The GDPR policy presented below applies to all processing, by Anthenor Public Affairs as “data controller”, of personal data for individuals outside of their organization. This policy is in line with the European (GDPR) and French (Data Protection Act) legislation applicable to data protection.
“Personal data” refers to any information which are related to an identified or identifiable natural person. The data subjects are identifiable if they can be directly or indirectly identified, especially by reference to an identifier such as a name, an identification number, or one of several special characteristics. In practice, these also include all data which are or can be assigned to a person in any kind of way.
“Data processing” refers to the collection, recording, storage, use, disclosure by transmission, dissemination or otherwise communication of personal data.
“Data controller” refers to the legal entity in charge of determining the purposes of the processing and the associated means to carry out the processing.
All personal data is processed according to the principles of lawfulness, transparency and proportionality. It is strictly limited to achieving the purposes that have been previously determined.
The firm takes all necessary measures to ensure that the data collected is accurate, complete and, if necessary, updated. It undertakes to obtain the consent of concerned individuals when it is required and to inform them of the processing of their data.
The firm is likely to collect data during the following activities:
- Solicitation by a third party for any request for information, complaint or commercial approach
- Solicitation on behalf of a third party for the purposes of the legitimate interests pursued by the firm
- Application for an internship or a permanent position.
The data likely to be collected, in particular:
- Identity: first name, surname, position, organization
- Contact details: email, address, telephone number
- Information related to the nature of the solicitation: various notes, CV, cover letter.
Processing of collected data
In the context of the firm’s legitimate interest, the data collected may be processed as part of the following procedures:
- Responding to a request from a third party and ensuring follow-up
- Sending invitations to meetings or event
- Managing application files
Information and communication relating to the collected data
Anthenor Public Affairs guarantees the information of the person whose data is collected, with regards to:
- The purpose of collection
- The data retention period
- The identity of the data controller
- Their rights of interrogation, access, rectification and opposition for legitimate reasons
The data collected and processed may be shared with our customers, our partners, public authorities or legitimate stakeholders, to provide, ensure and improve our services in terms of analysis and communication, within the framework of the legitimate exercise of the firm’s activity.
Data storage and security
Given the nature of its activity, Anthenor Public Affairs retains the collected data for a maximum period of 5 years. Data relating to job applications is stored for a maximum period is 2 years, or longer in case of consent of the candidates.
The firm mobilizes the technical and organizational means necessary for the protection and security of the collected and processed data. The firm requires their IT service providers to be able to demonstrate their ability to guarantee optimal data protection and full compliance with GDPR provisions.
The firm undertakes to contact the CNIL within 72 hours in the event of a breach or risk of breach of personal data.
Rights of data subjects
The persons concerned by the collection and processing of their personal data have the following rights:
- Right to information on how data is collected and processed
- Right of access to collected and processed data
- Right of rectification when the collected data proves to be inaccurate or incomplete
- Right to object to data processing, or to limit or withdraw consent at any time.
To exercise these rights, data subjects may contact: Anthenor Public Affairs, DPO – 4, rue Marbeuf – 75008 Paris; or by email at: firstname.lastname@example.org
The firm may, if it deems it necessary, require a copy of an identity document.
Concerned individuals also have the right to contact the CNIL in order to lodge a complaint concerning the practices of the firm with regards to the protection of personal data.
Monitoring and revisions of the GDPR policy
The implementation of the GDPR policy is subject to a biannual internal audit, carried out by and/or under the control of the data protection officer.
The firm’s GDPR policy is subject to the modifications of local and European regulations.