Processing of personal data

Identity of the Data Controller

The data controller is Amiral Technologies, represented by its president, Mrs. Katia Hilal.

Address: 12 rue Ampère, 38000 Grenoble

Persons concerned by the data protection policy

This privacy policy is intended for citizens, users and partners of Amiral Technologies who want more information on the processing of personal data and more generally for anyone interested in this information.

Definitions

• Data controller: the natural or legal person, a public authority, a service or another body, which sets, alone or in collaboration with others, the purpose and means of the processing of personal data.
• Personal data: any information allowing a person to be identified directly or indirectly. Identity data (surname, first name, address, date and place of birth, etc.)
• Personal life data (personal characteristics, lifestyle, family situation, etc.)
• Professional life data (CV, professional situation, training)
• Economic information (income, financial situation, credit card, RIB, etc.)
• Connection data (IP address, login credentials, etc.)
• Location data (geolocation)
• Cookies, tracers and browsing data (audience tracer, advertising, social networks)
• Sensitive data (religious, political, philosophical opinion, union membership, sexual orientation, health data, etc.)
• Processing: any operation or set of operations relating to personal data and whether or not carried out using automated processes. In general, the collection, recording, organization, structuring, storage, adaptation, modification, consultation, use, communication, dissemination, erasure or destruction of your data personal data consists of the processing of personal data;
• File: any structured and stable set of personal data accessible according to determined criteria;
• Recipient: the natural or legal person, public authority, service or any other body that receives communication of personal data, whether or not it is a third party;
• Authorized third parties: the authorities also authorized within the framework of a particular mission or the exercise of a right of communication, to ask the Data Controller to communicate personal data to them;
• Data subject: any person whose data is being processed;
• Processor: the natural or legal person, public authority, service or other body which processes personal data on behalf of the Data Controller;
• Consent: any expression of will, free, specific, informed and unequivocal by which the person concerned accepts, by a declaration or by a clear positive act, that personal data concerning him are subject to processing.

Your personal data

Your personal data is processed, in accordance with Article 6 GDPR (lawfulness of processing), in the following cases:

• The performance of a contract we have entered into with you, and/or
• Compliance with a legal obligation, and/or
• Your consent to the use of your personal data
• Processing is necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller
• Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject concerned is a child. However, this does not apply to processing carried out by public authorities in the performance of their tasks.

 Your personal data may be processed via our website in the following cases:

• When you contact us via the contact form
• When you sign up for the newsletter
• When you contact us via demo request
• When you apply to be a partner

Treatment information

For each processing of personal data carried out by the CCUR, general information about said processing is provided to the persons concerned. For the sake of transparency, the CCUR systematically specifies the following information:

• Purpose of processing
• Purposes of processing
• Legal basis of processing
• Categories of personal data processed (sources of data, mandatory nature of data collection, automated decision-making)
• Persons concerned
• Data recipient
• Transfers of data outside the European Union
• Duration of retention of personal data

Why does Amiral Technologies collect your data?

Amiral Technologies collects and uses your data mainly for the purpose of processing your requests for information.

When are your data collected?

When you browse our website, you may provide personal information (especially when you wish to contact us via the contact form or any other form).

Some of the data listed below is collected automatically as a result of your interactions on the site, and others are collected using forms completed by you. The mandatory nature of each piece of data is systematically indicated by an asterisk. Your data is processed by the CCUR and is under no circumstances disclosed or sold to other companies for marketing or commercial purposes. Your data is not transferred to a country outside the European Union or an international organization.

 When you browse our website:

• We collect your IP address
• We collect “cookies”
• We collect connection and browsing data

 When you want to contact us or subscribe to our newsletter:

• We only collect your email address for newsletter registration.
• We collect your surname, first name, email address with regard to the contact form

 The usefulness and purpose of the processing

The data collected via the newsletter registration form, via the contact form, a demo request or to become a partner allow us to contact you again following one of your requests, to ensure the follow-up of your requests as well as to guarantee the effectiveness of a skill implemented by Amiral Technologies.

Also, your requests and requests allow us to improve the presentation and the functionalities of our site to offer an optimal service.

Personal databases are never used without informing you of the purpose of such use. Your explicit consent is requested directly on our website or on the school transport registration platform.

When you send us personal information relating to an application, this allows us to contact you again if your profile is suitable for the various job offers.

Retention of your data

In general, Amiral Technologies applies retention periods according to any type of archive according to the required administrative useful life.

Apart from the required administrative useful life, the CCUR sets the retention periods in accordance with and in compliance with Article 5.1 e) of the GDPR.

For the sake of precision, the duration of administrative usefulness (D.U.A) designates the period during which the documents are necessary for the activity of the service and/or the citizen to assert his rights. It is a mandatory document retention period that is usually expressed in years. Based on criteria of a legal nature (in particular the limitation periods set by law) or administrative, it covers the first two ages of archives (i.e. current archives and intermediate archives).

 Thus, the conservation of archives responds to three cardinal issues:

• The day-to-day management of the service (permanently having useful information for the proper functioning of the service’s activity)
• Justification of rights and obligations (keep evidence in case of dispute)
• Safeguarding memory (constituting the materials of history)

Regarding the three ages of records, these are explained as follows:

• Current archives: the file is alive for the investigation of the case, it is in the office or in the immediate vicinity;
• Intermediate archives: the file is closed but kept by the producing department, for reasons of activity or legal prescription, nearby, in a dedicated archiving room;
• Definitive archives: after sorting and possible eliminations, the file of historical (and sometimes legal) interest is transferred to the regional, departmental or municipal archives to be kept permanently.

Regarding the final fate of the archives:

At the end of the administrative useful life of the documents and unless extended, the documents can either be kept permanently (document with historical value) or destroyed. This destruction can only be done after obtaining the elimination visa from the competent archivist.

Regarding the destruction of archives:

Public archives are inalienable and imprescriptible: they are part of the movable public domain and cannot be altered or destroyed without the authorization of an authorized representative of the State. Also, all civil servants are responsible for the documents they produce or receive but do not own them. For example, at the expiration of their D.U.A, the public archives are subject to a selection to separate the documents to be kept from the documents devoid of historical or scientific interest, intended for disposal.

In addition, Amiral Technologies applies the following retention periods with regard to the processing of personal data relating to your browsing on the website.

Recipients and data transfers

The management of the website is outsourced to a specialized service provider (Eolas). It only receives your email address when you subscribe to the newsletter. Amiral Technologies ensures that the data nevertheless remains confidential and that it is not used for subsequent purposes.

EXERCISE OF PERSONAL RIGHTS

The Data Protection Act of June 20, 2018 relating to data processing, files and freedoms as well as the GDPR (Articles 12 to 21 of the GDPR) grant you rights relating to your privacy. These are the right to information, the right of access, the right of opposition, the right to limit processing, the right of rectification and the right to erasure.

• The right to information

The privacy policy contains all the information relating to the purposes of the processing that may be carried out, the categories of personal data processed and the recipients or categories of recipients to whom the data is communicated, in order to guarantee your right to information.

• The right of access

You can ask the CCUR directly if the latter holds data concerning you and also information relating to their processing. You can also request a copy of all the data concerning you.

• The right to rectification

You can ask to modify the personal data concerning you at any time.

• The right to object

The right of opposition allows you to oppose the processing of your data by Amiral Technologies provided that the processing is not necessary for the proper compliance with a legal obligation or the performance of a contractual obligation.

• The right to restriction of processing

You can request the limitation of the future processing of your personal data under certain conditions: when you dispute the accuracy of personal data, when you need it for the recognition, exercise or defense of your rights in justice. You can also demand the limitation of the processing of your data if the processing is unlawful and you do not wish to proceed with erasure.

• The right to erasure

You can ask us to delete your personal data, provided that the processing is not necessary for the performance of a contractual obligation or for the proper compliance with a legal obligation.

• Withdrawal of consent

If you have consented to the processing of your personal data, you can withdraw your consent at any time and unconditionally. Information related to the exercise of these rights is kept for FIVE (5) years from the date of the response from Amiral Technologies, in accordance with the legal limitation period for personal legal actions. Your data related to the exercise of your rights is then deleted at the end of this period. As part of a request to exercise your right, Amiral Technologies undertakes to respond to you, in accordance with the legislation in force, within a period of one month extendable by two additional months subject to justification (article 12 of the GDPR ).

HOW TO EXERCISE EACH OF THESE RIGHTS?

You can exercise each of the rights set out above by providing us with proof of identity.

By writing by post to the following address: Amiral Technologies, 12 rue Ampère, 38000 Grenoble

In accordance with the GDPR, Amiral Technologies reserves the right to request the payment of reasonable fees which take into account the administrative costs incurred in providing the information, carrying out the communications or taking the measures requested. Amiral Technologies also reserves the right to refuse to respond to any manifestly unfounded or excessive request, informing you of the reasons for the refusal.

Amiral Technologies informs you that you have the right to contact the National Commission for Computing and Liberties (CNIL), and to file a complaint at this address: www.cnil.fr