Search
Close this search box.

Privacy policy

ARTICLE 1: PREAMBLE

This privacy policy aims to inform employees:

  • On how their personal data is collected. Personal data is considered any information that identifies an employee
  • On the rights they have concerning this data
  • On the person responsible for processing the collected and processed personal data
  • On the recipients of this personal data

ARTICLE 2: PRINCIPLES RELATING TO THE COLLECTION AND PROCESSING OF PERSONAL DATA

In accordance with Article 5 of European Regulation 2016/679, personal data must be:

  • Processed lawfully, fairly, and transparently with regard to the individual concerned
  • Collected for specific, explicit, and legitimate purposes (see Article 3.1) and not processed further in a manner incompatible with those purposes
  • Adequate, relevant, and limited to what is necessary for the purposes for which it is processed
  • Accurate and, where necessary, kept up to date. All reasonable steps must be taken to ensure that personal data that is inaccurate, considering the purposes for which it is processed, is erased or rectified promptly
  • Stored in a form that permits identification of data subjects for no longer than is necessary for the purposes for which it is processed
  • Processed in a manner that ensures appropriate security of the collected data, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, using appropriate technical or organizational measures

Processing is lawful only if, and to the extent that, at least one of the following conditions is met:

  • The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless such interests are overridden by the fundamental rights and freedoms of the data subject requiring the protection of personal data
  • The processing is necessary to comply with a legal obligation to which the data controller is subject
  • The processing is necessary for the performance of a contract to which the data subject is a party or for pre-contractual measures taken at the request of the data subject
  • The data subject has consented to the processing of their personal data for one or more specific purposes
  • The processing is necessary to protect the vital interests of the data subject or another natural person
  • The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

ARTICLE 3: PERSONAL DATA COLLECTED AND PROCESSED

Article 3.1: Data Collected

The personal data collected as part of our activities are as follows:

MANAGEMENT: (10 years)

  • Committee Reports: CODIR, CODEV, COREC, CORH, COQRSE, CORGPD, CORPS, CEC, etc. and Reviews
  • Organizational charts

COMMUNICATION (5 years after the end of contracts)

  • Mailing list
  • Photos, videos

PROJECT REALIZATION (5 years after the end of contracts)

  • Activity reports
  • Mission orders, contract amendments
  • Client data: contact details
  • Client and consultant satisfaction
  • Prevention plans
  • Project monitoring
  • Skills radar

HUMAN RESOURCES: (5 years after the end of contracts)

  • Candidate interview records
  • Skills file
  • Curriculum Vitae
  • Recruitment tests
  • Administrative information sheet
  • Hiring and departure checklists
  • Employment contract, internship or apprenticeship agreement
  • Identity documents: CNI, passport, driving license
  • Hiring documents: cerfa, confidentiality agreement, waiver of liability, insurance, rental agreement, social security certificate, vehicle registration, transport tickets, DPAE, RIB, etc.
  • Health-related documents: mutual insurance, provident fund, work stoppages, accident, IPP certificate, etc.
  • Exit documents: work certificate, final statement of account
  • Mandatory interview reports (annual, workload, professional)
  • Pay slips
  • HR letters, certificates, convocations, authorizations
  • Training plan and follow-up
  • HR tracking tables: event participation, people review, medical visits, integration, etc.
  • Web forms

IT DEPARTMENT: (5 years after the end of contracts)

  • User files, equipment handover sheets, loan forms
  • Backup data, recovery, logging
  • Departure checklists
  • Surveillance video images
  • Cookies

QRSE: (5 years after the end of contracts)

  • Training evaluation: QRSE Welcome, technical training
  • Authorization and work permit titles
  • Accident: declaration, investigation
  • PSR: monitoring of reports and actions, interview and investigation reports
  • Visitor registers
  • Documents relating to employees in ionizing environments: dosimetry monitoring, exposure sheet, exposure certificate, etc.
  • Risk analyses
  • COVID case monitoring

FINANCE: (10 years)

  • Advance and salary tracking
  • Invoices, quotes, contracts
  • Project tracking

Purpose of the processing

The collection and processing of this data serves the following purposes:

  • Company management
  • Project realization
  • Human resource management: recruitment, personnel administration, career management
  • IT management
  • QRSE management: quality, employee safety, environment, information security, social and environmental responsibility, including diversity and inclusion, solidarity commitment, ethics, quality of life at Abylsen
  • Finance management: accounting, management control, sales administration
  • Commercial activity

Article 3.2: Data Collection Method

DIRECT WAY

Data is retained by the controller under reasonable security conditions for the periods mentioned above. The company may retain certain personal data beyond the announced periods to fulfill its legal or regulatory obligations.

ARTICLE 4: DATA CONTROLLER AND DATA PROTECTION OFFICER

Article 4.1: The Data Controller

Personal data is collected by NEWCO ABYLSEN, a simplified joint-stock company with a capital of €40,206,593, registered under the number 810001883.

The data controller can be contacted as follows:

  • By mail at the address: 91 Avenue des Champs Elysées – 75008 Paris
  • By phone, at 06 37 20 50 41
  • By email: dataprotection@abylsen.com

Article 4.2: The Data Protection Officer

The company’s or controller’s Data Protection Officer is:

  • Michelle BRUNO
  • Director of QRSE and Group DPO Abylsen
  • 91 Avenue des Champs Elysées
  • 75008 Paris
  • 06 37 20 50 41
  • dataprotection@abylsen.com

ARTICLE 5: EMPLOYEES’ RIGHTS REGARDING DATA COLLECTION AND PROCESSING

All employees affected by the processing of their personal data may exercise the following rights, in accordance with European Regulation 2016/679 and the French Data Protection Act (Law 78-17 of January 6, 1978):

  • Right of access, rectification, and erasure of data (Articles 15, 16, and 17 of the GDPR)
  • Right to data portability (Article 20 of the GDPR)
  • Right to restriction (Article 18 of the GDPR) and opposition to data processing (Article 21 of the GDPR)
  • Right not to be subject to a decision based solely on automated processing
  • Right to decide the fate of the data after death
  • Right to contact the competent supervisory authority (Article 77 of the GDPR)

To exercise your rights, please send your correspondence to NEWCO Abylsen, 91 Avenue des Champs Elysées 75008 Paris or by email at dataprotection@abylsen.com.

To allow the data controller to honor the request, the employee may be required to provide certain information such as their first and last name, email address, and phone number.

Visit cnil.fr for more information on your rights.

ARTICLE 6: CONDITIONS FOR AMENDING THE PRIVACY POLICY

NEWCO Abylsen reserves the right to modify this Policy at any time to ensure compliance with applicable law.

Employees are encouraged to review this Policy whenever necessary.

This policy was last updated on June 3, 2024.