"Data" or "Personal Data": means any information relating to an identified natural person or one who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to that person, in accordance with the French Computing and Freedoms Act of 6 January 1978.
"Site" or "Service": means the website Civipol.fr and all pages on that site.
"Publisher" or "We": means the company Civipol or the natural or legal person responsible for publishing the Site and for its content.
"User" or "You": means the user visiting the Site and using its Services.
The purpose of this Policy is to describe how the Site respects your privacy and protects your Personal Data collected and processed as a result of your use of the Service.
2 - Data collected on the Site
XiTi does not track your browsing habits on external websites. The information to which XiTi has access does not contain any Personal Data. We do not collect "sensitive" data.
The contact details of Site Users registered on the Site will be saved, in accordance with the French Computing and Freedoms Act of 6 January 1978, which provides that Users have the right of access, withdrawal, modification or rectification of any Data that they have supplied. To exercise those rights, Users must send a request to the following email address: contact@Civipol.fr, or write to Civipol, 9 Rue Notre-Dame des Victoires, 75002, PARIS, FRANCE. The collection of Users' Personal Data by the Publisher does not need to be declared to the French Data Protection Authority (Commission Nationale de l'Informatique et des Libertés – CNIL).
3 - Identity of the controller
The controller is the company Civipol, with registered office at the following address: 9 Rue Notre-Dame des Victoires, 75002, PARIS, FRANCE.
4 - Purpose of collected Data
Data that is identified as being compulsory on the Site's forms is necessary for using the corresponding functionalities of the Site and, more specifically, for operations related to the content offered on the Site. The Site may collect and process User Data for the following purposes:
- To provide you with information or access to the services that you have subscribed, in particular support with the search for projects.
- To contact you about your professional plans and your applications.
5 - Recipients and use of collected Data
6 - Legal bases for data processing
In accordance with the General Data Protection Regulation (GDPR), CIVIPOL processes Personal Data in the following situations only:
- with your consent, where there is a contract between you and CIVIPOL;
- to comply with a legal obligation (under EU or national laws).
7 - Data security
Please note that your Data may be disclosed in accordance with a law or regulation or in compliance with a decision of a competent regulatory or judicial authority or, where necessary, to enable the Publisher to protect its rights and interests. We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used, modified, revealed or consulted without authorisation. Access to your Personal Data is also subject to a defined and documented security procedure.
8 - Period of Data storage
Data is stored at the Site's host (whose contact details are given in the Site's legal notices) and is kept for the period strictly necessary to achieve the purposes set out above and in any case for no more than 36 months. After that period, Data will be kept exclusively for statistical purposes only and will not be exploited in any way whatsoever.
9 - Authorised service providers and transfer to a third country in the European Union
CIVIPOL declares that it uses authorised service providers to assist with the collection and processing of the Data that you have provided. These service providers are situated exclusively within the European Union. CIVIPOL has previously obtained assurance that its service providers adopt appropriate safeguards and observe strict conditions in relation to Data confidentiality, usage and protection. These service providers are also subject to the General Data Protection Regulation (GDPR).
10 - Computing and Freedoms rights
- Right of access: you have the right to request access to data concerning you and to receive a copy of the Personal Data that we hold about you. However, on account of the security and confidentiality obligation assumed by CIVIPOL in relation to the processing of Personal Data, you are informed that your request will be handled provided that you furnish proof of your identity by producing a scan or photocopy of your valid identity document.
- Right to rectification: you have the right to ask us to rectify your personal data where your details are incomplete or inaccurate. In accordance with this right, you are permitted by law to ask for the rectification, updating, locking or erasure of your Data, where your details are inaccurate, incorrect, incomplete or obsolete.
- Right to erasure, also known as "right to be forgotten": in certain cases, you can ask us to erase the Personal Data that we have about you (except where there is an imperative legal reason why we have to retain such Data).
- Right to restriction of processing: you have the right in certain cases to ask us to suspend the processing of Personal Data.
- Right to data portability: you have the right to ask us for a copy of your Personal Data in a standard format (for example. a .csv file).
- Right to object: you have the right to object to the processing of your Personal Data (for example, by prohibiting us from processing your Data for direct marketing purposes). However, this right can only be exercised in either of the following two situations: where the exercise of this right is based on legitimate grounds or aims to prevent collected Data from being used for direct marketing purposes.
Contact us if you wish to exercise any of the rights described above by writing to us at CIVIPOL, 9 Rue Notre-Dame des Victoires 75002 PARIS, FRANCE, or by emailing firstname.lastname@example.org. There is no fee for accessing your Personal Data (or for exercising any other right). However, we may charge a reasonable fee if your request is manifestly unfounded, repetitive or excessive. In this case, we can also refuse to respond to your request. CIVIPOL will be entitled, where applicable, to object to requests that are manifestly unreasonable on account of their systematic or repetitive nature or their number. We can ask you for specific information to confirm your identity and ensure your right of access to Personal Data (or to exercise any other right). This is a security measure designed to ensure that such Personal Data is not disclosed to a person who is unauthorised to receive that Data. We may also contact you to obtain more information concerning your request, so that we can respond to you more quickly. We aim to respond to all legitimate requests within one month. This one-month period may be exceeded if your request is particularly complex or if you have made several requests. In this case, we will notify you and keep you informed.
11 - Complaint to the Data Protection Authority
If you believe that CIVIPOL is not fulfilling its obligations with respect to your Personal Data, you can lodge a complaint or request with the competent authority. In France, the competent authority is the CNIL, which you can contact by sending an email request to the following address https://www.cnil.fr/fr/plaintes/internet.
All rights reserved - 19 March 2019