Last updated on 27th July 2020
In the conduct of its activities, Chryso may collect and process personal data (hereinafter “Personal Data”). Since respect for privacy is a major concern for Chryso, and in compliance with Regulation N° 2016/679, known as the “General Data Protection Regulation” (“GDPR”), Chryso has established processes to meet the new requirements imposed by the GDPR.
- CHRYSO SAS,
A company incorporated under the laws of France, whose registered office is Tour Saint-Gobain, 12 Place de l’Iris, 92400 Courbevoie, France, registered in the Nanterre Register of Trade and Companies under number 964 200 497,
hereafter referred to as “Chryso”;
- anyone logging into the Website,
hereafter referred to as “Website User.”
ARTICLE 1. DEFINITIONS
“Personal Data”: any information that directly or indirectly identifies a natural person;
“Controller”: an organization which determines the purposes and means of the processing of Personal Data;
“Processor”: an organization which processes Personal Data on behalf of the Controller;
“Website User”: anyone logging into the Website;
“Website”: the website accessible to the URL https://www.chrysoinc.com/, as well as sub-sites, mirror websites, portals and URL variations.
ARTICLE 2. SCOPE
ARTICLE 3. PERSONAL DATA
Chryso undertakes to collect, use and process only the Personal Data strictly necessary for the purposes referred to in the processing operations. Chryso also undertakes to limit the retention of this Personal Data to the achievement of these objectives or up to the legal retention periods.
3.1 Identity of the Controller
The Controller of Personal Data collected on the Website is CHRYSO SAS, a company incorporated under the laws of France, whose registered office is Tour Saint-Gobain, 12 Place de l’Iris, 92400 Courbevoie, France, registered in the Nanterre Register of Trade and Companies under number 964 200 497.
3.2 Data collected by Chryso
3.2.1 Personal Data collected
As part of its activities, Chryso processes some of your Personal Data as indicated in the following list, which is not exhaustive:
- Name and surname;
- Personal and professional email addresses;
- Telephone contact details;
- Postal contact details;
- Information about application for a job within Chryso;
- Internet cookies and browsing data.
126.96.36.199 Personal Data collected while browsing: Browsing the Website implies the collection by Chryso of the following information: use of the Website by the Website User, including connection data (connection time, pages viewed, IP address, etc.)
188.8.131.52 Personal Data collected when using the contact form: The use of the contact form by the Website User implies the collection by Chryso of the following Personal Data: name, first name, email address, information voluntarily transmitted by the Website User to support his demand.
184.108.40.206 Personal Data collected when using the application form or sending a spontaneous application: using the application form or sending a spontaneous application by the Website User implies the collection by Chryso of the following Personal Data: name, first name, email address, information voluntarily transmitted by the Website User for the management of his file.
3.2.2 Purposes of processing Personal Data
Personal Data processed by Chryso is used within a defined framework with a specific purpose. Each of these processing is legitimate under the GDPR including:
- Processing are justified by Chryso’s legal or contractual obligations;
- The Website User gave his consent to have his Personal Data processed;
- Processing are necessary to preserve Chryso’s legitimate interest.
Chryso is committed to use the Personal Data only within the limits of the defined processing. In the case of processing based on consent, Chryso undertakes to notify the Website User of any additional processing envisaged.
220.127.116.11 Personal Data collected during navigation are subject to processing for the purpose of operating, furnishing, managing, developing and improving the Website.
18.104.22.168 Personal Data collected when using the contact form are subject to processing for the purpose of giving an adequate answer to the Website Users requests.
22.214.171.124 Personal Data collected when using the application form or submitting a spontaneous application are subject to processing for the purpose of managing job applications within the Chryso group.
3.2.3 Legal basis for processing
Legal base of processing the Personal Data collected during navigation is Chryso’s legitimate interest to carry out an analysis of the behavior of the Website User on the Website in order to improve security and operation of the Website.
Legal base of the other Personal Data processing is the Website User’s consent. The Website User have no obligation to provide this Personal Data.
3.2.4 Personal Data recipients
The Data collected by Chryso is accessible by those who need it to perform their duties:
- Personal Data collected while browsing are accessible by collaborators of the communication department as well as by the collaborators of the ISD;
- Personal Data collected when using the contact form are accessible by collaborators of the communication department as well as collaborators concerned by the request if applicable;
- Personal Data collected when using the application form or submitting a spontaneous application are accessible by collaborators of the human resources department as well as collaborators concerned by the application.
3.2.5 Data transfers
126.96.36.199 Transfer to partners
Chryso keeps your Personal Data within the European Union. However, Chryso is a company of the Chryso Group, present in more than 70 countries. It is therefore marginally possible that Data collected by Chryso when you use the Website is transferred to subsidiaries of the Chryso Group, sub-contractors or business partners located in other countries. Some of these countries may have Personal Data legislation offering lesser protection than GDPR does.
188.8.131.52 Transfer in connection with a merger or acquisition
184.108.40.206 Transfer on requisition or judicial decision
The Website User consents to Chryso disclosing the Personal Data collected on the request of a state authority or by judicial decision.
3.2.6 Personal Data retention periods
After the retention period, Chryso undertakes to permanently delete the Personal Data of the Website Users.
|PERSONAL DATA||RETENTION PERIOD|
|Personal Data collected during navigation||Personal Data are kept for a reasonable period of time necessary for the proper administration of the Website.
Maximum retention period: 13 months
|Personal Data collected when using the contact form||Personal Data are kept for the duration of the contractual relationship.
Maximum retention period: up to 36 months after the last contact with the Website User.
|Personal Data collected when using the application form or submitting a spontaneous application||Personal Data are kept for the duration of the application process.
Maximum retention period: up to 24 months after the last contact with the Website User.
4.2.7 Security and confidentiality of Personal Data
In accordance with applicable legal provisions, Chryso, as the Controller, implements appropriate technical and organizational measures to protect Personal Data against alteration, accidental or unlawful loss, use, disclosure or unauthorized access, and in particular:
- Appoints a GDPR referent;
- Creates a unit dedicated to the security of information systems;
- Imposes confidentiality requirements to its collaborators accessing your Personal Data;
- Controls access to its premises and to its IT platforms;
- Implements a general IT security policy for the company;
- Secures the access, sharing and transfer of Data;
- Controls the high level of Data protection guarantees when selecting its Processor and partners.
Chryso ensures that organizations which process Personal Data on its behalf have implemented adequate safeguards in order to ensure the legal compliance of these processing.
3.3 Rights of the data subject
You have the following rights regarding your Personal Data:
3.3.1 Right of access
You can request confirmation of the processing of your Personal Data by Chryso and have access to your Personal Data via the address [email protected].
The right of access must be exercised in accordance with the right of third parties. You cannot request access to Personal Data of a third party.
Similarly, the right of access cannot infringe on business secrecy or intellectual property.
3.3.2 Right to rectification
You have the right to request that your Personal Data be rectified, supplemented or updated.
3.3.3 Right to erasure
You can request the erasure of your Data or object to their processing if you justify a legitimate ground.
3.3.4 Right to restriction of processing
If you dispute the accuracy of the Data used by Chryso or object to the processing of your Data, the law allows Chryso to verify or examine your request during a certain period. During this period, you can ask Chryso to stop using your Data.
3.3.5 Right to Data portability
You can exercise your right to Data portability, i.e. the right to receive the Personal Data that you have provided to Chryso in a structured, commonly used format and the right to transfer this Data to another Controller, under certain conditions.
3.3.6 Right to object
You can request that Chryso stops processing all or some of your Personal Data n. A notification will be sent to you confirming the cessation of the processing, or indicated the reasons preventing Chryso from accessing your request. If your Personal Data has been collected by Chryso during a prospecting, you can exercise your right to object without reason.
3.3.7 Right to file a complaint to a supervisory authority
If you think, after contacting us, that your rights are not being respected, you can file a complaint to the relevant Authority. In France, the relevant Authority is the CNIL, which you can contact by following this link: https://www.cnil.fr/fr/plaintes/internet
ARTICLE 4. CONTACT
To exercise these rights or for any questions about the processing of your Personal Data, you can:
- send an email at [email protected]
- send a letter to Chryso Legal department (GDPR) – Tour Saint-Gobain • 12 Place de l’Iris • 92400 Courbevoie • France
As part of its security and confidentiality obligations, Chryso may verify your identity and/or ask you to provide more information to respond to your request. Chryso undertakes to comply with your request within a reasonable time and, in any case, within the time limits set by law.
ARTICLE 5. DISPUTES