FAQ

GDPR is the acronym of General Data Protection Regulation. It is the new European privacy regulation which has become enforceable on May 25, 2018. The GDPR replaces and updates the EU Data Protection Directive (Directive 95/46/EC) and is intended to harmonize data protection laws throughout the European Union by applying a single regulation which is binding throughout each member state. Please find EU GDPR text on the following link: https://eur-lex.europa.eu/legal-content/FR/TXT/?uri=CELEX:32016R0679

Individuals have numerous rights under data protection law, including:

• Access: Individuals have the right to know what personal data the Company processes about them, and to obtain a copy of that personal data.
• Rectification: Individuals have the right to have inaccurate data corrected and/or incomplete data completed with supplementary data.
• Objection: In some circumstances, individuals have the right to object to their personal data being used for a particular purpose, for example to send them direct marketing or to make automated decisions.
• In certain circumstances individuals may also have the following rights:
• Portability: Individuals have the right to receive personal data which they provided to the organisations in a commonly used machine-readable format, so that they can share it with a different organization.
• Erasure: Also known as the “right to be forgotten”, individuals have the right to have personal data erased if the organisation has no lawful basis to continue processing the data. In some cases, or for some types of personal data, the Company may decide not to erase the data but instead restrict its use (for example, it can only be used in the event of a legal claim).

No, processing shall be lawful if and to the extent that at least one of the following applies:

(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

(c) processing is necessary for compliance with a legal obligation to which the controller is subject;

(d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;

(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.