PRIVACY POLICY:

SB INGENIERIE (SADEV)

The protection of personal data is one of our major concerns. The privacy policy is part of a legal framework established by the European Data Protection Regulation (EU Regulation 2016/679 of 27 April 2016), applicable since 25 May 2018 and the Loi Informatique et Libertés n°78-17 of 6 January 1978 as amended relating to data processing, files and freedoms.

The purpose of this data protection policy is therefore to give you an overview of:

• The controller of personal data
• How your data is collected and processed. Personal data is data that can identify a specific individual.
• Your rights regarding the use of your personal data
• The parties whom your data is disclosed to
• The site’s cookie policy

This privacy policy is complementary to the legal notice on the website and the general terms of use.

Personal Data is any information relating to an identified or identifiable person, i.e. that allows that person to be identified directly (e.g. name and surname) or indirectly (e.g. cookies).

Processing of personal data is any operation or set of operations (automated or otherwise) which is applied to personal data or sets of personal data, such as: the collection, recording, organisation, storage, transmission of (…)

The data controller determines the purposes (objectives of the processing) and the means of the processing.

The Processor processes personal data on behalf of and under the instructions of the Controller.

In accordance with the provisions of Article 5 of the General Data Protection Regulation (GDPR), the collection and processing of your personal data shall comply with the following principles:

• Lawfulness, fairness and transparency: the collection and processing of personal data can only be based on a previously agreed legal basis (performance of a contract, legal obligation, consent, legitimate interest, preservation of vital interests)
• Limited purposes: the collection and processing of personal data is carried out for one or more established purposes
• Minimisation of data collection and processing : only data strictly necessary for the proper performance of the intended purposes are collected
• Time-limited data retention: the data controller is obliged to set out retention periods for the personal data processed
• Integrity and confidentiality of the data collected and processed: the data controller agrees to guarantee the integrity and confidentiality of the data collected.

We do not collect any sensitive data such as religion, trade union membership, racial and ethnic origin, criminal convictions or health data.

SADEV is committed to only passing on your personal data to authorised persons within the company and to authorised third parties such as the tax, customs or economic authorities, the judicial authorities and the police force.

SADEV may pass on your personal data to subcontractors such as our IT service provider EVA for example. The use of these service providers is necessary for the proper provision of our services. We are committed to verifying and guaranteeing compliance with GDPR and the updated Data Protection Act.

Apart from the recipients mentioned above, SADEV commits to not passing on your personal data to third parties or external organisations without your express consent.

SADEV shall not sell, transfer or disclose your personal data to any unauthorised third party.

SADEV does not make any automatic decisions based on your personal data. No profiling is carried out during processing, and the data we collect will never be used without human intervention.

8.1 Your rights

In accordance with the current regulation, you have the following rights with regard to your personal data:

8.2 The DPO

SADEV has appointed a Data Protection Officer (DPO). To exercise your rights, you can contact our Data Protection Officer (DPO) at the following address:

8.3 Complaints to the CNIL

You may at any time lodge a complaint with the competent authority, namely the Commission National de l’Informatique et des Libertés (CNIL), by following the link below https://www.cnil.fr/fr/plaintes.

SADEV has put in place technical and organisational measures to ensure a level of data protection that is suitable to the nature and purpose of the processing.
In accordance with Article 32 of GDPR on the security of processing, SADEV has put in place:

• Means to ensure the continued confidentiality, integrity, availability and resilience of processing systems and services
• Means to restore availability and access to data in a timely manner in the event of a physical or technical incident;

However, the security obligation remains an obligation of means, i.e. we do everything possible to guarantee the confidentiality and integrity of your personal data.

All persons having access to your personal data have been trained in good data protection practices. They are bound by an obligation of confidentiality and may be subject to disciplinary sanctions if they fail to comply with this regulation.

During our business activities and in order to manage your requests, we do not directly transfer your data outside the European Union.

However, if your personal data is transferred outside the European Union, we will ensure that these countries guarantee a sufficient and appropriate level of data protection.

We are committed to informing you beforehand of the possibility of transferring data outside the European Union and thus, we will communicate to you the guarantees put in place to ensure a sufficient and appropriate level of protection.

Our cookie policy also explains how you can accept, customise or reject cookies by making your choice using the banner at the bottom of your screen.

In order to modify the cookies, you can follow this logo on our site at the bottom left of the screen.

This privacy policy may be subject to change.

The last update was made on 12/01/2022.