GreenFlex Política de privacidad y cookies

Política de privacidad y cookies

Welcome to the website https://www.greenflex.com (hereinafter the “Site”).

By connecting to or consulting the website, you acknowledge that you have read, understood and accepted, without limitation or reservation, the charter on the protection of personal data and cookies (hereinafter the “Charter”). Please note that other charters on the protection of personal data and cookies as well as general terms and conditions apply to the other sites of the GreenFlex Group, and we recommend that you consult them carefully.

The purpose of the Charter is to inform any Data Subject and, in particular, Internet Users, Clients and Prospects, about the use of their data in the context of :

requests made using the forms on the Site (requests for information, documentation, contact, recruitment, etc.);
newsletters;
commercial prospecting actions.

The Charter is also intended to inform you of the rights and freedoms you may assert with respect to our use of your personal data and describes the measures we implement to protect them.

The processing of personal data is carried out in accordance with applicable regulations and, in particular, with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”), with Law No. 78-17 relating to data processing, data files and individual liberties and with recommendations of the French Commission Nationale de l’Informatique et des Libertés (CNIL).

The information concerning data processing is as follows:

1. The data controller

GreenFlex SAS, located at 7 – 11 boulevard Haussmann in Paris (75009), registered with the Paris Trade and Companies Register under number 511 840 845, is responsible for processing personal data (hereinafter referred to as “GreenFlex”).

2. Data Subjects affected by the collection and processing of personal data

The Data Subjects affected by the processing of personal data are those defined below:

Candidate: any natural person who applies for a job or internship through the Site;
Customer: any natural person or legal entity that has entered into a contract with GreenFlex to access the services offered by GreenFlex ;
Internet User: any natural person consulting the Site;
Prospect: any natural person interested or potentially interested in the various services offered by GreenFlex (training, events, digital solutions, etc.), or who has expressed an interest in one or more services offered by GreenFlex;
Data Subject: any identified or identifiable natural person and, in particular, Internet Users, Customers and Prospects.

3. Personal data categories processed by GreenFlex

The data below is given for information purposes and is processed according to the requests or interests of the Data Subject.

Candidates: title, surname, first name, current position, e-mail address, telephone number, curriculum vitae and, potentially, photograph and postal address as well as the Candidate’s website, LinkedIn and Twitter profiles.

Business Customers: title, surname, first name, company, position, department in which the person works, professional e-mail address, professional telephone number (landline and/or mobile) and, potentially, a professional postal address, line manager, assistant, associated marketing campaign and the date of creation of the contact form.

Business Prospects: title, surname, first name, company, position, department in which the person works, professional e-mail address, professional telephone number (landline and/or mobile) and potentially, a professional postal address, status of the prospect (active/inactive), line manager, assistant, associated marketing campaign, the date of creation of the contact form and the source of the personal data if the data was not collected directly from the Data Subject.

Internet Users: connection data collected via technical cookies and possibly via audience and advertising measurement cookies. The data collected is as follows: IP address, information on the internet browser used, time and date of connection, pages visited.

4. Information on data processing operations (purpose, legal basis and storage period)

When using this website, you may need to provide some personal data, such as your name, surname and e-mail address, in order to use the services available on the website and receive answers to your requests for information, in particular.

For Business Prospects, GreenFlex can also collect data from a publicly available source. GreenFlex undertakes to inform Business Prospects of the processing of their data and the source from which their data was collected.

Your data may also be processed for analysis and investigative purposes.

Data processing may be based on :

the legitimate interest of the data controller to provide you with services when the purpose relates to customer relationship management or requests expressly made to GreenFlex;
the performance of a contract to which you are a party or the execution of pre-contractual measures taken at your request;
compliance with legal and regulatory obligations, in particular, but not exclusively, with regard to the obligations which are the responsibility of website publishers;
your consent to the processing of your personal data for one or more specific purposes, in particular for marketing purposes when necessary.

The data is needed to enable us to process your request and interact with you better.

In our online forms, the obligatory fields are marked with an asterisk. If the mandatory questions are not answered, we will not be able to provide you with the service(s) requested or respond to your requests.

The personal data of Data Subjects is at no time sold, marketed or rented to third parties, and are not further processed in a manner incompatible with the purposes as detailed below.

The table below provides information on the purpose of the processing of your data, the legal basis justifying the processing and the data storage period.

Purpose of the processing	Legal basis	Storage period in active base *
Management of documentation requests	Legitimate interest	Processing time for the request
Management of registrations for events offered by GreenFlex	Legitimate interest	Duration of event registration management
Management of a newsletter – Newsletter (management of subscriptions, electronic mailings and preparation of statistics relating to the service)	Consent Legitimate interest	Preservation of the email address as long as the Data Subject does not unsubscribe (via the unsubscribe link in the newsletters)
GreenFlex social network management (statistics of visits, interactions (public or private messaging) with the users of the platform concerned)	Legitimate interest	Processing time for the request or the time the active account has existed on the social network concerned, unless the right to delete or the right of opposition is exercised by the Data Subject.
Management of the contact form	Legitimate interest	Time required to reply to the request
Commercial prospecting among professionals (“BtoB”)	Legitimate interest in technical cookies Consent for audience measurement or advertising cookies	13 months maximum depending on the cookies concerned
Cookie management	Legitimate interest in technical cookies Consent for audience measurement or advertising cookies	13 months maximum depending on the cookies concerned
Management of data processing rights and freedoms	Legitimate interests Right of opposition: legal obligation	12 months from application
Recruitment of staff and independent service providers (trainee employees, self-employed workers)	Pre-contractual measures and/or execution of the contract Legitimate interest	2 years from the date of the refusal email sent to the Candidate or from the Candidate’s reply, unless the person formally agrees to a longer storage period

* The duration in active base corresponds to the period during which the data are used before being definitively erased or archived for the period of limitation applicable in civil, commercial and tax matters. In the course of storing or archiving personal data, GreenFlex no longer uses this data.

5. Recipients or categories of recipients of the data

Personal data and information is processed by GreenFlex Personnel (i.e. all natural persons, whether salaried or not by GreenFlex), and in particular by the communication departments and management.

The information may also be passed on to certain “Service Providers” (any natural person or legal entity who has entered into a service agreement with GreenFlex) to enable GreenFlex to provide you with the service(s) offered. These Service Providers act on the instructions of GreenFlex, and GreenFlex ensures that the data transmitted is processed only in the context of the performance and provision of services offered, unless the Data Subject has subscribed directly to the services of a Service Provider or has consented to the Service Provider using his/her data for the Service Provider’s own purposes.

6. Transfer of personal data

The data may be transferred to our subcontractors for the services that GreenFlex offers to the Data Subjects.

Any time that data is transferred to a third country outside of the European Economic Area, it is carried out in accordance with applicable laws and in a way that ensures that data are properly protected.

GreenFlex implements all the means at its disposal to ensure the protection and confidentiality of the data transferred and, in particular, ensures that Service Providers located outside the European Union ensure a level of data protection and the rights of the Data Subjects (and in particular their privacy) under conditions equivalent to those guaranteed within the European Union by the GDPR.

In particular, GreenFlex ensures, where possible, that standard contractual clauses, such as those validated by the European Commission, are signed with its Service Providers, and provides additional safeguards to ensure that Service Providers comply with the data processing and protection requirements as set out in the GDPR. GreenFlex ensures, for example, that changes in the legislation of the country where the Service Providers are located are not likely to have a significant negative impact on the guarantees and rights of the Data Subjects. Failing this, GreenFlex asks its Service Providers to process personal data exclusively in the territory of a Member State of the European Union, unless GreenFlex has given its express permission and the Service Provider has given special guarantees.

7. Security and confidentiality of personal data

GreenFlex implements appropriate measures to ensure a level of protection appropriate to the risk in terms of confidentiality, integrity, availability and resilience of systems and, in particular, to prevent personal data from being distorted, damaged or communicated to unauthorised third parties.

GreenFlex regularly monitors internal procedures as well as technical and organisational measures to ensure that the processing under its responsibility is carried out in accordance with the requirements of current legislation on the protection of personal data and the protection of the rights of the Data Subjects.

Security measures are also implemented in accordance with the GreenFlex IT Charter and the GreenFlex Rules of Procedure.

When personal data is transferred to Partners or Service Providers, GreenFlex will use all the means at its disposal to ensure data protection and confidentiality.

8. Data processing rights and freedoms requests relating to the processing of personal data

In accordance with the regulations in force, any Data Subject may ask GreenFlex, through its Data Protection Officer (DPO), whose contact details are below, to exercise:

a right of access: asking GreenFlex whether it holds data concerning them, and requesting a communication to verify its content (https://www.cnil.fr/fr/le-droit-dacces-connaitre-les-donnees-quun-organisme-detient-sur-vous);
a right to rectify: this implies the rectification of inaccurate or incomplete information concerning the Data Subject. It prevents an organisation from using or disseminating erroneous information about the Data Subject (https://www.cnil.fr/fr/le-droit-de-rectification-corriger-vos-informations);
the right to erase (if applicable): the right to request GreenFlex to erase personal data concerning the Data Subjects (https://www.cnil.fr/fr/le-droit-leffacement-supprimer-vos-donnees-en-ligne);
a limitation on the processing of personal data (if applicable): the right to ask GreenFlex to temporarily freeze the use of certain data (https://www.cnil.fr/fr/le-droit-la-limitation-du-traitement-geler-lutilisation-de-vos-donnees);
the right to transfer their personal data (if applicable): the possibility to recover part of their data in an open and machine-readable format (https://www.cnil.fr/fr/le-droit-la-portabilite-en-questions);
the right to object to the processing of the data (if applicable): the possibility for any Data Subject to object at any time to GreenFlex using some of his/her data for a specific purpose. This concerns in particular the right to object to any commercial prospection or to being contacted by GreenFlex, by email or SMS/MMS, for other training or similar services (https://www.cnil.fr/fr/le-droit-dopposition-refuser-lutilisation-de-vos-donnees);

Any Data Subject also has a right not to be subject to a decision based exclusively on automated processing, including profiling (https://www.cnil.fr/fr/profilage-et-decision-entierement-automatisee).

Any Data Subject may file a complaint with the CNIL for any difficulty related to the processing of his or her data https://www.cnil.fr/fr/plaintes.

For any request concerning personal data, please send an email to the Data Protection Officer at the following address dpo@greenflex.com.

9. Management of cookies

You can set or modify your preferences for the use of cookies by using the cookie management system on the Site.

9.1 Learn more about cookies and how to set them

The term “cookies” covers all cookies or tracers placed and/or read on equipment (computer, telephone, tablet), for example when visiting a website.

During a visit to the Website, information relating to the Internet User’s browsing may be recorded on his or her equipment in cookie files placed by GreenFlex or third parties. The cookie may contain several pieces of data: the name of the server that placed it; an identifier in the form of a unique number; an expiry date, etc. This information may be stored on the Internet User’s computer in a simple text file that a server accesses to read and record information.

9.2 What is the purpose of the cookies that may be stored on a terminal and how do I manage them?

Cookies have different functions.

– Technical cookies

Technical cookies are used for technical purposes, to facilitate navigation on the Site. These technical cookies make it possible to identify the Internet User to help him/her fill in forms or certain fields, and help to improve his/her navigation. Technical cookies also make it possible to implement security measures or to take into account some of the Internet User’s choices, such as language.

These cookies are simply for the purpose of the operation of this Site. They may be placed and read on the Internet User’s terminal without his/her consent.

If the Internet User “uninstalls” a technical cookie from his equipment, the latter will not be able to benefit from the services offered by the Site.

– Cookies for audience measurement, advertising and “social networks”

Audience measurement cookies make it possible to measure the audience of the various contents and sections of this Site and, in particular, to understand how users arrive at the Site.

Advertising cookies allow the display of targeted advertisements on a web page according to the profile of the Internet User who consults the page and, more particularly, according to the pages that the latter has consulted.

This Site has added social plug-ins to its pages to facilitate the sharing of the Site’s content on several social platforms, such as Facebook, Instagram, LinkedIn or Twitter. Adding these “social buttons” to the GreenFlex Website allows certain social platforms to use cookies that track the navigation of the Internet User, whether or not the user is a user of these platforms.

9.3 Delete cookies directly from the browser

The Internet User has the possibility of deleting the cookies placed on his equipment.

The configuration of each browser is different. It is the responsibility of the Internet User to follow the instructions of his browser’s editor as follows (links available at the date of the “Cookies” page update):

For Firefox : launch the browser then simultaneously press “Alt + O”; select “Options”; click on the “Privacy and Security” tab then choose the desired options. Find these explanations with the following link: https://support.mozilla.org/fr/kb/autoriser-bloquer-cookies-preferences-sites

For Chrome: launch the browser and press “Ctrl + H” simultaneously; click on “Clear Browsing Data”, and check the “Cookies and Other Site Data” box. Find these explanations with the following link: https://support.google.com/chrome/answer/95647?hl=fr&hlrm=en

For Safari: launch the browser then click on “Safari” at the top left; select “Preferences” then click on “Privacy”; click on “Manage website data”; select one or more websites then click on “Delete” or “Delete all”. Find these explanations with the following link: https://support.apple.com/fr-fr/guide/safari/sfri11471/mac

For Opera: launch the browser then click on “Settings” in the toolbar; select “Delete private data”; check the box “Delete all cookies”; click on “Delete”. Find these explanations with the following link: https://help.opera.com/en/latest/web-preferences/#cookies

9.4 Cookie retention period

Cookies stored on the Internet User’s terminal or any other element used to identify the Internet User for statistical or audience purposes will have a reasonable life span relating to the purpose of the processing envisaged, up to a maximum of thirteen (13) months; this period not being automatically extended should the Internet User visit the Site again. Beyond that, the raw visiting data associated with an identifier is either deleted or anonymized.