Privacy Policy

Privacy Policy

 > DOWNLOAD
 (public version PDF) 

 


 

PERSONAL DATA

Introduction

As a software publisher and Cloud hosting provider, Ciril GROUP considers that the processing of personal data is at the heart of its activitiy and that of its clients who use these solutions.

The purpose of this personal data protection policy is to provide the data subjects by Ciril GROUP's data processing operations with useful information about the procedures involved. Below is a brief presentation of the principles that guide the development of each of the company's personal data processing operations.

 

Lawfulness of processing

Before the implementation of each personal data processing, GROUP reflects on the basis of these operations, giving as much priority as possible to the consent of the data subjects. Personal data processing led by Ciril GROUP is therefore based on one of the possibilities offered by the regulations on personal data, namely:

  • The consent of data subjects,
  • The performance of a contract between Ciril Group and data subjects,
  • the compliance with a legal obligation,
  • the protection of the vital interests of individuals,
  • the performance of a public interest mission,
  • the legitimate interests of Ciril GROUP.

 

Respect for rights of data subjects

Exercise of your rights

Data subjects applications must be addressed to Ciril GROUP’s Data Protection Officer, 49 Avenue Albert Einstein, BP 12074, 69603 Villeurbanne, France or to This email address is being protected from spambots. You need JavaScript enabled to view it..

In case of applications

In case of applications about health data hosted by Ciril GROUP, please prioritary contact the data controller of this processing (in most cases, their health establishment or their attending physician). Failing this, please contact Ciril GROUP’s doctor : Docteur Wilfrid ECUER, 48 route de Lyon, 38300 Domarin, France.

In order to allow Ciril GROUP’s DPO to verify your identity, which is a legal obligation according to article 12 of the European GDPR and to section 3 of the French Data Protection Act "loi informatique et libertés", your applications must be signed and sended with appropriate proof of identity. In order to facilitate the consideration of, and the response to, your application, the individual is making the application is invited to specify which data or data processing operations your application is related, and the context of your application too (type of relationship with Ciril GROUP : supplier, client, partner, etc.). Information provided in this case will be kept for 5 years for provative reasons. Data subjects can exercise their rights of access, rectification, opposition, limitation on legitimate grounds and portability by the means previously exposed.

 

Information of data subjects

Before each data processing controlled by Ciril GROUP, you are informed by an explanatory notice provided by the General Data Protection Regulation. This notice mentions, among others :

  • the identity and the contact details of the data controller,
  • the contact details of its data protection officer,
  • the purposes of the processing,
  • the basis of the processing,
  • the recipients of the personal data,
  • the existence of a data transfer outside the European Union,
  • the rights of the data subjects by the processing,
  • the existence of automated decision.

Moreover, Ciril GROUP takes appropriate measures to inform the data subjects by its data processing operations.

 

Purpose of processing

Ciril GROUP ensures that the purposes of the processing that the company implements are determined and legitimate. So, data collected by Ciril GROUP are only processed within the strict limit of the purpose determined before their processing. In no case Ciril GROUP process them in other purposes.

Data retention period

Once the purpose of the processing has been determined, it allows to determine the personal data storage period. This period is determined either on a case-by-case at the end of a specific reflection lead on this subject or according to directives of the French CNIL or legal retention periods. At the end of this retention period, data is deleted or, depending on the case, stored for probative purposes. In the latter case, data retention periods are based on the statuary limitation set by law.

Data minimization

According to principles of proportionality of processing and minimisation of collected data provided by article 5 of the European GDPR, only adequate and relevant data necessary to the purpose of the processing are processed.

Security and confidentiality

Physical, logical and organisational security measures are implemented to grant the security of data processed by Ciril GROUP.

When hosted internally, the data processed by Ciril GROUP benefits from the high level of security guaranteed by its ISO 27001:2013 certified datacenter. The ISO 27001:2013 certification is recognized as the highest standard in the world in terms of Information Security Management Systems (ISMS). Moreover, all of the Ciril GROUP staff intervening in a personal data processing is also submitted to a rigorous non-disclosure agreement.

Finally, before choosing its processors involved in the processing of personal data, Ciril GROUP ensures that the latters also offer sufficient guarantees in terms of security and confidentiality.

Recipient of personal data

The only recipients of personal data collected by Ciril GROUP are its staff and its potential processors, acting in this case under the authority of Ciril GROUP. For more details on the recipients of personal data for a precise processing, these recipients are indicated in the in register of processing activities of Ciril Group. Whatever the hypothesis, people concerned by the processing of Ciril GROUP are informed of these recipients according to legal term in this matter.

Transfers of personal data to a third country

In the event that a transfer of personal data to a third country would be considered, Ciril GROUP makes sure that this transfer is allowed by one of the legal hypotheses of the European GDPR (standard contractual clauses, binding corporate rules, etc.).

Processing of minor of 15 years

If Ciril GROUP is required to process data from minors under the age of 15, Ciril GROUP is committed to apply adequate lawful measures, including in matter of receiving the consent of their parents or of the individual having parental authority. Nevertheless, Ciril GROUP reminds you that its offers are addressed to professionals and, as such, Ciril GROUP doesn’t process deliberately data relating to minor under 15 years of age. Thus, if Ciril GROUP learns that a minor under 15 years of age has submitted personal information to it, without the methods described above being implemented, Ciril GROUP will immediately delete this data from its database.

Contact details of the data protection officer

For more precision about this privacy policy, Ciril GROUP's Data Protection Officer by post by writing to his attention at the company's registered office at "Ciril GROUP - 49 avenue Albert Einstein - BP 12074 - 69603 Villeurbanne - France" or by e-mail at This email address is being protected from spambots. You need JavaScript enabled to view it..

 

Modification of data protection and cookie management policies: Ciril GROUP reserves the right to modify or update these statements at any time without notice.

Last updated: May 28, 2018.  

 

 


 

  > DOWNLOAD
 (public version PDF)