The purpose of this privacy policy (hereinafter the "Policy") is to inform visitors or users (hereinafter the "User") of the website ofis.veolia.com (hereinafter the "Site") of the terms and conditions for the protection of their personal data in accordance with Law and Regulation No. 2016-679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter collectively the "Regulation").
The publisher of the Site is the company Office d’ingénierie sanitaire (OFIS), a French SAS registered with the Registry of the Commercial Court of Paris under Siren number 421025875, whose registered office is at 21 rue de la Boétie, 75008 Paris, France, and whose postal address is at 30 rue Madeleine Vionnet, 93300 Aubervilliers, France, acting as publisher ("the Publisher" or "OFIS"), and whose telephone number is 01 85 57 70 00. OFIS is a subsidiary of Société d'assainissement rational et de pompage "SARP".
The terms and conditions for processing data collected via contact form are set out in the information notice for the form.
The contact information is included in the Privacy Notice Contact webform.
The Policy may be modified at any time by the Publisher, in particular in order to comply with any regulatory, legal, editorial or technical developments.
This Policy is an integral part of the Terms and Conditions of Use of the Site.
The methods of collecting and processing data collected by means of cookies are set out in the "Cookie Policy".
Identification of the controller
The controller of the User's personal data is, as the case may be, the following entity or entities: OFIS. The data controller may also be the Veolia entity named on the webform, depending on the purpose of the webform.
Description of the data processing
Within the framework of the operation of the Site, the Publisher may collect and process personal data in order to allow the User to access the features and services offered by the Site (hereinafter the "Services").
1) What categories of data are collected?
Contact data: refers to the compulsory data that the User fills in when filling in the contact webform: last name, first name, e-mail address, company name, telephone number, address, zip code, city, country of residence.
- Data voluntarily published by the User: refers to the personal data that the User voluntarily communicates to the Editor by filling in the free text zones provided for this purpose in the webform(s), namely "Subject of the request" and "Message". The Publisher strongly recommends to the User to avoid any communication of personal data via these text boxes or in any case to limit this communication to what is strictly necessary to process the User's request (hereinafter the “Published Data”).
All such data is hereinafter collectively referred to as the "Data".
2) Why does the Publisher collect User Data?
The Data are collected through the webform in order to answer the questions of the Users concerning the following topics:
- Collecting requests for information from target audiences (clients, consumers, stakeholders)
- To process the User's request for information or question and to communicate effectively with the User in the following areas: to be specified
- To send communications to the User in relation to the main interests previously expressed by the User.
The mandatory fields in the webform are marked with an asterisk. The Publisher will not be able to respond to your request if you do not fill in these mandatory sections.
3) What is the legal basis for the processing of User Data?
Data processing is only lawful if it is based on one of the legal basis defined by the Regulations. In the context of the operation of the Site, the Data processing is based on the following legal bases:
4) Recipients of the Data collected
The Data collected through the webform(s) is intended for the internal services of the entity responsible for processing in order to respond to the User's request.
This may include, as the case may be,
- Relevant departments of SARP and its subsidiaries, in particular customer service, sales and after-sales departments,
- Service providers and subcontractors performing services on our behalf;
- Judicial authorities, state agencies, public bodies or other authorized third parties, upon request and to the extent permitted by law;
- Certain regulated professions such as auditors, where applicable;
- Recipients formally authorized by you.
Internal recipients may also be Veolia Group entities located in the European Union (EU) or outside the EU, it being understood that any transfer of Data outside the EU will be carried out under the conditions of the article "Transfer of Data outside the European Union" below.
Each recipient subsidiary may, as the case may be, be a subcontractor or a processor of the Data provided.
The Data may also be transferred/used by third parties under the following conditions:
- Data transferred to public authorities and/or bodies
In accordance with the Regulations in force, the Data may be transmitted to the competent authorities on request and in particular to public bodies, exclusively to meet legal obligations, judicial officers, ministerial officers and bodies responsible for collecting debts, as well as in the case of the search for the authors of offenses committed on the Internet.
- Data provided to third parties
The Data may be communicated or made accessible to the Publisher's subcontractors, suppliers and third-party service providers (such as the Site's host, Veolia's IT and/or technical service providers).
- Social networks
The User has the possibility to share the pages he/she is interested in on social networks by clicking on the share buttons.
The collection of information through social network sharing buttons is subject to the privacy policies of those third parties and to our Cookie Policy. We invite you to read the policies of these social networks to find out how your Data is used.
Exercise of User rights
In accordance with the Regulation, any individual User has the right to access, rectify, delete, limit and portability his or her Data.
For all processing operations carried out within the framework of the Site and only within this framework, regardless of the Entity responsible for processing, the User may exercise his rights,
- by writing to [email protected]
- by post to DPO OFIS, 30 rue Madeleine Vionnet, 93300 Aubervilliers, France
- by wrinting to [email protected] for Professional Users who have expressed their main interests to OFIS or who have requested information or contact with the customer service.
by sending proof of identity or any other official document.
In case of difficulty concerning the management of his personal Data by the Publisher, the User may contact the Data Protection Officer of OFIS ([email protected]). If the User is not satisfied with the DPO's response, he or she may lodge a complaint with the competent protection authority (in France: CNIL - 3, place de Fontenoy - TSA 80715 - 75334 Paris Cedex 07).
The Publisher reminds that the User may, for legitimate reasons, object to the processing of his Data. Where processing is based on consent, the User may withdraw consent at any time by sending an e-mail to [email protected].
It is specified that if the User exercises some of the above rights, the Publisher may be unable to carry out the actions necessary to achieve the purposes described above, or the User may not be able to use all or part of the Services.
The Editor is obliged to keep the Data collected from Users up to date. It is therefore recommended that the User inform the Publisher of any changes concerning him/her by sending an e-mail to the following address: [email protected].
Data retention and archiving
User Data will not be retained beyond the period strictly necessary for the purposes set out herein and in accordance with the Regulations. accordingly.
In this regard :
- The data collected in order to respond to Users' requests for information and questions are kept in an active database for 13 months from the registration of the User's request.
- Data collected for the purpose of sending commercial communications to prospective customers (professionals) are kept in an active database for 3 years from the last contact with the User (for example, a request for documentation or a click on a hypertext link contained in an email), unless the User has exercised his/her right to withdraw consent, his/her right to object or his/her right to erasure (as the case may be), and then for a period of 5 years in intermediate storage.
- The Data collected in order to contact the customer service of the professional User who has an existing contract with [designation of the entity or BU](customers) is kept for the entire contractual relationship, unless the User has exercised his right to object or exercised his right to erasure. The data is then kept for 3 years in the active database from the end of the contractual relationship, and then for 5 years in intermediate storage.
The Data is kept in intermediate storage to enable the Publisher to defend itself in the event of legal proceedings or for the purpose of preventing and detecting criminal offenses, with a view to make the Data available to the judicial authorities.
At the end of the intermediate archiving period, the User Data will be permanently deleted.
In addition, the Publisher may keep Data permanently anonymised, for the purpose of producing statistical studies. These studies do not identify Users, and are only based on trends derived from their aggregated Data.
Security
The Publisher takes appropriate technical and organizational measures to ensure the security of the Data and to prevent unauthorized access or disclosure of the User Data. However, the Publisher cannot guarantee the elimination of any risk of misappropriation, alteration, unlawful reproduction or misuse of the Data.
The database created when a User sends a request through the webform is strictly confidential. OFIS undertakes to take all useful precautions, organizational and technical measures appropriate to preserve the security, integrity and confidentiality of the Data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorized third parties.
Transfer of data outside the European Union
In the event of transfer of User Data to a subsidiary of the Veolia Group or to a third party located outside the European Union, OFIS ensures that the recipient country has been the subject of an adequacy decision by the European Commission. If this is not the case, OFIS undertakes to use the appropriate legal instruments, in particular the European Commission's Standard Model Contractual Clauses, to govern the transfer.