my-proof.com Privacy Policy

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, otherwise known as the General Data Protection Regulation (hereinafter the " RGPD") sets out the legal framework applicable to the processing of personal data.

The RGPD strengthens the rights and obligations of data controllers, processors, data subjects and data recipients.

In the course of its business, MYPROOF processes personal data concerning its customers and contacts.

Definitions

For a better understanding of the present policy, it is specified that :

• "customer  "means any individual or legal entity that is a customer of MYPROOF ;
• "contact"means any individual or legal entity that has a relationship with MYPROOF but is not a customer (prospects, relations, partners, etc.);
• "recipientsData recipients" refers to the natural or legal persons who receive personal data. Data recipients can therefore be both internal recipients and external bodies (support service providers, administration, etc.).
• "data controllerData controller": means the natural or legal person who determines the purposes and means of processing personal data. For the purposes of this policy, the data controller is MYPROOF ;
• "subcontractorProcessor": refers to any natural or legal person who processes personal data on behalf of the data controller. In practice, this means the service providers with whom MYPROOF works and who handle the personal data it processes;
• "people concerned Customer" means any person who can be identified, directly or indirectly. They are, herein, referred to as "customer" or "contact". Article 12 of the RGPD requires that data subjects be informed of their rights in a concise, transparent, comprehensible and easily accessible manner.

Object

In order to meet its needs, MYPROOF implements and operates the processing of personal data relating to its customers and contacts.

The purpose of this policy is to satisfy MYPROOF's obligation to provide information and thus to formalize the rights and obligations of its customers and contacts with regard to the processing of their personal data.

Range

This personal data protection policy applies to the processing of personal data of MYPROOF's customers and contacts.

This policy applies only to processing operations for which MYPROOF is responsible and to data described as "structured".

The processing of personal data may be managed directly by MYPROOF or through a subcontractor specifically appointed by MYPROOF.

This policy is independent of any other document that may apply within the contractual relationship between MYPROOF and its customers and contacts, in particular our general terms of business or our cookies policy.

General principles and commitments

No processing is carried out by MYPROOF concerning customer and contact data if it does not relate to personal data collected by or for our services or processed in connection with our services and if it does not comply with the general principles of the GDPR.

Any new processing, modification or deletion of existing processing will be brought to the attention of customers and contacts by means of an amendment to this policy.

Types of data collected

Data sources

MYPROOF collects customer and contact data from :

• data provided by the customer as part of a file entrusted to MYPROOF ;
• business cards ;
• electronic forms completed by the customer ;
• register or subscribe to our online services ;
• registration for events organized by MYPROOF ;
• lists provided by event organizers ;
• exchanges via e-mail or social networks.

Exceptionally, we can rent databases.

Purposes of processing

As the case may be, MYPROOF processes your data for the following purposes:

• processing the use of the MYPROOF platform;
• customer relationship management ;
• management of events organized by MYPROOF ;
• sending our newsletters or information feeds;
• answers to the questions we receive (by phone or online) ;
• responses to public and private tenders;
• greetings and congratulations from MYPROOF ;
• improving our services ;
• answers to our administrative obligations ;
• statistics.

Legal basis

The purposes of processing presented above are based on the following conditions of lawfulness:

• Customers : Pre-contractual or contractual performance.
• Contacts : Legitimate interest and, where required by law, consent.

Data recipients

MYPROOF ensures that data is only accessible to authorized internal or external recipients.

Internal recipients :

• Technical department
• Sales department
• Administrative staff
• Trainees
• Managers

External recipients :

• Service providers or support services (e.g.HR department, IT service provider, etc.).
• Administration

Shelf life

The duration of data retention is defined by MYPROOF with regard to legal and contractual constraints. It is set out in MYPROOF's retention policy.

Once the time limits set out in the aforementioned policy have elapsed, the data is either deleted or kept after being anonymized, notably for statistical purposes.

Customers and contacts are reminded that deletion or anonymization are irreversible operations and that MYPROOF is no longer able to restore them.

Right of access

Customers and contacts traditionally have the right to request confirmation from MYPROOF as to whether or not data relating to them is being processed.

Customers and contacts also have a right of access subject to compliance with the following rules:

• the request is made by the person himself/herself and is accompanied by a copy of an up-to-date identity document;
• the request must be made in writing to the following address: MYPROOF, 19 rue Job, 31000 TOULOUSE, or at the following e-mail address: contact@my-proof.com.

Customers and contacts have the right to request a copy of their personal data subject to processing from MYPROOF. However, in the event of a request for an additional copy, MYPROOF may require customers and contacts to bear the cost of this.

If customers and contacts submit their request for a copy of data electronically, the information requested will be provided in a commonly used electronic form, unless otherwise requested.

Customers and contacts are hereby informed that this right of access may not relate to confidential information or data, or data for which communication is not authorized by law. Under no circumstances may this right allow access to documents and items entrusted to MYPROOF and which are subject to professional secrecy.

The right of access must not be exercised in an abusive manner, i.e. on a regular basis with the sole aim of destabilizing MYPROOF.

Update and correction

This right may be exercised by contacting your usual contact person or, failing that, by contacting MYPROOF management.

In order to regularly update the personal data collected by MYPROOF, the latter may solicit customers and contacts who are able to satisfy its requests.

MYPROOF cannot be blamed for a lack of update if the customer or contact does not update his data.

Right to erasure

The right to erasure of customers and contacts will not apply in cases where processing is carried out to meet a legal obligation.

Apart from this situation, customers and contacts may request the deletion of their data in the following limited cases:

• when personal data is no longer required for the purposes for which it was collected or otherwise processed;
• when the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
• when the data subject objects to processing that is necessary for the purposes of the legitimate interests pursued by MYPROOF and there is no compelling legitimate reason for the processing ;
• when the data subject objects to the processing of his/her personal data for canvassing purposes, including profiling;
• when personal data has been processed unlawfully.

Right to limitation

Customers and contacts are informed that this right is not intended to apply insofar as the processing carried out by MYPROOF is lawful and all personal data collected is necessary for the performance of the commercial contract.

Right to portability

MYPROOF allows data portability in the particular case of data communicated by customers or contacts themselves, on online services offered by MYPROOF and for purposes based solely on the consent of individuals. In this case, data will be communicated in a structured, commonly used and machine-readable format.

Automated individual decision

MYPROOF does not make automated individual decisions.

Post-mortem rights

Customers and contacts are informed that they have the right to formulate directives concerning the conservation, deletion and communication of their post-mortem data. The communication of specific post-mortem directives and the exercise of their rights must be made in writing to the following address: 

contact@my-proof.com
MYPROOF
For the attention of Benjamin VISSER
19 rue Job
31000 TOULOUSE

Justification

With regard to all the above-mentioned rights of the customer or contact, and in accordance with the legislation on the protection of personal data, you are informed that these are rights of an individual nature which can only be exercised by the person concerned in relation to his/her own information. To fulfill this obligation, we will verify the identity of the person concerned.

Optional or compulsory answers

Customers and contacts are informed on each personal data collection form of the compulsory or optional nature of their responses by the presence of an asterisk.

Where answers are compulsory, MYPROOF explains to customers and contacts the consequences of not answering.

Right of use

MYPROOF is granted by customers and contacts the right to use and process their personal data for the purposes set out above. However, enriched data resulting from MYPROOF's processing and analysis work, otherwise known as enriched data, remains MYPROOF's exclusive property (usage analysis, statistics, etc.).

Subcontracting

MYPROOF informs its customers and contacts that it may involve any subcontractor of its choice in the processing of their personal data.

In this case, MYPROOF ensures that the processor complies with its obligations under the RGPD.

MYPROOF undertakes to sign a written contract with all its subcontractors and imposes the same data protection obligations on subcontractors as it does. In addition, MYPROOF reserves the right to audit its subcontractors to ensure compliance with the provisions of the RGPD.

Security

It is MYPROOF's responsibility to define and implement the technical security measures, physical or logical, that it deems appropriate to fight against the accidental or illicit destruction, loss, alteration or unauthorized disclosure of data.

These measures include the following:

• secure access to our computers and smartphones;
• logins and passwords for all our business applications;
• data access authorization management ;
• complex password for our Wi-Fi network, changed at regular intervals.

To this end, MYPROOF may engage the assistance of any third party of its choice to carry out vulnerability audits or penetration tests at the intervals it deems necessary.

In any event, MYPROOF undertakes, in the event of a change in the means used to ensure the security and confidentiality of personal data, to replace them with means of superior performance. No change may lead to a reduction in the level of security.

In the event of subcontracting all or part of the processing of personal data, MYPROOF undertakes to contractually impose security guarantees on its subcontractors by means of technical data protection measures and the appropriate human resources.

Data breach

In the event of a personal data breach, MYPROOF undertakes to notify the Cnil under the conditions prescribed by the RGPD.

If said breach poses a high risk to customers and contacts and the data has not been protected, MYPROOF :

• will notify the customers and contacts concerned;
• provide customers and contacts with the necessary information and recommendations.

Personal data referent

MYPROOF has appointed a "personal data" referent.

The contact details of our personal data referent are as follows:

Right to lodge a complaint with the CNIL

Customers and contacts concerned by the processing of their personal data are informed of their right to lodge a complaint with a supervisory authority, namely the Cnil in France, if they consider that the processing of personal data concerning them does not comply with European data protection regulations, at the following address:

Cnil - Complaints department
3, place de Fontenoy - TSA 80715
75334 PARIS CEDEX 07
Tel: 01 53 73 22 22

Modification

The present policy may be modified or amended at any time in the event of changes in legislation, case law, CNIL decisions and recommendations or usage.

Any new version of this policy will be brought to the attention of customers and contacts by any means MYPROOF chooses, including electronically.

For further information

For further information, please contact our representative at the following e-mail address: contact@my-proof.com.

For more general information on the protection of personal data, please visit the CNIL.