The Odity Group is committed to processing your personal data in a transparent, confidential and secure manner.
Consequently, in compliance with the GDPR adopted by the European Parliament on April 14, 2016, and the French Personal Data Protection Law dated January 6, 1978, and amended, Odity Group informs you of the following:
1. INFORMATION COLLECTED AND USE OF YOUR PERSONAL DATA
Odity Group only collects information that is adequate, relevant and limited to what is necessary for the purposes for which it is processed.
Your personal data may be collected on different occasions:
- When you browse Odity Group sites: This data, which does not allow Odity to identify you directly, includes data related to your browsing of the Odity site, such as the pages you have visited, the dates and times you consulted those pages, your search results on Odity Group sites, information about your device (type of hardware, operating system, unique identifier, IP address used, device configuration, browser used, browser language) and the address that led you to the Odity Group sites. Supplying your personal data is not required if you only want to visit Odity Group sites.
To this end, the Odity Group may collect information about your browser habits; how long you visited the site or a page; the page you were on when you left the site; the country, region or city you accessed the site from; and the recurrence of your visit.
You can refuse the installation of cookies by configuring your browser (for more information, consult your browser’s “Help” section). However, please note that refusing cookies may alter your browsing experience on the Odity Group sites.
Information collected using cookies does not allow identifying you by name. For more information on cookies, consult the CNIL website.
–To obtain services, you place an order as a customer. When you register on your personal page, the Odity Group collects data related to your title, first and last names, postal address, phone number, email address, password and, if necessary, information related to means of payment (name of credit card holder, credit card number, expiration date and visual cryptogram). This data is collected for the purpose of providing direct, password-protected access to your personal data stored in our system and if relevant, to your history related to previous services.
Odity Group uses your personal data in compliance with applicable laws and regulations. Odity Group uses your personal data for the proper execution of the contract. This use is based on your consent and on the legitimate interest of Odity Group, namely the processing of your request.
Odity Group also uses your personal data to ensure you an optimal experience when you consult the pages of Odity Group sites, to count the number of end users who consult these sites, to analyze browsing statistics and to improve these sites.
Odity Group commits to keeping personal data only for the length of time necessary for processing purposes.
Personal data collected by Odity Group is meant for use by legal entities of the Odity Group, third-party companies or subcontractors (who may operate outside the European Union), exclusively for providing services and in compliance with the applicable legal and regulatory provisions.
2. PROTECTION OF YOUR PERSONAL DATA
Odity Group implements the means to protect your personal data from unauthorized access, use or disclosure, including, but not limited to:
- Implementation and maintenance of advanced technical means to ensure the confidential and secure storage and processing of your personal data;
- Implementation and maintenance of the appropriate restrictions concerning access to your personal data and control of access to, use and transfer of personal data;
- All Odity Group employees with access to your personal data must sign a confidentiality agreement or similar document that obliges them to comply with Odity Group data protection and privacy requirements;
- Odity Group requests all business partners and third-party service providers with whom it may share your personal data to comply with all applicable data protection and privacy requirements;
- Odity Group regularly provides data protection training to its employees and third parties who have access to your personal data.
Odity Group declares that is has sufficient guarantees as concerns the knowledge, reliability and resources required to ensure the implementation of technical and organizational measures that meet the legal and regulatory obligations for data protection.
Odity Group declares that it maintains an electronic record of all categories of processing activities carried out on your behalf, including all the information listed in Article 30.2 of the GDPR.
i. Declaration of compliance with the NS 48 Simplified Standard relating to prospective customer files;
ii. Declaration of compliance with the NS 57 Simplified Standard that concerns listening to and recording phone conversations in the workplace.
iii. Guarantee the confidentiality of your personal data processed under the contract;
Odity Group declares that it is supported by a specialized consulting company for issues concerning personal data protection; this company is CIL Consulting, which has the “CNIL Label”.
In addition, Odity Group undertakes to:
i. Process your personal data only for the purpose of providing services;
ii. Process your personal data in accordance with your instructions;
iii. Guarantee the confidentiality of your personal data processed under the contract;
iv. Ensure that the individuals authorized to process your personal data under the contract maintain confidentiality or are subject to an appropriate legal obligation of confidentiality and receive the necessary training in personal data protection;
v. Take into consideration the principles of data protection by design and data protection by default for all tools, products, applications or services;
vi. Immediately inform of all modifications or changes that may impact personal data processing;
vii. Retain personal data only for the time needed for the purposes for which the data was collected or sent and remove personal data when this period is over;
viii. Consult with you to decide when making your personal data anonymous could be appropriate.
Odity Group undertakes to notify you of any breach of personal data, such as defined in Article 4.12 of the GDPR, within a maximum of forty-eight (48) hours after having noted this breach and by sending a message to your email address.
This notification shall include any documents held by Odity Group that will enable you, if necessary, to contact the competent authority concerning this breach. As nearly as possible, it must specify the type and consequences of the data breach, the steps that have been taken or are proposed to be taken to remedy the situation, the individuals who can provide additional information and, when possible, an estimate of the number of people likely to be affected by the breach.
If you have a complaint, you can directly contact the CNIL (French national commission on information science and liberty).
3. YOUR RIGHTS
In compliance with Law no. 78-17 dated January 6, 1978, concerning data processing, files and liberty, as modified by the law n°2004-801 of August 6, 2004, and by the European Regulation n° 2016/679, the Customers have the right to access, rectify, remove and port data concerning them, as well as the right to object to processing this data for a legitimate reason; these rights may be exercised by contacting the person responsible for processing.
In compliance with Article 37 of the above-mentioned European Regulation, Odity Group has appointed Philippe Munier, Director of Support and Services, as the DPO (contact firstname.lastname@example.org).
Requests related to the communication, portability, rectification, removal or opposition to the processing of personal data must include the photocopy of a currently valid and signed identity document and mention the address at which the Odity Group can contact the applicant.
Odity Group undertakes to answer requests for access, rectification or opposition, as well as any other request for additional information, within a reasonable period of time and no more than one month from the date of receipt of request.
If your personal data has been breached, Odity Group undertakes to notify the CNIL under the conditions prescribed by the GDPR.
If you feel that Odity Group is not meeting its obligations with respect to your personal data, you may submit a complaint or request to the competent authority. In France, the competent authority is the CNIL, to which you can send a request electronically by clicking on the following link: https://www.cnil.fr/fr/plaintes/internet.