This Privacy Notice applies to the processing of personal data linked to the use of the DIAGAST website.
DIAGAST, as Data Controller responsible for processing of personal data, undertakes to comply with the general data protection regulation No. EU 2016/679 (“GDPR”) and with all laws and regulations in force on Data Protection.
DIAGAST wants to make sure that you understand what personal data is collected about you, how it is used and how it is kept secure when you use the DIAGAST website.
Access to the website https://www.diagast.com/en/ (hereinafter the “Website”) implies the User’s full and unreserved acceptance of this Privacy Notice (hereinafter the “Notice”), as well as the Cookies Notice.
The User acknowledges having read the information below and authorizes DIAGAST to process, in accordance with the provisions of the Notice, the personal data that he/she communicates on the Website.
The Notice is valid for all pages hosted on the Website. It is not valid for the pages hosted by third parties to which DIAGAST may refer and whose privacy policies may differ. DIAGAST cannot therefore be held responsible for any data processed on these websites or by them. This Notice also applies to any other website that DIAGAST may operate, including our Company pages on Facebook, Instagram, LinkedIn and YouTube.
1 – What personal data do we collect?
- Identification data related to your queries: Last name, first name, email address, phone number and the category of the request (customer request – information request – other).
- Data collected within the framework of a recruitment procedure: name, first name, email address, mobile phone, CV.
- Commercial information: e.g. if you have subscribed to our newsletter.
- Technical data: e.g. cookies may store in certain circumstances personal data which may include : IP addresses, browser type, location, operating system, … For more information, please consult our Cookie Notice.
- Aggregate data: aggregate statistical data (e.g. Company page on LinkedIn, Facebook, Instagram and YouTube)*.
*For the use of social media, DIAGAST will be joint-controller with LinkedIn, YouTube, Instagram and Facebook only for the following activities : accessing and processing statistical aggregate data provided by LinkedIn, YouTube, Instagram and Facebook. For any other processing on the platform, social media platform shall be considered as the sole data controller. Facebook (including Instagram) and LinkedIn have created an “addendum” to their user agreements for company pages for the processing for which they are joint-controllers with us. Such agreement is not currently provided by YouTube.
2 – Why do we use your personal data?
- Customer support: We use your personal data in order to respond to your requests or your inquiries via the address email@example.com . The legal basis justifying the processing is as follows: the processing is necessary for the realization of the legitimate interest pursued by DIAGAST. It is in the legitimate interest of DIAGAST to process personal data in order to respond to the request of any data subject who has contacted DIAGAST.
- Recruitment procedure: We process your personal data to analyze your applications for the various jobs we offer. The legal basis is our legitimate interest, in order to respond to your job solicitation requests.
- Marketing: We will process your personal data to manage your subscription to the newsletter. The legal basis is your consent. Please, remember that you may unsubscribe from the newsletter at any time without any cost.
- Technical data: see our Cookies Notice.
- Aggregate data: Some information related to follower’s visits are collected in an aggregate way by LinkedIn, YouTube, Facebook and Instagram in order to have information on the way our page is consulted. We consider that we have lawful interest to understand the way our page is consulted (e.g. how many times our page is consulted, from which country, …)
3 – How long will we keep your personal data?
- Customer request: In order to respond to your request or to your requests for information, we will keep your data for as long as necessary to achieve this objective.
- Recruitment procedure: In order to respond to your application, we will keep your data for as long as necessary to achieve this objective.
- Marketing: We will process your data until you unsubscribe or cancel your subscription to the newsletter.
- Technical data: See our Cookies Notice.
- Aggregate data: Statistical information are stored by LinkedIn, YouTube, Facebook and Instagram and consequently subject to their retention policy. We may export statistical reports, but we guarantee that this is only in an anonymous form.
4 – Data sharing
We do not sell, trade or rent your personal data to third parties.
We only pass on your personal data to our suppliers and/or subcontractors to the extent necessary to achieve the objective of processing your data.
Some of our suppliers and subcontractors may be located outside the European Economic Area (EEA). In this case, your personal data could be transferred to a country which does not have the same level of protection for your personal data as the EEA, which increases the risk that you will not be able to exercise your rights. In the event that your personal data are transferred outside the EEA to a third country which does not benefit from an adequacy decision recognized by the EU Commission, DIAGAST is responsible for protecting your personal data and taking steps to maintain the confidentiality of your data. DIAGAST is then responsible for putting in place adequate measures as defined in the GDPR in Chapter V in connection with the protection of your personal data, including standard contractual clauses.
5 – How do we protect your data?
DIAGAST treats your personal data confidentially and uses at least the same level of care to protect your personal data from its own confidential information of a similar nature.
Your personal data are contained in secure networks and are only accessible to a limited number of people who have specific access rights on these systems and who are required to maintain the confidentiality of the information.
6 – Your rights
According to the GDPR, you have the following rights:
- Information: When personal data are collected directly from the data subject or obtained from another source, it is necessary to inform the data subject of DIAGAST’s use of these personal data and the rights of the data subject on these data. Respect for this right is provided in this “Notice”.
- Access: You have the right to obtain confirmation of the processing of personal data concerning you and, if necessary, all the information necessary to make the process transparent. You also have the right to obtain a copy of your personal data during processing.
- Rectification: You have the right to request the rectification of inaccurate data about you.
- Erasure: You have the right to request the erasure of your data in certain circumstances.
- Restrict the processing: You have the right to request to restrict processing of data in certain specific circumstances.
- Data portability: You have the right to request receipt or transfer to another organization of your personal data in a machine-readable form.
- Objection to the processing: You have the right to object at any time, for reasons related to your particular situation, to the processing of your data.
- Right to withdraw consent: When you have given your explicit consent to the processing of your data, you can withdraw it at any time without justification. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal
If you wish to exercise your rights, please inform DIAGAST by contacting us at the following email address: firstname.lastname@example.org. If required, we will contact our Data Protection Officer (DPO).
You also have the right to lodge a complaint to your national Data Protection Authority, or the Data Protection Authority where the alleged infringement took place.
7 – Do We Use ‘Cookies’
Yes. For more information, please consult our Cookies Notice.
8 – Contacts
Parc Eurasanté – 251, avenue Eugène Avinée
59120 Loos – FRANCE
Data Protection Officer (DPO)
Data Protection Authority France: Commission Nationale de l’Informatique et des Libertés – CNIL
3 Place de Fontenoy
75334 PARIS CEDEX 07
Tel. +33 1 53 73 22 22
Fax +33 1 53 73 22 00