Clients and Prospects’ Data Processing Charter
Find out more about the Clients and Prospects’ Data Processing Charter.
PREAMBLE
The purpose of this charter (hereinafter the « Charter ») is to inform Absys Cyborg’s Clients and Prospects as to how it processes their Personal data, as Data controller and as Subcontractor of its Customers. As part of its contractual and pre-contractual relations, Absys Cyborg undertakes to comply with the regulations in force applicable to the Processing of Personal data and in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter the « GDPR ») as well as any applicable national regulation (hereinafter the « Regulation »).
DEFINITIONS
A few definitions to help you better understand this Charter:
« Absys Cyborg » refers to the company Absys Cyborg (RCS Nanterre 414 353 250 whose contact details are given in article 2.5 below).
« Client » refers to any individual or legal entity with whom Absys Cyborg has contracted the provision of services.
« Data Breach » means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal data transmitted, stored or otherwise processed.
« Data controller » means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal data. Where the purposes and means of such Processing are determined by Union or Member State law, the Data controller or the specific criteria for its nomination may be provided for by Union or Member State law.
« Data recipient » means a natural or legal person, public authority, agency or any other body to which the Personal data are disclosed, whether a third party or not.
« Data processor » means a natural or legal person, public authority, agency or other body which processes Personal data on behalf of the Data controller.
« Personal data » means any information relating to an identified or identifiable natural person (hereinafter the « Data Subject »); an « identifiable natural person » is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
« Processing » means any operation which is performed on Personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
« Prospect » means any natural or legal person likely to use the services and/or be in contact with Absys Cyborg.
1 - ABSYS CYBORG DATA CONTROLLER
1.1 Data processing principles
As reminded in the preamble of the Charter, Absys Cyborg makes every effort to be in constant compliance with the essential principles of the GDPR and ensures all of its Clients and Prospects that the Personal data collected is processed lawfully, fairly and transparently.
Personal data is collected for specific, explicit and legitimate purposes and Absys Cyborg undertakes not to process it for purposes incompatible with these purposes.
Absys Cyborg respects the principle of data minimisation, i.e. that only Personal data that is adequate, relevant and limited to what is necessary for the purposes defined below is processed.
1.2 Purposes and legal basis of Data processing
| Purpose | Legal basis |
| Client and Prospective client management | Performance of the contract or pre-contractual measures. |
| Management of commercial prospecting with clients for similar products or services provided by Absys Cyborg | Absys Cyborg's legitimate interest in promoting its products and services to its Clients. In accordance with the provisions of article L34-5 of the French Code of Posts and Electronic Communications, each commercial prospecting message will offer the Client and the Data Subjects the opportunity to oppose, free of costs, except those related to the transmission, to the use of their Personal data. |
| Managing commercial prospecting with Prospects | Legitimate interest in ensuring the development of Absys Cyborg. Each commercial prospecting message will offer the Client and the Data Subjects the opportunity to oppose, free of costs, except those related to the transmission, to the use of their Personal data. |
| Management of marketing activity: Execution of solicitation operations; Creation of loyalty operations (marketing campaigns, campaign response tracking, spam and campaign objection management, competitions, etc.); Creation of internet leads in the database; Assignment of follow-up marketing tasks; Linking of an appointment or opportunity to a marketing action; Detection of duplicate contacts; Processing of hardbounces: testimonials or interviews. | Legitimate interest in ensuring the development of Absys Cyborg. |
| Data collected by cookies on the Absys Cyborg website | The consent of the Data Subject or the legitimate interest in ensuring the development of the company Absys Cyborg when the consent is not necessary. The confidentiality policy relating to cookies is available on Absys Cyborg website. |
| Contact forms on Absys Cyborg website | Performance of the contract or pre-contractual measures taken at your request. |
| Managing unpaid bills (reminders and formal notices) | Performance of the contract. |
| Management of pre-litigation and litigation. | Performance of the contract. |
| Monitoring of the services (deliverables, delivery, planning, acceptance, project committees, reports, etc.) | Performance of the contract. |
| Management and follow-up of the maintenance and support tickets | Performance of the contract. |
| Management of connection and user identification data as part of the Absys Cyborg Cloud Contract | Performance of the contract (in the case of a subscription to Absys Cyborg Cloud contract) |
| Drawing up of sales statistics | Legitimate interest in ensuring the development of Absys Cyborg. |
| Pre-sales management | Pre-contractual measures taken at your request. |
| Billing management | Performance of the contract. |
| Management of contractual documents (quotations, contracts, orders, etc.) | Performance of the contract or pre-contractual measures taken at your request. |
| Monitoring Customer audits (auditors, planning, audit scope, etc.) | Performance of the contract. |
| Management of service usage data | Legitimate interest in preventing fraud and/or guaranteeing the security of the network and information on its IT systems. |
| Management of the register of Processing activities and compliance with the Regulation applicable to Personal data | Compliance with a legal obligation. |
| Management of requests to exercise rights relating to Personal data (right to access, opposition, rectification, delation and restriction of Processing and right to data portability, where applicable) | Compliance with a legal obligation. |
For any specific Processing, in particular in connection with security (video surveillance, site access, etc.) or with the use of IT resources made available to the Client or Prospect by Absys Cyborg (software, hardware, etc.), specific information is made available to Data Subjects to inform them of how their Personal data is processed.
2 - RECIPIENT OF THE PERSONAL DATA PROCESSED AND RETENTION PERIOD
2.1. Data recipient
Absys Cyborg undertakes to preserve the confidentiality and security of your Personal data in accordance with the Regulation in force and to check that each Recipient complies with appropriate security and confidentiality guarantees.
The Data recipients who may receive your Personal data are:
- The authorised employees of the departments in charge of control (statutory auditor, departments in charge of internal audit procedures, ...);
- Partners or entities of the Absys Cyborg Group or of the Group to which it belongs itself;
- Bodies, legal auxiliaries and ministerial officers, as part of their debt recovery mission;
- The Data Protection Officer.
Authorised service providers may also have access to your Personal data as part of the sub-contracting services they may provide in relation to the software solutions or IT resources used to process your Personal data (maintenance, support, hosting, recruitment services, security and control of IT resources, etc.).
In the event of a dispute, Personal data may be transmitted ;
- To the legal department, where applicable, to persons working to resolve the dispute;
- To judicial authorities in case of infringement;
- To judicial or administrative courts, joint or consular, arbitration board, to establish, exercise or defend the rights of Absys Cyborg;
- To any individual or legal entity in execution of an enforceable court decision against Absys Cyborg.
2.2. Data retention period
The retention period of your Personal data is determined according to the legal and regulatory retention periods and depending on the type of data concerned.
For example purposes and not exhaustive, the retention periods of the main documents relating to the management of Clients and Prospects are as follows:
| Type of document | Data retention period |
| Right to access, rectification or delation | Data collected as part of the exercise of the rights of the Data Subjects is kept by Absys Cyborg until it responds to the request. The answer provided may be kept for evidence purposes, within the limit of the applicable limitation period. |
| Data required to manage the maintenance of the solution, support and the fulfilment of the contractual commitment | The data is kept for the duration of the contract and, at the end of the contract, for the duration necessary for Absys Cyborg to comply with its legal obligations, in accordance with applicable law and in particular the limitation period applicable to civil, administrative or criminal actions. |
| Bookkeeping, in particular management of Clients’ accounts | For the duration of the French legal retention period for accounting obligations, tax obligations, etc. (e.g. 10 years for accounting). |
| Clients’ data necessary for the performance and for the management of contracts | Clients’ data is kept for the duration of the commercial relationship. At the end of this commercial relationship, it is kept for the duration necessary (i) to meet legal, accounting or tax obligations and (ii) for evidence purposes in the event of a litigation, and within the limit of the applicable limitation period. |
| Customer relations monitoring / claims management / after-sales services | Clients’ data is kept for the duration of the commercial relationship. At the end of this relationship, it is kept for the duration necessary (i) to meet legal, accounting or tax obligations and (ii) for evidence purposes in the event of a litigation, and within the limit of the applicable limitation period. |
| Client data used for commercial prospecting | Clients’ data is kept for the duration of the commercial relationship, and then for a period of 3 years from the end of the commercial relationship. |
| Creating and managing a Prospects file | Until consent is withdrawn or 3 years from the last contact from the Prospect. |
| Cookies | Information stored in users' terminals (e.g. cookies) or any other element used to identify users and to allow users tracking must not be kept for more than 13 months. |
| Newsletter management | Until consent is withdrawn by the Data Subject. |
| Sending solicitations (emailings, telephone calls, faxes, SMS, etc.) | Until consent is withdrawn or 3 years from the last contact from the Prospect. |
| Management of an objectionable list to the exclusion of any other use | At least 3 years from the date of registration on the list. |
Absys Cyborg will not store Personal data in a form that allows identification of Data Subjects for a longer period than necessary, given the purpose for which the data was originally collected.
Absys Cyborg may store data for longer periods if the Personal data is processed for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, subject to the application of appropriate technical and organisational measures to safeguard the rights and freedoms of the Data Subject.
2.3. Security and confidentiality
Absys Cyborg implements all the technical and organisational measures it deems appropriate, in accordance with Article 32 of the GDPR, in order to ensure the security and confidentiality of your Personal data.
Absys Cyborg verifies that each of the Recipients complies with appropriate security and confidentiality guarantees. Concerned about the protection of Personal data, Absys Cyborg makes its staff members aware of the security of Personal data. For more information regarding the security of your Personal data, Absys Cyborg invites you to contact its DPO.
2.4 Data transfer
In the event of the transfer of your Personal data to a Recipient located in a non-member state of the European Community, appropriate safeguards will be put in place, in accordance with the provisions of the GDPR and the standard contractual clauses adopted by the European Commission.
Transfers of Personal data to Data recipients not covered by an adequacy decision of the European Commission are generally governed by the signature of standard contractual clauses.
2.5 RIGHTS OF DATA SUBJECTS
In accordance with the Regulation, you may access your Personal data and request their rectification or delation. You also have a right to object, a right to limit the Processing of your Personal data and a right to the portability of your Personal data, where applicable.
You can read about your rights and how to exercise them by sending your questions and/or requests to our Data Protection Officer (DPO) by:
- Mail to Absys Cyborg - 3 Carrefour De Weiden, 92 130 Issy-les-Moulineaux;
- Email to dpo@absyscyborg.com
The DPO shall reply to you as quickly as possible.
You also have the right to lodge a complaint with the CNIL as the supervisory authority, whose current address is: 3 place de Fontenoy, 75007 Paris, FRANCE.
3 - ABSYS CYBORG, AS DATA PROCESSOR OF THE CLIENT
As part of the performance of its services, Absys Cyborg may be required to process Personal data on behalf of the Client. In this case, the Client is the Data controller and Absys Cyborg is the Data processor within the meaning of the Regulation.
Absys Cyborg, as Data processor, undertakes to process Personal data in accordance with the Client's written instructions.
Pursuant to Article 28 of the GDPR and prior to the performance of the services, Absys Cyborg and the Client will sign a contract, in accordance with the Commission Implementing Decision (EU) 2021/915 of 4 June 2021 relating to standard contractual clauses between Data controllers and Data processors, defining inter alia the purpose and duration of the Processing, the nature and purpose of the Processing, the type of Personal data and the categories of Data Subjects, and the obligations and rights of the Data controller. In this context, under cover of an obligation of confidentiality, Absys Cyborg makes available to the Client its model RGPD Addendum and its appendices.
Absys Cyborg undertakes to comply with the technical and organisational measures defined by mutual agreement with the Client in accordance with Article 32 of the RGPD in order to ensure the security and confidentiality of the Data.
Absys Cyborg calls upon a Sub-processor to carry out part of the services, which may have access to Personal data. In this case, Absys Cyborg will make sure that the obligations regarding the protection of the Personal Data in force will be imposed on this later Sub-processor.
In the event of the transfer of your Personal data to a Recipient located in non-member state of the European Community and that does not benefit from an adequacy decision, appropriate safeguards will be put in place, in accordance with the provisions of the RGPD.
Absys Cyborg ensures that the persons authorized to process Personal data undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality.
4 - EVOLUTION OF THE CHARTER
The present Charter may be modified by Absys Cyborg in order to take into account the recommendations of the CNIL, changes relating to the law, case law, IT changes and more generally according to any changes in information and communication technologies.
Version of 01/23/2024.