The online service of information request is a personal data processing managed by Eval&GO.
PURPOSE OF DATA PROCESSING
The purpose of treatment is the management of requests submitted for the services offered on the Eval&GO website.
This allows Eval&GO :
- to respond to requests for information, advice or intervention
- to request additional information in order to complete the request for intervention
- to send a detailed estimate.
Article 6 (1) e of the General Data Protection Regulation - GDPR
This data processing is made to exercise the contractual necessity
The type of processing can be: collection, recording, organisation, storage, adaptation, editing, extraction, consultation, use, transmiton, communication, publishing or any other form of provision, connection or interconnection, locking, deletion or destruction
Categories of data processed
- Identification data;
- Business contact.
Source of data
This information is collected from the respondent who answers the questionnaire
Mandatory nature of data collection
The mandatory collection depends on the type of data involved. If it is the case, this is specified in the questionnaire.
Make this decision automatic
Processing does not involve automated decision making.
The data processing concerns any natural and legal person answering the questionnaire.
CATEGORIES OF RECIPIENTS
According to their respective needs, the recipients of all or part of the data are:
- authorised employees and corporate officers of EVALANDGO;
- EVALANDGO service providers allow to treat requests for services and information on services
DATA TRANSFER WITHIN EU
No data transfer outside the European Union is carried out.
DURATION OF DATA STORAGE
Data are kept for a period of 3 years since the transmission of the request
Eval&GO constantly protects your data.
This is why we apply all the security measures necessary to protect your data against unauthorised access, modification, disclosure or destruction. These measures include:
- Ciphering of your data to ensure confidentiality while transfers are made.
- Limiting the collection of data only to the most necessary.
- Not using the data for purposes that do not concern the reason of the collection..
- Keeping personal data for a set amount of time.
- Not transferring this data to third parties, other that EVALANDGO service providers involved in the execution of the contract of EVALANDGO online questionnaires.
- Use of digital data hosting providers having made commitments to comply with Personal Data Protection Regulation, including as follows:
- Physical security measures to prevent access to the infrastructure on which EVALANDGO data are stored by unauthorised persons
- Security staff responsible for ensuring the physical security of the data hosting structure, 24/24 hours, 7/7 days
- A system managing authorisations to limit access to data only to those who need to be in contact with data, only because of their professional duties.
- A system of physical and/or logical isolation (per service) of customers.
- Strong authentication processes for users and administrators through a password management policy and, in some cases, a double-authentication measure,
- Processes and devices to keep a trace of actions carried out on the information system in order to report, as established by the regulations, the event of an incident affecting the customer's data,
- As a subcontractor, the hosting provider of EVALANDGO has also made these commitments:
- processing personal data exclusively for the required service (no other use is possible).
- Not transferring EVALANDGO data outside the EU zone or outside the countries recognised by the European Commission as having a sufficient level of protection.
- Informing the responsible about any recourse to subcontractors who may need personal data processing.
- implementing high security standards in order to provide an appropriate security level for these services.
- Informing Eval&GO responsible for Data Processing in case of data breaching.
- Access to personal information is strictly reserved to the employees, corporate officers and subcontractors of EVALANDGO that need to access on behalf of EVALANDGO. Every access will be made following this obligation and may be subject to disciplinary sanctions, up to and including the endi of employment or the service contract in case of breach of these obligations.
RIGHTS ON THE DATA REGARDING YOU
You can access and obtain copies of data concerning you, oppose the processing of these data, ask for rectifying or have them erased. You also have the right to restrict the processing of your data.
> Getting to know your rights on informatics and liberty
Exercising the rights
The Responsible for Data Protection is the person to contact for any request about exercising your rights for processing.
- Contact the Responsible via postal mail
Le responsable à la protection des données
159 rue de Thor
Submit a complaint to the CNIL (national commission on informatics and liberty)
If you feel, after contacting us, that your rights for data processing have not been respected, you can submit a complaint to the CNIL (national commission on informatics and liberty).