Policy relating to the personal data of our customers and contacts
1. Preamble
Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, otherwise known as the General Regulation on data protection (hereinafter the "GDPR") sets the legal framework applicable to the processing of personal data.
The GDPR strengthens the rights and obligations of data controllers, processors, data subjects and data recipients.
Within the framework of its activity, the firm Clarelis implements a processing of personal data gathering the data of its clients and contacts.
For a good understanding of this policy, it is specified that:
- "client (s)": refers to any natural or legal person who is a client of the Firm;
- "contact (s)": refers to any natural or legal person in relation to the Firm but who is not a client (prospects, relations, partners, etc.);
- "controller": refers to the natural or legal person who determines the purposes and means of processing personal data. Under this policy, the data controller is Cabinet Clarelis;
- "processor": refers to any natural or legal person who processes personal data on behalf of the controller. In practice, therefore, these are service providers with whom Cabinet Clarelis works and who deal with the personal data that it processes;
- "data subjects": designates the persons who can be identified, directly or indirectly. They are, hereunder, qualified as “customer” or “contact”;
- "recipients": refers to the natural or legal persons who receive communication of personal data. The recipients of the data can therefore be both internal recipients and external organizations (providers of support services, the judicial administration and its auxiliaries, ordinal authorities, etc.).
The GDPR, in article 12, requires data subjects to be informed of their rights in a concise, transparent, understandable and easily accessible manner.
2. Purpose
To meet its needs, Cabinet Clarelis implements and operates the processing of personal data relating to its clients and contacts.
The purpose of this policy is to meet the Firm's information obligation and thus to formalize the rights and obligations of its clients and contacts with regard to the processing of their personal data.
3. Scope
This personal data protection policy is intended to apply in the context of the implementation of the processing of personal data of clients and contacts of the firm Clarelis.
This policy relates only to processing operations for which the Firm is responsible, as well as to data qualified as “structured”.
Likewise, the policy does not cover the treatments implemented by the staff of the Firm in the treatment of their personal customers.
The processing of personal data can be managed directly by the Firm Clarelis or through a subcontractor specifically designated by it.
This policy is independent of any other document that may apply within the contractual relationship between the Firm and its clients and contacts, in particular our general conditions of intervention or our cookies policy.
4. General principles and commitment
No processing is carried out by Cabinet Clarelis concerning customer and contact data if it does not relate to personal data collected by or for our services or processed in connection with our services and if it does not does not meet the general principles of the GDPR.
Any new treatment, modification or deletion of an existing treatment will be brought to the attention of customers and contacts through a modification of this policy.
5. Types of data collected
NON-TECHNICAL DATA (depending on the use case):
-
Identification: name, first name, title, function, pseudonym, pseudo social networks
-
Contact details: Telephone, e-mail address, address, ...
-
Photo when you grant us this right (usually taken during an event or interview for our Clarelis and you news area)
-
Professional life
-
Personal life (family or patrimonial) when this is necessary in the context of the processing of a file
-
Bank details if necessary
TECHNICAL DATA (depending on the use case)
-
Identification data (IP)
-
Connection data (logs in particular)
-
Consent (click) data mainly for online subscriptions
The Cabinet Clarelis does not process sensitive data within the meaning of article 9 of the GDPR, apart from those included in article 9.2 f), in other words the data necessary "for the establishment, exercise or defense of a right in court or whenever courts act within the framework of their jurisdictional function ”.
6. Origin of the data
Firm Clarelis collects the data of its clients and contacts from:
- data provided by the client as part of a file entrusted to the Firm (client file);
- business cards ;
- electronic forms or forms filled in by the customer (attendance sheet, post-event satisfaction survey, LinkedIn forms);
- registration or subscription to our online services (website, social networks, Clarelis and you news area, etc.);
- registration for events organized by the Firm (by email or LinkedIn);
- lists communicated by the organizers of events or conferences in which we participate;
- exchanges via social networks.
We do not rent our databases.
7. Processing purposes
Depending on the case, Cabinet Clarelis processes your data for the following purposes:
- processing of files entrusted to the Cabinet;
- customer relationship management (CRM);
- management of events organized by the Firm Clarelis (Clarelis Meetings conferences, breakfasts, afterworks, zoom webinars, etc.);
- sending of our newsletters or information feeds;
- sending of greetings and other congratulations from the Clarelis group;
- improvement of our services;
- responses to our administrative obligations;
- production of statistics.
8. Legal basis
The processing purposes presented above are based on the following legality conditions:
Customers: Pre-contractual or contractual execution
Contacts: Legitimate interest and when required by law, consent
9. Data recipients
Clarelis ensures that data is only accessible to authorized internal or external recipients.
Internal recipients:
-
Lawyers
-
Partners and non-lawyer staff
External recipients:
-
Responsible for the communication
10. Retention period
The data retention period is defined by the firm Clarelis with regard to the legal and contractual constraints which weigh on it. It is set within the framework of its retention period policy.
After the deadlines set in the said policy, the data is either deleted or kept after having been anonymized, in particular for reasons of statistical use.
Customers and contacts are reminded that deletion or anonymization are irreversible operations and that the Firm is no longer able to restore them thereafter.
11. Right to copy
Customers and contacts traditionally have the right to ask Cabinet Clarelis for confirmation whether or not data concerning them is processed.
Customers and contacts also have a right of access, which is subject to compliance with the following rules:
- the request comes from the person himself and is accompanied by a copy of an up-to-date identity document;
- the request must be made in writing to the following address: Clarelis, 13 rue des Serbes, 06400 Cannes or to the e-mail address: clarelis@notaires.fr
Customers and contacts have the right to request a copy of their personal data being processed from Clarelis. However, in the event of a request for an additional copy, the Firm may require the financial support of this cost by clients and contacts.
If customers and contacts submit their request for a copy of the data electronically, the requested information will be provided to them in an electronic form in common use, unless requested otherwise.
Customers and contacts are informed that this right of access cannot relate to confidential information or data or for which the law does not authorize communication. This right can in no case allow access to documents and documents entrusted to the Cabinet and which are subject to professional secrecy.
The right of access must not be exercised in an abusive manner, that is to say carried out on a regular basis with the sole aim of destabilizing the Cabinet.
12. Update
The exercise of this right is exercised with your usual contact, failing which with the person in charge of communication at Cabinet Clarelis.
In order to allow a regular update of the personal data collected by the firm Clarelis, this one can solicit the customers and contacts who will have the possibility of satisfying its requests.
The Firm cannot be criticized for not updating if the client or the contact does not update their data.
13. Right to erasure
The right to erasure of customers and contacts will not be applicable in cases where the processing is implemented to meet a legal obligation.
Apart from this situation, customers and contacts may request the erasure of their data in the following limiting cases:
- when the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- when the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
- when the data subject objects to processing necessary for the purposes of the legitimate interests pursued by the Firm Clarelis and there is no overriding legitimate reason for the processing;
- when the data subject objects to the processing of their personal data for prospecting purposes, including profiling;
- when the personal data have been the subject of unlawful processing.
14. Right to limitation
Customers and contacts are informed that this right is not intended to apply insofar as the processing carried out by the Firm Clarelis is lawful and all the personal data collected is necessary for the execution of the commercial contract. .
15. Right to portability
The Firm Clarelis grants the right to data portability in the particular case of data communicated by clients or the contacts themselves, on online services offered by the Firm and for purposes based on the sole consent of individuals. In this case the data will be communicated in a structured, commonly used and machine-readable format.
16. Automated individual decision-making
The Cabinet Clarelis does not carry out automated individual decisions.
17. Post-mortem law
Customers and contacts are informed that they have the right to formulate directives concerning the storage, erasure and communication of their post-mortem data. The communication of specific post-mortem directives and the exercise of their rights are carried out by e-mail to the address: clarelis@notaires.fr or by post to the following address: Clarelis, 13 rue des Serbes, 06400 Cannes, accompanied by a signed copy of an identity document.
18. Justification
For all the rights mentioned from which the customer or the contact benefits and in accordance with the legislation on the protection of personal data, you are informed that these are rights of an individual nature which can only be exercised by the data subject in relation to their own information. To meet this obligation, we will verify the identity of the data subject.
19. Optional or compulsory nature of the responses
Customers and contacts are informed on each personal data collection form of the mandatory or optional nature of responses by the presence of an asterisk.
In the event that answers are required, Cabinet Clarelis explains to clients and contacts the consequences of not responding.
20. Right of use
Firm Clarelis is granted by clients and contacts a right to use and process their personal data for the purposes set out above.
However, the enriched data which is the result of processing and analysis by the firm of Clarelis, otherwise called the enriched data, remain its exclusive property (usage analysis, statistics, etc.).
21. Subcontracting
Firm Clarelis informs its clients and contacts that it may involve any subcontractor of its choice in the context of the processing of their personal data.
In this case, the Firm ensures that the subcontractor complies with its obligations under the GDPR.
The Firm Clarelis undertakes to sign a written contract with all its subcontractors and imposes on the subcontractors the same obligations in terms of data protection as it does. In addition, the Firm reserves the right to conduct an audit of its subcontractors to ensure compliance with the provisions of the GDPR.
22. Security
It is up to Clarelis to define and implement the technical security measures, physical or logical, that it considers appropriate to fight against the destruction, loss, alteration or unauthorized disclosure of data accidentally. or illicit.
These measures mainly include:
- the use of security measures for access to the premises (closing of offices, badges, etc.);
- security of access to our computer stations and smartphones (access code modified regularly);
- login and password for all our business applications;
- management of authorizations for access to data (specificity for our financial and accounting and communication services);
- VPN for remote connections;
- complex password for our Wi-Fi network changed every month.
To do this, the firm Clarelis may be assisted by any third party of its choice to carry out, at the frequencies it deems necessary, vulnerability audits or intrusion tests.
In any case, the firm Clarelis undertakes, in the event of a change in the means aimed at ensuring the security and confidentiality of personal data, to replace them by means of superior performance. No change can lead to a decrease in the level of security.
In the event of subcontracting of part or all of the processing of personal data, the Firm Clarelis undertakes to contractually impose on its subcontractors security guarantees by means of technical measures of protection of these data and the appropriate human resources.
23. Data breach
In the event of a personal data breach, Cabinet Clarelis undertakes to notify the Cnil under the conditions prescribed by the GDPR.
If the said violation poses a high risk for customers and contacts and the data has not been protected, the firm Clarelis :
- notify the customers and contacts concerned;
- communicate the necessary information and recommendations to the customers and contacts concerned.
24. Personal data referent
The firm Clarelis has appointed a “personal data” referent.
The contact details of our personal data referent are as follows:
Mr Philippe Buerch - Chairman
clarelis@notaires.fr
25. Register of salaries
Clarelis is not required to implement a processing register.
26. Right to lodge a complaint with the CNIL
Customers and contacts affected by the processing of their personal data are informed of their right to lodge a complaint with a supervisory authority, namely the CNIL in France, if they believe that the processing of personal data personnel concerning them does not comply with European data protection regulations, at the following address:
Cnil - Complaints Department
3, place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07
Phone: 01 53 73 22 22
27. Evolution
This policy may be modified or amended at any time in the event of legal or jurisprudential changes in decisions and recommendations of the CNIL or in practice.
Any new version of this policy will be brought to the attention of clients and contacts by any means chosen by the Firm Clarelis, including electronically (distribution by email or online, for example).
28. For more information
For any further information, you can contact our referent at the following email address: clarelis@notaires.fr
For any other more general information on the protection of personal data, you can consult the Cnil website www.cnil.fr.