Art.1 Confidentiality Rules
The General Data Protection Regulation dated 27 April 2016 (hereafter GDPR) has been applicable since 25 May 2018. This regulation enforces strict rules and conditions to companies and traders regarding processing of personal data of their clients, in order to protect their privacy.
Through this document, communication of concise and clear information on the processing of your personal data is targeted.
Art.2 Responsible for Processing
The « responsible for processing » of your personal data is Isabelle Thouvenin, who is responsible of the website you have used and where you have filled data.
Art.3 Legal Basis of Data Processing and Use
We can use your personal data only for lawful and necessary purposes (Art. 6 of GDPR).
In concrete terms, this means we process your personal data, electronically or not, for lawful purposes under a contractual relationship, for business and for security/safety.
Those purposes are especially, but not exclusively:
Communications to conduct a contract.
Art.4 What is Personal Data ?
Personal data include any information on you as an individual that could allow your identification. Anonymous data, that do not allow your identification, are therefore not considered as personal data. Your personal data can include:
Data related to your identity (name, surname, address, VAT number, company number, etc.);
Contact data (phone number, email, …);
Financial data (bank account number, invoicing details, …);
Data related to a signed contract with us (object of the contract, invoicing address, professional data, …) ;
Data related to the use of electronic equipment like a computer (password, login data, electronic identification data, invoicing details …).
Processing of personal data disclosing racial or ethnic origin, political opinions, religious or philosophical beliefs, as well as processing of genetic data or biometric data in order to identify somebody uniquely, data related to sexual life or preference of a person are forbidden.
We are committed to strictly observing this prohibition.
How do we use your data?
With whom do we share your data?
Art.5 Sources of Personal Data
In principle, the data we have come from you. If you do not accept to provide data that are mandatory or necessary, you could miss certain advantages and/or we could decide to stop our services to you.
Art.6 Access to Personal Data
Your data are essentially for internal use. For specific lawful purposes, your personal data could be communicated to, and even processed by, third parties. We will check carefully that our contractors do respect the GDPR regulation. Data processing by our contractors is also done under a strict legal basis.
Art.7 Data Retention Period
All necessary means will be implemented to ensure that the personal data retention period for the purposes described above will not exceed the legal durations.
Art.8 What are your Rights?
We commit to take the relevant technical and organisational measures to guarantee the safety of the personal data processing (Art. 32 of GDPR).
- Right of access (Art. 15 of GDPR):
We agree that everyone has the right to access to his/her own personal data and we will make reasonable efforts to provide access to or to copy them.
- Right of rectification (Art. 16 of GDPR);
We agree with possible request for rectification of false data and to complete what needs to be.
- Right to oblivion (Art. 17 of GDPR) and Right to limitation of processing (Art. 18 of GDPR);
We commit to delete your personal data, especially in the following situations:
- Data being no more necessary for the purposes for which they had been collected/processed;
- You disagree with the processing;
- Personal data were processed illegally;
- Right to lodge a complaint (Art. 77 of GDPR).
You can exercise your rights contacting us at one of the following addresses:
- email: firstname.lastname@example.org.
- mail: HumExpo – 576 avenue de Grasse, 83300 Draguignan, France.
In order your request is considered as efficiently as possible, do not forget:
- to specify which processing is the subject of your request,
- to specify which right you want to execute, and
- to provide a copy of your identity document (this data allows us to check if the author of the request is actually the person who is concerned by the processing).
The customer has the right to lodge a complaint at any time before the privacy commission (CNIL) if he/she thinks that the processing of his/her personal data constitutes a breach in GDPR.
Art.9. Our Commitment
Our objective is to implement safety means to protect stored data against unauthorised access, inappropriate use, damages, illegal or accidental destruction.
Art.10. Procedure in Case of Violation
It can happen that personal data processed under a contractual relation come into inappropriate hands further to a human error or an electronic error, etc.
When the violation presents a high risk for personal rights and liberties, we will provide him/her information immediately on the facts and measures.
We will notify this violation to the CNIL within 72 hours after this is known, except if the violation does not present a high risk for personal rights and liberties (Art. 32-34 of GDPR).
Art. 11. Consentment
You give your explicit, unequivocal and informed consent for the processing of your personal data as described above in this Privacy Notice. You have the right to withdraw your consent at any time, based on a simple written request. We reseve the right to revise this Privacy Notice.