PERSONAL DATA PROTECTION POLICY

OSEUS COMPANY

1.       Introduction

The OSEUS Company, as a data controller, may collect and process personal data as part of its activities.

This data protection policy exists to ensure an adequate level of security in terms of confidentiality, availability and integrity of the personal data processed against all threats that could affect it.

All the processing of personal data implemented complies with the applicable regulations on the protection of personal data and in particular the provisions of the French “Computing and Freedom” amended law of January 6, 1978, and the General Data Protection Regulation (EU Regulation 2016/679) referred to as “GDPR”.

2.       Commitment

The OSEUS Company is committed to guarantee a high level of protection of the personal data of any person whose personal data it processes (customers, employees, partners, etc.).

More specifically, the OSEUS Company is committed to respect the following principles:

  • Personal data are processed lawfully, fairly, and transparently
  • Personal data are collected for specific, explicit, and legitimate purposes, and are not subsequently processed in an incompatible manner with these purposes
  • Personal data are stored in an adequate and relevant manner and are limited to what is necessary for the purposes for which they are processed
  • Personal data are accurate and kept up to date. All reasonable measures are taken to ensure that inaccurate data, having regard to the purposes for which they are processed, are erased, or rectified without delay.

The OSEUS company implements the appropriate technical and organizational measures to guarantee a level of security adapted to the inherent risk of its processing operations, to comply with regulatory requirements and to protect the rights and data of the people concerned when designing processing operations.

Finally, the OSEUS company is committed to comply with any other principle that is required concerning the applicable regulations on the protection of personal data, and more specifically regarding the rights conferred on the persons concerned, the retention periods for personal data as well as obligations relating to cross-border transfers of personal data.

3.       Responsibility

The OSEUS company (1 rue des Vergers – Bâtiment 6 – Hall D – 69760 LIMONEST (FRANCE) – Company registration (SIREN) number 504 425 000) represented by its Chairman, Mr. Jean Eric LUCAS, is responsible for processing your personal data.

4.       Personal data collected

The personal data that we collect and process are of a diverse nature depending on the processing considered, and may include:

  • Contact details (e.g. name, first name, telephone number, email address);
  • Personal information (e.g. date of birth, nationality, profession);
  • Economic and financial information (when the processing involved requires it);
  • Your credit card number (for transaction and reservation purposes);
  • Information appearing on an identity document (e.g. identity card, passport or driving license);
  • Your preferences and interests in terms of training
  • Your questions / comments during or following your participation in one of our programs or following a contact with a member of our company authorized to process these data.

You can choose not to provide us with personal data when we ask you to do so. If you decide not to provide us with your personal data, this may limit our cooperation with you. For example, we may not be able to provide you with the services you have requested.

  • Tools of data collection

Depending on the people and the processing operations concerned, the tools of collecting personal data may vary and take different shapes: paper or computerized form, web form, copy of paper or digital documents, professional information sources accessible to the public, marketing consultants or any other relevant way.

  • Processing purposes and legal bases

Personal data are collected and processed only for specific and limited purposes, and based on the legal foundations provided for by the Regulations:

  • As part of the execution of a contract
    • As the purposes of legitimate interests or, where applicable, based on consent
    • In order to ensure compliance with legal and regulatory obligations as defined by the legislation in force
  • Retention period

The OSEUS Company undertakes to keep personal data for a period not exceeding the necessary time for the purposes for which they are processed, and in accordance with the retention periods imposed by the applicable laws in force.

These retention periods are defined according to the processing purposes implemented by the OSEUS Company. They take account of the legal provisions which apply imposing a precise retention period for certain categories of data, for any limitation periods that apply, as well as for the recommendations of the National Commission for Data Protection and Liberties (CNIL-France) concerning certain categories of data processing.

  • Who is likely to access your personal data?

Recipients of your data

The data collected may be communicated to authorized staff of the OSEUS Company, to its partners or to its ancillary service providers, as part of the performance of all or part of the services.

It is recalled that in this context, the OSEUS Company asks its service providers to set up strict confidentiality and protection measures for these data. In addition, the OSEUS Company may be required to provide personal information to authorized French or foreign public authorities.

Data transfers outside the European Union (EU)

Some of the recipients mentioned above are likely to be established outside the European Union and to have access to all or part of the personal information collected by the OSEUS Company due to a specific legal authorization.

In this context, the OSEUS Company is committed to guarantee the protection of your data in accordance with the strictest rules, especially through the signing, on a case-by-case basis, of contractual clauses based on the model of the European Commission, or any other mechanism.

In this context, the OSEUS Company is committed to guarantee the protection of your data in accordance with the strictest rules, in particular through the signing, on a case-by-case basis, of contractual clauses based on the model of the European Commission, or any other mechanism complying with the General Data Protection Regulation (GDPR), when your personal data are processed by a service provider outside the European Economic Area and whose country is not considered by the European Commission to provide with an adequate level of protection.

No transfer of personal data is made directly by the OSEUS Company outside the EU.

  • Data security

The OSEUS company has defined and implements all the technical and organizational measures useful, regarding the nature, scope and context of the personal data communicated and the risks presented by their processing, to preserve the security of personal data and prevent any destruction, loss, alteration, disclosure, intrusion, or unauthorized access to these data, whether accidentally or unlawfully. This can be, for example, backup plans, management of access rights, secure flows, etc. Respect for the security and protection of your data are binding on all our employees and our service providers.

  1. Your rights

In accordance with the applicable regulations on the protection of personal data, you can exercise your rights of access, rectification, or deletion of your data at any time as well as exercise your rights to limit and oppose processing and portability of your personal data.

You also have the right to modify or withdraw, at any time, the consents that you have granted us for the processing of your personal data.

In addition, you have the right to object to the processing of your personal data and the right to their portability, under the conditions set by the Regulations.

Updating of transmitted data

It is important that the information you provide us with is accurate and up to date, and that you inform us without delay of any significant changes concerning you.

Procedures for the exercise

You can exercise your rights at any time by email to the address: mesdonneespersonnelles@OSEUS.com

You can also send a postal mail to:

  • OSEUS – 1 rue des Vergers – Bâtiment 6 – Hall D – 69760 LIMONEST (FRANCE)

In this context, we ask you to accompany your request with the elements necessary for your identification (name, first name, email) as well as any other information needed to confirm your identity.

You also have a right of appeal to the National Commission for Data Protection and Liberties (CNIL-France) at the following address:

  • CNIL – 3 place de Fontenoy – TSA 80715 – 75334 Paris Cedex (FRANCE)

Monitoring of the Personal Data Protection Policy

This policy is updated regularly to consider legislative and regulatory modifications, but also any change in the organization of the OSEUS Company or in the offers, products and services offered.

This General Personal Data Protection Policy is supplemented by detailed information on the purposes of the data processing implemented, the recipients of the data, their retention periods, and the methods of practical exercise of the rights of individuals. This General Personal Data Protection Policy can also be given to people on simple written request to the contact details above.

Personal Data Protection Policy validated on February 15, 2021.