PERSONAL DATA PROTECTION POLICY
General Data Protection Regulation (“GDPR”)
EPSA believes that the protection of personal data is essential.
This is why EPSA undertakes, within the framework of its activities and in compliance with the legislation in force in France and in Europe, to ensure the protection, confidentiality and security of the personal data of persons likely to be concerned by the collection of personal data.
Directive 95/46 /EC will be repealed with effect from May 25, 2018 with the entry into force of the General Data Protection Regulation (the “GDPR”) (Regulation (EU) 2016/679) with the aim of strengthening your personal data protection rights.
This Policy informs you about how EPSA, its subcontractors and any partners process your personal data.
This Policy is applicable to customers, potential clients, candidates and visitors to the sites www.epsa.com, www.7partners.fr; www.epsa-advisory.com; www.agriateconseil.fr; www.faretrade.fr; airrefund.com et www.montvallon.com.
WHAT IS PERSONAL DATA?
The notion of personal data (“Personal Data”) designates any information related to an identified or identifiable natural person. A person is “identifiable” when he can be identified, directly or indirectly. (For example, the personal email address provided as part of an application for an offer published via this website).
FOR WHAT OBJECTIVE, FOR WHAT “PURPOSE OF TREATMENT”?
Our jobs within EPSA are very diverse. Indeed, we are likely to process a variety of Personal Data depending on the expertise. Moreover, we inform you that EPSA may collect “sensitive” Personal Data through its cost optimization missions (social charges, AT/MP).
EPSA only processes Personal Data for specific, explicit and legitimate purposes. We do not process this data in a way incompatible with these purposes.
Indeed, we collect personal data strictly necessary for the achievement of the purpose concerned (for example: the processing purposes will differ in the context of the execution of a contract or an application).
HOW DO WE COLLECT YOUR PERSONAL DATA?
On a case-to-case basis, EPSA may need to collect your Personal Data directly from you or may be the recipient of your Personal Data collected from you by a third party.
TO WHOM DO WE SEND YOUR PERSONAL DATA?
The Personal Data collected is intended for internal EPSA departments and its subcontractors.
Personal Data may also be processed by EPSA partners. These are cases where partners intervene for the provision of services in particular. In certain cases, your consent to the treatment of Personal Data will be requested.
Finally, the processed data may be disclosed to the competent authorities, at their request, in the context of legal proceedings, in the context of judicial research and requests for information from the authorities or in order to comply with other legal obligations.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
Your personal data is kept for a period of time necessary to accomplish the purposes concerned. In relation to processing concerning the execution of the contract, Personal Data may be kept for a maximum period of three years from the end of the contractual relationship.
HOW DO WE PROTECT YOUR PERSONAL DATA?
We aim to process your personal data in the safest and most secure manner. For this purpose, we take all appropriate physical, technical and organizational measures to guarantee their confidentiality and prevent, as far as possible, any alteration or loss of your data or any unauthorized access to them.
These measures are adapted according to the level of sensitivity of the Personal Data processed and according to the level of risk presented by the processing or its implementation.
Finally, we inform you that all persons having access to your Personal Data are bound by an obligation of confidentiality and are exposed to disciplinary measures and/or other penalties if they do not comply with their obligations.
WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
Each person concerned by the processing of Personal Data has the right to access, rectify, oppose, carry out the portability, erase and limit this Personal Data.
You can exercise any of these rights at any time with EPSA, in its capacity as data controller of your personal data. Any request relating to the use of these rights must be made by email and sent to email@example.com and will be processed within 30 working days of receipt of your request.
OTHER QUESTIONS? CONTACT OUR “DPO”
For any questions concerning this Policy, you can contact our Data Protection Officer (DPO) at the following address: firstname.lastname@example.org.