The protection and security of personal data is a major concern and an essential commitment of the ADIT GROUP (hereinafter referred to as “we”). In this respect, we undertake to process the personal data that we have access to in a transparent manner and in compliance with the French and European regulations applicable in this area (hereinafter referred to as “Applicable Regulations“), and specifically the Regulation (EU) 2016/679 of 27 April 2016 (hereinafter the “GDPR“) and the Law No. 78-17 of 6 January 1978 as amended by the law of 20 June 2018 (hereinafter referred to as “GDPR“). the “Data Protection Act“).
As such, this personal data protection policy (hereinafter referred to as “Policy“) aims to present the manner in which the ADIT GROUP, a simplified joint stock company (910 226 018RCS Paris B), located at 27 B quai Anatole France, 75007 Paris, France, processes personal data, as data controller, of users of the ADIT GROUP website www.groupe-adit.fr (hereinafter the “Site“). The Policy also aims to inform users about how they can exercise their rights.
All capitalized terms used in the Policy and especially the terms “Personal Data” (hereinafter “Data“), “Processing“, “Controller“, “Processor“, “Recipient” and “Data Subject“, refer to the terms defined in Article 4 of GDPR.
The Policy may be subject to change depending on the Applicable Regulations.
To ensure that the ADIT GROUP processes Data in accordance with the Applicable Regulations and this Policy, and to answer any questions that users may have regarding the Processing of your Data by the ADIT GROUP, we have appointed a Data Protection Officer (hereinafter “DPO“) who can be contacted by email at dpo@adit.fr.
Why do we process Data?
As part of the Processing that we implement, we undertake to process only Data that is adequate, relevant and strictly necessary for the pursuit of the following explicit and legitimate purposes:
| Purposes | Legal bases (Article 6.1 of the GDPR) |
| Operation, improvement and security of the Site | Legitimate interest |
| Analysis of traffic and traffic on the Site | Legitimate interest |
| Securing the website | Legitimate interest |
| Management of our exchanges with users and responses to requests of contact addressed to ADIT GROUP | Legitimate interest |
| Sending and management of a newsletter | Consent |
| Analysis and management of applications on the Site | Legitimate interest |
We do not carry out any processing of Data leading to automated decision-making producing legal effects, concerning or significantly affecting users.
In the event that we are required to process the Data for purposes other than those listed in this section, we will inform the Data Subjects in advance and will take any additional steps that may be necessary.
How long are the Data retained?
We retain the Data only for the period necessary to pursue the aforementioned purposes and in accordance with the Applicable Regulations. In particular, the Data processed by the ADIT GROUP are retained for the following periods:
| Data concerned | Retention period |
| Operation, improvement and security of the Site | 1 year from collection |
| Analysis of traffic and attendance on the Site | 1 year after collection |
| Management of responses to requests addressed to the ADIT GROUP and exchanges with users | 3 years after the last contact |
| Sending and management of a newsletter | Until unsubscribed request |
| Analysis and management of applications | 3 months after the last contact |
WHO HAS ACCESS TO DATA?
Within the limits necessary to pursue the purposes described above, the Data may be transmitted to the following recipients:
- Persons within the ADIT GROUP duly authorized as part of their mission to access the Data and subject to an obligation of security and confidentiality (for example, persons in charge of recruitment for applications);
- Our service providers and suppliers acting on our behalf as Subcontractors, in accordance with our documented instructions. These service providers are not authorized to sell and disclose the Data to third parties. This includes in particular our host OVH SAS as well as IT service providers.
- Any administrative or judicial control authority or authorized Third Party authorized in the context of compliance with the legal and regulatory obligations incumbent on the ADIT GROUP or to enable the ADIT GROUP to ensure the defense of its rights and interests.
We formally undertake not to market, rent, exchange any Data or transfer any Data free of charge.
Where is the Data stored?
We process and host the Data exclusively in data centers that are located in the European Economic Area (EEA). We also ensure that we select subcontractors who host the Data within the EEA.
HOW DO WE ENSURE DATA SECURITY?
We give great importance to respecting the privacy of users and to the confidentiality and security of Data. As such, we are committed to respecting the main principles of the GDPR, such as the minimization and accuracy of Data, the limitation of purposes and retention and the principles of Data protection by design and by default.
Furthermore, we implement all appropriate technical and organizational measures concerning the nature of the Data and the risks presented by the Processing, in order to protect the Data and our information systems and prevent, as far as possible, any unauthorized access, alteration, disclosure or destruction of Data under our responsibility.
In addition, we choose our Subcontractors and service providers carefully and make everything we can to use only subcontractors with sufficient guarantees (compliance with Applicable Regulations, Data encryption capacity, relevant certifications, reputation, etc.) to ensure Data protection. We make sure to conclude with our Subcontractors, in application of the Applicable Regulations, contracts that precisely define the conditions and methods of Data Processing, as well as our obligations and rights as Data Controller.
WHAT ARE THE RIGHTS and how to exercise these rights?
As concerned People, users may at any time, under the conditions and limits provided for by the Applicable Regulations, request to exercise the following rights in relation to the Data processed by the ADIT GROUP:
- Right of access: users may ask the ADIT GROUP to inform them whether or not Data concerning them is processed and, if so, request to receive a copy of all or part of this data;
- Right of rectification: users may ask the ADIT GROUP to rectify or update incorrect or incomplete Data concerning them. In this case, we may request them to verify the accuracy of the new Data provided;
- Right to be forgotten: users may ask the ADIT GROUP to delete their Data in certain cases listed in Article 17 of the GDPR. The Applicable Regulations provide for exceptions to the exercise of this right, in particular when processing is necessary to comply with a legal obligation that requires the Processing of Data.
- Right to object: in accordance with Article 21 of the GDPR, users may object at any time, for reasons relating to their specific situation, to the Processing of their Data based on our legitimate interest, except for legitimate and compelling reasons that would prevail or for the establishment, exercise or defense of legal claims;
- Right to limitation: users may ask the ADIT GROUP to limit the processing of their Data in certain cases listed in Article 18 of the GDPR;
- Right to portability: when the Data is necessary for the performance of a contract with users or is processed on the basis of their consent, users may ask the ADIT GROUP to provide these users with their own Data in a structured, commonly used and machine-readable format. When technically possible, these users also have the right to have their Data transmitted directly to a third party;
- Withdrawal of consent: when the Data is processed on the basis of the users’ consent, the latter may withdraw it at any time, and notably to no longer receive communications from us;
- Right to define post-mortem directives: users may define and send us general or specific directives relating to the retention, deletion and communication of their Data post-mortem, under the conditions set out in Articles 84 to 86 of the Data Protection Act.
To exercise their rights, users may contact the ADIT GROUP by email at the following address: info@adit.fr. They may be asked for a means of identification in the event of doubt concerning their identity and the ADIT GROUP may ask them for additional information or documents depending on the rights exercised.
If users have the opinion, after contacting us, that their rights have not been respected, they have the right to file a complaint with a supervisory authority, notably with the French National Commission for Information Technology and Civil Liberties (CNIL).
COOKIE MANAGEMENT
When users browse the Site, we may use the common practice of placing small data files called cookies or other tracers on the device used (hereinafter “Cookies“). Relevant information on the technical aspects of Cookies is available through a this link: http://www.allaboutcookies.org
Cookies are used by the Site for practical reasons and to improve users’ online experience.
We use 4 types of Cookies:
- Necessary/functional cookies – Cookies that enable the technical operation of the Site and its features;
- Analytical/performance cookies – Cookies that collect data on the performance of the Site and how it is used. These Cookies allow us to improve the operation of the Site;
- Functionality cookies – Cookies that allow the Site to remember choices made by users (such as language) and to offer improved or personalized features.
Targeting/advertising cookies – Cookies used to display tailored advertisements.
The description and conditions of use and management of these Cookies are detailed in our Cookie management tool.
Users can also prevent the deposit of Cookies by changing the browser settings. Cookie settings may vary from one browser to another. Information on how to manage cookies in each browser is available at the following addresses:
A regular update of the Policy may be carried out depending on technical, legal and organizational developments.