Privacy and data protection policy
Definition
Regulation (EU) 2016/679 of the European Parliament and of the European Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
The GPDR is consistent with the 1978 French Data Protection Act ruling on the collection and use of data on the French territory. It has been designed around 3 objectives:
to strengthen people’s rights,
to empower data processors,
to give credibility to regulation through enhanced cooperation between data protection authorities.
The purpose of this personal data protection policy is to inform you about the commitments and measures taken by RNI Conseil to ensure that your personal data is respected, in accordance with applicable European law (GPDR). This policy may be modified in the light of legislative and regulatory changes as well as with regard to the CNIL, the French Data Protection Supervisory Authority.
RNI Conseil is responsible for the processing of your personal data and as a trusted partner, we want our customers to be assured that we do everything possible to ensure the protection of their personal data and respect of their rights.
We are committed to a GPDR compliance program and all the firm’s employees will be made aware of such protection of personal data.
Data collected and storage period
RNI Conseil ensures at all times that it only collects personal data strictly necessary for the purpose of the processing operations performed (particularly your full name, title, address, telephone number, business emails, company and position).
RNI Conseil only stores your personal data for the duration necessary for the assignments for which it was collected and in compliance with current legislation.
Thus, your data is stored for a period of three years from the time it is collected or the last contact or termination of the business relationship.
It is then archived in compliance with current legislation and for the necessary period of time, when it is of administrative interest, particularly for the establishment of proof of a right or a confidentiality agreement (ten years). Access to these archives is restricted and secure, only the Management may have access to them. Other data is permanently destroyed or anonymized.
Protection of your personal data
Technical and organizational security measures are also implemented to ensure the security and confidentiality of your personal data, particularly to ensure that unauthorized third parties do not have access to it.
Why and how do we use or process your personal data?
These processing operations fulfil an explicit, legitimate and determined purpose, whether it be contractual, commercial, legal or accounting.
Your personal data is stored in a computer file and is used for the following purposes:
To manage your registration and ensure the monitoring of your training
To meet our obligations to the authorities of the French Ministry of Labor, Employment and Vocational Training
To perform any operation related to the management of our business relations: contracts, orders, subscriptions, invoicing, accounting, account management, customer relationship management, unpaid invoices
To provide the services you request and give you access to our various communications (newsletters, etc.)
To provide you with information about our services and events
For the management of requests for access, rectification, objection and portability rights
To operate, improve and maintain our activities and services, to improve your user experience, to enable us to detect technical or service issues, to administer our sites and applications and to develop business statistics
Who has access to your personal data?
Only the management, managers of the regulatory and scientific departments, staff and service providers authorized to process your data, within the limits of their respective powers, have access to personal data solely within the scope of subcontracting that has been explicitly agreed by the customer.
We strictly require our service providers to use your personal data only as part of a service we have entrusted to them, to always act in accordance with the relevant personal data protection laws and to ensure the confidentiality and security of such data. In the context of subcontracting with a service provider outside the European Union, we require that access to personal information is not disclosed to third parties.
In the context of the relationship between RNI Conseil and its US subsidiary – RNI Consulting, personal data may be transmitted for subcontracting purposes. An explicit agreement between the subsidiaries guarantees the complete confidentiality of the data exchanged.
Entities under the authority of the Ministry of Labor, Employment and Vocational Training may also have access to your data for the performance of tasks that fall within our obligations to them.
Your personal data may be disclosed in accordance with applicable laws or regulations, court orders or government regulations, or if such disclosure is necessary in the course of an investigation or judicial proceedings.
Where is your personal data stored?
Your personal data is stored in our customer, prospect and supplier databases and on a secure server. We take all appropriate measures to prevent, as far as possible, any alteration, loss or unauthorized access to your data.
Cookies
Cookies’ storage period
In accordance with the recommendations of the CNIL, the maximum storage period for cookies is 13 months after their first deposit in the User’s terminal, as well as the period of validity of the User’s consent to the use of these cookies. Cookies’ lifetime is not extended with each visit. The User’s consent must therefore be renewed at the end of this period.
Cookies’ purpose
Cookies may be used for statistical purposes, particularly to optimize the services provided to the User, by processing information concerning the frequency of access, personalization of pages as well as the operations carried out and the information accessed.
You are informed that the Publisher may place cookies on your device. The cookie records information relating to web-browsing (the pages you have visited, the date and time of the visit, etc.) that we can use during your subsequent visits.
User’s right to refuse cookies
You acknowledge that you have been informed that the Publisher may use cookies. If you do not want cookies to be used on your device, most browsers allow you to disable cookies by using the setting options.
Your rights with regard to your personal data
In compliance with European regulations on the protection of personal data, you have the right to access and rectify this information if it is inaccurate, incomplete, ambiguous or outdated, to limit processing and deletion, to object to its recording for legitimate reasons and to the portability of your data. You also have the right to define guidelines for the treatment of your data after your death.
You can exercise these rights by e-mail at rgpd@rni-conseil.com or by post at the following address: RNI Conseil – 17 rue des Deux Haies 49100 Angers, France.
Upon receipt, your request will be processed within one month.
Restriction of access to premises and facilities where data is processed
Our offices are located in a building comprising four professional companies; access to the building is restricted by a magnetic badge system that does not allow people to enter:
from 1pm to 2pm and from 6pm to 9am from Monday to Friday.
Restriction of access to systems and data
Access to the server containing all personal and sensitive data is only permissible to the IT service provider and the Management and is secured by means of a login and password.
Access to customer and prospect files is only authorized to members of Management and the Head of Regulatory and Scientific Divisions. Files are encrypted by password.
Availability Control Check
The following precautions (physical/logical) to ensure data security have been implemented:
Backup procedures for the IT systems
Ongoing health check of the IT environment
Continuous maintenance of the power supply (APC)
Firewall/antivirus systems
RNI Conseil contact information
RNI Conseil (Règlementation Nutrition International Conseil)
17 rue des Deux Haies
49100 Angers
Tél : +33(0)2.41.87.00.91
Email : rgpd@rni-conseil.com