Personal Data Protection Policy

IORELYS processes Personal Data (such as this is defined hereunder) as part of its business activities, which includes Personal Data of people who use IORELYS services via the IORELYS Websites and/or applications (hereinafter referred to as “Digital Platforms”).

This “Personal Data Protection Policy” (hereinafter referred to as the “Policy”) is intended to inform all natural persons concerned (hereinafter “You” or “Your”) as to the manner in which IORELYS collects and uses Personal Data and the ways in which You can control this use.

  1. Definitions
  • Cookies : Files stored and used to record Personal Data and non Personal Data concerning Your browsing on Digital Platforms.
  • Personal Data : Any information which allows for identification, directly or indirectly, of a natural person. A person is “identifiable” insofar as he/she can be identified, directly or indirectly, in particular with reference to an identification number or one or more elements which are inherent to said person.
  • Sensitive Personal Data: Information concerning racial or ethnic origin, political, philosophical or religious opinions, trade union membership, health or sex life. In principle, sensitive data may only be collected and exploited with the explicit consent of people concerned.
  • Host : Service provider proposing the storage of Web content.
  • Digital Platforms: Grouping together of applications, websites and all digital platforms proposed by IORELYS.
  • Personal Data Protection Policy: Document which presents You with the website policy concerning Processing, transfer and communication of Personal Data.
  • GDPR : General Data Protection Regulation effective as at 25th May 2018.
  • IORELYS : Company responsible for the Digital Platforms.
  • IORELYS as Controller : Determines the purposes and processing methods for Your Personal Data.
  • IORELYS as Processor : Processes Personal Data for Your prospective clients and/or Your clients for You. You are then the Controller.
  • Personal Data Processing: Any operation or group of operations concerning said data, regardless of the process used (collection, storage, organisation, archiving, adaptation, modification, etc.)
  • Users : Person registered with IORELYS and/or directly using the services provided on Digital Platforms.

 

  1. Scope

The Policy is applicable regardless of Your Hardware, regardless of which Digital Platforms You use to access IORELYS services (Websites or applications) and at all times.

This Policy outlines the principles and guidelines for protection of Your Personal Data, which includes Personal Data collected on or via the IORELYS Digital Platforms. IORELYS collects Personal Data online (including by email) or offline; this Policy is applicable regardless of the mode of collection or processing.

The Digital Platforms may propose links to third party Websites likely to be of interest to You. IORELYS does not have any control over the content of third party websites or the practices of third parties in terms of Personal Data protection. Consequently, IORELYS hereby relinquishes all liability concerning processing of Your Personal Data by these third parties. It is Your responsibility to seek information concerning personal data protection policies of these third parties.

  1. Personal Data Collection
Users Visitors (viewer)
  • full name;
  • photo(s);
  • postcode;
  • postal address;
  • town/city;
  • email address;
  • telephone number(s);
  • login and password;
  • IP address;
  • IP address;
  • email address (if access link with prospect authentication);
  • full name and telephone number (if electronic signature);
  • No personel data collected

Browser version, OS, and traffic measure are also collected

In all instances, Personal Data collected is however limited to data required for the below purposes.

IORELYS pays particular attention to obtaining the consent for collection of Personal Data.

IORELYS as Controller IORELYS as Processor
IORELYS as Controller undertakes to request Your consent prior to each time it collects any item of Personal Data.

Consent may be given in various forms (opt-in, validation button, etc.) but will always require You to be clear and informed of the use of Your Personal Data.

 IORELYS as Processor is under no circumstances liable for the data You deliberately choose to enter into the Digital Platforms.

IORELYS as Processor reminds You that You have legal obligations concerning obtaining the consent of Your own clients and prospective clients. You must obtain their clear and explicit consent to be canvassed by email and by the use of IORELYS.

IORELYS as Processor undertakes to reiterate the consent of Your clients or prospective clients when they use the Digital Platforms.

IORELYS may under no circumstances be held liable for any fraudulent canvassing which does not respect its rules and legislation in force.

PLEASE NOTE: IORELYS is under no circumstances whatsoever liable for the Personal Data entry of Your prospective clients on the Digital Platforms or in documents stored on these. IORELYS may also not be attributable for processing of Data which does not concern this Personal Data.

  • Purposes of Personal Data collection

Personal Data is generally collected so as to allow for proper operation of IORELYS as well as improvement of marketing and advertising efforts of IORELYS, better adaptation of products and services offered by IORELYS to client requirements or respect of declarations concerning obligations for which provision is made by law and other activities necessary for the optimal use of our services.

IORELYS as Controller IORELYS as Processor
IORELYS as Controller collects and uses Personal Data for its business activities and for the following purposes:

– To allow you to request and obtain information about IORELYS products and services;

– To allow for interactive and personalised use of the Digital Platforms;

– To work out Your requirements and areas of interest and provide You with the most suitable products and/services;

– To access all characteristics and options offered by the Digital Platforms;

– To allow IORELYS to manage surveys;

– To allow IORELYS to manage its marketing activities;

– To allow IORELYS to manage its commercial relations: commercial opportunities, offers, purchases, contracts, orders, invoicing, etc.

– To offer you commercial or support services;

– To allow you to purchase software, product or service licences;

– To allow You to register for seminars, webinars or events;

– To allow IORELYS to manage its Research and Development activities: development requests, incidents, quality issues, tests, etc.

– To process applications and manage sources of recruitment;

– To manage Your training and/or certification for IORELYS product and services;

– With Your consent, send marketing and commercial emails or any other email which may inform You of IORELYS developments and its Digital Platforms;

– Any other purpose in relation with IORELYS as Controller.

 IORELYS as Processor only collects Your Data and that of Your Clients for Your legitimate interests following consent of each of the parties.

IORELYS as Processor collects and uses Your Personal Data for its business activities and notably the following purposes:

– To allow for interactive and personalised use of the Digital Platforms;

– To enable evaluation of viewing of Your documents by Your clients or prospective clients

– To enable printing of various studies and evaluations provided by IORELYS

– To enable proper operation of services offered by the various IORELYS Digital Platforms

– To offer you a better user experience

– To manager requests and various problems which may arise on the Digital Platforms

– To allow for security of the Digital Platforms and Data they contain

– Any other purpose in relation with IORELYS as Processor.
  • Cookies

The Digital Platforms may use cookies or other technologies which collect or store Personal Data. Cookies may be permanent (and remain after You log out of the Digital Platforms so as to be used during Your subsequent visits to the Digital Platforms) or temporary (and disappear when You log out of the Digital Platforms).

IORELYS uses cookies:

  • so as to improve Your user experience, notably by:
    • allowing a service to recognise Your hardware, consequently, You will not need to provide the same information several times so as to perform the same task,
    • recognising the username and password You have already entered so as You do not need to re-enter these on each web page that requires them,
  • analysing traffic and data on Digital Platforms so as to:
    • measure the number of users of services, thereby making it easier to use them and to ensure their capacity to respond to Your requests more easily,
    • helping IORELYS to understand the manner in which users interact with services so as to improve them.

IORELYS may also use third party services (such as Google Analytics, LinkedIn, etc.) so as to perform services on its behalf and notably to:

  • analyse Your browsing habits and measure the audience figures for Digital Platforms,
    • analyse Your areas of interest and propose targeted marketing or advertising offers,

In this instance, invisible pixels and cookies provided by these third-party service providers may be used and stored. During the transfer of information generated by cookies, the parameters of cookies ensure that the IP address is anonymised with geolocation and prior to storage.

When You browse on the Digital Platforms, cookies are activated by default and data may be read or stored locally on Your hardware.  You will be informed the first time that cookies are proposed, and You can decide whether to accept or refuse. By continuing to use the Digital Platforms, You expressly accept the use of cookies by IORELYS.

You can also configure Your browser so as to automatically refuse cookies. However, if this is the case, some functions and characteristics of the Digital Platforms may not correctly operated and You may not be able to access some parts or services of the Digital Platforms.

  1. Personal Data Processing and Management
  • Security

IORELYS oversees protection and security of Personal Data that You choose to send it, so as to ensure their confidentiality and prevent them from being damaged, misused, destroyed or disclosed to unauthorised third parties.

IORELYS has taken physical, electronic and organisational protective measures to prevent any loss, improper use, access or unauthorised distribution, alteration or destruction of Personal Data. Amongst these protective measures, IORELYS integrates specially developed technologies to protect Personal Data during transfer.

As all Personal Data is confidential, access is limited to employees, service providers and agents of IORELYS on a need to know basis as part of their mission. All people having access to Your Personal Data are bound by an obligation of confidentiality and risk disciplinary measures and/or sanctions if they default in respect of these obligations.

However, it is important that You take care to prevent any unauthorised access to Your Personal Data. You are responsible for the confidentiality of Your password and information in Your account. Consequently, You should ensure that You close each session in the event of shared use of the same computer.

  • Hosts

Data is stored, archived and encrypted by leading hosts in Europe and Canada.

  • Storage and Conservation

Personal Data processing notably includes the use, storage, transfer, adaptation, analysis, modification, declaration, sharing and destruction of Personal Data depending on that which is required in light of legal circumstances or requirements.

All Personal Data collected is stored for a limited term in line with the purpose of processing and solely for the duration for which provision is made by applicable legislation:

IORELYS as Controller
For any contract signed with IORELYS, the following Data is stored for the indicated term:
Identity and contact 5 years after the end of contractual obligations
Commercial relations 5 years after the end of contractual obligations
Connection data 12 months after collection
Payment terms 13 months after debit
For canvassing, IORELYS stores the following Personal Data for the corresponding durations:
Identity and contact 3 years from last contact
Connection data 12 months from collection
For direct marketing, IORELYS stores the following Personal Data for the corresponding durations:
Identity and contact 3 years from last contact
IORELYS as Processor
For Your canvassing requirements, IORELYS stores the following Personal Data of Your prospective clients for the corresponding durations:
Identity and contact 3 years from last contact
Connection data 12 months from collection
For Your direct marketing requirements, IORELYS stores the following Personal Data of Your prospective clients for the corresponding durations:
Identity and contact 3 years from last contact

 

PLEASE NOTE: IORELYS is under no circumstances liable for the Personal Data that You enter in documents which You store on the Digital Platforms.

  • Privacy Center

IORELYS, as proof of transparency, offers its users a Privacy Center which is a privacy management platform allowing You to access Personal Data You have conferred to IORELYS in real time.

  1. Transfer and Communication of Personal Data

 

  • European Union

In the event of accessing the Digital Platforms from a country which is not a member of the EU and whose legislation pertaining to collection, use and transfer of data differs from those in the EU, You accept and consent in line with this Policy to transfer Your Personal Data to the EU.

IORELYS may transfer Your Personal Data outside the EU, under the condition that it ensures, prior to transfer, that entities outside the EU, which includes affiliate companies and subsidiaries of IORELYS, offer an adequate level of protection, pursuant to European legislation.

  • Third parties

 

IORELYS only sends Your Personal Data to companies, organisations or third parties in the following circumstances:

  • With Your consent:

IORELYS only sends Your Personal Data to companies, organisations or third parties with Your consent. IORELYS will always seek Your authorisation before sending Sensitive Personal Data to third parties.

  • For processing requirements:

IORELYS sends Your Personal Data to other companies, sub-contractors or trusted persons who process these on its behalf, pursuant to its instructions, pursuant to these Confidentiality Rules and in respect of all other appropriate security and confidentiality measures. IORELYS will undertake such transfers to:

  • enable the resolution of technical issues of the Digital Platforms;
  • enable the due and proper operation of its services.
  • For legal reasons:

IORELYS does not share Your Personal Data with companies, organisations or third parties unless, in good faith, access, use and protection or disclosure of this Data is reasonably justified to:

  • fulfil legal and regulatory obligations, legal procedures or governmental requests which are enforceable,
  • apply the present Policy, including to observe any defaults in its application;
  • identify, avoid or deal with fraudulent activities, security breaches or any other technical issue;
  • protect its legal interests.
  • For commercial reasons

If legislation in force permits, IORELYS retains the right to:

  • share Your Personal Data with commercial partners where IORELYS and the commercial partner jointly sponsor an event or collectively participate in a marketing promotion in which You undertake to:
  • publicly share, as well as with our partners (publishers, advertisers or associated websites) information which does not allow for personal identification of the user.

If IORELYS should learn that a third party to whom IORELYS has sent Personal Data for the aforementioned purposes, uses or discloses Personal Data without respecting this Policy or in breach of applicable legislation, IORELYS will take all reasonable measures to prevent or bring an end to such use or disclosure. These transfers may take place by Internet or any other method deemed as necessary by IORELYS pursuant to applicable legislation.

  1. Your rights over Personal Data conferred

IORELYS undertakes to process and protect Personal Data which You send us in a loyal manner in agreement with the GDPR. However, it may be that You decide to take action over this data. You have several ways of acting, including the following:

  • Right of access: You are entitled to request that IORELYS sends You all Personal Data which the company holds about You.
  • Right of rectification: You are entitled to request that IORELYS rectifies any Personal Data which is no longer up to date or is held against Your will.
  • Right to deletion or Right to “be forgotten”: You are entitled to request that IORELYS deletes, in whole or in part, Personal Data.
  • Right to limited processing: You are entitled to request that IORELYS limits processing of Your Personal Data.
  • Portability: You are entitled to request that IORELYS sends You Your Personal Data so as to send this to another processing manager.
  • Right of opposition: You are entitled to object, at any time, to processing of Your Personal Data by IORELYS.

PLEASE NOTE: As to the right of deletion, rectification or objection to holding Personal Data, IORELYS will no longer process personal data unless IORELYS shows that there are legitimate and imperious grounds for processing which prevail over the interests and rights and liberties of the person concerned, or for observation, exercising or defence of rights in court.

 

  1. Notification of Personal Data infringements

In case of observation of an infringement of personal data likely to lead to a risk for the rights and liberties of natural persons, IORELYS will notify the control authority (the National Data Protection Authority [CNIL]), by the latest 72 hours after becoming aware thereof. Where necessary, we will notify You:

  • of the nature of the personal data infringement including, where possible, the categories and approximate number of people concerned by the infringement and the categories and approximate number of items of personal data concerned;
  • the name and details of the data protection officer (DPO), or any contact person from whom additional information can be obtained;
  • the likely consequences of the personal data infringement;
  • measures taken or which we propose to take to remedy the personal data infringement, including where applicable, the measures to remedy potential negative consequences.

Where applicable, where the infringement is likely to lead to a high risk for the rights and liberties of a natural person, IORELYS will contact the people concerned by any personal data infringement. Communication with the person concerned will include the following information:

  • the name and details of the data protection officer (DPO), or any contact person from whom additional information can be obtained;
  • the likely consequences of the personal data infringement;
  • the measures taken or which IORELYS proposes to take to remedy the personal data infringement including, where applicable, the measures to attenuate the potential negative consequences.
  1. Dispute resolution

Although IORELYS has taken reasonable measures to protect Personal Data, no transfer or storage technology is totally infallible.

However, IORELYS is concerned to guarantee the protection of Personal Data. If You should have any reason so as to believe that the security of Your Personal Data has been compromised or misused, You are invited to contact IORELYS at the following address: dpo(at)IORELYS.com.

IORELYS will investigate all claims concerning the use and disclosure of Personal Data and seek to resolve these pursuant to the principles appearing in this Policy.

Unauthorised access to Personal Data or the improper use thereof may constitute an infringement as defined by local legislation.

  1. Effective date and Modifications to the Personal Data Protection Policy

This Policy may be updated in line with IORELYS requirements and circumstances and if legislation requires. We consequently invite you to regularly read updates.

Any translation of this Policy or any content of the Digital Platforms are only provided as a guide.

If any stipulation in this policy, binding You to IORELYS is declared invalid or unwritten by a judge, all other stipulations remain applicable ipso jure. IORELYS reserves the right to amend or re-write the stipulation in question.

  1. Acceptance of the IORELYS Personal Data Protection Policy

As soon as You access the Digital Platforms, You unreservedly accept the Personal Data Protection Policy. If You do not wish to comply with the rights and obligations indicated in the Policy, IORELYS invites You to leave the Digital Platforms and not to access these in future.

By accepting the Personal Data Protection Policy, each User uses the Digital Platforms pursuant to their intended use, the rights assigned by IORELYS and regulations applicable and/or in force.

  1. Contact

For any questions concerning this Policy, to no longer receive information from IORELYS or for any request for a modification, addition, update or deletion of Your Personal Data, You can send an email to the following address: contact@iorelys.com. “