Politique de confidentialité

This Privacy Policy is intended to formalise our commitment to respecting the personal data of users (hereinafter the “Data”) of the website www.theodo.fr (hereinafter the “Website”), in accordance with the provisions of the General Data Protection Regulation 2016/679 of 27 April 2016 (hereinafter the “GDPR”) and French Law No. 78-17 of 6 January 1978, as amended.

The Website is owned by THEODO, a simplified joint-stock company (société par actions simplifiée) with a share capital of EUR 1737.00, whose registered office is located at 48 boulevard des Batignolles, 75017 Paris, registered with the Paris Trade and Companies Register under number 498 772 680, and whose intra-Community VAT number is FR29498772680 (hereinafter the “Data Controller”).

General principles

In accordance with the provisions of Article 5 of the GDPR, the processing of user Data on the Website complies with the following principles:

Lawfulness, fairness and transparency: whenever Data are collected, users are informed that their Data are being processed and of the purposes for which such processing is carried out;‍
Purpose limitation: Data are processed for one or more specific, explicit and legitimate purposes;‍
Data minimisation: only Data that are strictly necessary for the proper achievement of the purposes pursued by the Website are collected;‍
Storage limitation: Data are retained for a limited period of time, of which the user is informed;‍
Integrity and confidentiality: the Data Controller ensures the integrity and confidentiality

In order for processing to be lawful, and in accordance with the requirements of Article 6 of the GDPR, the processing of Data shall be carried out only if at least one of the following legal bases applies:

The user has given explicit consent to the processing of their Data;
The processing is necessary for the performance of a contract to which the user is party or for the implementation of pre-contractual measures taken at the user’s request;
The processing of personal Data is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, provided that such interests are not overridden by the fundamental rights and freedoms of the data subject.

The Data Controller implements appropriate technical and organisational measures to protect Data against destruction, loss, alteration, misuse, unauthorised access, modification or disclosure, whether such actions are intentional or accidental.These measures are designed to ensure the confidentiality, integrity, availability and resilience of the Website and of the information systems in which the Data are processed and stored.

Context of Data Processing

User Data may be collected by the Data Controller on various occasions, in particular when:

browsing the Website;
subscribing to the newsletter;
contacting the Data Controller, in any form whatsoever;
using the contact form;
using the job application form.

Details of Data Processing

Purpose of Processing	Categories of Data Processed	Legal Basis	Data Retention Period	Recipients
Management of communications and follow-up via the contact form	First name, last name, email address, record of consent. Any other non-mandatory information voluntarily provided by the user in the message	Consent and when applicable contract	3 years from the date of the last contact	Theodo Sales team and, where applicable, the Data Controller
Recruitment and management of communications with candidates	First name, last name, email address, telephone number, record of consent. Any other non-mandatory information voluntarily provided by the user in the message and/or in the CV submitted	Consent and when applicable contract	3 years from the date of the last contact	Theodo People team and, where applicable, the Data Controller
Newsletter management	First name, last name, email address, record of consent	Consent	Until the user unsubscribes from the newsletter	Theodo Marketing team and, where applicable, the Data Controller
Security and improvement of the Website	IP address, browsing data	Legitimate interest in improving, managing and securing the Website, and in preventing fraud and malicious activities	13 months	Theodo IT Security team and, where applicable, the Data Controller
Website statistics and audience measurement	IP address, browsing data, record of consent	Consent	13 months	Theodo Marketing team and, where applicable, the Data Controller

User rights

Each user of the Website has a number of rights with respect to their Data, which they may exercise, subject to any applicable legislative or regulatory exceptions, by submitting a request to the Data Protection Officer (hereinafter the “DPO”) of the Data Controller:

by sending an email to dpo@theodo.fr or ;
by sending a registered letter with acknowledgment of receipt to the following postal address: Theodo (Data Protection Officer) – 48 boulevard des Batignolles, 75017 Paris, France.

The DPO will assist the Website user in exercising their Data rights with the Data Controller. In the event of reasonable doubt as to the identity of the data subject, the DPO may request that the user provide a copy of an official identity document in support of their request. Requests shall be processed as promptly as possible, in accordance with the time limits set out by the GDPR.

Right of Access

Website users may request confirmation as to whether or not their Data are being processed and, where that is the case, obtain access to such Data as well as the following information:

the purposes of the processing;
the categories of Data concerned;
the recipients or categories of recipients to whom the Data have been or will be disclosed;
where possible, the envisaged period for which the Data will be stored or, if not possible, the criteria used to determine that period;
the existence of the right to request from the Data Controller the rectification or erasure of Data, or the restriction of processing, or to object to such processing;
the right to lodge a complaint with a supervisory authority;
the existence of automated decision-making, including profiling, and, at least in such cases, meaningful information about the logic involved

Right to Rectification and Right to Erasure

Users whose Data are being processed may obtain the rectification and/or erasure of inaccurate, incomplete or outdated Data without undue delay, unless circumstances prevent the exercise of such rights, in particular where processing is necessary for:

the exercise of the right to freedom of expression and information;
compliance with a legal obligation;
reasons of public interest in the area of public health, archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes;
the establishment, exercise or defence of legal claims.

Right to Object

Website users have the right to request the restriction of processing or to object to the processing of their Data by the Data Controller. Such requests may only be refused where the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the user, or where the processing is necessary for the establishment, exercise or defence of legal claims.

Users may object at any time to the processing of their Data for direct marketing purposes.

Furthermore, where Data are processed for statistical purposes, Website users have the right to object, on grounds relating to their particular situation, to the processing of their Data, unless such processing is necessary for the performance of a task carried out in the public interest.

Right to Data Portability

Website users have the right to receive the Data they have provided to the Data Controller in a structured, commonly used and machine-readable format, and have the right to transmit such Data to another data controller without hindrance from the Data Controller, where technically feasible, provided that:

the processing is based on the user’s consent or on the performance of a contract to which
the user is party; and
the processing is carried out by automated means.

Users also have the right to define instructions regarding the fate of their Data after their death, which the Data Controller undertakes to implement using all appropriate technical means.

Right to Lodge a Complaint with a Supervisory Authority

In the event of an infringement of any of the rights listed above and in the absence of a response from the Data Controller or the DPO, Website users have the right to lodge a complaint with the competent supervisory authority, namely the CNIL (Commission Nationale de l’Informatique et des Libertés, www.cnil.fr).

Cookies

When browsing the Website, users may accept or refuse the installation of cookies on their computer terminal.

In general, cookies record information relating to the browsing of devices on the Website (such as pages visited, date and time of visits, etc.). Such information may be read during subsequent visits to the Website, resulting in the transmission of Data to the Data Controller.The installation of cookies requires the prior consent of the Website user.

However, functional cookies that are strictly necessary for the proper functioning of the Website do not require prior consent.

Cookies shall be deleted within thirteen (13) months of their installation if the user does not renew their consent before the expiry of this period.

Users may refuse to give their consent to the installation of non-functional cookies and may withdraw their consent and/or manage cookie settings at any time via the cookie management tool made available by the Data Controller.

User Acceptance

By browsing the Website, users acknowledge that they have read and understood this Privacy Policy and accept its terms, in particular with regard to the collection and processing of their Data.

‍

Privacy policy