General policy for the protection of personal data

A Data Protection Officer (DPO)

In order to preserve the privacy and protection of personal data for all, GATEWATCHER appointed a Data Protection Officer (DPO) in 2020 who carries out his duties for all its structures.
The Data Protection Officer is a guarantee of trust. He or she is a specialist in personal data protection, responsible for ensuring the preservation of privacy and the correct application of personal data protection rules. He/ She is the privileged contact for the “Commission Nationale de l’Informatique et des Libertés (CNIL)”, and for all persons concerned by the collection or processing of personal data.A
To contact our Data Protection Officer (DPO), you can reach :

Maître Olivier Weber
dpo@gatewatcher.com

Personal data processed by GATEWATCHER

• Within the framework of its recruitment policy, GATEWATCHER receives applications containing CVs or even personal data, communicated by candidates, enabling it to compile a job interview file. This file and personal data will be kept for two years after receipt, except in the case of employment or at the request of the person concerned.
• Within the framework of the execution of the employment contracts of its employees or the service contracts of its individual service providers, GATEWATCHER processes the personal data necessary for the organization of their mission or for its legal obligations (civil status data, financial data, data relating to personal life, diplomas and authorizations, communication data, etc.). Data is kept throughout the contractual relationship and in some cases extended due to legal or fiscal requirements.
• Within the framework of its commercial approaches exclusively aimed at professionals of its sector, GATEWATCHER is also led to process personal data of the type : Name, First name, Company, Function, Telephone number, E-mail address. They are obtained either directly during exchanges on fairs and events, or from requests expressed to its services, or via its website by prospective customers, or indirectly from companies specialized in the constitution of sectorized professional databases.
  The processing of this data is based in part on legitimate interest (request for information, exchange of contact details) and on consent. The person concerned may request the deletion of his/her data at any time.
• Within the framework of the execution of its contracts, GATEWATCHER processes the personal data of the contacts and correspondents designated by its clients or subcontractors and retains this data (surname, first name, e-mail address, telephone number, position, company) throughout the contractual relationship, unless it receives instructions from the company to delete the contact from its databases.

Principles applicable to the protection of personal data

GATEWATCHER applies in all its projects the principles defined by the Privacy by Design and carries out a policy of information and awareness of its teams to the respect of the principles enacted by the General Data Protection Regulation.
It offers a software to its customers, that is compatible with all the requirements of the General Data Protection Regulation.

1. Defined, explicit and legitimate purpose of the processing :

When personal data are collected, they are for specific purposes defined by the needs of the processing by our customers.

2. Proportion and relevance of data collected:

The personal data collected are strictly necessary for the purpose of the collection. The design of GATEWATCHER software is aimed at minimizing the data collected.

3. Limited period of retention of personal data:

Personal data, when hosted under the responsibility of GATEWATCHER, are kept for a limited period of time which does not exceed the time necessary for the purposes of collection.

4. Privacy / Data security:

Information Systems Protection Policies (ISPP) are implemented, adapted to the nature of the data processed and their treatment.
Appropriate physical, logical and organizational security measures are provided to guarantee the confidentiality of the data, and in particular to prevent any unauthorized access.
GATEWATCHER also requires any subcontractor to present appropriate guarantees to ensure the security and confidentiality of personal data.

5. Personal law:

With regard to the processing carried out under the responsibility of GATEWATCHER:

• All necessary means to guarantee the effectiveness of the rights of the persons on their personal data are implemented.
• Personal data are collected fairly. No collection is made without the knowledge of the persons and without them being informed.
• The personal data collected are brought to the persons concerned attention.
• The collected data are not subsequently used in a manner incompatible with these purposes.
• Personal data are kept accurate and up to date.
• Data retention periods are brought to individuals’ attention, and vary according to the nature of the data, the purpose of the processing, or legal and regulatory requirements.
• If personal data are transferred to countries inside or outside the European Union, the persons concerned will be specifically informed. Specific measures will be taken to control such transfers.
• The means necessary to guarantee the effectiveness of the rights of individuals with regard to their personal data are implemented, in particular by providing clear and complete information on the data processing, which is easily accessible and understandable by all.
• All individuals have rights upon their personal data, which they can exercise at any time and free of charge, by proving their identity. Thus, individuals may access their personal data and in certain cases have them rectified, deleted or object to their processing.

Concerning the processing carried out under the responsibility of GATEWATCHER software users’:

• GATEWATCHER raises awareness and provides training on the principles laid down by the GDPR among all its employees, who may know and have access to private data in the context of maintenance operations.
• GATEWATCHER informs its software users of the essential rules determining the legality of private data processing.
• GATEWATCHER informs its software users of the precautions necessary for the protection of the personal data collected.
• GATEWATCHER software provides tools allowing the protection of these data (logging, use of pseudonyms, encryption…)
• Access to these rights (access, rectification, deletion, opposition) is facilitated by the software features used by GATEWATCHER.

6. Rights under the Law for a “Digital Republic”:

The new Article 40-1 of the French Law on “Technology and Civil Liberties” allows people to give directives concerning the conservation, deletion and communication of their data after their decease.

A person may be designated to execute these directives. This person is then entitled, when the person is deceased, to take notice of the directives and request their implementation from the responsible for processing concerned.

In the absence of directives given during the person’s lifetime, the heirs will be able to exercise certain rights, in particular :

• The right of access, if it is necessary for the settlement of the deceased’s estate
• The right to object to the closure of the deceased’s user accounts and to object to the processing of their data.

Monitoring of the Personal Data Protection Policy

This policy is updated regularly to take into account legislative and regulatory developments, and any changes in the organization of GATEWATCHER or in its offers, products and services provided.

This Privacy Policy is supplemented by :

• Documentation of our processing operations on their explicit purposes concerning the persons, data recipients, their retention periods, and the methods for exercising the rights of the persons.
• A complete and regular assessment of our data hosting subcontractors and software publishers as to whether they are taking into account their obligations under the GDPR.
• Appropriate contractual clauses with our subcontractors in the framework of a normal or significant risk generated by a processing operation on the protection of private data.
• Specific confidentiality clauses on the employment contracts of our employees who have to operate with private data.
• A regulation on the use of computer equipment.