RGPD policy & data collection
Seqens is committed to compliance with the RGPD policy.
This page is an overview of the RGPD policy of the website seqens.com.
For further information, please contact firstname.lastname@example.org
OBJECTIVE OF THE PROCEDURE
The Seqens Group is committed to conducting its activities in compliance with applicable laws and regulations on the protection of personal data as well as the Seqens Group’s ethical rules on the management of internal and external relations.
This procedure defines the conditions under which the Seqens Group’s employees and its subcontractors proceed regarding the collection, use, conservation, transfer, communication and destruction of any personal data related to the Seqens Group’s activities.
Personal data is any information that relates to a specific or identifiable individual. This personal data must be protected, which requires the implementation of strict processes to manage it. The organization that makes decisions regarding the use of this data is considered as the Data Controller. The Seqens Group, as the data controller, ensures that its data processing processes comply with the rules set out in this procedure. Failure to comply with these rules exposes the Group to legal sanctions.
The governance body of the Seqens Group represented by the Data Protection Representative is committed to ensuring the deployment of and compliance with this procedure and expects all its employees and subcontractors to share this commitment.
Any violation may result in disciplinary action or liability for the person or company that fails to comply with this procedure.
SCOPE OF APPLICATION AND AMENDMENT
This procedure concerns the employees and subcontractors of the Seqens Group.
It applies in a general way to all the companies of the Seqens Group, including companies or establishments outside the European Union that process, transfer or receive personal data relating to activities in the European Union.
LEGAL FRAMEWORK AND REGULATIONS
This procedure is in line with the General Data Protection Regulation (GDPR) and is applicable by default.
It cannot be imposed in the event of contradiction with the laws and regulations of countries outside the European Union where the Seqens Group carries out its activities.
PRINCIPLES OF PERSONAL DATA PROCESSING
Equity and fairness
The Seqens Group processes personal data in accordance with the following principles:
Personal data are collected fairly, lawfully and for a specific purpose and for the needs of the controller’s activities.
All measures to ensure the accuracy of personal data will be taken.
Personal data is used for the sole purpose for which it was originally collected. Any other use must be considered as a new processing and be subject to prior information of the persons concerned.
Personal data is kept for a defined period of time, depending in particular on the statute of limitations and/or the legal or recommended retention periods.
Limitation of use to well-defined objectives
Before implementing a new personal data processing operation or modifying an existing one, the project is brought to the attention of the local personal data protection correspondent who will ensure that the planned processing operation complies with the RGPD.
The categories of personal data collected by the companies of the Seqens Group are necessary for their activities.
Only relevant, adequate and not excessive data for the purpose are collected.
The Seqens Group collects personal data either directly from the persons concerned or as a result of the use of products or services.
The Seqens Group is also likely to be the recipient of data that has been collected from data subjects by a third party.
Only relevant and strictly necessary data for the purpose of the processing are collected, in compliance with the principle of proportionality.
Deletion: Seqens Group does not store personal data longer than necessary. Retention periods may vary depending on the categories of data and processing.
At any time :
The Seqens Group processes and uses this data in accordance with the law and will keep the personal data :
(i) only for as long as is reasonably necessary to achieve the stated purposes, including for the time necessary to respond to any request from the data subject
(ii) as long as required by operational, regulatory and legal constraints, in particular to comply with obligations to retain certain documents (for example, the obligation to retain certain documents for ten years to comply with accounting and tax obligations in France), and in accordance with applicable limitation periods. Similarly, data will be retained in order to ensure the rights of defense and to respond to legal claims and requests from authorities and regulators until the end of the relevant retention period or until the claims in question are finally decided.
In this sense and to comply with Article 17 of the RGPD, the Seqens Group undertakes to respond to any request for deletion of personal data collected in any of the following cases;
When the data that is the subject of the erasure request is used for marketing purposes,
When the personal data to be deleted no longer serves the purpose for which it was originally collected or when it has been processed in a different way by the controller. The termination of a contract is a perfect example of the latter case, and the data in question includes the telephone, postal or bank details of the individual concerned.
When the data subject, i.e. the owner of the data to be deleted, withdraws his or her own consent to the processing of the said data, and above all, when there is no legal basis for the processing. This generally concerns sensitive data,
As soon as the data concerned are used or processed unlawfully,
When a legal obligation makes the deletion of data unavoidable,
When the data subject has objected to the processing of his or her data and the Seqens Group does not have a valid reason for not complying with the request for erasure.
Data reduction and saving
Before processing personal data, the Seqens Group determines whether and to what extent the processing of personal data is necessary to achieve the purpose for which it is collected.
Where possible, the use of statistical and/or anonymized data should be preferred to the use of personal data. Personal data may not be collected in advance and stored for potential future purposes, unless required or permitted by national law.
Accuracy and currency
Personal data must be accurate, complete and – if necessary – kept up to date. Appropriate measures must be taken to ensure that inaccurate or incomplete data are deleted, corrected, completed or updated.
Privacy and security
Personal data are subject to data secrecy. They must be treated as personally confidential and protected by appropriate organizational and technical measures to prevent unauthorized access, unlawful processing or distribution, and accidental loss, alteration or destruction.
TRANSFER OF PERSONAL DATA
Personal data may be accessible to some of the Seqens Group’s employees or service providers established in countries outside the European Union, subject to the provisions mentioned below. For these recipients located outside the European Union, the transfer is limited to the countries listed by the European Commission as providing sufficient protection for personal data or to recipients who respect either the standard contractual clauses proposed by the CNIL or the Seqens Group’s internal data protection rules (BCR).
Any transfer of data outside the EU is subject to prior validation by the DPO.
SECURITY AND PRIVACY
Seqens Group implements and maintains appropriate technical and organizational measures to prevent unauthorized or accidental access, collection, processing, disclosure, copying, modification, making available or any other similar risk.
Technical measures include protecting networks, servers and terminals against external attacks as well as penetration and/or restoration tests.
Organizational measures are based on the assignment of IDs and passwords to personalize access to data.
Tracking connection histories helps to detect illegal access.
The Seqens Group will alert the competent authority, and if necessary, the persons concerned, in the event of a personal data breach.
UPDATES TO THE SEQENS POLICY
This procedure may be updated to reflect changes in the management of personal data by the Seqens Group. Any major changes will be communicated internally.
The version in force is the one appearing on the Seqens Group intranet site.
DATA PROTECTION BY DESIGN
The Seqens Group ensures the respect of privacy. As such, it ensures that all of its projects comply with the RGPD from the very first stages of their design.
To ensure that all data protection requirements are identified and taken into account when designing new systems or processes and/or reviewing existing systems or processes, the RGPD must be involved and be part of the project team when the project involves a system or process that directly or indirectly relates to or impacts the processing of personal data.
RESPECT FOR THE RIGHTS OF INDIVIDUALS
Each person whose personal data is held by the Seqens Group has the following rights regarding the collection and processing of his/her personal data. These rights can be exercised in certain circumstances.
Right of access to personal data and in particular the right to obtain information about the processing of such data;
Right to obtain rectification of personal data; It is indeed important that the personal data held by the Seqens Group are up to date.
Right to obtain the erasure of personal data;
Right to obtain the limitation of the processing of personal data;
Right to portability of personal data;
Right to object to the processing of personal data (especially in the case of processing of such data for marketing purposes).
The exercise of these rights is free of charge. No fee may be charged for this. However, the Seqens Group may charge a reasonable fee if the exercise of these access rights is clearly unfounded or excessive. Alternatively, the Seqens Group may, if necessary, refuse such a request.
To exercise these rights, the persons concerned can address their request:
- Or by mail to email@example.com
- Or by mail to :
SEQENSPersonal Data Protection Officer
– Eric Moissenot21
chemin de la Sauvegarde
“21 Ecully Parc “
In order to confirm the identity of the applicant and to ensure that personal data is not passed on to an unauthorized person, a copy of a signed identification document will be requested.
Each person also has the right to lodge a complaint with the CNIL or any competent supervisory authority.