legal basis”.
We always process your personal data according to one of the following legal bases:
– Where you have concluded a contract with the Firm, and the performance of that contract requires us to process your personal data, the legal basis for the processing is the performance of the contract. For example, this could be the case if you are a client of the Firm and you entrust us with one of your cases.
– Where the processing is necessary for the performance of pre-contractual measures taken at your request, our legal basis is based on those pre-contractual measures. For example, this is the case when you submit an application for a position to us, which requires us to study your CV in order to take a decision on your application.
– Where the processing is necessary for the legitimate interests we pursue, our legal basis is those legitimate interests. For example, the processing of your personal data for canvassing purposes may be carried out for the purposes of the legitimate interests pursued by the Firm.
– We may also process your personal data on another of the legal bases listed in the applicable legislation or regulations.
The Firm will keep your personal data only for as long as it is necessary for the purposes for which it is processed and in accordance with applicable law. Thus, the length of time we keep your personal data depends on the purpose for which they are processed:
Authorised persons within the Firm and, in certain cases, its data processors (our “trusted service providers”), may access your personal data. We make our best efforts to ensure that the number of such persons remains as small as possible and maintain the confidentiality and security of your personal data.
We only provide our trusted service providers with the information they need to provide the service and ask them not to use your personal data for other purposes. We always make every effort to ensure that all our trusted service providers with whom we work maintain the confidentiality and security of your data. We also make sure that when our relationship with a trusted service provider comes to an end, that service provider deletes your personal data without delay.
We select our trusted service providers with great care, ensuring that they provide sufficient guarantees, including expertise, reliability and resources, to implement the technical and organisational measures to meet the requirements of applicable legislation, including the security of processing. In this respect, we ensure that our trusted service providers process personal data only on our documented instructions. We also ensure that their staff is committed to confidentiality or is subject to an appropriate legal obligation of confidentiality.
We may require our trusted service providers to provide a service that requires the processing of your personal data, for example in the following cases:
– the hosting of our website;
– the storage of your personal data;
– maintenance of our equipment/software.
Where appropriate, we ensure that the use of these trusted service providers does not breach our obligation to maintain the confidentiality of the information submitted to them.
For each processing we carry out on your personal data, we will inform you about the identity and role of our trusted service providers.
Your data is stored in the European Union (EU) and the European Economic Area (EEA) by the Firm and its trusted service providers. However, depending on the processing, your data may also be transferred to a country outside the EU and the EEA, for example if the processing of your case, as a client, requires such transfer to a third party entity.
When transferring data outside the EU and the EEA, we ensure that the data is transferred securely and in accordance with applicable law. Where the country to which the data is transferred does not have protection comparable to that in the EU, we use “appropriate or adequate safeguards”.
These appropriate or adequate safeguards are a means of ensuring that your personal data is protected even when it leaves the EU. These appropriate safeguards may, for example, include the use of standard contractual clauses adopted by the European Commission.
In case of transfer of your personal data to entities located in the United States of America, we may also use the “Privacy Shield”, (a self-certification mechanism for companies established in the United States that has been recognized by the European Commission as providing an adequate level of protection for personal data transferred by a European entity to companies established in the United States). This mechanism is therefore considered to provide legal guarantees for such data transfers.
On a case-by-case basis, we will inform you of our intention to transfer personal data to a third country, whether or not there is an adequate decision by the Commission and, if so, the reference to the appropriate safeguards and the means to obtain a copy of them or the place where they have been made available.
IX – What are your rights as a data subject and how can you exercise them?
Depending on the processing operations to which your data are subject, you may have the following rights:
To exercise these rights, you can contact us at the following address: https://derriennic.com/contact/.
In order for us to process your request satisfactorily, you will need to prove your identity, by any means whatsoever. In case of doubt on our part, we may ask you for additional information, including the transmission of a copy of your identity card, signed by you.
We will do our best to respond satisfactorily to your requests. Whatever our answer, we will send it to you within one month, but our response time may be extended by a further two months depending on the complexity and number of requests.
If, for any reason whatsoever, you feel that our response is unsatisfactory, we inform you that you may file a complaint with the competent supervisory authority.
Each time the Firm carries out processing operations on your personal data, it brings to your attention:
This information will be made available to you as soon as possible and, in the case of direct collection of your data, at the time of collection.
Some of our obligations of professional secrecy may limit your right to information: if your personal data is covered by confidentiality by virtue of an obligation of professional secrecy incumbent on us, and if we have obtained it through indirect collection, we may not proceed with your information.
The Firm attaches great importance to the protection of your personal data and takes all reasonable precautions to this end. We ask our partners who manage your data on our behalf to do the same.
We constantly do our best to protect your personal data. As soon as we receive your data, we apply strict procedures and security measures (technical and organisational) to prevent unauthorised access.