Personal data protection policy
This Data Protection Policy is intended to inform you as to the commitments taken by REEL AEI so as to guarantee respect of your Personal Data.
- Personal data (or “Data”) refers to all information pertaining to an identified or identifiable natural person, directly or indirectly, notably with reference to an identifier.
- Personal Data Processing refers to any operation or group of operations undertaken with or without the assistance of automated processes and applied to Data or groups of Data.
- Data Controller: REEL AEI, having its registered office at Calle Marisma n°35 29006 Malaga Spain , hereby undertakes to respect privacy and protect Personal Data.
1. SCOPE OF THE PERSONAL DATA PROTECTION POLICY
This Data protection policy is applicable to all Personal Data Processing implemented by the Data Controller via the Website.
2. DATA COLLECTED
Generally, you can visit our Website without it being necessary to send us Data.
However, in order to be able to offer certain services, the Data Controller may request certain Data from you, for instance, to reply to a contact request or follow an application.
All or some of the following Data may be collected when you use the Website:
- Identity data (surname, forename, email address, telephone number)
- Data pertaining to your personal and professional life which you decide to send us, notably in the framework of applications.
In all instances, we restrict ourselves to the collection and processing of pertinent, adequate, non excessive Data strictly necessary for those purposes previously determined.
3. PURPOSE OF PROCESSING UNDERTAKEN BY THE DATA CONTROLLER AND LEGAL BASIS FOR PROCESSING
The Data Controller hereby undertakes to collect and process your Personal data in a loyal, legal and transparent manner.
Use, in line with the purposes outlined hereunder, of your Data by the Data Controller is authorised by legislative and regulatory provisions as it is:
- Required for respect of our legislative and regulatory obligations towards public institutions or competent authorities. Art. 6 sec. 1 lit. c) GDPR
- Required for conclusion or performance of a contract Art. 6 sec. 1 lit. b) GDPR
- In certain cases, required for our best interests for the purposes outlined hereunder Art. 6 sec. 1 lit. f) GDPR
- In certain circumstances, undertaken with your consent Art. 6 sec. 1 lit. a) in connection with Art. 7 GDPR
Processing, undertaken by the Data Controller, meets explicit, legitimate and determined purposes.
Your Data may notably be processed for the following purposes:
- Supervision of your application made on the Website:
- Response to your contact requests and issue of commercial documentation.
The purpose of collection will be precisely indicated at the time of collection.
4. TERM OF DATA STORAGE
The duration of storage of your Data depends on the processing purposes for which the data is used.
- Processing and supervision of applications:
We hereby undertake to delete your Data within a maximum of 2 years after our final contact with you.
- Communication, management of your contact requests:
We hereby undertake to delete your Data within a maximum of 3 years after our final contact with you.
Beyond this term, Data may be rendered anonymous and stored solely for statistical use and will not be exploited, in any nature whatsoever.
5. CATEGORIES OF RECIPIENTS OF DATA COLLECTED
The Data Controller will only send your Personal data to authorised and given recipients.
No transfer to third parties for commercial use will be undertaken without your prior consent.
The recipients of your Data are those departments at the Data Controller concerned as well as, where applicable, authorised persons:
- From our subsidiaries for internal management or recruitment;
- From our suppliers, service providers and notably technical service providers so as to provide you with the service or information you requested (Mailing, data storage, etc.) By virtue of their contract, these service providers are not authorised to use or disclose this information, aside for when required to provide services or comply with requirements for which provision is made by law;
- From a legal or administrative authority where the Data Controller is required by law.
By application of applicable regulations, any sub-contractor who may process this Personal data for the Data Controller undertakes notably to:
- process Data solely for that/those purpose(s) which are the sub-contracted,
- process Data pursuant to the Data Controller instructions
- guarantee the security and confidentiality of Data.
6. DATA TRANSFER
In such instance as your Data is transferred outside of the European Union, we ensure that:
- Data is transferred to a country accepted as offering an equivalent level of protection.
- Data is transferred to entities certified under the Privacy Shield
- For Data transferred outside of countries recognised by the French Data Protection Authority (CNIL) as having a sufficient level of protection, redress is made to one of the mechanisms offering appropriate guarantees for which provision is made by applicable regulations, and in particular standard contractual clauses.
You can consult our cookies policy here.
8. YOUR RIGHTS CONCENING DATA COLLECTED
8.1. Your rights
You have all of the following rights over Data we collect:
- Right to access your Data: You are entitled to receive confirmation that your Data is or is not processed and, when it is, are entitled to access said Data. This right includes that of receiving a copy of the Data processed: Art. 15 GDPR.
- Right to request rectification of your Data if incorrect: You are entitled to request that your Data be rectified, updated or completed when inaccurate, incorrect, incomplete or obsolete: Art. 16 GDPR.
- Right to request deletion of your Data: According to Art. 17 GDPR, you are entitled to request deletion of your Data only for those reasons for which provision is made by applicable regulations and in particular when: Data is no longer necessary in light of the purposes for which it is collected or processed in any other manner; you withdraw consent over which processing is based, and there is no legal basis for processing; you object to processing and there is no overriding legitimate ground for processing; you consider that your Data has been processed illicitly; your Data should be deleted to respect a legal obligation.
- Right to limit processing of your data: According to Art. 18 GDPR, you are entitled to request that the Data Controller limit the use of your data solely on those grounds for which provision is made by applicable regulation and in particular when: you object to the accuracy of your Data; you consider that processing is illicit and you object to deletion of your data; data is still required for exercising or defending your rights in court even though the Data Controller no longer requires this data,
- The right to object to processing by withdrawing your consent (with it being reiterated that this withdrawal may not harm the legality of processing based on the consent granted prior to its withdrawal) Art. 7 sec. 3 GDPR,
- The right to benefit from data portability: You are entitled to reclaim your data provided to the Data Controller, in a structured format, commonly used and machine-readable, and the right to transfer this data to another Data Controller, Art. 20 GDPR.
- Right to make a complaint to the National Data Protection Authority (CNIL): If you consider that the Data Controller has defaulted in respect of its obligations in light of your Personal data, at any time you may issue a complaint or make a claim to the competent authorities. In France, the competent authority is the National Data Protection Authority (CNIL) to whom you may issue a claim electronically by clicking on the following link: https://www.cnil.fr/fr/plaintes/internet.
8.2. Terms for exercising rights
You may exercise the aforementioned rights with a written and detailed request to the following address: REEL AEI, Chemin de la Chaux, BP39, 69450 Saint-Cyr au Mont d’or, France.
Due to the obligation of security and confidentiality in Data processing incumbent upon the Data Controller, you are hereby informed that your request will be processed subject that you provide proof of your identity, notably by producing a scanned copy of a valid identity document or a signed photocopy of a valid identity document.
The Data Controller will determine whether this is admissible or not within one month following receipt of the claim. In such instance as it is deemed admissible, the Data Controller will provide all information requested or implement the rights claimed within the aforementioned deadline.
If, given the complexity of the claim or the number of requests received, the aforementioned deadline cannot be respected, the Data Controller will notify you prior to expiry of this deadline, of this deadline being pushed back by a maximum of two months following its decision.
The Data Controller hereby notifies you that it will be entitled, where applicable, to object to any requests which are clearly abusive (in their number, repetitive or systematic nature).
In such instance as the Data Controller does not follow up on your request, we will inform you in the aforementioned deadlines of the grounds on which our decision is based and your option to refer a complaint to the National Data Protection Authority (CNIL).
9. PERSONAL DATA SECURITY
We take all necessary security measures so as to prevent as far as practically possible any alteration or loss of your data or any unauthorised access thereunto.
In such instance as we should be aware of any illegal access to personal data concerning you, we undertake to notify you of the incident as soon as possible if this fulfils a legal requirement.
10. UPDATING THE PRESENT POLICY
The present policy may be updated at any time, notably pursuant to legal and/or regulatory provisions and/or any recommendations of the National Data Protection Authority (CNIL). We hereby invite you to consult this page regularly.