Personal data protection policy
1. Introduction
Insuco is committed to a continuous process of compliance with the local legislation of the countries in which it operates, particularly, and with international standards and best practices more generally. In this logic, respect for privacy and the protection of personal data are values that it places at the heart of its activities. They constitute until now a moral commitment, sometimes contractual, intended to strengthen its legitimacy and credibility as an international design office.
With the adoption and entry into force in Europe of the General Data Protection Regulation (GDPR) of April 27, 2016, Insuco is strengthening its practice by implementing a genuine formalized policy relating to the protection of personal data in order to guarantee the collection and processing of personal data in a transparent, confidential and secure manner.
Each legal entity of the Insuco Group that collects and/or uses personal data in the context of its activities, acts as Data Controller, and undertakes to implement adequate measures to ensure the protection, confidentiality and security of the personal data of any person from whom such data is collected, in accordance with legal requirements, in particular the European Regulation on the protection of personal data and the national laws in force.
2. Scope of application
Our personal data protection policy applies to all processing by Insuco, as Data Controller, of personal data of customers, partners, subcontractors, suppliers, experts, permanent employees, occasional collaborators, recruitment candidates, any other persons and entities contacted in the context of our activities.
The storage of your personal data in our systems is primarily a free and voluntary decision on your part. Under no circumstances do we take or collect them without your knowledge or information.
3. Data collected
The only personal data we collect are those that are relevant, adequate and strictly necessary to ensure our normal and ethical operation as a design office with respect to our employees, our suppliers, subcontractors and the performance of our clients’ services. The nature and use of the vast majority of these data are also dictated by national and international legislation and by our contractual and ethical commitments.
4. Recipients of the data collected
The recipients of the data we collect are for use only by our internal departments authorized to receive them and process them within the scope of their skills. These are mainly our administrative and human resources departments, our sales or technical departments, our subcontractors or partners responding with us to service offers from common customers, to customers who may or may not request us for services.
5. Purpose of processing
We collect and process information or data concerning you under general conditions of transparency and security of personal data processing in order to meet specific and legitimate purposes. Your personal data may, in addition, be processed for the following purposes:
- Monitoring your application file,
- Contractual relationship with its employees,
- Business relationship with its customers,
- Business relationship with its suppliers, partners and subcontractors,
- Response to your requests for collaboration.
We mainly use your personal data as part of our customer management, and in particular to respond to your requests or to regularly send you information about our services, our news and/or our media likely to meet your expectations.
6. Processing of personal data
Personal data is processed in accordance with the provisions of the General Data Protection Regulation and to the extent necessary for the aforementioned purposes.
The processing of information or data that we collect and/or that are transmitted to us is conditioned by two criteria that make it possible for the purpose for which we intend it:
- The data subject has consented to the processing of his or her personal data for one or more specific purposes;
- The processing is necessary for compliance with a legal obligation to which the controller is subject.
Therefore, you are responsible for the accuracy of the personal data that you communicate to us.
7. Transmission of your data
The confidentiality of the information we use, when it is personal data of natural persons, and the respect of professional secrecy prevent us from communicating any data or information concerning a natural person to third parties without the prior consent of the persons concerned. However, the transmission of personal data concerning natural persons to third parties may be justified by a certain number of circumstances, for example:
- Communication to institutions and bodies governed by public or private law when this is provided for, required and/or regulated by law;
- The transmission of your personal data to our subcontractors when they are necessary for the performance of the services for which you have mandated us as part of the execution of our mission;
- Sharing application data with the various entities of the group.
Subject to what is stated in this personal data protection policy or unless we have previously obtained your consent, we may communicate your personal data to persons employed by the Insuco group or our subcontractors and partners for the purposes mentioned above, and only to the extent strictly necessary to carry out the tasks entrusted to them. These persons may be required to contact you directly using the contact details you have provided to us. Please note that we strictly require our subcontractors and partners to use your personal data only to manage the services we ask them to provide. We also require our subcontractors and service providers to always act in compliance with applicable personal data protection laws and to pay particular attention to the confidentiality of this data. Insuco ensures that your data continues to benefit from an adequate level of protection in terms of security and confidentiality.
8. Data retention
Depending on the nature of the personal data, the purpose of the processing, and/or legal or regulatory requirements, the retention periods vary. However, we implement processes for anonymizing personal data when it is necessary for us to retain certain information attached to this personal data without it being strictly mandatory to identify the natural persons to whom it relates.
9. Data security
We pay particular attention to the security of our data in general and more specifically when it concerns your personal data. Also, we aim to always keep your personal data in the safest and most secure manner, and only for the duration necessary to achieve the purpose pursued by the processing and in compliance with the legislation in force, in particular at the request of an authority authorized by law. To this end, we take appropriate physical, technical and organizational measures to prevent as far as possible any alteration or loss of your data or any unauthorized access to it, by implementing data protection through the use of physical and logical security means.
Thus, access to personal data on all of our networks is subject to strict authorization conditions put in place at the level of each entity of the group.
10. Rights of data subjects
In accordance with the applicable legislation on the protection of personal data, you have the right to consult, rectify or modify, make a complaint and delete your personal data collected and held by Insuco.
These rights can be exercised by sending us an email to contact@insuco.com.
11. Modification of the policy
This document, which constitutes our general policy for the protection of personal data, may be updated at any time in order to take into account the latest legislative developments or the scope in which they are supposed to be applied. We will share it with you each time we come into contact with you for the collection or use of your personal data, in order to keep you informed of the conditions under which we process this data.
For any request relating to our general personal data protection policy, please send an email to contact@insuco.com.