Enyter Personal Data Privacy Notice

Enyter Personal Data Privacy Notice

Enyter Personal Data Privacy Notice

Date of last change: July 27, 2021

Introduction

The aim of this Personal Data Privacy Notice is to formalise our commitment to respecting the privacy of users on the www.enyter.com website (hereinafter “the Website”) operated by Enyter SAS (hereinafter “Enyter”).It defines the use we make of the information concerning you, which we collect directly or indirectly (hereinafter the “personal data ”), and the measures we take to protect such data. It also defines your rights with regard to personal data concerning you and the point of contact where you can get more information on the processing operations that we carry out, or to exercise your rights.

This Privacy Notice, the Legal Notice – General Conditions of Use of the Website and the Cookie Management Policy constitute the entire agreement. All capitalised terms not otherwise defined in this Privacy Policy/Notice are defined in the Legal Notice.

In making our Website available to you, we process your personal data in compliance with the General Data Protection Regulation 2016/679 of 27 April 2016 (“GDPR”) and under the conditions set out below.

Personal data means any information relating to an identified or identifiable natural person. We only collect and process personal data in the context of the provision of our Services or when providing information on said Services, in strict compliance with the GDPR.

We only collect personal data that is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. You will never be asked to provide personal data considered “sensitive”, such as your racial or ethnic origins, or your political, philosophical or religious opinions.

By registering on the Website, you authorise us to process your personal data in accordance with the Notice. If you refuse the terms of this Notice, please refrain from using the Website and the Services.

 

1. Our data controllers

This Personal Data Privacy Notice applies to the processing of personal data carried out by Enyter SAS, and/or any of its affiliated companies and related entities (hereinafter together or individually “Enyter France”, “Enyter”, “we”, “us” or “our”), acting as data controller or controllers. The data controller(s) may be contacted at the following address: Enyter, 21-23 rue Camille Desmoulins, 92130 Issy les Moulineaux.

2. What persons are concerned by our personal data processing?

The following people are concerned by the data processing that we carry out:

  • any visitor to our Website
  • our clients, their employees, and/or clients and/or suppliers and/or partners and/or service providers
  • our potential clients
  • candidates applying for jobs with us

(hereinafter together and individually “you”, “your”, “yours”)

We understand the importance of protecting the privacy of minors. Our Website and our services are not designed or intended for minors aged 15 or under. Our policy is not to intentionally collect or retain the personal data of minors.

3. When do we collect your personal data?

This Privacy Notice sets out how we collect, process, store and protect your data when:

  • you browse or use our Website;
  • you ask us for a case study;
  • you contact us;
  • we provide professional services to our clients (including their employees);
  • you access your personal space to track your assignments;
  • we use you as a service provider, partner or subcontractor;
  • you apply to Enyter via the contact form available on our Website;
  • any other operation relating to our commercial offerings or customer service proposals is carried out.

4. What data are collected via the Enyter.com Website?

When we refer to “our Website” or “this Website” in the context of this document, we are referring to the specific pages of the Enyter Website accessible via the following link: www.enyter.com 

When you browse our Website, we may collect personal data about you because you provide it to us voluntarily or because we collect it automatically.

Data that you give us voluntarily:

When you (i) fill in a contact form on our Website, (ii) use your personal tracking space, (iii) subscribe to a newsletter or marketing communication, (iii) register for one of our events, we may collect the information described below.

We do not intentionally collect sensitive data. You are under no obligation to provide us with sensitive data, and you should not provide us with such data. If you choose to provide us with sensitive data through our Website, you consent to the collection and processing of such data. As a reminder, data considered as sensitive are data concerning the health, sex life or sexual orientation of a natural person, biometric data, genetic data, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership.

Profile of the person whose data are collected

Data collected

Purposes

Legal basis

Visitors to the Website requesting a case study 

Data that you give us voluntarily:

Contact data: name and surname, email address, contact phone number

Data corresponding to your project’s questionnaire: employment status, family circumstances, marital status.

  • to manage and respond to your requests sent to our Website;
  • to send you a newsletter or information, in accordance with your wishes or in connection with our activities that may interest you;
  • to invite you to events that are likely to be of interest to you.

 

Our legitimate interest to respond to any request or complaint received, invite you to events for which you have expressed an interest and/or send you information or newsletters in accordance with your wishes or which are likely to be of interest to you.

Visitors to the Website requesting a case study

Any other data that you decide to provide us with in the “free text” section.

Your consent. By deciding to provide us with any data that we have not requested, you consent to our use of such data for the purposes mentioned.

Visitors to the Website requesting a case study

Data we collect automatically:

Cookies and Web beacons

  • to manage, maintain and improve our Website and ensure its effective operation;
  • to adapt the content of our Website so that your experience is more personalised, and to improve your experience on our Website.

Our legitimate interest to personalise the online user experience, improve the performance and ergonomics of our Website, carry out and measure the effectiveness of our marketing activities

Your consent to the use of cookies for certain purposes.

Note de MJB : mettre ici le lien vers la politique des cookies

Profile of the person whose data are collected

Data collected

Purposes

Legal basis

Enyter clients and their employees

Contact data:

Your name and surname, your business email address  

Business data:

The company you work for and your position.

Any other personal data, concerning you or third parties, that you give us in the context of the provision of our services or pre-contractual negotiations.

  • the needs of negotiations relating to our services and the organisation of the assignments we undertake with our clients. These exchanges may take place with you, our client, other members of the Enyter network, our suppliers, or the competent authorities;
  • to meet the applicable legal, regulatory or ethical requirements (in particular, management of the obligation of independence, management of conflicts of interest and quality control);
  • to respond to communication requests from the competent authorities to which Enyter may be subject;
  • the opening of a client account or accounts, or for any other administrative purpose;
  • accounting and financial management, including billing for our services;
  • risk analysis and management;
  • to manage the business relationship, including: (i) sending information or news about our products or services that may be of interest to you; (ii) sending a message to get your opinion on our products or services; or (iii) contacting you for other professional or commercial purposes related to your activities;
  • administration and support of the IT tools used in our activities (electronic messaging, dedicated business tools such as support applications);
  • hosting and maintenance of these IT tools, archiving and reprography;
  • professional services which may be provided to us by our own experts or advisers, such as lawyers, accountants or consultants;
  • protecting our rights and those of our clients;
  • prevention of personal data breaches, through the use of tools aimed at detecting, preventing and protecting against any safety breach leading, in an accidental or unlawful manner, to destruction, loss, alteration or unauthorised disclosure of personal data transmitted, stored or processed in any other way, or the unauthorised access to such data (together, hereinafter, the “breach” or “breaches”). These tools used by Enyter, to the extent permitted by law and regulations, include in particular: (i) tools to detect any breach committed through use of Cloud storage services, messaging applications and use of USB external storage or memory card, (ii) tools to detect any breach committed via Enyter’s shared spaces, and (iii) traffic analysis tools to detect any breach committed via Enyter’s email service. 

Our legitimate interest to provide you with an efficient service, in accordance with our contractual obligations, and to implement all the elements necessary for the proper organisation of assignments.

Our legitimate interest to exercise or defend your rights or our rights, in accordance with applicable legal provisions.

Our legal, regulatory or ethical obligations (such as keeping records for tax purposes, providing information to a public body, anti-money laundering).

Applicants

Contact data:

Your name and surname, your business email address  

Business data:

  • the needs of negotiations relating to our recruitment policy.

Our legitimate interest to respond to your application for an employee, trainee or outside contractor position.

People whose personal data may be collected indirectly

In the context of the services we provide to our clients, we may indirectly obtain personal data about you because our clients or other persons provide such data to us (for example your lawyer or your employer, or service providers that we use for the purposes of our business activities) or because the data are in the public domain. These data are processed in compliance with this Notice and the applicable regulations.

When we obtain personal data about you from our clients, it is the clients’ responsibility (i) to ensure that all personal data that have been provided to Enyter, directly by clients or indirectly on their behalf, have been collected in a lawful, fair and transparent manner and (ii) to inform you of the ways we process your data.

In the context of the services we provide to our clients when they connect to the personal spaces of our Website to track their assignments, we collect personal data such as their IP address, and the date and time of connection.

5. How do we protect your personal data?

We have implemented technical and organisational security measures to ensure the security, integrity and confidentiality of all your personal data, so as to prevent them from being distorted, damaged or accessed by unauthorised third parties. 

These measures include in particular:

  • sensitising and training staff to ensure they are aware of our obligations with regard to protection of personal data and best practices to be adopted;
  • administrative (HR, CIO) and technical controls to limit access to personal data only to personnel who need to know them for any of the aforementioned purposes;
  • periodic audits aimed at analysing the measures put in place and checking their effectiveness;
  • establishment of internal policies and procedures, particularly for the management of requests to exercise rights and the adaptation of procedures for handling confidentiality incidents;
  • IT security measures to ensure protection against attacks and failures, in accordance with standard ISO 27001; more specifically, firewalls, encryption, antivirus software, antimalware and tools to prevent cyber attacks and personal data breaches;
  • physical security measures to protect our premises, in particular access badges.

We ensure an appropriate level of security, taking into account the state of knowledge, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks and their likelihood.

However, it should be noted that since no security measure is infallible, Enyter is not able to guarantee absolute security for your personal data.

If you have a Besides space, you are responsible for ensuring the confidentiality of the password you use to access your Account. Do not share this information with anyone. If you use a shared computer, remember to log out before leaving a Service.

6. When do we share your personal data and who are the potential recipients of your personal data?

6.1 Sharing your personal data with third-party companies

Your personal data are never transmitted to external service providers when you browse the Website. 

The personal data used on the Website are stored in France. 

6.2 Sharing with the authorities

We may need to disclose your personal data to administrative or judicial authorities when such disclosure is necessary for identification, apprehension or prosecution of an individual likely to prejudice our rights, or the rights of any other user or a third party. Lastly, we may be legally bound to disclose your personal data and unable to object to such a request.

7. How long do we keep your personal data?

For case study and contact requests, we will keep your personal data for 1 (one) year.

For the personal spaces for tracking assignments, your personal data will be erased and only kept in the form of an archive for the purposes of establishing proof of a right or a contract.

For exchanges with our clients, we will keep your personal data in our systems for the longest of the following periods:

  1. the period necessary to accomplish the objective or objectives pursued during their collection;
  2. the periods of preservation, archiving and requirements provided by law or regulations;
  3. the end of the applicable limitation period following a dispute or an investigation in connection with one of our offers or proposals, or one of our services.

In any case, we will keep your personal data for a period no longer than is necessary for the purposes for which they are processed in accordance with the uses set out in this Notice and in compliance with laws and regulations.

8. What are your rights?

Know your rights 

You have rights over your personal data. In accordance with the regulations on personal data protection, in particular Articles 15 to 22 of the GDPR, and after providing proof of your identity, you have the right:

  • to obtain confirmation that we are processing your personal data and to obtain a right of access and a copy of the personal data concerning you that we keep;
  • to ask us to update your personal data that we hold or to correct incorrect or incomplete personal data;
  • to ask us to delete the personal data concerning you that we keep, or to limit our use of them;
  • to withdraw your consent authorising us to process your personal data (to the extent that this processing is subject to consent);
  • to the extent provided by law or by an applicable regulation, to receive a copy of the personal data you have provided to us, in a structured, commonly used and machine-readable form and with a view to transmitting it to another party (to the extent where this processing is subject to consent or a contract). To object to the processing of your personal data.

In addition, within the limits of the law, you also have the right to object to the processing, to limit it, to decide on what happens to your data after your death, to withdraw your consent at any time and the right to portability of the personal data you have provided.

For a case study request, contact request or a contract between an individual and Enyter, you are the only person to have provided us with the data we hold. The data will be processed directly in accordance with your request.

For a company contract, the data have been transmitted to Enyter by your company within the framework of a service contract of which you are the beneficiary. The data will be processed after consultation with your company.

To exercise your rights

You can contact our Services to exercise your rights at the following email address: privacy@enyter.com or at the following postal address: 21-23 rue Camille Desmoulins, 92130 Issy les Moulineaux, attaching a copy of an identity document to your request.

For any question or request made to our services for which you do not receive a satisfactory response, you are entitled to lodge a complaint with the French data protection authority (“CNIL”), by post to 3 Place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07. You can contact the CNIL directly on the CNIL website..

9. Can we amend the Notice?

We reserve the right to amend this Personal Data Privacy Notice at any time, periodically, particularly on account of legislative and/or regulatory developments and internal policies concerning the protection of your personal data.

If we make any changes to this Privacy Notice, we will change the revision date at the top of the page. The amended version of this Personal Data Privacy Notice will be applicable as from that date. We encourage you to consult this Notice regularly to keep yourself informed of how we protect your personal data.

Your use of the Website after any amendment means that you accept these amendments. If you do not accept certain substantial amendments made to this Notice, you must stop using the Website.

10. Data Protection Officer and contact 

Enyter SAS has appointed a Data Protection Officer (DPO).

The contact details of our Data Protection Officer are as follows:

ENYTER – DPO

Stéphane Sans
21-23 rue Camille Desmoulins

92130 Issy les Moulineaux 

Tel.: +33 (0)1 30 84 08 18
Email: dpo@enyter.com