Privacy policy

 

 

Download (public version in PDF format)

PERSONAL DATA

Introduction

As a software publisher and Cloud hosting provider, Ciril GROUP considers the processing of personal data to be at the heart of its business and that of the customers who use its solutions.

The purpose of this personal data protection policy is to provide those concerned by Ciril GROUP's data processing operations with useful information about the procedures involved. Below is a brief presentation of the principles that guide the development of each of the company's personal data processing operations.

Legality of treatment

Prior to the implementation of each of its personal data processing operations, Ciril GROUP considers the basis for such processing, giving priority as far as possible to the consent of the persons concerned. All of Ciril GROUP's personal data processing is therefore based on one of the possibilities offered by the regulations governing personal data, i.e. :

  • the consent of the person concerned,
  • the performance of a contract between Ciril GROUP and the data subject,
  • compliance with a legal obligation,
  • safeguarding people's vital interests, 
  • the performance of a public service mission, 
  • the legitimate interests of Ciril GROUP.

Respecting people's rights

Exercising your rights

Requests from persons concerned by Ciril GROUP's processing of personal data should be addressed to Ciril GROUP's Data Protection Officer by post to his attention at 49 Avenue Albert Einstein, BP 12074, 69603 Villeurbanne or by e-mail to dpo@cirilgroup.com.

In the event of a request relating to health data hosted by Ciril GROUP, the persons concerned are invited to contact the person responsible for this data processing (in most cases, their health establishment or their attending physician). Alternatively, they can contact the Ciril GROUP doctor at the following address: Docteur Wilfrid ECUER, 48 route de Lyon - 38300 Domarin - France.

In order for the Data Protection Officer to ascertain the identity of the person making the request, which is a legal obligation provided for in particular in Article 12 of the RGPD and Section 3 of the French Data Protection Act, the request must be signed and accompanied by suitable proof of identity. In order to facilitate consideration of, and response to, the request, the person originating the request is asked to specify which data or which processing operations their request relates to, as well as the context of the request (type of relationship with Ciril GROUP in particular: supplier, customer, partner, etc.). The information provided in this case will be kept for 5 years for evidential purposes. Data subjects may exercise their rights of access, rectification, opposition on legitimate grounds, limitation and portability by the means described above.

Informing those concerned

The Ciril GROUP company includes an information notice on each collection medium that complies with the requirements of the Data Protection Act and the RGPD. This notice informs the persons concerned about, among other things and depending on the hypotheses, :

  • the identity and contact details of the data controller,
  • the contact details of its Data Protection Officer,
  • the purposes of the processing,
  • the basis for processing,
  • data recipients,
  • the existence of a data transfer outside the European Union,
  • data retention period,
  • the rights of data subjects,
  • the existence of automated decision-making. 

Ciril GROUP also takes appropriate measures to inform those concerned by its data processing operations.

Purpose of processing

Ciril GROUP ensures that the purposes for which data is processed are specified and legitimate. Accordingly, the data collected by Ciril GROUP is processed only within the strict limits of the purpose previously set for its processing. Under no circumstances is it used for any other purpose.

Data retention period

Once the purpose of the data processing has been determined, it can be used to determine how long the data will be kept. This period is determined either on a case-by-case basis, following specific reflection on the subject, or in accordance with the directives issued by the CNIL (the French Data Protection Authority), or with legal retention periods where they exist. At the end of this retention period, the data is deleted or, as the case may be, kept in an archive for evidentiary purposes. In the latter case, data retention periods are based on the statutory limitation periods.

Data minimization

Following the principle of proportionality of processing and minimization of data collected expressed in particular in Article 5 of the RGPD, only data that is adequate, relevant and necessary for the purpose of processing is processed.

Data security and confidentiality

Adequate physical, logical and organizational security measures are in place to guarantee the security of data processed by Ciril GROUP.

When hosted internally, data processed by Ciril GROUP benefits from the high level of security guaranteed by its ISO 27001:2013-certified data center. In addition, all Ciril GROUP staff are also bound by a confidentiality obligation.

Lastly, before choosing its subcontractors to process personal data, Ciril GROUP ensures that these subcontractors also offer sufficient guarantees in terms of security and confidentiality.

Data recipients

The only recipients of personal data collected by Ciril GROUP are Ciril GROUP and any of its subcontractors, acting solely on the instructions of Ciril GROUP. For further details on the recipients of each item of data in the context of a specific processing operation, these are indicated in Ciril GROUP's personal data processing register. Whatever the case, the persons concerned by Ciril GROUP's data processing are informed of these recipients in accordance with the legal information requirements on this point.

Transfer to non-EU countries

Should a transfer of personal data outside the European Union be envisaged, Ciril GROUP ensures that it is permitted by one of the legal hypotheses authorizing it (standard contractual clauses, bindging corporate rules, etc.).

Transfer of data from minors under the age of 15

If Ciril GROUP is required to process data from minors under the age of 15, Ciril GROUP undertakes to implement the appropriate legal measures, particularly with regard to obtaining the consent of the person holding parental authority. However, Ciril GROUP reminds you that its offers are intended for professionals and that, as such, it deliberately does not collect any data relating to minors under the age of 15. Thus, if Ciril GROUP learns that a minor under the age of 15 has submitted personal information to it, without the aforementioned procedures being implemented, Ciril GROUP will immediately delete this data from its database.

Contact details for the company and its data protection officer

For any information on this personal data protection policy, you can contact Ciril GROUP's Data Protection Officer by post by writing to him at the company's head office at the following address: "Ciril GROUP - 49 avenue Albert Einstein - BP 12074 - 69603 Villeurbanne - France" or by e-mail at dpo@cirilgroup.com.  

Changes to data protection policies: Ciril GROUP reserves the right to modify or update this privacy statement at any time without notice.

Last update: May 28, 2018. 

Read more

Contact

Recruitment

News feeds

Become a partner

My Ciril GROUP

CIRIL GROUP

History

Teams

Values

CSR approach

Customers

Partners

SOFTWARE PUBLISHER

Human resources

Public Finance

Public services

Technical Services

GIS

Geomarketing

Data

Decision Support

SOVEREIGN CLOUD

Extending your IS

Your managed services

The Health Cloud

Cybersecurity

Datacenters & Certifications

SERVICES

Consulting

Studies

Project management

Customer support

Training

Support

RESOURCES

Webinars

Case studies

Documentation

Geographical applications

Useful links

Ciril GROUP SAS


49 avenue Albert Einstein - BP 12074 - 69603 Villeurbanne CEDEX - France

Switchboard: +33 4 72 69 16 80

CSR policy

Terms of use

Data protection policy

Cookies and audience measurement

HDS - No transfer

   2025 Ciril GROUP