The Efalia group and its subsidiaries, C-Log and Appic (hereinafter “Efalia”), are committed to respecting and protecting personal data. We undertake to define and take appropriate steps to ensure the security of processing of personal data belonging to our customers, contacts, suppliers, users and employees (hereinafter “users”). Efalia implements a continuous process for compliance with the General Data Protection Regulation of April 27, 2016 (hereinafter the “GDPR”). With this new regulation, Efalia is strengthening its personal data protection policy to ensure that personal data is collected and used in a transparent, confidential and secure manner.
This policy describes the measures put in place to protect personal data and the purposes of collecting, using and sharing personal data, particularly in the following cases:
- When browsing the Group’s websites and/or
- When purchasing and/or using software published by the Group and/or
- When purchasing our products and/or
- When using hosted solution and/or
- During our communication with Efalia staff
Purposes of processing
Personal data is collected by means of several types of processing, in order to:
- Respond to requests made via the forms or by using the methods of contact available,
- Contact users about customer satisfaction surveys or market studies, carry out marketing, pass on information or send invitations to events,
- Personalize interaction with our websites, facilitate browsing and draw up statistics concerning the use of our sites,
- Develop partnerships,
- Enable staff members within Efalia to process transactions in the context of a contract, a purchase or the use of Efalia’s sites and services,
- Collect users’ opinions about all Efalia services,
- Allow candidates to apply for Efalia vacancies,
- Carry out maintenance on Efalia’s sites and services,
- Deliver and improve the operation of Efalia’s sites and services to better meet the needs of all customers,
- Manage the use of Efalia’s sites and services while providing customer service and support,
- Analyze the use of Efalia’s sites and services to monitor trends and for marketing and advertising purposes,
- Send customers alerts about technical or administrative issues relating to the use of Efalia’s sites and services,
- Monitor activities on the sites to prevent fraudulent or illegal use and
- Inform customers for any other purpose to which Efalia is committed.
Efalia puts in place the following types of processing to provide an appropriate response to requests it receives, except for marketing activities, which are based on users’ prior consent.
Consulting the website, filling in the forms and receiving Efalia’s messages and marketing campaigns are of course optional. The data that has to be entered into the forms is compulsory to enable us to contact users and meet their needs and requests as effectively as possible.
Relevance of data
Efalia collects and processes personal data in an honest and lawful manner. The data collected by Efalia includes the following categories:
- Identity (e.g. surname, first name, contact details)
- Personal information (e.g. contact details, hobbies when you specify them on a CV)
- Professional information (e.g. role, post, company)
- Connection data (e.g. cookies)
- Location data (e.g. based on the IP address used to visit the website)
Efalia makes sure that the data is updated throughout the processing so that it does not become obsolete.
Efalia does not keep personal data any longer than required for the purposes of processing, while respecting the legal and statutory limits applicable.
- If you are a Customer or Partner of Efalia, your data will be retained for the term of the agreement and for three years after its expiry, unless there are specific legal constraints.
- If you are a Prospective Customer of Efalia, your data will be retained for three years from the date of your last contact with us, unless there are specific legal constraints.
- If you are applying for a vacancy at Efalia, your application data will be retained for two years, unless you are hired by Efalia.
- Finally, cookies remain valid for 100 days.
Under the access control policy, only duly authorized recipients can access the information required for their activity. Efalia defines access and confidentiality rules that apply to the personal data processed.
Eflalia defines and implements the resources needed to protect the processing of personal data, to avoid any access by unauthorized third parties and prevent any loss, corruption or disclosure of data.
Before processing the data, Efalia informs the persons concerned via this policy on Efalia’s websites.
In accordance with the laws and regulations in force, and in particular the GDPR, you have the following rights: to access, modify, delete, limit, oppose, make a complaint to the French Data Protection Authority (CNIL); and when applicable: move your data, withdraw your consent and determine the fate of your personal data after your death.
To exercise these rights, you can use a contact form or write to the department responsible for compliance with the rights of individuals (see below).
In order to confirm the legitimacy of your request, you may be asked to provide a signed request accompanied by a photocopy of a valid identity card bearing your signature. We also ask you to give us your contact details so we can send you a reply.
Certain tools we use to process your information involve transferring it outside the EU:
- PipeDrive, in the USA, which adheres to the Privacy Shield, for management of our leads, partners and customers
Data protection participants
Efalia has appointed a Data Protection Officer (DPO). The DPO ensures compliance with the GDPR within Efalia, supports the teams during processing, helps to investigate requests linked to the protection of personal data, and informs and raises the awareness of employees.
The DPO has the organizational measures and resources required to manage Efalia’s compliance.
Determines the aims and resources of the processing.
For processing via the Efalia website, the data controller is Efalia, domiciled at 210 Avenue Jean Jaurès, 69007 Lyon, represented by its Chairman.
The Efalia Marketing Department runs the Efalia website on the authority of the data controller.
Processes the personal data on behalf of the data controller. Acts on instructions from Efalia. It has signed an agreement with Efalia, which must contain Efalia’s requirements regarding the protection of personal data.
The following processors are involved in connection with Efalia’s website: PipeDrive, MailChimp.
Person authorized to receive the data, on a need-to-know basis and according to the principle of least privilege.
The data collected on Efalia’s website is solely for Efalia’s use, and will not be transferred to third parties. In order to respond to your requests and needs as effectively as possible (for example to select the most suitable offer of services etc.), the data collected may be shared within the Efalia Group.
Person to whom the personal data processed belongs, i.e. you, who wish to give us your contact details: customers, prospects, partners, suppliers, candidates, users.
Efalia continuously takes care of its Users’ data. We may therefore be required to modify, complete or update the Personal Data Protection Policy. Please regularly consult the last version in force, accessible on our Website. If major changes are made, we will inform you by email or via your usual contacts, to enable you to examine the changes before they enter into effect. Continued use of our Services after the publication or sending of notice concerning changes made to the Personal Data Protection Policy implies acceptance of the updates.