Last updated on 27th July 2020
In the conduct of its activities, Chryso may collect and process personal data (hereinafter “Personal Data”). Since respect for privacy is a major concern for Chryso, and in compliance with Regulation N° 2016/679, known as the “General Data Protection Regulation” (“GDPR”), Chryso has established processes to meet the new requirements imposed by the GDPR.
This privacy policy (hereinafter the “Privacy Policy”) informs you on how Chryso uses and protects the Personal Data you provide when you use the website accessible from the following URL: https://www.chryso.com/ (“Website”).
Chryso may update the Privacy Policy, in particular in the event of legal or technological changes. The date of the last update is indicated at the top of the Privacy policy. These changes bind the Website User, who is invited to regularly review the Privacy policy. This Privacy Policy applies between:
- CHRYSO SAS,
A company incorporated under the laws of France, whose registered office is 19, place de la Résistance, Issy les Moulineaux France, registered in the Nanterre Register of Trade and Companies under number 964 200 497,
hereafter referred to as “Chryso”;
and
- anyone logging into the Website,
hereafter referred to as “Website User.”
ARTICLE 1. DEFINITIONS
The following terms, when used in the Privacy Policy, have the following meanings:
“Personal Data”: any information that directly or indirectly identifies a natural person;
“Controller”: an organization which determines the purposes and means of the processing of Personal Data;
“Processor”: an organization which processes Personal Data on behalf of the Controller;
“Website User”: anyone logging into the Website;
“Website”: the website accessible to the URL https://www.chryso.com/, as well as sub-sites, mirror websites, portals and URL variations.
ARTICLE 2. SCOPE
This Privacy Policy applies to any Website User. Accessing and/or browsing the Website implies full acceptance of the Privacy Policy by the Website User.
ARTICLE 3. PERSONAL DATA
In the conduct of its activities, Chryso may ask the Website User to provide Personal Data. By providing this Personal Data, the Website User expressly agrees that such data will be processed by Chryso for the purposes outlined in the Privacy Policy.
Chryso undertakes to collect, use and process only the Personal Data strictly necessary for the purposes referred to in the processing operations. Chryso also undertakes to limit the retention of this Personal Data to the achievement of these objectives or up to the legal retention periods.
3.1 Identity of the Controller
The Controller of Personal Data collected on the Website is CHRYSO SAS, a company incorporated under the laws of France, whose registered office is 19, place de la Résistance, Issy les Moulineaux France, registered in the Nanterre Register of Trade and Companies under number 964 200 497.
Email: [email protected], Tel: +33 (0)2 38 34 58 00
3.2 Data collected by Chryso
3.2.1 Personal Data collected
As part of its activities, Chryso processes some of your Personal Data as indicated in the following list, which is not exhaustive:
- Name and surname;
- Personal and professional email addresses;
- Telephone contact details;
- Postal contact details;
- Information about application for a job within Chryso;
- Internet cookies and browsing data.
3.2.1.1 Personal Data collected while browsing: Browsing the Website implies the collection by Chryso of the following information: use of the Website by the Website User, including connection data (connection time, pages viewed, IP address, etc.)
3.2.1.2 Personal Data collected when using the contact form: The use of the contact form by the Website User implies the collection by Chryso of the following Personal Data: name, first name, email address, information voluntarily transmitted by the Website User to support his demand.
3.2.1.3 Personal Data collected when using the application form or sending a spontaneous application: using the application form or sending a spontaneous application by the Website User implies the collection by Chryso of the following Personal Data: name, first name, email address, information voluntarily transmitted by the Website User for the management of his file.
3.2.2 Purposes of processing Personal Data
Personal Data processed by Chryso is used within a defined framework with a specific purpose. Each of these processing is legitimate under the GDPR including:
- Processing are justified by Chryso’s legal or contractual obligations;
- The Website User gave his consent to have his Personal Data processed;
- Processing are necessary to preserve Chryso’s legitimate interest.
Chryso is committed to use the Personal Data only within the limits of the defined processing. In the case of processing based on consent, Chryso undertakes to notify the Website User of any additional processing envisaged.
3.2.2.1 Personal Data collected during navigation are subject to processing for the purpose of operating, furnishing, managing, developing and improving the Website.
3.2.2.2 Personal Data collected when using the contact form are subject to processing for the purpose of giving an adequate answer to the Website Users requests.
3.2.2.3 Personal Data collected when using the application form or submitting a spontaneous application are subject to processing for the purpose of managing job applications within the Chryso group.
3.2.2.4 Chryso also reserves the right to use Personal Data to initiate legal proceedings in the event of non-compliance with the Website’s terms of use or because of any other unlawful activity by the Website User.
3.2.3 Legal basis for processing
Legal base of processing the Personal Data collected during navigation is Chryso’s legitimate interest to carry out an analysis of the behavior of the Website User on the Website in order to improve security and operation of the Website.
Legal base of the other Personal Data processing is the Website User’s consent. The Website User have no obligation to provide this Personal Data.
3.2.4 Personal Data recipients
The Data collected by Chryso is accessible by those who need it to perform their duties:
- Personal Data collected while browsing are accessible by collaborators of the communication department as well as by the collaborators of the ISD;
- Personal Data collected when using the contact form are accessible by collaborators of the communication department as well as collaborators concerned by the request if applicable;
- Personal Data collected when using the application form or submitting a spontaneous application are accessible by collaborators of the human resources department as well as collaborators concerned by the application.
3.2.5 Data transfers
3.2.5.1 Transfer to partners
Chryso keeps your Personal Data within the European Union. However, Chryso is a company of the Chryso Group, present in more than 70 countries. It is therefore marginally possible that Data collected by Chryso when you use the Website is transferred to subsidiaries of the Chryso Group, sub-contractors or business partners located in other countries. Some of these countries may have Personal Data legislation offering lesser protection than GDPR does.
In the event of such transfer, Chryso ensures beforehand the implementation by its subsidiaries, its partners and its suppliers of adequate safeguards and compliance with strict conditions regarding confidentiality, use and protection of Personal Data, in particular that the processing is carried out in accordance with the Privacy Policy and is subject to the standard contractual clauses adopted by the European Commission, to ensure a sufficient level of protection of privacy and fundamental rights.
3.2.5.2 Transfer in connection with a merger or acquisition
In the event that Chryso would be involved in a merger, sale of assets, financing, liquidation or in an acquisition of all or part of its business by another company, the Website User consents that the Personal Data collected be transmitted by Chryso to that company and that this company operates the processing of Personal Data referred to in the Privacy Policy instead of Chryso.
3.2.5.3 Transfer on requisition or judicial decision
The Website User consents to Chryso disclosing the Personal Data collected on the request of a state authority or by judicial decision.
3.2.6 Personal Data retention periods
After the retention period, Chryso undertakes to permanently delete the Personal Data of the Website Users.
PERSONAL DATA | RETENTION PERIOD |
Personal Data collected during navigation | Personal Data are kept for a reasonable period of time necessary for the proper administration of the Website.
Maximum retention period: 13 months |
Personal Data collected when using the contact form | Personal Data are kept for the duration of the contractual relationship.
Maximum retention period: up to 36 months after the last contact with the Website User. |
Personal Data collected when using the application form or submitting a spontaneous application | Personal Data are kept for the duration of the application process.
Maximum retention period: up to 24 months after the last contact with the Website User. |
4.2.7 Security and confidentiality of Personal Data
In accordance with applicable legal provisions, Chryso, as the Controller, implements appropriate technical and organizational measures to protect Personal Data against alteration, accidental or unlawful loss, use, disclosure or unauthorized access, and in particular:
- Appoints a GDPR referent;
- Creates a unit dedicated to the security of information systems;
- Imposes confidentiality requirements to its collaborators accessing your Personal Data;
- Controls access to its premises and to its IT platforms;
- Implements a general IT security policy for the company;
- Secures the access, sharing and transfer of Data;
- Controls the high level of Data protection guarantees when selecting its Processor and partners.
Chryso ensures that organizations which process Personal Data on its behalf have implemented adequate safeguards in order to ensure the legal compliance of these processing.
3.3 Rights of the data subject
You have the following rights regarding your Personal Data:
3.3.1 Right of access
You can request confirmation of the processing of your Personal Data by Chryso and have access to your Personal Data via the address [email protected].
The right of access must be exercised in accordance with the right of third parties. You cannot request access to Personal Data of a third party.
Similarly, the right of access cannot infringe on business secrecy or intellectual property.
3.3.2 Right to rectification
You have the right to request that your Personal Data be rectified, supplemented or updated.
3.3.3 Right to erasure
You can request the erasure of your Data or object to their processing if you justify a legitimate ground.
3.3.4 Right to restriction of processing
If you dispute the accuracy of the Data used by Chryso or object to the processing of your Data, the law allows Chryso to verify or examine your request during a certain period. During this period, you can ask Chryso to stop using your Data.
3.3.5 Right to Data portability
You can exercise your right to Data portability, i.e. the right to receive the Personal Data that you have provided to Chryso in a structured, commonly used format and the right to transfer this Data to another Controller, under certain conditions.
3.3.6 Right to object
You can request that Chryso stops processing all or some of your Personal Data n. A notification will be sent to you confirming the cessation of the processing, or indicated the reasons preventing Chryso from accessing your request. If your Personal Data has been collected by Chryso during a prospecting, you can exercise your right to object without reason.
3.3.7 Right to file a complaint to a supervisory authority
If you think, after contacting us, that your rights are not being respected, you can file a complaint to the relevant Authority. In France, the relevant Authority is the CNIL, which you can contact by following this link: https://www.cnil.fr/fr/plaintes/internet
ARTICLE 4. CONTACT
To exercise these rights or for any questions about the processing of your Personal Data, you can:
- send an email at [email protected]
- send a letter to Chryso Legal department (GDPR) – 19 Place de la Résistance – CS 50053 – 92130 Issy-les-Moulineaux Cedex – France
As part of its security and confidentiality obligations, Chryso may verify your identity and/or ask you to provide more information to respond to your request. Chryso undertakes to comply with your request within a reasonable time and, in any case, within the time limits set by law.
ARTICLE 5. DISPUTES
The Privacy Policy is subject to the application of French law, excluding its conflict of law rules. This is the case with substantive rules as well as rules of form, and its content will be appreciated only by the competent French court.