GDPR: privacy practices
The General Data Protection Regulation (GDPR) in force since 25 May 2018, sets out the principles to be respected when collecting, processing and storing personal data. It also guarantees the rights of the data subjects concerned.
Several forms are available on the website www.aubrilam.com to collect data from visitors:
The purpose of collecting data on the www.aubrilam.com website is to create a management file for Aubrilam’s prospects and customers. This file is used for statistical purposes, to contact and/or propose content relevant to the contacts (new products, achievements, company information, news, etc.).
2: DATA RELEVANCE
With a view to improved monitoring of the interest shown by Aubrilam’s prospects and customers, the file collects all information from visitors to the www.aubrilam.com website relating to identity, professional information and their activity on the www.aubrilam.com website. In accordance with the Data Protection Act, information relating to the racial or ethnic origins, political, philosophical or religious opinions, trade union membership, health or sex life of a person is not collected and prohibited (sensitive data).
3: LAWFULNESS OF PROCESSING AND CONDITIONS FOR CONSENT (ART. 6 AND ART. 7 OF THE GDPR)
Consent to the processing of a visitor’s personal data is systematically obtained for one or more specific purposes (checkbox/opt-in). For example, when completing a form for registration to an event or downloading a resource, obtaining the visitor’s email address is intended to notify him/her of new publications or to suggest resources that may be of interest to him/her.
4: DATA STORAGE
The data collected on the www.aubrilam.com website are kept for a maximum period of 12 months for anonymous contacts, after the data subject’s last activity on the website. However, for identified contacts, the data collected on the www.aubrilam.com website are kept for a maximum period of 36 months. At the end of these periods, all personal data is automatically deleted.
5: RIGHTS OF DATA SUBJECTS (ART. 16 TO 20 OF THE GDPR)
In accordance with the French Data Protection Act and the GDPR, any data subject may exercise their right to access, rectification, objection, restriction of processing, erasure and portability of the data concerning them by making a request by email via the address: [email protected]
6: SECURITY OF PROCESSING (ART. 32 OF THE GDPR)
The data collected on the www.aubrilam.com website and the associated processing operations are hosted by Aubrilam. Only persons associated with Aubrilam’s technical, marketing and sales departments and their suppliers have access to the information collected on the www.aubrilam.com website.
7: DATA BREACH AND NOTIFICATION WITHIN 72H (ART. 33 AND ART. 34 OF THE GDPR)
In the event of a personal data breach or suspected breach, Aubrilam and its suppliers must notify the CNIL no later than 72 hours after having become aware of it.
In order to provide the best possible experience (quality informative content, access to specific information such as resources or a private space…) visitors may be required to fill in forms. The information collected is then subject to computer processing made necessary for the performance of the service. The recipients of the data are exclusively persons working for Aubrilam.
In accordance with the French Data Protection Act of 6 January 1978 amended in 2004, you have the right to access and rectify information concerning you, which you can exercise by contacting our support service via the address [email protected]. You also have the right to object to the processing of your personal data if you have legitimate grounds for doing so.