Privacy policy – Endrix

Endrix attaches major importance to the protection of personal data, and is thus committed to processing such data in compliance with applicable laws and regulations, and in particular Law No. 78-17 of 6 January 1978 on data processing, files and freedoms, and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

Endrix opts for a shared governance model. This means that the DPO alone is responsible for holding accountable each entity of the Endrix holding company, but also of all its subsidiaries.

This privacy policy sets out how we collect, use, share and protect personal data obtained from you.

The personal data we collect

As part of the services we provide to you or our customers, we may collect and obtain personal data about you. We may also collect your personal data when you use our website.

We may collect and obtain personal data because you provide it to us (for example, through a form on our website), or because others provide it to us (for example, your employer) or because it is in the public domain.

In order to enhance your experience as a visitor when using the website and to ensure that the web service functions properly, we may use cookies (small text files stored in the user’s browser) and web beacons which may collect personal data. Further information and details on how we use cookies and other trackers and how you can control them are available in our cookie policy.

We may also collect and obtain personal data about you if you are a former employee, if you are a visitor to our premises or if you apply for a job vacancy by sending a cover letter and curriculum vitae (by submitting a cover letter and curriculum vitae, the applicant authorises Endrix to process the personal data he or she submits in order to process the application).

The personal data we collect or obtain, directly or indirectly, may include, but is not limited to, your marital status, contact details, family situation, professional situation, image, economic and financial information and login details.

Where we obtain personal data about you from our client, it is the client’s responsibility to ensure that any personal data provided to us, directly by the client or indirectly on the client’s behalf, has been collected lawfully, fairly and transparently.

When you choose to follow Endrix information through a third party service (LinkedIn, Facebook, etc.), we collect from the third party service provider the data necessary for the connection you have authorised, such as your name and email address. The other data we collect depends on the privacy settings you have set with your third party service provider, and we therefore invite you to consult the privacy policy applicable to the service concerned.
By providing personal data to Endrix, you consent to the use of such personal data in accordance with this Privacy Policy. We do not use your personal data for any other purpose unless we obtain your consent to do so, or unless permitted or required by law or professional standards.
We understand the importance of protecting the privacy of minors. Our website and services are not designed for, nor intended for, minors aged 15 or under. It is not our policy to intentionally collect or retain personal data from minors.

The purposes of data processing

We will use your personal data to provide you or our clients with professional services.

We may also use your personal data for the following purposes or otherwise in connection with the following operations related to:

• applicable legal or regulatory requirements ;
• requests for communications from the relevant authorities;
• the opening of customer account(s) or for other administrative purposes;
• our accounting and financial management services; invoicing for our services;
• business relationship management, which may involve:
– sending information about our services and/or events that may be of interest to you;
– sending a message to you for other professional, commercial or other purposes.
• career management and recruitment;
• protecting our rights and those of our clients.

In addition to the above, we may also collect your personal data via our website:

• to administer and improve the operation of the website;
• to assess the relevance of its content;
• to manage and respond to your requests via this website.

The legal basis for processing

The processing of your personal data is based on :

• the performance of a contract: where the processing of your personal information is necessary to fulfil our obligations under a contract to which you are a party.
• a legal obligation: where we are required to process your personal data to comply with a legal obligation, including for the purposes of providing information to a public body or competent authority.
• our legitimate interests: we will process your personal data if it is in our legitimate interests to do so, for the purposes of the efficient and effective provision of the services we provide to you or our clients, provided that these interests are not disproportionate to the rights of individuals.
• your consent: we will ask you for specific permission to process some of your personal data.

Data recipients

We may transmit your personal data to collaborators working with Endrix; to your employer; to our service providers; or to the relevant authorities.

Our service providers shall only access your data subject to their own obligations regarding data protection and privacy.

As part of this process, your data may be transferred to a member state, or a non-member state, of the European Union of the European Economic Area. We are committed to putting in place the appropriate tools for the supervision of such transfers, such as the signing of the European Commission’s standard contractual clauses, which ensure a sufficient level of protection of the privacy and fundamental rights of individuals.

How long data is retained

Endrix shall retain your personal data :

• In accordance with its legal obligations and/or the recommendations of the CNIL regarding retention periods;
• In relation to its contractual obligations and the requirements of processing;
• At least enough achieve the purposes for which your data was collected.

Without prejudice to the exercise of your rights of rectification, deletion, limitation or opposition.

After the periods provided for, Endrix will delete your personal data from its system or anonymise it so that it can no longer be used to identify you.

In order to comply with our legal obligations or to have the necessary elements to assert our rights, we may archive the data in accordance with the legal provisions in force.

The rights of affected persons

You have various rights which relate to your personal data, and in particular the following:

• Obtain information about the processing of your personal data;
• Ask us to update your personal data held or to correct inaccurate or incomplete personal data;
• To ask us to delete the personal data we hold about you, or to limit our use of it;
• To withdraw your consent for us to process your personal data (insofar as such processing is subject to consent).
• Receive a copy of the personal data you have provided to us, in a structured, commonly used and machine-readable form and for the purpose of transferring it to another party (to the extent that such processing is subject to consent or contract).
• Object to the processing of your personal data.
• To give instructions regarding the retention, erasure and disclosure of your personal data after your death.

To exercise your rights, or if you have any questions about our use of your personal data, you can contact our Data Protection Officer by writing to dpo@endrix.com or to the following postal address: DPO, Endrix, 18 Avenue Félix Faure, 69007 Lyon.

Your application must be signed and accompanied by a valid form of identification bearing your signature. You may specify the address to which the reply should be sent. We have a period of 1 month from receipt of your request to respond in accordance with Article 12.3 of the General Data Protection Regulation.

If you no longer wish to receive marketing or sales material from us, please click on the unsubscribe link in the communication email.

If you are dissatisfied with the way we have handled your personal data or if you have any unsuccessful questions or requests, you are entitled to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (“CNIL”) whose contact details can be found at https://www.cnil.fr/.

Data protection

We use a range of organisational and technical measures to ensure that your personal data is protected.

These measures include:

• control of access to the employee computer system;
• protection of servers and computers with regularly updated anti-virus software;
• the presence of perimeter security components such as firewalls and proxies;
• regular data back-up;
• restriction of access to the premises: badge, surveillance camera, alarm system;
• staff commitment to confidentiality.

Nevertheless, even if we take appropriate security measures at the time of collection of your personal data, no data storage or transmission system can be guaranteed to be 100% secure.

Changes to the Privacy Policy

We reserve the right to change this Privacy Policy to comply with changes in applicable laws and regulations.

Therefore, we encourage you to review this policy regularly to stay informed about how we are protecting your personal data.