GDPR Compliance Policy
Itancia and all of its subsidiaries undertake to comply with the regulations in force applicable to the processing of personal data and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 applicable from 25 May 2018 (also referred to as the “General Data Protection Regulation, GDPR”).
This Regulation establishes a new legal framework requiring companies to implement measures to ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR.
Thus, in dealing with our partners (customers, suppliers, service providers and subcontractors), with regard to the data we collect and process, our role is analysed as:
– “Data controller” in the context of the processing of personal data of contacts for the purpose of managing the relationship with our partners
– “Data processor” in the context of the processing of personal data on behalf of the data controller to provide services necessary for the performance of the contract (hosting, shipment)
Itancia processes personal data fairly, transparently, in accordance with the purposes for which it was collected, and securely.
This policy sets out how we process the information we collect about our partners.
2. COLLECTION OF PERSONAL DATA
Itancia collects information that includes:
– Identification data: title, surname, first name, e-mail address, business postal address, telephone number, job title, copy of ID card, contact details of contact person, marketing contacts and preferences
– Economic and financial data: Bank details, bank card number, cheque number, bank transfer, credit/debit card information, invoices, discounts, balance and unpaid amounts
– Transaction data: number, details of purchase or sale, good or service subscribed to or sold
– Data relating to the monitoring of the business relationship: correspondence with the customer, prospect or supplier
– Internet data: Cookies, IP address, login identification
– Service usage data: activity data, product/service preferences information, purchasing history, web pages visited
– Data related to the devices used: device operating status, configuration, usage and performance monitoring data, network information used to log on or use products/services (operating systems, applications, software, product key, network authentication, regional and language settings)
No GDPR sensitive data (including racial or ethnic origin, political, religious, philosophical or similar opinions, trade union membership, physical or mental health, genetic biometric data, identity or sexual orientation and criminal record) will be collected by Itancia.
3. MANAGING COOKIES AND TRACKERS
What are they?
Cookies are small text files that are automatically stored on your computer when you browse the web. These files store user information such as activity and preferences, the purpose of which is to enable the server of the website to easily identify the user from one site to another.
What data is collected?
Where are they stored?
Cookies are stored on the user’s device.
Why are they used?
– Store user profile personal information
– Facilitate downloading of documents from sites
– Take steps necessary for the supply of products/services
– Configure the user’s browser to block, reject, delete or deactivate cookies and other tracking technology
– Identify problems and use of websites
– Perform a standard traffic analysis on sites
– Monitor the use of the site for anonymous visitor statistics purposes
– Track user visit history
– For commercial purposes
However, if the user rejects or deletes cookies or any other tracking technology, they may no longer be able to access certain pages or use important features, including being able to download documents and set up a user profile.
4. USE OF PERSONAL DATA
All information collected from the customer/supplier may be used for the management of: contracts, orders, invoices, delivery, shipping, services, after-sales services, complaints, surveys, statistics, newsletters, dispute management, requests to access or rectify their data or objections to its processing, authentication and account access.
Customer personal data may be used for commercial marketing purposes for similar products and services.
The personal data of prospective customers may be used to send electronic mail for the purpose of carrying out promotional activities related to the profession of the person contacted.
5. LEGAL BASIS FOR THE COLLECTION AND PROCESSING OF PERSONAL DATA
The collection and processing of this personal data is justified by:
– The conclusion and performance of the contract entered into with Itancia, as well as the management of the relationship with our partners
– Compliance with our legal obligations, particularly in terms of invoicing
– Obtaining prior consent where necessary
6. DATA RECIPIENTS
The data collected will be transmitted to the various departments for their respective needs: production, shipping, accounting, sales, after-sales, QSE, IT.
Furthermore, Itancia may be required to transmit personal data to its partners and/or subcontractors, particularly as part of the following tasks:
– Processing and delivery of orders
– External repairs
– Repair or after-sales service with manufacturers
– Premises maintenance services
– Authorised staff of audit departments (statutory auditor, departments responsible for internal audit procedures, ministerial officers)
Subject to the prior consent of the data subject, ITANCIA may be required to transmit personal data to its business partners.
7. TRANSFER OF DATA OUTSIDE THE EU
No data will be transferred outside the EU.
8. RETENTION PERIODS
Itancia only keeps personal data for a period of time that is strictly necessary and proportionate to the purpose for which said data was collected:
– As long as it has an ongoing relationship with its partner
– As long as this is necessary to provide its services (e.g. warranties)
– As long as this is necessary to comply with legal and contractual obligations (e.g. Sales Agreement: 5 years/Invoices and purchase orders: 10 years)
– Cookies consent is valid for 13 months.
This data may be stored for commercial marketing purposes for a maximum period of 3 years from the end of this business relationship.
9. CONFIDENTIALITY OF DATA
Itancia is the sole owner of the information collected. Personal information will not be sold, exchanged, transferred, or given to any other company, except to trusted third parties with whom we collaborate in the performance of our tasks, provided that such parties agree to keep the information confidential.
The personal information collected is stored in a secure environment. Persons working for Itancia are required to respect the confidentiality of the information.
Itancia undertakes to maintain a high level of confidentiality concerning all personal data.
10. SECURITY MEASURES
Itancia, as the data controller of your personal data, undertakes to take all necessary measures to ensure the security and confidentiality of the personal data transmitted, in accordance with the legal provisions in force.
11. GDPR RIGHTS
In accordance with EU Regulation No. 2016/679 of 27 April 2016, the partners benefit from the following rights:
– Right of access: any person has the option to ask an organisation if it holds data concerning him or her and to request a copy of such information to verify its content
– Right of rectification: any person has the right to correct inaccurate data concerning him or her or to complete data in connection with the purpose of the processing carried out
– Right to erasure (“right to be forgotten”): every person has the right to request that an organisation erase personal data concerning him/her
– Right to restrict processing: in some cases, a person has the right to request that an organisation temporarily freeze the use of certain data
– Right to data portability: this right gives data subjects the right to receive the personal data they have provided in a structured, commonly used and machine-readable format, and to transmit it to another data controller.
– Right to object: Any person has the right to object at any time, for reasons relating to his or her particular situation, to the use of some of his or her data by an organisation.
To exercise any of these rights, simply contact Itancia by mail or e-mail:
Itancia Quality Department – DPO Les Landes, 49510 La Jubaudière, France Email: email@example.com
The request must be accompanied by a valid proof of identity.
Itancia undertakes to send a response within a maximum period of ONE MONTH from receipt of the request. Failing that, it is possible to refer the matter to the CNIL (French Data Protection Agency): https://www.cnil.fr/en/