Charter for the protection of personal data of contacts and clients
In the course of our activities, we are required to collect and process personal data.
The applicable legal framework for the processing of personal data is defined by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, otherwise known as the General Data Protection Regulation (RGPD in French and GDPR in English).
The GDPR reinforces the rights and obligations of “data controllers”, as well as their “subcontractors”, “affected persons” and “data recipients”.
It states that persons, whose data is collected and processed, must be informed of their rights in a concise, transparent, intelligible and easily accessible manner.
With this in mind, this CHARTER aims to provide you with all the information that you may need concerning the collection and processing of your personal data.
In order to make the following sections easier to understand, it should be explained that:
- The “data controller” is the person who determines the purposes and methods used for data processing. In this case, this is the company FORUM ACCORD SAS, whose registered office is located at 14 Boulevard Poissonnière, 75009 Paris, which is represented by its president, Mr François PFEIFFER.
- The “affected person” is the person, for whom this CHARTER is intended and whose data is collected or processed. Affected persons include “contacts” (persons who contact ACCORD in order to request information on programmes / courses / services) and clients of the ACCORD school (any person who benefits from the services of the ACCORD school).
- The “subcontractor” is any natural or legal person who processes personal data on behalf of FORUM ACCORD SAS and therefore for the ACCORD school.
- The “recipient” is any natural or legal person who receives personal data from FORUM ACCORD SAS,
Data recipients can therefore be employees of FORUM ACCORD SAS or external partners/organisations (mutual companies, hotels and residences, banking institutions, etc.).
Overview of the CHARTER:
(intended to help you find the information that you require)
INFORMATION ON COLLECTED DATA
- Categories of data collected and processed
- Origin of data
- Failure to provide information
INFORMATION ON DATA PROCESSING
- Lawfulness of processing
- Purposes of processing
- Data recipients – authorisation and traceability
- Data retention period
INFORMATION ON THE RIGHTS OF THE AFFECTED PERSON
- Right of access
- Right of rectification
- Right of erasure
- Right to restriction of processing
- Right to data portability
- Right not to be subject to an automated individual decision
- Right of complaint to the CNIL
DATA PROTECTION OFFICER
- Data protection officer
- Further details
In order to make this document more readable, a list of “keywords” can be found in the margin, which will help you find the information included and developed in each article.
CHARTER OF FORUM ACCORD SAS
What is the purpose of the CHARTER?
The purpose of the CHARTER is to fulfil the obligation of FORUM ACCORD SAS to provide its contacts and clients with information concerning the processing of their personal data, whether this processing is conducted directly by FORUM ACCORD SAS or via its subcontractors, as well as their rights.
2. Categories of data collected and processed
Which data is collected and processed?
- Identity and identification of the contact that requests information on services provided by FORUM ACCORD SAS: last name, first name,
- Contact details of the contact that requests information on services provided by FORUM ACCORD SAS: e-mail, postal address and telephone number,
- Identity and identification of the beneficiary of the service provided by FORUM ACCORD SAS: last name, first name, date of birth, copy of passport (visa, if required),
- Contact details of the beneficiary of the service provided by FORUM ACCORD SAS: e-mail, postal address and telephone number.
If this information is different from that of the beneficiary of the service:
- Identity and identification of the subscriber of the service provided by FORUM ACCORD SAS: last name, first name(s),
- Contact details of the subscriber of the service provided by FORUM ACCORD SAS: e-mail, postal address and telephone number.
If applicable, when hosting young people aged under 18:
- Identity and identification of the young person’s parents or legal representatives,
- Postal address of the young person’s parents or legal representatives,
- Contact telephone number of the parents or legal representatives,
Required in all cases:
- Bank details of the subscriber of the service required at registration stage,
- Medical information concerning the beneficiary of the service (for juniors).
3. Origin of data
Who sends us data? And when is it collected?
Data concerning our contacts and clients is collected:
- Directly from them when they register or request information on services provided by FORUM ACCORD SAS,
- Or indirectly via partner agencies/organisations of FORUM ACCORD SAS, which then represent the data source according to the GDPR.
In this case, FORUM ACCORD SAS takes the greatest possible care to check the quality and accuracy of the data, with which it is provided, and guarantees that these partner agencies/organisations have a data protection policy that meets the current regulations and can be accessed on their respective websites.
4. Failure to provide information
What happens if I fail to provide FORUM ACCORD with my details?
Any failure to provide required information would prevent the perfect execution or delivery of the service provided by FORUM ACCORD SAS.
As soon as possible, FORUM ACCORD SAS shall inform the relevant client or contact of the specific consequences of the failure to provide information.
4. Lawfulness of processing
The collection and processing of data are required so that we can fulfil the contract signed by our clients or requests made by our contacts.
The handling of data collected and processed by FORUM ACCORD SAS is necessary for the execution and provision of the services purchased by our clients or the conduct of pre-contractual procedures requested by our contacts.
Any information sent by the contact or client to FORUM ACCORD SAS, which is not required so that FORUM ACCORD SAS can provide the service, will not be stored.
The collection, storage and processing of an e-mail address, except for the subscription or provision of services, for the sole purpose of registration, de-registration or unsubscription from the newsletter is subject to the express consent of the affected person characterised by his registration, de-registration or unsubscription.
6. Purposes of data processing
Why do we collect and process your data?
Depending on the case, FORUM ACCORD SAS processes data for the following purposes:
- Client relationship management,
- Contact relationship management,
- Client services,
- Management of information requests, programmes and courses,
- Registration for services (transfers, accommodation, etc.),
- Online registration,
- Online or on-site payment to ACCORD,
- Management of requests for registration, de-registration or unsubscription from the newsletter,
- Fulfilling our statutory requirements: accounting and tax,
- Combating money laundering,
- Moderation of comments on social networks.
7. Data recipients – authorisation and traceability
Who will your data be sent to?
FORUM ACCORD SAS will ensure that the data is only accessible to following internal or authorised external recipients:
- The authorised personnel of the reception-registration-accommodation department, marketing-sales department and any person responsible for client relationships and prospecting, administrative and accounting department, IT services and their line managers,
- Authorised personnel responsible for relationships with the services responsible for regulatory controls (for example, the DDCS – Jeunesse et Sports à la Préfecture de Police de Paris) (= Departmental Directorate for Social Cohesion – Youth Affairs and Sports at the Paris Police Prefecture)
- Partners that register students (specific partner agencies/organisations),
- Authorised personnel of subcontractors of FORUM ACCORD SAS (transfers, accommodation, etc.),
- The personnel of the services responsible for the above regulatory controls,
and only to the extent required for the completion of the tasks entrusted to them.
The recipients of personal data from contacts and clients of FORUM ACCORD SAS are subject to a confidentiality obligation and we ensure that they comply with the applicable laws and regulations concerning personal data protection.
FORUM ACCORD SAS decides which recipients will be able to access which data.
Any access to processes involving personal data is subject to a traceability procedure.
In addition, personal data may be sent to any authority that is authorised to access such information. In this case, FORUM ACCORD SAS is not responsible for the conditions, under which the personnel of these authorities can access and use the data.
FORUM ACCORD SAS is not responsible, in any way, for any damage, which may result from illegal access to personal data.
8. Data retention period
For how long will we store your data?
The data retention period is defined by FORUM ACCORD SAS according to the legal and contractual requirements, to which it is subject. Failing that, it is determined by its needs and, in particular, the following principles:
- Data relating to contacts: for two years, unless otherwise requested.
- Data relating to clients: for 5 years after the contractual relationship with FORUM ACCORD SAS expires, without prejudice to data retention obligations or limitation periods.
- Invoices, including data concerning subscribers (last name, first name, postal address, mail) and beneficiaries of the service (last and first name, date and length of stay): for a period of 10 years,
- Bank details of clients: only the length of the programme completed by the client or the beneficiary of the service, unless expressly agreed by the client.
In the event of a dispute, data will be kept on file for one year after the date when the dispute is resolved.
After the fixed deadlines, the data will be deleted. However, it may be stored in the event of pre-litigation or litigation.
FORUM ACCORD SAS reminds its clients that the deletion of data is irreversible and FORUM ACCORD SAS will subsequently be unable to restore the data.
In Annex I, you will find a table showing which categories of data are collected, the purpose of this data collection and the retention period for each piece of data.
RIGHTS OF THE AFFECTED PERSON
9. Right of access
Clients or contacts are entitled to access personal data relating to them, which has been collected. Conditions for the exercise of this right.
The clients and contacts of FORUM ACCORD SAS are entitled to ask FORUM ACCORD SAS to confirm whether data relating to them has been processed.
Clients and contacts also have a right of access to this data and the right to request a copy.
If additional copies are requested, FORUM ACCORD SAS may require financial payment for the administrative costs arising from the request.
If clients and contacts request a copy of the data by electronic means, the requested information will be provided to them in a commonly used electronic form, (such as Excel), unless otherwise requested.
Clients and contacts are informed that this right of access cannot be applied to information or data that relates to third parties or if its communication is not permitted by law.
10. Right of rectification
Clients or contacts are entitled to have data relating to them corrected or supplemented.
Clients and contacts of FORUM ACCORD SAS are entitled to request that any inaccurate personal data relating to them is rectified as soon as possible.
With regard to the purpose of data processing, the clients and contacts of FORUM ACCORD SAS are entitled to ensure that any incomplete personal data relating to them is supplemented.
11. Right of erasure
Deletion of personal data if it is no longer useful for the purpose of the data processing or if it is subject to unlawful processing.
Clients and contacts of FORUM ACCORD SAS are entitled to request that their data is deleted as soon as possible if:
- The personal data is not necessary for the purposes, for which it is collected or processed in another manner,
- The personal data is subject to unlawful processing,
- The data has been collected solely with the consent of the client or contact and this consent has been withdrawn by the latter,
- The deletion results from a statutory obligation imposed by the law of the European Union or that of the member state, to which the data controller is subject.
The right of erasure of clients and contacts will not apply if the data is processed in order to meet a statutory obligation or necessary for the recognition, exercise or defence of rights in court.
12. Right to restriction of processing
The restriction of processing must be considered as a form “legal sequestration”, which prevents the processing of the relevant data, except for its retention.
Clients and contacts of FORUM ACCORD SAS are entitled to request the isolation and tagging of one or more items of their personal data, which has been collected and processed, in order to limit its future and current processing, if:
- They challenge the accuracy of an item of data, for as long as FORUM ACCORD SAS is able to control the latter,
- The processing is unlawful and they are still opposed to its deletion,
- They require this data in order to confirm, exercise or defend their rights in court, even if FORUM ACCORD SAS no longer requires the data for processing purposes.
In the event of limitation, FORMUM ACCORDS SAS shall not proceed to process the relevant data, except for its retention.
13. Right to data portability
Right to request the transfer of your data in electronic format.
Clients and contacts of FORUM ACCORD SAS are entitled to request the transfer of data relating to them, which they have sent directly to FORUM ACCORD SAS and has been processed using computer technology.
In this case, the data will be sent to the affected person or a third party designed by the latter in a commonly used and accessible electronic format.
14. Right not to be subject to an automated individual decision
Automated individual decisions are not used
FORUM ACCORD SAS does not make automated individual decisions.
The above are individual rights, which can only be exercised by the affected person in relation to his own information: for security reasons, the data controller must therefore verify your identity, in order to avoid any communication of confidential information relating to you to a person other than yourself.
As a result, the exercise of these rights is subject to the following conditions:
- The request must originate from the actual person (with proof of identity),
- The request must be sent in writing to the following address: FORUM ACCORD SAS, Personal Data Processing, 14 boulevard Poissonnière, 75009 Paris, France
or to the following e-mail address: RGPD-GDPR@accord-langues.com
15. Right of complaint to the CNIL
You can send any complaints to the CNIL.
Clients and contacts affected by the processing of their personal data are informed of their right to send a complaint to a supervisory authority, such as the CNIL in France, if a person considers that the processing of personal data relating to him fails to comply with the national and European data protection requirements, at the following address :
CNIL – Service des Plaintes
3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07
Tel: 01 53 73 22 22
DATA PROTECTION OFFICER
16. Data protection officer
FORUM ACCORD SAS has appointed a data protection officer, whose contact details are as follows:
Name: Isabelle Bastian
E-mail address: RGPD-GDPR@accord-langues.com
If clients or contacts wish to obtain specific information or ask a particular question, they can contact the data protection officer who will provide them with the required information within a reasonable period.
If a problem arises regarding the processing of personal data, clients and contacts can contact the designated data protection officer.
This data protection policy may be modified or amended at any time following changes to the law, jurisprudence, decisions and recommendations of the CNIL, or practices.
Clients, partners and employees will be informed of any new versions of this policy using any methods selected by FORUM ACCORD SAS, including electronic means (for example, electronic mail or online).
18. Further details
For further information, please contact the data protection officer.
Name: Isabelle Bastian
E-mail address: RGPD-GDPR@accord-langues.com