Logo

Personal Data Protection Policy

The protection of personal data and respect for privacy are factors of trust. This trust is a major issue for VOCALCOM in order to allow us to construct strong and lasting relationships with all our interlocutors.

The purpose of this policy (hereinafter referred to as the “Policy”) concerning data confidentiality is to inform visitors and users (hereinafter referred to as “You”) of the internet site www.vocalcom.com and of all other VOCALCOM internet sites whose domain name extension is .com, .es, . tn etc. (hereinafter jointly, the “Internet site”) with regard to the terms and conditions according to which VOCALCOM, a simplified joint stock company with its registered office at 25 rue Balzac 75008 Paris, registered with the Registry of Trade and Companies under the number 401 973 631 (hereinafter, “VOCALCOM” or “We”) collects, processes and protects your personal data (hereinafter, the “Personal Data” or the “Data”) and with regard to the rights that You have in this respect.

This document is not intended to be exhaustive but only to enable customers, candidates and visitors, and where applicable, employees of the customer, to be in possession of the essential information concerning the personal data management policy of Vocalcom.

You will find the relevant information under the following categories:

 

1       What are “Personal Data”?. 2

2       Who are the data controllers responsible for protecting your Personal Data?. 2

3       Which Personal Data, how and why?. 2

4       With whom are the Personal Data shared?. 4

5       Are Personal Data transferred outside the European Economic Area?. 5

6       How long do We keep your Data?. 5

7       How are your Data secured?. 6

8       What are your rights?. 6

8.1       Right of access. 6

8.2       Right to portability. 7

8.3       Right to rectification. 7

8.4       Right to erasure. 7

8.5       Right of opposition. 7

8.6       Right to limit the processing. 8

8.7       Right to define directives concerning the use of the Data after death. 8

8.8       Right to withdraw consent 8

8.9       Right to lodge a complaint with a supervisory authority. 8

9       Modification of the information. 8

 

Preamble

VOCALCOM undertakes to respect the confidentiality of the personal information that You have provided, in particular in strict compliance with all applicable data protection laws and regulations, including the national data protection laws in force in France, as well as the Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

VOCALCOM’s products and services are intended for professional customers and not for non-professional and/or private users. Consequently, VOCALCOM undertakes to process the Personal Data of users only within a professional framework, i.e. requests made by private and non-professional users by any means shall not be processed. As an exception, the above provision does not apply to the management of applications for VOCALCOM job offers.

1        What are “Personal Data”?

Personal Data means any information or set of information that allows You to be identified directly (e.g. your first and last name, e-mail address, postal address, etc.) or indirectly (e.g. by means of pseudonymised data such as a unique identification number, etc.). Unique identifiers may also be considered to be Personal Data such as, for example, the IP address of your computer.

The processing of personal data is subject to a specific legal and regulatory framework, which is essentially constituted in France by the GDPR and the French Data Protection Act, known as the law on “Informatique et Libertés,” of 6 January 1978.

2        Who are the data controllers responsible for protecting your Personal Data?

A data controller is an entity that determines the purposes and means of processing your Personal Data and is responsible to You for compliance with the applicable regulations on the protection of personal data.

VOCALCOM is the data controller with regard to the management of the Internet Site, marketing communications and the processing of applications relating to its own job offers.

VOCALCOM has appointed a Data Protection Officer (DPO) for Personal Data who will be your contact for any question relating to the processing of your Data.

You can reach him/her:

  • by e-mail at the following address: [email protected];
  • or by post at VOCALCOM – DPO – Département Juridique – 25 rue Balzac, 75008 Paris.

3        Which Personal Data, how and why?

We collect your Personal Data in the following ways and for the following purposes:

Concerning the methods of collection, this may be collected directly from You in an active manner (You entrust us directly with your Personal Data) for example when You fill in a contact form or an application form or in a passive manner by means of technologies such as cookies and other trackers for which your consent is required when they are not strictly necessary for the proper functioning of the site (see for more details our policy on cookies).

The collection of your data necessarily relies on one of the legal bases set out in the regulations, You are thus reminded that when the processing is based on your consent, You have the right to withdraw it at any time by contacting the DPO at the addresses provided above.

 

3.1 When You are a Customer/Prospect of Vocalcom:

Categories of personal data processed

Purposes of the processing

Principal legal bases allowing the processing

  • your last name, first name
  • your login/login data
  • your IP address
  • your job title/function
  • your professional e-mail address
  • your business telephone number
  • your billing address(es)
  • your title (Mr, Mrs, Ms)

·         Delivering services and products

Performance of a contract to which You are a party (Article 6-1.b of the GDPR)

·         Follow up and managing commercial relations and exchanges with You (invoicing, customer relations)

·         Preparing contracts in accordance with the regulations in force

Performance of a legal obligation (Article 6-1.c of the GDPR)

·         Compliance with legal, regulatory and contractual obligations

·         Ensuring the security of information systems

Our legitimate interest (Article 6-1.f of the GDPR)

·         Managing and monitoring compliance with internal procedures and performing audits

·         Administering, managing and ensuring defence against claims or legal actions

·         Establishing statistics for internal use or administrative declarations and improving organisation

·         Evaluating customer and temporary worker satisfaction, improving the quality of the services and products provided

·         Providing news about the company, Vocalcom and their products and services

Your consent (Article 6-1.a of the GDPR)

·         Allowing You to participate in any promotional event or operation

 

3.2 When You are a Candidate for a position at Vocalcom

Categories of personal data processed

Purposes of the processing

Principal legal bases allowing the processing

Identification data, for example:

–          national social security number, if applicable;

–          identity card;

–          IP address

 

Private life, for example:

–          last name;

–          first name;

–          date of birth;

–          place of birth;

–          nationality;

–          postal address;

–          e-mail address;

–          telephone number (fixed and/or portable);

–          level of education;

–          photo;

–          family situation;

 

Professional life, for example:

–          work permits, where applicable;

–          diplomas and training;

–          CV and covering letter including languages spoken, hobbies;

·         In order to have the information necessary for You to be selected for recruitment.

Pre-contractual measures (article 6-1.b of the GDPR)

·         In order to inform You of job opportunities related to your skills and professional experience,

·         Preparing contracts in accordance with the regulations in force

Performance of a legal obligation (Article 6-1.c of the GDPR)

·         Compliance with legal, regulatory and contractual obligations

·         Ensuring the security of information systems

Our legitimate interest (Article 6-1.f of the GDPR)

·         Establishing statistics for internal use or administrative declarations and improving organisation

·         Administering, managing and ensuring defence against claims or legal actions

·         Evaluating customer and temporary worker satisfaction, improving the quality of the services and products provided

·         Providing news about the company, Vocalcom and their products and services

Your consent (Article 6-1.a of the GDPR)

·         Allowing You to participate in any promotional event or operation

For applicants to Vocalcom’s recruitment processes who have been referred by our third-party partners in the recruitment and selection process, We remind You that You can exercise your rights directly with these third parties in accordance with their data protection policy.

4        With whom are the Personal Data shared?

Access to your Personal Data is strictly limited to authorised persons of VOCALCOM and its subsidiaries and our authorised service provider(s).

In order to process all or part of your Personal Data, We use trusted third-party service providers, acting as data processors according to our instructions and solely on our behalf, in particular for:

  • The hosting, operation or maintenance of our databases, internet sites and mobile applications,
  • The provision of authentication services,
  • The provision of services relating to our marketing, including sending commercial offers.

For all these data-sharing purposes, We take care to work only with trusted companies and to secure these relationships (contracts, audits, guarantees and security tests, etc.).

We may, in some cases, share some of your Personal Data with partners, who will use it for their own purposes. In such cases, these partners act as data controllers and their personal data processing policy applies to the shared data. We will ensure that We ask for your consent to such sharing where required by law, or at least allow You to object to it.

We may also offer You the opportunity to use your social network login details. Please note that in this case, You are sharing your profile information with us. The Personal Data that are shared depend on the configuration of the social network platform. Please note that these social networks have their own privacy policies.

Finally, We may share your Personal Data with third parties in order to comply with any legal obligation (such as, for example, the recovery of a traffic offence following a vehicle test) or administrative or judicial decision.

5        Are Personal Data transferred outside the European Economic Area?

Your Data are processed in France by VOCALCOM and hosted in France and in England by our office automation tool providers. However, We may transfer these Data to one of our subsidiaries located abroad, or to certain service providers located abroad, including outside the European Economic Area (EEA) in countries whose regulations on the protection of personal data differ from those applicable within the EEA.

Nevertheless, any transfer of Data outside the EEA will be carried out with appropriate safeguards that will comply with the applicable regulations on the protection of Personal Data. VOCALCOM shall take the necessary steps with its subsidiaries and/or data processors and/or subcontractors and/or partners to ensure an adequate level of protection for your Data in full compliance with the applicable regulations. In this case, We take particular care to ensure that the transfer is carried out in compliance with the applicable regulations and We put in place guarantees ensuring a level of protection for your privacy and your fundamental rights equivalent to that offered by the European Union (in particular by using the Standard Contractual Clauses of the European Commission). We can provide You with more information about these transfers (including the European Commission’s Standard Contractual clauses) upon request sent to the address provided in the “What are your rights” section.

6        How long do We keep your Data?

Your Data is retained for as long as is necessary for the purpose for which it was collected and will in any event be destroyed at the end of that period.

The retention periods vary depending on whether We have an ongoing contractual relationship with You (You are an active customer), whether We have had a contractual relationship with You in the past (You are an inactive customer) or whether We have never had such a relationship with You (You are a prospect). The Data connected with your browsing of our online services, collected using cookies You have authorised, have a specific retention period.

The table below sets out the main retention periods for your data, in accordance with applicable legislation and our internal data retention policies.

In any event, We regularly review the information We hold. When retention of the Data is no longer justified by legal, commercial or customer account management requirements, or when You have exercised a right of modification or erasure, We will securely delete them.

Category

Duration

Customer and prospect management

Customer and prospect data may be kept in an active database until consent is withdrawn or 3 years from the last contact made by them.

Unsuccessful candidate

The data of an unsuccessful candidate will be retained by the Human Resources department for a maximum of 2 years (unless the candidate requests deletion).

Invoicing data

Invoicing data must be kept for 10 years in accordance with the Commercial Code, even if the data subject is no longer a customer

Management of the commercial relationship with the supplier/service provider/subcontractor/data processor

5 years after the end of the contractual relationship.

Management of supplier invoicing

10 years

Data related to your browsing of our online services

13 months maximum

Data relating to your usage and your supposed centres of interest

Annual update

7        How are your Data secured?

VOCALCOM protects your Personal Data by implementing physical security measures to protect your Personal Data from unauthorised access, misuse, disclosure, loss and destruction.

Your Personal Data are stored on secure servers. We implement and require our contractors and partners to implement appropriate security and data protection measures in line with the latest technology.

When the processing of Personal Data involves the data transfer, We ensure that the transfer is carried out under appropriate conditions which guarantee a sufficient level of protection, security and confidentiality.

8        What are your rights?

In accordance with the applicable laws and regulations on the protection of personal data, You have the following rights with regard to the processing of your Personal Data.

In order to exercise your rights, please send your request to the DPO of VOCALCOM, using one of the following channels:

  • by e-mail to the following address: [email protected]
  • by post to VOCALCOM – DPO – Département Juridique – 25 rue Balzac, 75008 Paris.

As these rights are purely personal and can therefore only be exercised by the data subject, please attach a copy of your identity document to your request, in addition to the reasons for the request. This will not be kept longer than the time required to verify your identity.

8.1           Right of access

The user may have access to his/her personal data processed by VOCALCOM. In the event that a request is made, VOCALCOM shall provide the user with a copy of all Personal Data as well as all legally required information, namely:

  • The categories of Personal Data collected and processed;
  • The purposes for processing the Personal Data;
  • The categories of recipients to whom the Personal Data has been communicated or is likely to be communicated;
  • The duration of retention of the Personal Data; and
  • Information concerning the user’s rights with regard to his/her Personal Data.

8.2           Right to portability

For those processing operations listed in Article 1.5 above that have as their legal basis the consent of the user or their necessity for the performance of a contract, the user also has the right to the portability of his/her Personal Data.

This right differs from the right of access to Personal Data in that (i) it only concerns the Data provided by the user to VOCALCOM and (ii) it allows this Data to be obtained in a structured and machine-readable format.

The right to the portability of the user’s Personal Data also opens up the possibility of the Data being transferred to another data controller, at the user’s choice, provided that this is technically possible.

8.3           Right to rectification

The user may request the correction of his/her Personal Data if they are found to be inaccurate, incomplete or out of date.

8.4           Right to erasure

The user may request that his/her Personal Data be deleted in the following cases:

  • if his/her Personal Data are no longer necessary for the purposes for which they were collected or are processed;
  • if the user has withdrawn his/her consent to the processing of his/her Personal Data, provided that his/her prior consent was the legal basis for collecting and processing the Data and that there is no other legal basis for them;
  • if the user has objected to the collection or processing of his/her Personal Data in accordance with Article 1.9.5 below;
  • the processing of the user’s Personal Data is unlawful;
  • the user’s Personal Data must be deleted in order for VOCALCOM to comply with a legal obligation; or
  • if the user was a minor at the time of the collection of his/her Personal Data. In the latter case and provided that the user was a minor at the time of the request, the holders of parental authority for the user may also submit a request to VOCALCOM to delete his/her Personal Data.

If the Data in question were communicated to third parties, VOCALCOM must inform these third parties of the user’s request, to the extent possible.

8.5           Right of opposition

Subject to a legitimate justification relating to the specific nature of his/her situation, the user may object to any processing of his/her Personal Data when his/her Personal Data is processed on the basis of the necessity of such processing for the performance of a task in the public interest or for the pursuit of the legitimate interest of VOCALCOM or a third party.

The user may also object to the processing of his/her personal data at any time, without any obligation to give reasons, when it is carried out for canvassing purposes.

8.6           Right to limit the processing

The user may request the limitation of the processing of his/her Personal Data in the following cases:

  • in the event that he/she disputes the accuracy of his/her Personal Data, for the period of time necessary for VOCALCOM to verify this;
  • if the processing of his/her Personal Data is unlawful and the user wishes to limit it rather than request the deletion of the Data;
  • if the user wishes VOCALCOM to retain his/her Personal Data when such data is necessary for the establishment, exercise or defence of his/her legal rights; or
  • if the user has objected to the processing of his/her Personal Data, during the period when VOCALCOM verifies that it has no other overriding legitimate reasons for continuing to process such Data.

VOCALCOM shall then cease processing the data in question and shall retain them for the appropriate period of time.

8.7           Right to define directives concerning the use of the Data after death

The user may give instructions to [name of the entity] on how to store, delete and communicate his/her Personal Data after his/her death.

8.8           Right to withdraw consent

For all the processing operations among those listed in Article 3 above where the legal basis is the user’s consent, the user shall have the right to withdraw this consent at any time, without having to justify this to VOCALCOM.

8.9           Right to lodge a complaint with a supervisory authority

Finally, the user has the right to lodge a complaint with the competent supervisory authority relating to the processing carried out by VOCALCOM.

In France, this authority is the Commission Nationale de l’Informatique et des Libertés (the CNIL). For more information concerning the CNIL and the means of contacting it, the user is invited to consult the sitehttps://www.cnil.fr/fr/webform/adresser-une-plainte.

9        Modification of the information

We may change this information from time to time. When this is necessary or required, We will inform You and/or ask for your consent. We therefore invite You to consult this each time You visit us so that You are aware of its latest version.

Last update – October 2021.