PERSONAL DATA
Introduction
Ciril GROUP is a software publisher and a Cloud hosting services provider. Ciril GROUP considers that the processing of personal data is at the heart of its activity and that of its customers who use its solutions.
The purpose of this personal data protection policy is to provide the persons concerned by Ciril GROUP's data processing operations with useful information about their methods. Below is a brief presentation of the principles that guide the development of each of the company's personal data processing operations.
Lawfulness of processing
Before the implementation of each personal data processing, GROUP reflects on the basis of these operations, giving as much priority as possible to the consent of the persons concerned. Personal data processing led by Ciril GROUP is therefore based on one of the possibilities offered by the regulations on personal data, namely:
- the consent of the data subject,
- the performance of a contract between Ciril GROUP and this person,
- the compliance with a legal obligation,
- the protection of the vital interest of a person,
- the performance of a public interest mission,
- the legitimate interest of Ciril GROUP.
Respect for rights of data subjects
Exercise of your rights
Data subjects applications must be addressed to Ciril GROUP’s Data Protection Officer, 49 Avenue Albert Einstein, BP 12074, 69603 Villeurbanne, France or to
In matter of applications about health data hosted by Ciril GROUP, please prioritary contact the controller of this processing (in most cases, their health establishment or their attending physician). Failing this, please contact Ciril GROUP’s doctor : Docteur Wilfrid ECUER, 48 route de Lyon, 38300 Domarin, France.
In order to allow Ciril GROUP’s DPO to verify your identity, which is a legal obligation according to article 12 of the European GDPR and to section 3 of the French Data Protection Act "loi informatique et libertés", your applications must be signed and be send with appropriate proof of identity. In order to facilitate the consideration of, and response to, your request, you are invited to spezcify which pieces of data or data processing operations your request is related to, as well as the context of your request (type of relationship with Ciril GROUP, ex. supplier, customer, partner, etc.). Information provided in this case will be kept for 5 years for probative reasons. Data subjects can exercise their rights of access, rectification, opposition, limitation on legitimate grounds and portability by the means previously exposed.
Information of data subjects
Before each data processing controlled by Ciril GROUP, you are informed by an explanatory notice provided by the General Data Protection Regulation. This notice mentions, among others:
- the identity and the contact details of the controller,
- the contact details of its data protection officer,
- the purposes of the processing,
- the basis of the treatment,
- the recipients of the personal data,
- the existence of a data transfer outside the European Union,
- the rights of the persons concerned by the processing,
- the existence of automated decision-making.
Moreover, Ciril GROUP takes appropriate measures to inform the persons concerned by its data processing operations.
Purpose of processing
Ciril GROUP ensures that the purposes of the processing that the company implements are determined and legitimate. So that, data collected by Ciril GROUP are only processed within the strict limit of the purpose determined before their processing. In no case Ciril GROUP process them in other purposes.
Data retention period
Once the purpose of the processing has been determined, it allows to determine the period for which personal data will be stored. This period is determined either on a case-by-case at the end of a specific reflection lead on this subject or according to instructions of the French CNIL or to other statutory time limits. At the end of this retention period, data is deleted or, depending on the case, stored for evidentiary purposes. In such hypothesis, periods for which personal data will be stored are based on the statutory limitation periods.
Data minimization
According to principles of proportionality and of minimization of collected data provided by article 5 of the European GDPR, only adequate and relevant data necessary to the purpose of the processing are processed.
Security and confidentiality
Physical, logical and organisational security measures are implemented to grant the security of data processed by Ciril GROUP.
When hosted internally, the data processed by Ciril GROUP benefits from the high level of security guaranteed by its ISO 27001:2013 certified datacenter. The ISO 27001:2013 certification is recognized as the highest standard in the world in terms of Information Security Management Systems (ISMS). Moreover, all of the Ciril GROUP staff intervening in a personal data processing is also submitted to a rigorous non-disclosure agreement.
Finally, before choosing its processors, Ciril GROUP looks after the fact that their guarantees are sufficient in matter of security and confidentiality.
Recipient of personal data
The only recipients of personal data collected by Ciril GROUP are its staff and its potential processors, acting in this case under the authority of Ciril GROUP. For more details on the recipients of personal data for a precise processing, this recipient is indicated in the record of processing activities of Ciril GROUP. Whatever the hypothesis, people concerned by the processing of Ciril GROUP are informed of these recipients according to legal term in this matter.
Transfers of personal data to a third country
In the event that a transfer of personal data to a third country would be considered, Ciril GROUP makes sure that this transfer is allowed by one of the legal hypotheses of the European GDPR (standard contractual clauses, binding corporate rules, etc.).
Processing of minor of 15 years
If Ciril GROUP is required to process data from minors under 15 years of age, Ciril GROUP is committed to apply adequate lawful measures, including in matter of receiving the consent of their parents or of the person having parental authority. Nevertheless, Ciril GROUP reminds you that its offers are addressed to professionals and, as such, Ciril GROUP doesn’t process deliberately data relating to minor under 15 years of age. Thus, if Ciril GROUP learns that a minor under 15 years of age has submitted personal information to it, without the methods described above being implemented, Ciril GROUP will immediately delete this data from its database.
Contact details of the data protection officer
For more precision about this privacy policy, Ciril GROUP's Data Protection Officer by post by writing to his attention at the company's registered office at "Ciril GROUP - 49 avenue Albert Einstein - BP 12074 - 69603 Villeurbanne - France" or by e-mail at
Modification of data protection and cookie management policies: Ciril GROUP reserves the right to modify or update these statements at any time without notice.
Last updated: May 28, 2018.