Privacy centre

Confidentiality policy

politique de confidentialité geodesial group

The company GEODESIAL GROUP with a capital of €26,645,612, head office at 3 Rue du Mail 44700 Orvault, registered with the Nantes Trade and Companies Registry (RCS) under SIREN No. 853 770 147, the company GEOMEDIA SAS with a capital of €440,000, head office at 20 Quai du Commandant Malbert 29200 Brest, registered with the Brest Trade and Companies Registry (RCS) under SIREN No. 350 252 318,

 

and the company GEOMENSURA SAS with a capital of €550,000, head office at 3 Rue du Mail 44700 Orvault, registered with the Nantes Trade and Companies Registry (RCS) SIREN No. 380 270 355, are required to process personal data.

GEODESIAL GROUP SAS/GEOMEDIA SAS/GEOMENSURA SAS process personal data (as defined hereafter) as part of their business, which includes the personal data of persons using the software solutions of GEODESIAL GROUP SAS/GEOMEDIA SAS/GEOMENSURA SAS and those browsing these companies’ websites.

In accordance with the provisions of the General Data Protection Regulation (European Regulation No. 2016-679 dated 27 April 2016, “GDPR”) and the French Data Protection Act No. 78-17 dated 6 January 1978 amended by Personal Data Protection Act No. 2018-493 dated 20 June 2018, the purpose of this “Personal Data Protection Policy” is to inform all individuals concerned (“You” or “Your”) how GEODESIAL GROUP SAS/GEOMEDIA SAS/GEOMENSURA SAS uses personal data and how you can access, modify or oppose this use.

It must be stressed here that the company GEODESIAL GROUP SAS/GEOMEDIA SAS/GEOMENSURA SAS does not process any so-called sensitive data such as personal data pertaining to race or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership; nor does it process genetic or biometric data for the purpose of uniquely identifying a natural person, data concerning health, data concerning a natural person’s sex life or sexual orientation or personal data relating to criminal convictions or offences as they do not relate to the business of GEODESIAL GROUP SAS/GEOMEDIA SAS/GEOMENSURA SAS and do not come under any of the company’s processing purposes.

In order to ensure compliance with any legislative, regulatory and community developments and their transposition and also with developments in information system practices, GEODESIAL GROUP SAS/GEOMEDIA SAS/GEOMENSURA SAS reserves the right to amend or adjust this confidentiality policy.

What is this policy’s scope of application?

The General Data Protection Regulation (“GDPR”, European Regulation No. 2016-679 dated 27 April 2016) which entered into force on 25 May 2018 applies to all EU companies which collect, store or process personal data. For the sake of good legal practice, GEODESIAL GROUP SAS/GEOMEDIA SAS/GEOMENSURA SAS has rolled out an action plan and a strategy to ensure compliance with this regulation (user awareness, mapping of processing acts, information system security).  This confidentiality and personal data protection policy falls within this context.

This policy sets out the principles and guidelines to protect your personal data.
It is applicable for all types of data collection and processing.

“Personal” data is information which identifies a natural person, whether directly or indirectly. A person can be identified for example when their name appears in a file.

A person is identifiable when a file includes information that can be used to identify them indirectly (e.g. IP address, name, registration number, telephone number, photograph, etc.). Source: French Data Protection Authority, CNIL.

“Non-personal data” is defined as information that cannot be used to identify a person.

For website visitors and users, each website is subject to specific Terms of Use which refer to this policy.

What kinds of data are collected?

GEODESIAL GROUP SAS/GEOMEDIA SAS/GEOMENSURA SAS processes various categories of personal data. This is mainly data that you send to us directly or data that we collect automatically.

When we act as a data processor:

  • Identity and contact information such as your name, company, email address, telephone number, contact details, etc.
  • Professional information such as type of client, position, job title, purchasing period; acquisition and use of GEODESIAL GROUP SAS/GEOMEDIA SAS/GEOMENSURA SAS digital content, products, and services,
  • Login, usage and traffic data such as IP addresses, MAC address, system versions, connection logs, your GEODESIAL GROUP SAS/GEOMEDIA SAS/GEOMENSURA SAS user name and password,
  • The content supplied as part of technical assistance, discussions during the feedback phase of our training courses and intervention reports.

When we act as data controller:

  • Identity and contact information such as your name, company, email address, telephone number, contact details, etc.
  • Professional information such as type of client, position, job title, purchasing period; acquisition and use of GEODESIAL GROUP SAS/GEOMEDIA SAS/GEOMENSURA SAS digital content, products, and services, or, if you apply for a job, information concerning your training and qualifications and your professional experience,
  • Your preferences, such as preferences regarding products and services, means of contact, marketing activities or for job applicants, your job preferences,
  • Your interactions with us, such as your requests, orders, complaints, survey feedback, technical assistance or training requests,
  • Financial information, such as your bank details within the strict framework of financial or accounting operations conducted with us,
  • “Usage and traffic data”, such as IP addresses, MAC address, system versions, your GEODESIAL GROUP SAS/GEOMEDIA SAS/GEOMENSURA SAS user name and password,
  • The content you have supplied to us as part of technical support regarding our software solutions and during feedback phases of our training courses.

The collection and processing of certain types of personal data may also be necessary in order to access some GEODESIAL GROUP SAS/GEOMEDIA SAS/GEOMENSURA SAS services. If this is the case, you will be notified and some services may not be accessible should you refuse.

Which forms of processing are used for collected data and for which purposes?

Data is collected and processed in a fair and lawful manner. It is collected for specified, explicit and legitimate purposes and is not further processed in any way that is incompatible with these purposes. More specific information on these legitimate interests is presented hereafter:

When we act as a data processor:

As part of the application maintenance activities for our solutions (corrective / developmental / regulatory maintenance and upgrading to new technologies) and training courses concerning our solutions and their provision and implementation, GEOMEDIA acts as a data processor within the meaning of the GDPR and only on clients’ instructions, who act in their capacity as data controllers. The conditions under which processing is performed as part of these activities are described in the appendix of the contract signed with the client. The client is solely responsible for the collection and processing of personal data managed through the software which has been licensed for use by GEOMEDIA SAS.

When we act as data controller:

Data is collected for the following purposes:

  • To perform the contracts signed between you and us and to provide you with the information and services requested,
  • To configure and manage client accounts, provide technical and client assistance and training, check your identity and send important information concerning the accounts, subscriptions and services of GEODESIAL GROUP SAS/GEOMEDIA SAS/GEOMENSURA SAS,
  • For general accounting purposes and any sub-ledger accounting that may be related (management of invoices, payments and arrears),
  • To send you information about our services (such as order confirmations) by email or other means of communication,
  • For our supplier management,
  • For the purpose of internal research and development and to improve, test and perfect the functionalities and functions of our software (failure notifications, upgrading in view of technological advances and operating systems, etc.),
  • To meet our internal and external audit requirements, including our information security obligations,
  • To ensure compliance with applicable laws and regulations and requests from authorities tasked with ensuring legal compliance and regulatory bodies,
  • For personnel administration, human resources management (contracts/payroll) and recruitment.

Which security and protection measures are in place for your personal data?

GEODESIAL GROUP SAS/GEOMEDIA SAS/GEOMENSURA SAS undertakes to protect the quality and integrity of users’ personal data. We undertake to guarantee a high level of personal data protection through means designed to preserve privacy and integrity. The information systems and security policies applied internally by GEODESIAL GROUP SAS/GEOMEDIA SAS/GEOMENSURA SAS and by our service providers ensure that users’ personal data remains protected from any unauthorised access, improper use, alteration or destruction or accidental loss of data.

We ensure constant maintenance of our information and protection systems and our IT infrastructure (firewall / antivirus / back-ups) in line with technological developments in order to maintain a high level of protection.

Only staff members empowered by GEODESIAL GROUP SAS/GEOMEDIA SAS/GEOMENSURA SAS may access data or take part in data processing and are required to respect the privacy of the personal data of users, clients and prospects. Personal data confidentiality and security are also based on best practices, which is why GEODESIAL GROUP SAS/GEOMEDIA SAS/GEOMENSURA SAS employees are regularly made aware of best practices regarding security.

GEODESIAL GROUP SAS/GEOMEDIA SAS/GEOMENSURA SAS ensures that no personal data is disclosed to third parties, institutions or government authorities, except if required by law or other regulations.

As stated above, data is collected and processed in a fair and lawful manner. It is collected for specified, explicit and legitimate purposes and is not further processed in any way that is incompatible with these purposes.

GEODESIAL GROUP SAS/GEOMEDIA SAS/GEOMENSURA SAS stores data mainly on its own infrastructure. Data is hosted on our own servers and on European data centres. No data is stored outside of the European Union.

As required by law (article L. 123-22 sub-paragraph 2 of the French Commercial Code), account activity data (quotes, orders, deliveries and invoices) are stored for ten full years following the occurrence of the event.

GEODESIAL GROUP SAS/GEOMEDIA SAS/GEOMENSURA SAS only stores your personal data for the necessary duration of the operations for which it is collected, in compliance with the legislation in force and taking into account time barring periods. For product orders, data collected is stored for the performance of your order, then for the time required to provide evidence of a right or a contract. This data may be archived in compliance with the provisions of the French Commercial Code for the storage period for books and documents created for sales activities and of the French Consumer code for the storage of contracts signed electronically.

How to exercise your personal data rights

In compliance with the provisions of the General Data Protection Regulation (European Regulation No. 2016-679 dated 27 April 2016, “GDPR”), you always have the right to access your personal data, the right to modify your personal data, the right to erase your personal data and the right to request a limitation of the processing of your personal data. In addition, you enjoy the following rights: the right to oppose the processing of your personal data and the right to data portability.

To exercise these rights and should you have any questions concerning privacy and security, please send an email to confidentialite[at]geodesial.fr, specifying your request in the subject. (For requests to exercise your rights, you must attach a copy of your proof of identity.)