Personal data protection policy

Last update: April 2021

Preamble

For business purposes, DARVA processes personal data relating to its professional customers, contacts/prospects and suppliers, and may process the personal data of candidates responding to job offers.

The purpose of this Policy is to provide information on how we use and protect personal data in accordance with the European General Data Protection Regulation No. 2016/679 (hereinafter the “GDPR”) and any other regulations made pursuant to it.

Particularly attached to the principles of personal data protection, DARVA is committed to collecting and processing data in compliance with the regulations in force. 

This policy is independent of any other document that may apply within the contractual relationship between DARVA and its customers.

IDENTITY OF THE DATA CONTROLLER AND ITS DATA PROTECTION OFFICER DATA PROTECTION

The data controller is DARVA, a limited company, whose registered office is at Chauray (79180), 245, rue du stade, registered under number 345 133 128 at the NIORT Trade and Companies Register and represented by Mr Christian Garrez in his capacity as Chairman.

DARVA has appointed a Data Protection Officer who can be contacted at the following e-mail address: contact.dpo@darva.com

COLLECTION CASES AND DATA COLLECTED

Your personal data will be collected by DARVA in the context of relationships established between you and DARVA, such as: business relationships, professional meetings, partnerships, application and recruitment management etc.
DARVA does not collect sensitive personal data. By voluntarily providing DARVA with sensitive, unsolicited personal data (for example, in your CV), you expressly consent to the use of your personal data as described in this Policy.

PURPOSES OF PROCESSING

DARVA ensures that your data is only processed for the purposes mentioned. Data collected in this way has been limited to what is strictly necessary (data minimisation) and is mandatory for the processing in question.
Any processing carried out by DARVA is for explicit, legitimate and specific purposes.

Your data is processed for the following purposes:
– Marketing of DARVA services and commercial relationship management;
– management of services subscribed to by the customer, (including access and use of the service by the user; implementation of user support and assistance; management of security incidents; accounting management; management of the contractual relationship);
– provision of services and products (development, certification, maintenance, etc.);
– analysis, optimisation, research and development of services;
– management of events organised by DARVA (including customer support through user clubs, commissions and workshops, etc.);
– communication on DARVA activities and news;
– sending greetings and other congratulations from DARVA;
– answers to the questions we are asked (by phone or online);
– compliance with our legal, regulatory and administrative obligations;
– management and processing of applications sent to DARVA;
– visitor management and security of access to the premises (including video surveillance);
– supplier purchasing management.

In the context of browsing, DARVA may also collect indirectly personal data in its legitimate interest for the purposes of producing statistics, managing connections and browsing (see information on Cookies and other trackers).

LEGAL BASIS

Your personal data is collected and processed only on the legal basis provided for by the regulations:
– In the context of the performance of a policy or pre-contractual measures between you and DARVA;
– When justified by the legitimate interest of DARVA;
– To comply with a legal obligation to which DARVA is subject.

RECIPIENTS

Depending on the purpose of the processing, your personal data will be used by the relevant DARVA staff and by service providers and sub-contractors performing services on our behalf.
It will only be communicated externally for management purposes or to meet legal and regulatory obligations. If this is the case, DARVA will ensure that adequate measures are put in place to guarantee a level of security appropriate to the risk.

DATA RETENTION

Your personal data is kept for the period necessary to comply with the applicable legal and regulatory provisions or for another period of time taking into account operational constraints.
In particular, the following retention periods apply:
– If you are a customer, the majority of the information is retained for the duration of the contractual relationship and for 10 years following the end of the policy.
– If you are a prospect, the information is kept for 3 years from the date of collection or from our last contact with you.
– In the context of recruitment, the data of unsuccessful applicants is kept for a maximum period of 24 months from the last contact between DARVA and the applicant, unless you object to the retention of your data and request the destruction of your file. The data is then kept in archives for six years in the event of legal recourse in view of the applicable limitation periods.

After the set deadlines, the data is either deleted or anonymised.

DATA SECURITY

DARVA takes all useful and appropriate measures to preserve the security and confidentiality of your data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorised third parties.
Among other things, DARVA has set up:
– security measures for accessing the premises (badges, locking of certain offices, etc.);
– security of access to staff computers and smartphones (access code changed regularly);
– logins and passwords for all our business applications;
– procedures for managing access to data;
– antiviral controls and attachments;
– a VPN for remote connections.

In the event of a change in the means of ensuring the security and confidentiality of personal data, DARVA undertakes to replace it with means of superior or at least equivalent performance. No change can lead to a drop in the level of security.
In the event of sub-contracting all or part of the processing of personal data, DARVA shall ensure that its subcontractors are contractually obliged to guarantee the implementation of an equivalent or higher level of security.
In accordance with the provisions of the GDPR, and if despite all the precautions taken, DARVA, or one of its sub-contractors, becomes aware of a personal data breach, a notification will be made to the CNIL under the conditions prescribed by the GDPR and, where applicable, when required, the persons concerned will be informed.

EXERCISING YOUR RIGHTS

For any information or to exercise your rights regarding the processing of personal data managed by DARVA, you can contact our Data Protection Officer at the following address: contact.dpo@darva.com

For all the rights mentioned and in accordance with the GDPR, you are informed that these are rights of an individual nature which can only be exercised by the data subject in relation to their own information. To meet this obligation, a copy of your ID is required and must be provided to enable us to process your request.

It is specified that the exercise of some of these rights may result, on a case-by-case basis, in DARVA being unable to respond to your request, to provide you with the requested service or to contact you again at a later date.
For example, if you, as a candidate, ask us to delete your file, we will not be able to offer you any further employment opportunities within our company.

Furthermore, your status as a business customer may prevent you from exercising certain rights, as the processing of your data is necessary to execute the policy or pre-contractual measures between us.

Scope of the request

In order for DARVA to be able to respond to your request in the best possible way in accordance with the right invoked, we advise you, as far as possible, to indicate the personal data processing operation(s) concerned or the context in which DARVA was required to process your personal data.

Right of access (right to private copies)

You have the right to request confirmation from DARVA as to whether or not your personal data is being processed.

You also have a right of access, which is subject to the following rules:
– the request comes from yourself;
– the request must be made in writing to the following address DPO DARVA – 245 rue du Stade, BP 98732 Chauray, 79027 NIORT cedex or at the e-mail address: contact.dpo@darva.com

You have the right to request a copy of your personal data being processed from DARVA. However, in the event of a request for an additional copy, DARVA may ask you to cover the financial cost.

If you make your request for a copy of your data electronically, the information requested will be provided in a commonly used electronic form, unless you request otherwise.

Finally, the right of access must not be exercised in an abusive manner, i.e. on a regular basis with the sole aim of destabilising DARVA.

Rectification and updating

If you wish to modify or rectify your personal data, you must address your request to your usual contact person or, failing that, to the DARVA DPO, who will be able to relay the request to the relevant departments/contact persons.
DARVA is obliged to check the relevance of the data processed. In order to allow your data to be regularly updated, DARVA may call upon its customers and contacts. DARVA cannot be held responsible for a failure to update if the customer or contact does not update the data when requested to do so.

Right to erasure

We will not be able to comply with your request in cases where the processing is carried out to meet a legal obligation.

Apart from this situation, you may request the deletion of your personal data in the following limited cases:
– when the data is no longer necessary for the purposes for which it was collected or otherwise processed;
– when you object to processing that is necessary for the purposes of the legitimate interests pursued by DARVA and there is no compelling legitimate reason for the processing;
– when your data has been unlawfully processed.

Right to restriction

You may ask DARVA to restrict the processing of your personal data in the following limited cases:
– when you dispute the accuracy of your personal data, for a period of time that allows DARVA to verify the accuracy of the data;
– where the processing is unlawful and you object to the erasure of your data and instead request the restriction of their use;
– when DARVA no longer needs the personal data for the purposes of processing but it is still necessary for you to establish, exercise or defend legal claims;
– when you have objected to the processing, during the verification of whether the legitimate reasons pursued by DARVA prevail over yours.

Right to object

For reasons relating to your particular situation (legitimate reason), you may object to the processing of your personal data, only when the purpose of the processing is based on the legitimate interest of DARVA. This right to object cannot be exercised when there is a legitimate and compelling reason for DARVA to process your personal data (e.g. security of the premises).

Complaints

For more information on the extent of your rights, you can consult the website of the Commission Nationale de l’Informatique et des Libertés (CNIL):www.cnil.fr/fr/comprendre-vos-droits[PA1] or contact it to make a complaint about the processing of your personal data.

COOKIES AND OTHER TRACKERS

What is a cookie?
A cookie is a piece of information placed on the user’s hard drive via the DARVA Website. It does not endanger the security of the user’s workstation.

What do cookies do?
Cookies can have different functions. They may be necessary for the user to browse the Internet and on the sites viewed, allow a user to be recognised from one visit to another thanks to a unique identifier, but also to be used to record the language settings of a site or for targeted advertising purposes.
As cookies may collect personal data, the user’s consent must be obtained before the publisher places cookies.
As an exception, some cookies are exempt from consent. These are cookies whose sole purpose is to enable or facilitate communication by electronic means and cookies that are strictly necessary for the provision of a service expressly requested by the user.

The cookies set by DARVA are:

– Cookies necessary for the functioning of the site
These cookies, placed by DARVA and essential to browsing, allow the DARVA Website to function optimally and give you access to specific functionalities. If you disable the use of these cookies, you will no longer be able to benefit from these features. These cookies do not collect any personal data and the information stored cannot be used for commercial purposes. The user is informed that blocking cookies may affect certain functionalities of the Website.

These cookies are not subject to consent as they are necessary for the functioning of the DARVA Website.

– Audience measurement cookies
DARVA uses Google Analytics cookies to quantify the number of users visiting the DARVA Website and to understand how users browse the Website. Cookies indicate which pages are most frequently consulted, the length of time spent on the site, etc. and thus enable us to optimise the site, fix bugs and improve the quality of our services.

Who uses cookies?

The information that DARVA collects through functionality cookies is only used for DARVA’s own purposes and the proper functioning of the DARVA Website.
The information that DARVA collects through audience measurement cookies is only used by DARVA for the needs of the website’s users. This information is not passed on or sold to third parties.

How to manage cookies?
Objecting to the use of cookies:
Vous pouvez à tout moment modifier votre consentement relatif au dépôt des cookies en cliquant sur le lien « préférences cookies » en bas de page du Site. Modifier vos choix n’a pas de conséquence sur votre navigation.

You can also configure your browser to manage cookies:
Nous vous informons que vous pouvez également paramétrer la gestion des cookies en configurant votre navigateur. Attention, ce paramétrage n’est pas optimal, désactiver les cookies nécessaires au fonctionnement du Site peut entrainer des dysfonctionnements du Site ou nuire à la qualité de votre navigation.