SCANTECH GROUP PRIVACY POLICY
PART I : GLOSSARY, PURPOSES AND SCOPE OF THE PRIVACY POLICY
I. GLOSSARY
The following terms, identified by a capital letter in the body of the provisions of the Privacy Policy, have the meaning given to them below:
- “ALPEH” (or the “Holding”): refers to ALEPH, a simplified joint stock company whose registered office is located at ZAC II, Savoie Technolac – 108, avenue du Lac Léman – 73290 La Motte-Servolex and registered with the Chambéry Trade and Companies Register under number 400 952 339.
- “Candidate“: any natural person who has followed, in part or in full, the Company’s recruitment process and who, at the end of said process, has not been recruited by the SCANTECH Group.
- “Company“: refers indifferently to SCANTECH Group companies.
- “Consent“: any free, specific, informed and unambiguous expression of will by which the Data Subject accepts, by a declaration or by a clear positive act, that Personal Data concerning him or her may be Processed.
- “Courts”: refers to all courts and tribunals, both judicial and administrative, as well as any body with the task of issuing a binding decision.
- “Customer“: any individual or legal entity having a current or concluded contractual relationship with the SCANTECH Group.
- “Data Controller“: the natural or legal person, public authority, department or other body which, alone or jointly with others, determines the purposes and means of processing. For the purposes of this Privacy Policy, the Data Controller is the SCANTECH Group.
- “Data Subject“: a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity and whose Personal Data has been collected and processed by the SCANTECH Group.
- “Employee(s)” (or “Staff”) refers to all present and future employees, regardless of the type of employment contract (open-ended contract, fixed-term contract, temporary contract, etc.), work-study students, trainees and, more generally, any natural person placed, by virtue of a contract, under the hierarchical authority of one of the Companies in the SCANTECH Group.
- “File(s)“: any structured set of Personal Data accessible according to specific criteria, whether this set is centralized, decentralized or distributed functionally or geographically.
- “GDPR“: General Data Protection Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, which came into force in the territory of the European Union on May 25, 2018.
- GDPR National Regulatory Authority: the national authority in charge, in each of the member states of the European Union (“EU“), of enforcing the GDPR. Each GDPR National Regulatory Authority has three objectives:
- Informing people of their rights and how to protect them;
- Help private and public organizations comply with current legislation;
- Monitoring the implementation of legislation and sanctioning breaches.
In non-EU countries, the notion of GDPR National Regulatory Authority refers to any Regulatory Authority in charge of enforcing national personal data protection legislation where such legislation exists.
- “Human Resources“: refers to any department or member of a department involved in the integration of Employees, their management (payroll, mutual insurance and provident fund management) as well as their development (training, mobility, career development) within the SCANTECH Group.
- “Individuals Not Contractually Linked to the Group” any individual has never been contractually linked to the SCANTECH Group.
- “Limitation of Processing“: the marking of retained personal data, with a view to limiting their future processing.
- “Personal Data“: any information relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
- “Personal Data Breach“: a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
- “Privacy Policy”: refers to the entirety of the present provisions as well as future updates to be made at the discretion of the SCANTECH Group.
- “Processing“: any operation or set of operations which may or may not be performed using automated processes and applied to Personal Data or sets of Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Prospects“: any individual or legal entity, who has never been contractually linked to the SCANTECH Group, contacting the Group or with whom the Group has made contact, without necessarily being in talks, to assess the opportunity of becoming a Supplier, Customer, Employee or to develop any partnership whatsoever.
- “Recipient“: the natural or legal person, public authority, department or other body that receives Personal Data, whether or not it is a Third Party.
- “SCANTECH Group“: refers both to ALEPH and to all subsidiaries, whether incorporated under French or foreign law, controlled by ALEPH, a simplified joint stock company whose registered office is located at ZAC II, Savoie Technolac – 108, avenue du Lac Léman – 73290 La Motte-Servolex and registered with the Chambéry Trade and Companies Register under number 400 952 339.
The Chinese subsidiary GUANGZHOU SCANTECH ELECTRONIC MEASURING EQUIPMENT is expressly excluded from the scope of the Privacy Policy.
- “Subcontractor “: the natural or legal person, public authority, department or other organization that processes Personal Data on behalf of the Data Controller.
- “Supervisory Authority“: refers to a supervisory authority that is concerned by the Processing of Personal Data because:
- the Data Controller or Subcontractor is established on the territory of the Member State to which this supervisory authority belongs;
- Data Subjects residing in the Member State of that supervisory authority are or are likely to be significantly affected by the Processing; or
- a complaint has been lodged with that supervisory authority.
- Suppliers”: any individual or legal entity engaged in a contractual relationship with the Company for the supply of products and services.
- “Users” or “Internet Users”: refers to any natural person, regardless of nationality or domicile, browsing the Website for commercial or non-commercial purposes.
- “Third Party“: a natural or legal person, public authority, service or organization other than the Data Subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorized to process Personal Data.
- “Website”: refers to the website www.scantech.com and all extensions that link directly to the Website as well as the following websites: scantech.com and virtual-fair-scantech.com; excluding the Chinese website www.scantech.cn.
II. PURPOSES OF THE PRIVACY POLICY
A. Purposes of the Privacy Policy
The mandatory provisions of the GDPR apply to any organization, public or private, that processes Personal Data on its own behalf or otherwise, as long as it is established in the territory of the European Union or its activity directly targets European residents.
The SCANTECH Group is therefore fully subject to the GDPR with regard to its Suppliers, Customers, Prospects or Individuals Not Contractually Linked to the SCANTECH Group as well as the Website Users.
The SCANTECH Group is committed to preserving the trust of its Suppliers, Customers, Prospects and Individuals Not Contractually Linked to the Group as well as the Website Users with regard to the confidentiality of their Personal Data and therefore ensures that it adopts and complies with all European regulatory and legislative provisions relating to the protection of Personal Data.
The SCANTECH Group guarantees to Suppliers, Customers, Prospects and Individuals Not Contractually Linked to the Group as well as Users of the Website that the Personal Data collected will not be sold to any Third Party.
Through this Privacy Policy, the SCANTECH Group pursues a dual objective:
– To report to its Suppliers, Customers, Prospects and Individuals Not Contractually Linked to the Group as well as the Website Users on the Processing of their Personal Data;
– To inform its Suppliers, Customers, Prospects and Individuals Not Contractually Linked to the Group as well as the Website Users of their rights with regard to Personal Data collected by the Group.
B. Unilateral changes to the Privacy Policy
The content of the Privacy Policy, although intended to be as complete as possible, is not exhaustive and may be updated at the SCANTECH Group’s discretion. Such updates will be binding on Suppliers, Customers, Prospects and Individuals Not Linked to the SCANTECH Group, as well as on Users of the Website, from the time they are posted on the Website.
C. Enforcement of the GDPR except in the case of mandatory and contrary national legislation
The SCANTECH Group, and therefore all Subsidiaries (excluding the Chinese subsidiary) located, or not, on the territory of the European Union, apply the provisions of the GDPR with regard to the Personal Data of Suppliers, Customers, Prospects or Individuals Not Contractually Linked to the Group and Users of the Website, except in the event of a mandatory national provision contrary to the GDPR.
In the event that a mandatory provision of the national legislation of one of the countries in which a Subsidiary is established proves to be contrary to the principles laid down by the RGPD, the Group undertakes to apply the said provision in the most favorable and protective sense for the Personal Data collected and processed.
III. SCOPE OF THE PRIVACY POLICY
A. Customers
The Privacy Policy applies to all Customers, one-time and regular, past, present and future, of the SCANTECH Group whose Personal Data may have been collected, processed, archived and deleted.
- PART II: THE PERSONAL DATA OF THE SCANTECH GROUP’S CUSTOMERS
B. Suppliers
The Privacy Policy applies to all Suppliers, regular and occasional, past, present and future, of the SCANTECH Group whose Personal Data may have been collected, processed, archived and deleted.
- PART III: PERSONAL DATA OF THE SCANTECH GROUP’S SUPPLIERS
C. Prospects
The Privacy Policy applies to all past, present and future Prospects who have contacted the SCANTECH Group or who have been contacted by the Group, whose Personal Data may have been collected, processed, archived and deleted.
- PART IV: PERSONAL DATA OF PROSPECTS AND INDIVIDUALS NOT CONTRACTUALLY LINKED TO THE SCANTECH GROUP
D. Individuals Not Contractually Linked to the SCANTECH Group
The Privacy Policy applies to all Individuals Not Contractually Linked to the SCANTECH Group whose Personal Data may be collected by the Group in connection with various events (lectures, publications on social networks, subscription to the Company’s newsletter, etc.).
- PART IV: PERSONAL DATA OF PROSPECTS AND INDIVIDUALS NOT CONTRACTUALLY LINKED TO THE SCANTECH GROUP
E. Website Users
The Privacy Policy applies to all Users of the Website.
- PART V: WEBSITE USERS’ DATA PERSONAL
As a preliminary point, it is reminded that the legislation on the collection and processing of Personal Data applies exclusively to natural persons; so that this section is devoted exclusively to natural persons, who may be identified by their Personal Data, who belong to a company in any capacity whatsoever (employees, corporate officers or legal representatives) which is itself a Customer of the SCANTECH Group, and not to the legal entity as such.
Customers’ Personal Data is collected in accordance with the principles of minimization and relevance, so that the individual situation of each Customer is studied in order to collect the Personal Data strictly necessary for the purposes pursued by the SCANTECH Group.
A. Information collected
All Customer Personal Data that may be collected by the SCANTECH Group from negotiation to contract termination, are listed below.
1. Customer identification data
- Civil status;
- Last name;
- First name(s);
- Date and place of birth;
- Nationality;
- Business e-mail address;
- Business telephone number (fixed and/or mobile);
- Identity card, passport or residence permit number;
- Job and position held within the customer company.
For the purposes of this Privacy Policy, Personal Data relating to the identification of Customers are classified in Category A.
2. Customer data obtained through the Group’s communications (registration for events organized by the Group, subscription to the newsletter or subscription to the Group’s social networks, etc.)
- Civility;
- Last name;
- First name;
- Business e-mail address;
- Business telephone number.
Personal Data relating to the Group’s communication to Customers are classified in Category B.
B. Documents collected
All documents that may be collected by the SCANTECH Group, from talks to contract termination, are listed below:
1. Customer identification documents
- Business cards;
- Customer company presentation;
- Organization chart;
- K-bis extract (or similar document).
Customer identification documents are classified in Category 1.
2. Documents relating to contract conclusion
- Purchase orders / Quotations;
- Invoices;
- Contracts;
- Written exchanges with the Customer.
The documents collected relating to the conclusion of the contract with the Customer are classified in Category 2.
3. Documents relating to Customer satisfaction
- Forms to be completed online or in hard copy;
- Minutes of interviews/visits with the Customer;
- Written exchanges with the Customer about the product or service.
Documents collected relating to Customer satisfaction are classified in Category 3.
The digital, or not, Files used to process Personal Data are as follows:
- Customer contacts and privileged contacts file;
- Order tracking file;
- Invoice tracking file;
- After-sales service tracking file;
- File for managing events or services offered by the SCANTECH Group (training courses, webinars, conferences, newsletters, etc.).
Customer Personal Data are collected and processed for the purposes described below.
A. Contract performance and management of customer relations and customer accounts
Customer Personal Data are collected and processed in order to guarantee the proper performance of the contract and the perfect follow-up of the customer relationship. Indeed, it is necessary for the SCANTECH Group to have one or more privileged contacts within its Customers in order to better understand their activities and thus meet their technical and operational needs.
The customer relationship extends from the conclusion of the contract to after-sales service, including the supply of the main product or service as well as ancillary services.
B. Improving the Group’s products and services
Customer Personal Data are collected and processed by the SCANTECH Group in order to improve the products and services offered by the SCANTECH Group, as well as to improve their use by Customers (e.g. satisfaction form, interviews with technicians for the purpose of product improvement as part of (or outside of) product testing phases, training provided by the Group in the use of products, etc.).
C. Customer training in the use of the Group’s products and services
Customer Personal Data are collected and processed for the purpose of training Customer teams in the use of products and services provided by the SCANTECH Group.
D. Group communication and the organization of events by the SCANTECH Group
Customer Personal Data are collected and processed to enable the organization of events organized by the Group, mainly for the registration and participation of natural persons who are members of the Customer company.
Customer Personal Data are also collected and processed in order to ensure the Group’s digital communications, in particular for the sending of newsletters.
A. Legal grounds for the Processing of Personal Data
Article 6 of the RGPD provides six alternative bases for considering the Processing of Personal Data to be lawful, namely:
- The Data Subject’s consent to the Processing of his or her Personal Data for one or more specific purposes;
- The performance of a contract (or pre-contractual measures) to which the Data Subject is a party;
- Compliance with a legal obligation to which the Data Controller is subject;
- The Processing is necessary to safeguard the vital interests of the Data Subject;
- Performance of a task in the public interest entrusted to the Data Controller;
- The pursuit of legitimate interests by the Data Controller.
B. Basis for processing Customers’ personal data
PERSONAL DATA COLLECTED (As defined in section I in this Part) |
GROUNDS FOR PROCESSING (Above numbering from 1 to 6)
|
COLLECTED INFORMATION |
|
Category A (Personal data identifying employees, corporate officers and legal representatives of Customers) |
2 and 3 |
Category B (Personal data relating to the Group’s communication to Customers) |
1 |
COLLECTED DOCUMENTS |
|
Category 1 (Documents relating to the identification of employees, corporate officers and legal representatives of Customers) |
2 and 3 |
Category 2 (Documents relating to the conclusion of contracts with Customers) |
2 and 3 |
Category 3 (Customer satisfaction documents)
|
2 |
A. Group’s Employees
The SCANTECH Group’s Employees, strictly concerned with the execution of contracts concluded with Customers, from their conclusion to their execution, have access to Customers’ Personal Data (sales representatives, technicians, after-sales service employees etc.).
B. The legal representatives and corporate officers of the SCANTECH Group’s Companies
The legal representatives and corporate officers of the SCANTECH Group’s Companies may have access to Customers’ Personal Data in order to determine and execute their policy.
C. Subcontractors
In accordance with Article 28 of the GDPR, the SCANTECH Group may subcontract the Processing of Personal Data to a Subcontractor.
Where Processing is to be carried out on behalf of the SCANTECH Group, the Group only calls upon Subcontractors who present sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the Processing meets the requirements of the GDPR and guarantees the protection of the Customers’ rights.
D. Public authorities and Courts
Customer Personal Data may be communicated to public authorities whose communication is mandatory under applicable law.
Similarly, SCANTECH Group Companies may be required to disclose documents containing Customer Personal Data to Courts.
E. Supervisory Authorities
In accordance with Article 57of the GDPR, the Supervisory Authorities may have access to Personal Data.
A. Duration of Customer Data Conversation
1. Principle of limited conversation of Personal Data
The GDPR does not define the precise duration for which Personal Data must be kept by the Data Controller. The latter must identify and precisely assess its operational needs, in particular by referring to sectoral limitation periods in order to assess and determine the retention periods that should be applied to the various Personal Data.
TYPE OF PERSONAL DATA COLLECTED
|
ACTIVE RETENTION PERIOD
|
Documents relating to the professional identification of employees, corporate officers and legal representatives of the Customers |
10 years from the end of the contract, unless a different period is provided for by mandatory national law. |
Contractual documents (quotations, purchase orders, contracts, amendments, delivery notes, etc.) |
20 years from the end of the contract, unless a different period is provided for by mandatory national law. |
Accounting documents
|
20 years from the end of the contract, unless a different period is provided for by mandatory national law. |
Documents not covered by a special retention period (e.g. customer satisfaction documents) |
10 years from the end of the contract, unless a different period is provided for by mandatory national law. |
2. Exception to the principle of limited conversation of Personal Data
As an exception to the above, the SCANTECH Group may keep Personal Data for longer than the above-mentioned periods, in particular to ensure its defense in the context of any proceedings, whether amicable or contentious, to which it may be a party or to prove its rights.
3. Intermediate archiving Personal Data
When Personal Data is no longer used on a day-to-day basis by the SCANTECH Group for the purposes for which it was collected, the Group may archive them for the retention period defined above in part 1.
Where archived Personal Data are of administrative or management interest, or to meet a legal obligation to which the SCANTECH Group is subject, they may be consulted by an authorized person within the Group, on an ad hoc basis and with justification.
B. Storage of Personal Data
Personal Data collected by the SCANTECH Group is stored in a manner and under conditions decided individually by the Holding and each of the Group’s Subsidiaries, in compliance with national legislation.
As a preliminary point, it is recalled that the legislation on the collection and processing of Personal Data applies exclusively to natural persons; so that this section is devoted exclusively to natural persons, who may be identified by their Personal Data, who belong to a company in any capacity whatsoever (employees, corporate officers or legal representatives) which is a Supplier of the SCANTECH Group.
It is reminded that the collection of Personal Data from Suppliers is carried out according to the principles of minimization and relevance, so that the individual situation of each Supplier is studied in order to collect the Personal Data strictly necessary for the purposes pursued by the SCANTECH Group.
A. Information collected
All the Personal Data of Suppliers that may be collected by the SCANTECH Group are listed below.
1. Supplier identification data
- Civil status;
- Last name;
- First name(s);
- Business e-mail address;
- Business telephone number (fixed and/or mobile);
- Job and position held within the Supplier company.
For the purposes of this Privacy Policy, Personal Data relating to the identification of Suppliers are classified in Category A.
2. Data obtained following communication from the SCANTECH Group (registration for events organized by the Group, subscription to the Group’s newsletter or subscription to the Group’s social networks, etc.)
- Civility;
- Last name ;
- First name;
- Business e-mail address;
- Business telephone number.
Personal Data relating to Suppliers obtained as a result of communication from the SCANTECH Group are classified in Category B.
B. Documents collected
All documents that may be collected by the SCANTECH Group are listed below:
1. Documents relating to the Supplier’s professional identification
- Business cards;
- Organization chart;
- K-bis extract (or similar document).
The documents collected relating to Supplier identification are classified in Category 1.
2. Documents relating to the conclusion and performance of the contract
- Purchase orders / Quotations;
- Invoices;
- Contracts;
- Written exchanges with the Supplier;
- Minutes of meetings and/or visits with the Supplier.
The documents collected relating to the conclusion of the contract with the Supplier are classified in Category 2.
The digital, or not, Files used to process Personal Data are as follows:
- Supplier and privileged contact file;
- Order tracking file;
- Invoice tracking file;
- File for tracking after-sales services on products supplied;
- File for managing events and services offered by the SCANTECH Group (meetings, webinars, conferences, visits to the Group’s premises, newsletters, etc.).
Suppliers’ Personal Data are collected and processed for the purposes described below.
A. Proper performance of supply contracts with Suppliers
Suppliers’ Personal Data are collected and processed in order to ensure the proper performance of supply contracts entered into with Suppliers. Indeed, it is necessary for the SCANTECH Group to have one or more privileged interlocutors within its Suppliers in order to discuss their technical needs in terms of products and services in order to conclude the most suitable contract, but also to remedy any difficulty during the execution of the contract (defective parts, interruption in supply, etc.).
B. Events and services organized by the Group
Suppliers’ Personal Data are collected and processed to enable the organization of events organized by the SCANTECH Group, mainly concerning the registration and participation of natural persons who are members of the Supplier company.
A. Legal grounds for the Processing of Personal Data
Article 6 of the GDPR provides six alternative bases for considering the Processing of Personal Data to be lawful, namely:
- The Data Subject’s consent to the Processing of his or her Personal Data for one or more specific purposes;
- The performance of a contract (or pre-contractual measures) to which the Data Subject is a party;
- Compliance with a legal obligation to which the Data Controller is subject;
- The Processing is necessary to safeguard the vital interests of the Data Subject;
- Performance of a task in the public interest entrusted to the Data Controller;
- The pursuit of legitimate interests by the Data Controller.
B. Basis for Company’s processing Suppliers’ Personal Data
TYPE OF PERSONAL DATA COLLECTED (As defined in section I in this part)
|
GROUNDS FOR PROCESSING (Above numbering from 1 to 6)
|
COLLECTED INFORMATION |
|
Category A (Personal data for professional identification of employees, corporate officers and legal representatives of Suppliers) |
2 and 3 |
Category B (Personal data relating to the Group’s communications) |
1 |
COLLECTED DOCUMENTS |
|
Category 1 (Documents relating to the professional identification of employees, corporate officers and legal representatives of Suppliers) |
2 and 3 |
Category 2 (Documents relating to the conclusion of contracts with Suppliers) |
1 |
A. The Group’s Employees
The Group’s Employees, strictly concerned with the execution of contracts concluded with Suppliers, from their conclusion to their execution, have access to Suppliers’ Personal Data (sales representatives, technicians, after-sales service Employees, administrative/billing department Employees etc.).
B. The legal representatives and corporate officers of the SCANTECH Group’s Companies
The legal representatives and corporate officers of the SCANTECH Group’s Companies may have access to Suppliers’ Personal Data in order to determine and implement their policy.
C. Subcontractors
In accordance with Article 28 of the GDPR, the Group may subcontract the Processing of Personal Data to a Subcontractor.
Where Processing is to be carried out on behalf of the SCANTECH Group, the Group only calls upon Subcontractors who present sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the Processing meets the requirements of the GDPR and guarantees the protection of the Suppliers’ rights.
D. Public authorities and Courts
Suppliers Personal Data may be communicated to public authorities whose communication is mandatory under applicable law.
Similarly, SCANTECH Group Companies may be required to disclose documents containing Suppliers Personal Data to Courts.
E. Supervisory Authorities
In accordance with Article 57 of the GDPR, the Supervisory Authorities may have access to Personal Data.
A. Duration of Customer Data Conversation
1. Principle of limited conversation of Personal Data
The GDPR does not define the precise duration for which Personal Data must be kept by the Data Controller. The latter must identify and precisely assess its operational needs, in particular by referring to sectoral limitation periods in order to assess and determine the retention periods that should be applied to the various Personal Data.
TYPE OF PERSONAL DATA COLLECTED
|
ACTIVE RETENTION PERIOD
|
Information and documents relating to the professional identification of employees, corporate officers and legal representatives of the Suppliers. |
10 years from the end of the contract, unless a different period is provided for by mandatory national law. |
Information and contractual documents (quotations, purchase orders, contracts, amendments, delivery notes, etc.) |
20 years from the end of the contract, unless a different period is provided for by mandatory national law. |
Information and accounting documents |
20 years from the end of the contract, unless a different period is provided for by mandatory national law. |
Information and documents not covered by a special retention period |
10 years from the end of the contract, unless a different period is provided for by mandatory national law. |
2. Exception to the principle of limited conversation of Personal Data
As an exception to the above, the SCANTECH Group may keep Personal Data for longer than the above-mentioned periods, in particular to ensure its defense in the context of any proceedings, whether amicable or contentious, to which it may be a party or to prove its rights.
3. Intermediate archiving Personal Data
When Personal Data are no longer used on a day-to-day basis by the SCANTECH Group for the purposes for which it was collected, the Group may archive them for the retention period defined above in part 1.
Where archived Personal Data are of administrative or management interest, or to meet a legal obligation to which the SCANTECH Group is subject, they may be consulted by an authorized person within the Group, on an ad hoc basis and with justification.
B. Storage of Personal Data
Personal Data collected by the SCANTECH Group is stored in a manner and under conditions decided individually by the Holding and each of the Group’s Subsidiaries, in compliance with national legislation.
As a preliminary point, it should be noted that the legislation on the collection and processing of Personal Data applies exclusively to natural persons; consequently, this section is devoted exclusively to Prospects who are natural persons and Individuals Not Contractually Linked to the SCANTECH Group. It is reminded that the collection of Personal Data from Prospects and Individuals Not Contractually Linked to the Company is carried out in accordance with the principles of minimization and relevance, so that the individual situation of each Prospect and Individual Not Contractually Linked to the Group is studied in order to collect the Personal Data strictly necessary for the purposes pursued by the SCANTECH Group.
A. Collected Information
All the Personal Data of Prospects and Individuals Not Contractually Linked to the Group that may be collected by the SCANTECH Group are listed below.
1. Data relating to the identification of Prospects seeking employment
- Civility;
- Last name;
- First name(s);
- Mailing address;
- Date and place of birth;
- Business e-mail address;
- Business telephone number (fixed and/or mobile);
- Employing company (if applicable);
- Employer’s job and position;
- Qualifications, diplomas and professional certifications;
- Former employers;
- Academic background.
Personal Data relating to the identification of Prospects seeking employment are classified in Category A.
2. Data relating to the identification of Prospects seeking partnership (supplier, customer, product co-development, etc.) with the Group
- Civility;
- Last name;
- First name(s);
- Business e-mail address;
- Business telephone number (fixed and/or mobile);
- Employing company;
- Job and position held within the company employer;
- Business sector.
Personal Data relating to the identification of Prospects seeking a partnership with the Group are classified in Category B.
3. Data relating to the identification of Individuals Not Contractually Linked to the Group obtained as a result of communications from the Group (newsletter subscriptions, registration for conferences or meetings organized by the Group etc.)
- Civility;
- Last name;
- First name(s);
- Business e-mail address;
- Business telephone number (fixed and/or mobile);
- Business sector.
Personal Data relating to the identification of Individuals Not Contractually Linked to the Group, obtained following communication from the Group are classified in Category C.
B. Collected Documents
All documents that may be collected by the Group are listed below:
1. Documents relating to the identification of Prospects seeking employment
- Curriculum Vitae;
- Cover letter;
- Reference notices provided by the Prospect (where applicable).
Documents collected relating to the identification of Prospects seeking employment are classified in Category 1.
2. Documents relating to the identification of Prospects seeking partnership (supplier, customer, product co-development, etc.) with the Group
- Business cards;
- Organization chart;
- Prospect company presentation documents.
Documents collected relating to the identification of Prospects seeking partnership (suppliers, customers, product co-development, etc.) are classified in Category 2.
The digital, or not, Files used to process Personal Data are as follows:
- File listing Prospects seeking employment;
- File listing Prospects seeking various partnerships with the Group;
- File listing Individuals Not Contractually Linked to the Group who have registered for events offered by the Group (meetings, webinars, conferences etc.);
- Newsletter management file and, more generally, lists of contacts receiving digital mailings from the Group.
The Personal Data of Prospects and Individuals Not Contractually Linked to the Group are collected and processed in order to meet the purposes described below.
A. The smooth running of the Group through the recruitment of qualified personnel
The collection and processing of Personal Data of Prospects seeking employment, whether through an unsolicited application or by responding to a job offer published by the Group directly on its Website or on its social networks, enables the recruitment of qualified individuals whose profile corresponds to the qualities sought, as well as the creation of a file of profiles that the Group is likely to recruit at a later date.
B. Technical and economic development of the Group through partnerships
The collection and processing of Personal Data from Prospects seeking partnerships (in particular suppliers, subcontractors, co-contractors of the Group) enables the Group to create new opportunities in its sector (or outside) and thus contributes to its technical and economic development.
C. The organization of events organized by the Group
The Personal Data of Prospects and Individuals Not Contractually Linked to the Group are collected and processed in order to enable the organization of events organized by the Group, mainly with regard to the registration and participation of individuals.
A. Legal grounds for the Processing of Personal Data
Article 6 of the RGPD provides six alternative bases for considering the Processing of Personal Data to be lawful, namely:
- The Data Subject’s consent to the Processing of his or her Personal Data for one or more specific purposes;
- The performance of a contract (or pre-contractual measures) to which the Data Subject is a party;
- Compliance with a legal obligation to which the Data Controller is subject;
- The Processing is necessary to safeguard the vital interests of the Data Subject;
- Performance of a task in the public interest entrusted to the Data Controller;
- The pursuit of legitimate interests by the Data Controller.
B. Legal Basis for the Processing of Personal Data of Prospects and Individuals Not Contractually Linked to the Group
COLLECTED PERSONAL DATA (As defined in section 1 in this Part) |
GROUDS FOR PROCESSING (Above numbering from 1 to 6)
|
COLLECTED INFORMATION |
|
Category A (Data relating to the identification of Prospects seeking employment) |
1 |
Category B (Data relating to the identification of Prospects wishing to develop various partnerships with the Group) |
1 |
Category C (Data relating to the identification of Individuals Not Contractually Linked to the Group) |
1 |
COLLECTED DOCUMENTS |
|
Category 1 (Documents relating to the identification of job-seeking Prospects) |
1 |
Category 2 (Documents relating to the identification of Prospects seeking partnerships) |
1 |
A. Group’s Employees
Group’s Employees, strictly concerned with recruitment and technical and commercial development, have access to the Personal Data of Prospects and Individuals Not Contractually Linked to the Group.
B. The legal representatives and corporate officers of the SCANTECH Group’s Companies
The legal representatives and corporate officers of the SCANTECH Group’s Companies may have access to the Personal Data of Prospects and Individuals Not Contractually Linked to the Group in order to determine and implement their policy.
C. Public authorities and Courts
The Personal Data of Prospects and Individuals Not Contractually Linked to the Group may be communicated to public authorities whose communication is mandatory under applicable law.
Similarly, SCANTECH Group Companies may be required to disclose documents containing the Personal Data of Prospects and Individuals Not Contractually Linked to the Group to Courts.
D. Subcontractors
In accordance with Article 28 of the RGPD, the Group may subcontract the Processing of Personal Data to a Subcontractor. Where Processing is to be carried out on behalf of the SCANTECH Group, the Group only calls upon Subcontractors who present sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the Processing meets the requirements of the RGPD and guarantees the protection of the Prospects and Individuals Not Contractually Linked to the Group’s rights.
E. Supervisory Authorities
In accordance with Article 57of the RGPD, the Supervisory Authorities may have access to Personal Data.
A. Duration of conversation of Personal Data of Prospects and Individuals Not Contractually Linked to the Group
1. Principle of limited conversation of Personal Data
The RGPD does not define the precise duration for which Personal Data must be kept by the Data Controller. The latter must identify and precisely assess its operational needs, in particular by referring to sector-specific limitation periods in order to assess and determine the retention periods that should be applied to the various Personal Data.
TYPE OF PERSONAL DATA COLLECTED
|
ACTIVE RETENTION PERIOD
|
Information and documents relating to the identification of Prospects seeking employment. |
2 years from the date of collection, unless otherwise stipulated by mandatory national law. |
Information and documents relating to the identification of Prospects seeking various partnerships with the Group. |
|
Information concerning Individuals Not Contractually Linked to the Group. |
2. Exception to the principle of limited conversation of Personal Data
As an exception to the above, the Group may keep Personal Data for longer than the above-mentioned periods, in particular to ensure its defense in the context of any proceedings, whether amicable or contentious, to which it may be a party or to prove its rights.
3. Intermediate archiving Personal Data
When Personal Data are no longer used on a day-to-day basis by the Group for the purposes for which it was collected, the Group may archive them for the retention period defined above.
Where archived Personal Data are of administrative or management interest, or to meet a legal obligation to which the Group is subject, they may be consulted by an authorized person within the Group, on an ad hoc basis and with justification.
B. Storage of Personal Data
Personal Data collected by the SCANTECH Group is stored in a manner and under conditions decided individually by the Holding and each of the Group’s Subsidiaries, in compliance with national legislation.
It should be noted that the collection of Personal Data from Users of the Website is carried out in accordance with the principles of minimization and relevance, so that the collection has been designed to strictly meet the objectives pursued by the Group.
All Personal Data collected by the Group from Users of the Website are listed below.
A. Personal Data collected when filling in the form on the “CONTACT” page
The Personal Data collected from Website Users when they fill in the form on the “contact” page is as follows:
- Last name*;
- First name(s)*;
- Company concerned*;
- Telephone number;
- Email address*;
- Message subject*;
- Content of the message sent to the Group*.
The Personal Data that must be filled in to send the contact request to the SCANTECH Group are identified by an asterisk (*).
For the purposes of this Privacy Policy, Personal Data collected when filling in the form on the “contact” page of the Website is classified as Category A.
B. Personal Data collected when filling in the form on the “PROJECT” page
The Personal Data collected from Users of the Website when they fill in the form on the “project” page are as follows:
- Last name*;
- First name(s)*;
- Company *;
- Email address*;
- Content of message sent to the Group.
The Personal Data that must be provided in order to send a project request to the SCANTECH Group are identified by an asterisk (*).
For the purposes of this Privacy Policy, Personal Data collected when filling in the form on the “project” page of the Website is classified as Category B.
C. Personal Data collected when filling in the form on the “SUPPORT” page
The Personal Data collected from Users of the Website when they fill in the form on the “support” page is as follows:
- Last name*;
- First name(s)*;
- Company*;
- Telephone number;
- Email address*;
- Message subject*;
- Message content*.
The Personal Data that must be filled in to send a request for assistance to the SCANTECH Group are identified by an asterisk (*).
The Personal Data collected when filling in the form on the “support” page of the Website are classified in Category C.
D. Personal Data collected when filling in the form on the “SPARE PARTS” page
The Personal Data collected from Users of the Website when they fill in the form on the “spare parts” page are as follows:
- Last name*;
- First name(s)*;
- Company*;
- Telephone number;
- Email address*;
- Message content.
The Personal Data that must be filled in to send a request for a spare part to the SCANTECH Group are identified by an asterisk (*).
The Personal Data collected when filling in the form on the “spare parts” page of the Website are classified in Category D.
E. Personal Data collected when filling in the “training” form
The Personal Data collected from Users of the Website when they fill in the form on the “training” page is as follows:
- Last name*;
- First name(s)*;
- Company*;
- Telephone number;
- Email address*;
- Position held by the User filling in the form*;
- Message subject*;
- Content of message*.
The Personal Data that must be filled in to send a training request to the SCANTECH Group are identified by an asterisk (*).
The Personal Data collected when filling in the form on the “training” page of the Website are classified in Category E.
F. Personal data collected when filling in the “virtual fair” form
The Personal Data collected from Users of the Website when they fill in the form to access the “virtual fair” are as follows:
- Email address*
Personal Data that must be provided in order to enter the Virtual Fair are identified by an asterisk (*).
Personal Data collected when filling in the form on the “virtual fair” page of the Website are classified in Category F.
G. Personal Data collected when filling in the form to apply for a job or internship offer
The Personal Data collected from Users of the Website when they fill in the form to apply for a job or internship is as follows:
- Last name* ;
- First name* ;
- Telephone number* ;
- Email address* ;
- Resume* ;
- Covering letter* ;
- Message subject* ;
- Message content*.
The Personal Data that must be filled in to send an application to the SCANTECH Group are identified by an asterisk (*).
The Personal Data collected when filling in the application form on the Website are classified in Category G.
The files, digital or otherwise, used to process Personal Data are as follows:
- File listing contact requests;
- File listing project requests;
- File listing requests for assistance/intervention;
- File listing requests for spare parts;
- File listing training requests;
- File listing email addresses of Users who have visited the Virtual Fair;
- File listing application requests.
The Personal Data of Users of the Website are collected and processed in order to meet the objectives described below.
A. To facilitate contact between the Website Users and the SCANTECH Group.
The various forms described in point I) of this section, made available by the SCANTECH Group on its Website, allow any User to:
- contact the SCANTECH Group directly on any subject;
- contact the SCANTECH Group directly regarding a project to install products and services developed by the Group;
- request assistance from the SCANTECH Group;
- request training on products and services developed by the SCANTECH Group;
- request the supply of spare parts from the SCANTECH Group.
In this way, the Personal Data collected allows the SCANTECH Group to contact, by email or telephone, the Users at the origin of the contact request.
B. To enable Users to use the services offered by the SCANTECH Group on the Website
The collection of Users’ e-mail addresses enables them to access the services offered by the SCANTECH Group, such as the Virtual Fair.
C. To enable Users to apply for job or internship offered by the SCANTECH Group
The collection of various information on the User’s identity, as well as his/her resume and cover letter, enables the User to apply for a job or internship offer proposed by the SCANTECH Group, and enables the SCANTECH Group to recontact the applicant and assess the consistency between his/her profile and the profile sought.
A. Legal grounds for the Processing of Personal Data
Article 6 of the RGPD provides six alternative bases for considering the Processing of Personal Data to be lawful, namely:
- The Data Subject’s consent to the Processing of his or her Personal Data for one or more specific purposes;
- The performance of a contract (or pre-contractual measures) to which the Data Subject is a party;
- Compliance with a legal obligation to which the Data Controller is subject;
- The Processing is necessary to safeguard the vital interests of the Data Subject;
- Performance of a task in the public interest entrusted to the Data Controller;
- The pursuit of legitimate interests by the Data Controller.
B. Legal Basis for the Processing Personal Data of Website Users
COLLECTED PERSONAL DATA (As defined in section 1 in this Part) |
GROUDS FOR PROCESSING (Above numbering from 1 to 6)
|
Category A to F (Personal data collected when filling in the various forms on the Website) |
1 |
A. Group’s Employees
The Group’s sales representatives, trainers, technicians, engineers and after-sales service Employees, as well as the Human Resources department’s Employees have access to the Personal Data of Website Users.
B. The legal representatives and corporate officers of the SCANTECH Group’s Companies
The legal representatives and corporate officers of the SCANTECH Group’s Companies may have access to the Personal Data of the Website Users.
C. Public authorities and Courts
The Website Users’ Personal Data may be communicated to public authorities whose communication is mandatory under applicable law.
Similarly, SCANTECH Group Companies may be required to disclose the Website Users’ Personal Data to Courts.
D. Subcontractors
In accordance with Article 28 of the RGPD, the Group may subcontract the Processing of Personal Data to a Subcontractor. Where Processing is to be carried out on behalf of the SCANTECH Group, the Group only calls upon Subcontractors who present sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the Processing meets the requirements of the RGPD and guarantees the protection of the Users’ rights.
E. Supervisory Authorities
In accordance with Article 57of the RGPD, the Supervisory Authorities may have access to Personal Data.
A. Duration of conversation of Website Users’ Personal Data
1. Principle of limited conversation of Personal Data
The RGPD does not define the precise duration for which Personal Data must be kept by the Data Controller. The latter must identify and precisely assess its operational needs, in particular by referring to sector-specific limitation periods in order to assess and determine the retention periods that should be applied to the various Personal Data.
TYPE OF PERSONAL DATA COLLECTED
|
ACTIVE RETENTION PERIOD
|
Information and documents collected on the various forms on the Website (surname, first name, e-mail address, telephone number, etc.). |
2 years from the date of collection, unless otherwise stipulated by mandatory national law. |
2. Exception to the principle of limited conversation of Personal Data
As an exception to the above, the Group may keep Personal Data for longer than the above-mentioned periods, in particular to ensure its defense in the context of any proceedings, whether amicable or contentious, to which it may be a party or to prove its rights.
3. Intermediate archiving Personal Data
When Personal Data are no longer used on a day-to-day basis by the Group for the purposes for which it was collected, the Group may archive them for the retention period defined above.
Where archived Personal Data are of administrative or management interest, or to meet a legal obligation to which the Group is subject, they may be consulted by an authorized person within the Group, on an ad hoc basis and with justification.
B. Storage of Personal Data
Personal Data collected by the SCANTECH Group is stored in a manner and under conditions decided individually by the Holding and each of the Group’s Subsidiaries, in compliance with national legislation.
In accordance with Article 15 of the RGPD, any Data Subject has the right to receive a copy of his or her Personal Data in the Group’s possession.
In accordance with Article 16 of the RGPD, any Data Subject has the right to obtain from the SCANTECH Group, as soon as possible, the rectification of Personal Data, concerning him or her, that are inaccurate.
In accordance with Article 17 of the RGPD, any Data Subject has the right to obtain from the SCANTECH Group, as soon as possible, the erasure of Personal Data, concerning him or her, except in the following cases:
- When the Processing is necessary to comply with a legal obligation to which the SCANTECH Group is subject;
- When the Processing is necessary for the establishment, exercise or defense of legal rights of the SCANTECH Group.
In accordance with Article 18 of the RGPD, any Data Subject has the right to obtain from the SCANTECH Group the Limitation of the Processing of his/her Personal Data in the following hypotheses:
- If the Data Subject exercises his/her Right to Rectification, the Limitation of Processing may be required for the time necessary for the Group to verify the accuracy of the Personal Data;
- If the Data Subject exercises his/her Right to Object, the Limitation of Processing may be required during the verification as to whether the legitimate reasons pursued by the Group prevail over those of the Employee;
- Where the Processing of Personal Data is unlawful, the Data Subject may demand the Limitation of its use rather than its erasure;
- When the Group no longer needs the Personal Data for the purposes of the Processing, but it is still necessary for the Data Subject to establish, exercise or defend legal claims.
In accordance with Article 20 of the RGPD, any Data Subject has the right to obtain from the SCANTECH Group the Personal Data it holds in a structured, commonly used and machine-readable format.
In accordance with Article 21 of the RGPD, any Data Subject may object at any time on grounds relating to his or her particular situation to the processing of his or her Personal Data unless there are compelling legitimate grounds for the Processing which override the interests and rights and freedoms of the Data Subject or for the establishment, exercise or defense of legal claims.
Cookies (hereinafter “Cookie(s)”) are files stored by a server on the terminal of any User of the Website and associated with a web domain. This file is automatically sent back when the User contacts the same domain again.
Each Cookie is assigned an anonymous identifier. The Cookie file enables its issuer to identify the terminal in which it is stored for the duration of the Cookie’s validity or storage.
A. Necessary Cookies
Technical Cookies are necessary for browsing the Website and taking full advantage of its functionalities. They enable certain functionalities and the presentation of the Website to be adapted to the User’s browser and hardware.
B. Performance Cookies
Performance Cookies are used to understand and analyze the key performance indexes of the Website which helps in delivering a better User experience.
C. Functionality Cookies
Functionality Cookies are used to simplify Users’ browsing on the Website by enabling them to save some of their choices (language, country, information relating to a previously entered form, etc.).
D. Analytics Cookies
Analytics Cookies are used to understand how Users interact with the Website. These Cookies help provide information on metrics such as the number of Users, bounce rate, traffic source etc.
Each User may, at any time, set his/her browser parameters and thus decide on his/her choices regarding Cookies. Users may make the following choices:
- Accept the storage of all Cookies embedded in the pages and content consulted;
- Refuse the storage of Cookies on their terminal;
- Ask to be prompted, by his browser, to give his consent or refusal before the installation of a new Cookie on his terminal.
Any Data Subject wishing to obtain information about this Privacy Policy or exercise any of the rights conferred on him or her by the GDPR in respect of Personal Data collected by the Group should contact the SCANTECH Group:
- by e-mail at the following address: [email protected];
- by post to the following address SCANTECH – Bâtiment Andromède – Savoie Technolac BP 244 – 108 Avenue du Lac Léman – 73290 LA MOTTE SERVOLEX Cedex, France.
In the event of a dispute arising between a Data Subject and the Group, relating to the performance or interpretation of this Privacy Policy, and, more generally, to the collection of Personal Data or their Processing by the Group, the Data Subject is invited, in order to attempt to resolve the dispute amicably, to contact the Group directly:
- by e-mail at the following address: [email protected];
- by post to the following address SCANTECH – Bâtiment Andromède – Savoie Technolac BP 244 – 108 Avenue du Lac Léman – 73290 LA MOTTE SERVOLEX Cedex, France.
FAILING AMICABLE SETTLEMENT, THE DISPUTE WILL BE BROUGHT BEFORE THE COMPETENT FRENCH COURTS LOCATED WITHIN THE JURISDICTION OF THE CHAMBERY COURT OF APPEAL (73018 – FRANCE).
The Data Subject may also contact the GDPR National Regulatory Authority of the country on which it is domiciled.