ARTICLE 1: PREAMBLE
This privacy policy aims to inform employees:
- On how their personal data is collected. Personal data is considered any information that identifies an employee
- On the rights they have concerning this data
- On the person responsible for processing the collected and processed personal data
- On the recipients of this personal data
ARTICLE 2: PRINCIPLES RELATING TO THE COLLECTION AND PROCESSING OF PERSONAL DATA
In accordance with Article 5 of European Regulation 2016/679, personal data must be:
- Processed lawfully, fairly, and transparently with regard to the individual concerned
- Collected for specific, explicit, and legitimate purposes (see Article 3.1) and not processed further in a manner incompatible with those purposes
- Adequate, relevant, and limited to what is necessary for the purposes for which it is processed
- Accurate and, where necessary, kept up to date. All reasonable steps must be taken to ensure that personal data that is inaccurate, considering the purposes for which it is processed, is erased or rectified promptly
- Stored in a form that permits identification of data subjects for no longer than is necessary for the purposes for which it is processed
- Processed in a manner that ensures appropriate security of the collected data, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, using appropriate technical or organizational measures
Processing is lawful only if, and to the extent that, at least one of the following conditions is met:
- The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless such interests are overridden by the fundamental rights and freedoms of the data subject requiring the protection of personal data
- The processing is necessary to comply with a legal obligation to which the data controller is subject
- The processing is necessary for the performance of a contract to which the data subject is a party or for pre-contractual measures taken at the request of the data subject
- The data subject has consented to the processing of their personal data for one or more specific purposes
- The processing is necessary to protect the vital interests of the data subject or another natural person
- The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
ARTICLE 3: PERSONAL DATA COLLECTED AND PROCESSED
Article 3.1: Data Collected
The personal data collected as part of our activities are as follows:
MANAGEMENT: (10 years)
- Committee Reports: CODIR, CODEV, COREC, CORH, COQRSE, CORGPD, CORPS, CEC, etc. and Reviews
- Organizational charts
COMMUNICATION (5 years after the end of contracts)
- Mailing list
- Photos, videos
PROJECT REALIZATION (5 years after the end of contracts)
- Activity reports
- Mission orders, contract amendments
- Client data: contact details
- Client and consultant satisfaction
- Prevention plans
- Project monitoring
- Skills radar
HUMAN RESOURCES: (5 years after the end of contracts)
- Candidate interview records
- Skills file
- Curriculum Vitae
- Recruitment tests
- Administrative information sheet
- Hiring and departure checklists
- Employment contract, internship or apprenticeship agreement
- Identity documents: CNI, passport, driving license
- Hiring documents: cerfa, confidentiality agreement, waiver of liability, insurance, rental agreement, social security certificate, vehicle registration, transport tickets, DPAE, RIB, etc.
- Health-related documents: mutual insurance, provident fund, work stoppages, accident, IPP certificate, etc.
- Exit documents: work certificate, final statement of account
- Mandatory interview reports (annual, workload, professional)
- Pay slips
- HR letters, certificates, convocations, authorizations
- Training plan and follow-up
- HR tracking tables: event participation, people review, medical visits, integration, etc.
- Web forms
IT DEPARTMENT: (5 years after the end of contracts)
- User files, equipment handover sheets, loan forms
- Backup data, recovery, logging
- Departure checklists
- Surveillance video images
- Cookies
QRSE: (5 years after the end of contracts)
- Training evaluation: QRSE Welcome, technical training
- Authorization and work permit titles
- Accident: declaration, investigation
- PSR: monitoring of reports and actions, interview and investigation reports
- Visitor registers
- Documents relating to employees in ionizing environments: dosimetry monitoring, exposure sheet, exposure certificate, etc.
- Risk analyses
- COVID case monitoring
FINANCE: (10 years)
- Advance and salary tracking
- Invoices, quotes, contracts
- Project tracking
Purpose of the processing
The collection and processing of this data serves the following purposes:
- Company management
- Project realization
- Human resource management: recruitment, personnel administration, career management
- IT management
- QRSE management: quality, employee safety, environment, information security, social and environmental responsibility, including diversity and inclusion, solidarity commitment, ethics, quality of life at Abylsen
- Finance management: accounting, management control, sales administration
- Commercial activity
Article 3.2: Data Collection Method
DIRECT WAY
Data is retained by the controller under reasonable security conditions for the periods mentioned above. The company may retain certain personal data beyond the announced periods to fulfill its legal or regulatory obligations.
ARTICLE 4: DATA CONTROLLER AND DATA PROTECTION OFFICER
Article 4.1: The Data Controller
Personal data is collected by NEWCO ABYLSEN, a simplified joint-stock company with a capital of €40,206,593, registered under the number 810001883.
The data controller can be contacted as follows:
- By mail at the address: 91 Avenue des Champs Elysées – 75008 Paris
- By phone, at 06 37 20 50 41
- By email: dataprotection@abylsen.com
Article 4.2: The Data Protection Officer
The company’s or controller’s Data Protection Officer is:
- Michelle BRUNO
- Director of QRSE and Group DPO Abylsen
- 91 Avenue des Champs Elysées
- 75008 Paris
- 06 37 20 50 41
- dataprotection@abylsen.com
ARTICLE 5: EMPLOYEES’ RIGHTS REGARDING DATA COLLECTION AND PROCESSING
All employees affected by the processing of their personal data may exercise the following rights, in accordance with European Regulation 2016/679 and the French Data Protection Act (Law 78-17 of January 6, 1978):
- Right of access, rectification, and erasure of data (Articles 15, 16, and 17 of the GDPR)
- Right to data portability (Article 20 of the GDPR)
- Right to restriction (Article 18 of the GDPR) and opposition to data processing (Article 21 of the GDPR)
- Right not to be subject to a decision based solely on automated processing
- Right to decide the fate of the data after death
- Right to contact the competent supervisory authority (Article 77 of the GDPR)
To exercise your rights, please send your correspondence to NEWCO Abylsen, 91 Avenue des Champs Elysées 75008 Paris or by email at dataprotection@abylsen.com.
To allow the data controller to honor the request, the employee may be required to provide certain information such as their first and last name, email address, and phone number.
Visit cnil.fr for more information on your rights.
ARTICLE 6: CONDITIONS FOR AMENDING THE PRIVACY POLICY
NEWCO Abylsen reserves the right to modify this Policy at any time to ensure compliance with applicable law.
Employees are encouraged to review this Policy whenever necessary.
This policy was last updated on June 3, 2024.