Privacy Policy - Sopemea

Privacy Policy

Privacy Policy

We want to work with you, our customers, partners, providers, suppliers and interns with trust. For this, we specify in this policy what we do as Data Controller with the Personal Data of individuals. The Privacy Policy explains how we use any information given to us, the ways in which we protect your privacy, and how we comply with the GDPR (General Data Protection Regulation)

For questions about this policy, please contact our Data Protection Officer (DPO) at dpo.sopemea@apave.com.

1. What information do we collect?

We collect personal information directly from you or through your employee or a person authorized to:

  • ensure the implementation of a contract or general terms & conditions (contract monitoring, preparation and implementation of the intervention and delivery, Quality Control);
  • ensure compliance with our legal and regulatory requirements and in compliance with our legitimate interests;
  • achieve specific purposes after obtaining your explicit agreement.

Examples: We can inform you of new services or applications available for your industry.

Also, if you contact us, we will keep a record of your request to deal with and respond to your query or comments

2. What is the personal data you provide to us?

When you contact us or ask us to contact you for the services you want, you agree to provide the following Personal Data: name, surname, email address, telephone number, information shared by yourself.

For delivery of our benefits and services, we collect personal and professional data such as name, work phone numbers, date of birth (trainees and vocational training), professional email address, signature, function, the photograph optionally; technical skills regarding data; financial data.

We also use the Personal Data generated as a result of training;  the attendance record, date of issue of the certificate, training evaluation, authorizations and titles. When you have completed training and to help you better maintain your qualification, we inform you of the need for renewal.

When you want to access online services you have subscribed to, you provide the following Personal Data: name, surname, professional email address, work phone number.

We also hold your consent to receive information, for example the newsletters.

3. To whom we disclose your personal data?

We may disclose your personal data to third parties only in the following cases:

  • Internal services;
  • For external processing needs: we transmit this data to trusted processors, processing the data according to our instructions and in accordance with the GDPR and with any other appropriate security and confidentiality measures. We also use service providers to provide data backup and hosting.
  • For legal or regulatory reasons: we may share Personal Data to comply with legal, regulatory and administrative obligations  to detect, prevent or treat fraudulent activities, security breach and any technical problems; or in case of assessment or audit by authorities (or their representatives).

4. How do we keep and secure your personal data?

Personal Data must be protected using technical and organisational protection measures including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

These measures that we apply include the following:

  • Apave employees, subcontractors, providers and interlocutors who need access to Personal Data to carry out their functions and responsibilities:

Are authorised and have restricted personal access;

  • Are sensitised and/or trained, depending on their roles, functions and responsibilities;
  • Have signed a confidentiality agreement and have been informed of the risks and penalties in the event of breach of their obligations.
  • We encrypt the data when necessary.
  • We keep Personal Data during the term of the business relationship and then archive it or delete it. In some cases, we reserve the right to retain the data for a longer period of time, especially to prevent litigation. For data processing subject to consent, we remove the data as soon as the consent is withdrawn.

In connection with the purposes outlined, we do not transfer Personal Data outside the European Union. In the event that we may transfer personal data in countries outside of the European Union, we undertake to set up the appropriate safeguards and to obtain the prior authorization from the other party and the necessary guarantees. We remain responsible for our commitments on this Personal Data.

We do not transfer Personal Data outside the European Union. In the event that we are visiting countries outside the European Union for the purposes of a contract, we undertake to put in place the appropriate guarantees. In any case, we remain responsible for our commitments on these Personal Data.

5. How do you exercise your rights over Personal Data?

At any point while we are in possession of or processing the personal data, the person concerned may exercise their rights.

Rights can include:

  • A right of access;
  • A right of rectification or deletion of the Personal Data
  • Right to restriction of processing
  • Right to object to certain types of data processing;
  • Right of portability of data.

The person concerned may exercise any of these rights by contacting the Data Protection Officer at the e-mail address of dpo.sopemea@apave.com, or by regular mail to Apave,  For The Attention of The Data Protection Officer at 191 rue de Vaugirard 75738 Paris Cedex 15. Under the same conditions, the persons concerned also have the right to withdraw their consent at any time, without recourse.

The persons concerned may also submit a complaint to a Data Protection Supervisory Authority, in France the CNIL.

6. How do we manage Personal Data breach?

We take Personal Data breach very seriously.

In the event of a breach of your personal data which may create a risk to your rights and freedom, the Data Protection Officer of Apave will notify the violation to the CNIL as soon as possible, and, if practicable within 72 hours  after having become aware of it. Apave will also inform the person concerned, as soon as possible in accordance with the provisions of article 34 of the GDPR.

7. Reviewing and updating our Data Protection Policy

We undertake to process Personal Data in accordance with the legal provisions in force.

This policy will be reviewed according to the legal changes. You will be regularly informed of this update.

The modified Data Protection Policy will apply from that revision date. Therefore, we encourage you to periodically review this statement to be informed about how we are protecting your information.

You can request our detailed policy directly from our Data Protection Officer at dpo.sopemea@apave.com by recalling the contract that binds us.