Skip to content

GDPR Policies

Home GDPR Policies

GDPR Policy

We ensure absolute compliance with the General Data Protection Regulation (GDPR).

The GDPR policy presented below applies to all personal data processing carried out by Anthenor Public Affairs as the Data Controller within the European Union, concerning individuals external to the company. It is aligned with European (GDPR) and French (Data Protection Act) legislation applicable to data protection.

Definitions

“Personal data” refers to any information relating to an identified or identifiable natural person, who can be identified, directly or indirectly, by reference to an identification number or to one or more elements specific to them.

“Data processing” refers to any operation performed on personal data, including collection, recording, use, transmission, or communication.

The “Data Controller” is defined as the legal entity responsible for determining the purposes of the processing and the means used to carry out the processing.

Data collected

The data collection by Anthenor Public Affairs follows the principles of lawfulness, transparency, and proportionality. It is strictly limited to achieving the purposes that have been previously determined.

The firm takes all necessary steps to ensure that the data collected is accurate, complete, and, if necessary, updated. It is committed to obtaining the consent of the individuals concerned when required and to informing them about the processing of their data.

The firm may collect data during the following processes:

  • Solicitation by a third party for any request for information, complaint, or commercial approach;
  • Solicitation on behalf of a third party for the legitimate interests pursued by the firm;
  • Application for an internship or job offer.

The data that may be collected includes, but is not limited to:

  • Identity: first name, last name, position, professional entity;
  • Contact details: email, address, phone number;
  • Information related to the nature of the solicitation: miscellaneous notes, CV, cover letter.

Processing of collected data

The processing of collected data by Anthenor Public Affairs follows the principles of lawfulness, transparency, and proportionality. It serves explicit, legitimate, and defined purposes.

As part of the firm’s legitimate interest, the collected data may be processed in the context of the following activities:

  • Responding to a third-party solicitation and ensuring follow-up on that solicitation;
  • Sending invitations to meetings or events;
  • Managing application files.

Information and communication regarding the collected data

Anthenor Public Affairs ensures that individuals whose data has been collected are informed about:

  • The purpose of the collection;
  • The duration of data retention;
  • The identity of the Data Controller;
  • Its rights to inquire, access, rectify, and object, as well as the methods for exercising these rights.

Data sharing

The collected and processed data may be shared with our clients, partners, public authorities, or legitimate stakeholders, to provide, ensure, and improve our services related to analysis and communication, in the context of the legitimate exercise of the firm’s activities.

Data retention and security

Given the nature of its activities, Anthenor Public Affairs retains the collected data for a maximum duration of 5 years, except for data related to applications, which are retained for 2 years unless candidates consent to a longer retention period.

The firm implements the technical and organizational measures necessary to protect and secure the collected and processed data. It requires its IT service providers to demonstrate their ability to ensure optimal data protection and full compliance with GDPR provisions in their own activities.

The firm commits to contacting the CNIL within 72 hours in the event of a breach or potential breach of personal data.

Rights of the individuals concerned

Individuals whose personal data is collected and processed have the following rights:

  • Right to information about how their data is collected and processed; the information provided will be concise and clear;
  • Right to access the collected data that has been processed;
  • Right to rectification when the collected data is found to be inaccurate or incomplete;
  • Right to object to the processing of data, to limit it, or to withdraw consent.

To exercise these rights, individuals concerned can contact: Anthenor Public Affairs, Attention: DPO – 4, rue Marbeuf – 75008 Paris; or by email at: contact@anthenor.fr

The firm may, if deemed necessary, require a copy of an identification document from the requester.

Individuals also have the right to file a complaint with the CNIL regarding the firm’s practices concerning the protection of personal data.

Monitoring the implementation and updating of the GDPR policy

The implementation of Anthenor Public Affairs’ GDPR policy is subject to a semi-annual internal audit, conducted by and/or under the supervision of the Data Protection Officer.

The firm’s GDPR policy is subject to necessary modifications to comply with any new applicable regulations or doctrines related to the protection of personal data.