PERSONAL DATA
AND CONFIDENTIALITY

GENERAL TERMS OF SERVICE (GSC) RELATING TO PERSONAL DATA AND CONFIDENTIALITY

 PERSONAL DATA

I - Personal data of third parties

In order to carry out the order, and in a general way during its various exchanges with the Client, the TRADUTEC GROUP, hereinafter the GROUP, may receive communication of personal data from third parties, hereinafter the Data.

This Data may be included in the documents to be translated, or in any other document communicated by the Client. The Data may relate to any natural person and may be of any nature such as: surname, first name, age, profession, address, telephone number, etc. Some of this Data may be particularly sensitive, in particular Data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, sexual life or sexual orientation, health, offences or convictions of any kind, in particular criminal.

The Customer guarantees the Group that it has obtained the valid consent of the persons whose Data are cited in the documents provided to the Group, and that it has informed them of their rights in its capacity as data controller. The Group cannot, in its capacity as a subcontractor, be held to any obligation in this respect, and its liability cannot be incurred if the processing requested by the Client is unlawful. If, as a result of the Client's actions, the Group's liability is sought on the basis of Data processing, the Client guarantees this up to the amount of the compensation required.

The Group is authorised to process the said Data on behalf of the Customer in order to carry out the following services:

• translate the documents and/or content submitted to it by the Client and/or
• legalise/affirm/certify a document entrusted by the Client and/or
• take part in an interpreting assignment and/or
• participate in any other linguistic type mission on the Client's order.

In order to carry out the said services, the Group is required to process the Data, in particular to receive, consult, modify, copy, save and/or restore the Data. In addition, as part of the execution and follow-up of the order, the Group is authorised to subcontract all or part of the Data processing to a third party of its choice, whether this third party is located in the European Union or outside the European Union. For the duration of the execution of the order, and as long as the Group remains in possession of the Data, the Group undertakes in its capacity as subcontractor:

• to communicate to the Customer on request its information systems security policy;
• implement all technical and organisational measures to guarantee a maximum level of security, taking into account the sensitivity of the Data, the risk involved and the state of technical knowledge;
• to process the Data only on the basis of documented instructions from the Customer and in accordance with such instructions, a fortiori when transferring the Data to another country of the European Union or to a third country outside the European Union;
• if one or more of the Customer's instructions could constitute a violation of the provisions of the Regulation or a violation of European Union law on personal data, inform the Customer immediately;
• to process the Data entrusted by the Customer only within the limits that will be defined by him on a case-by-case basis, in particular with regard to the purpose, nature, duration and purposes of the processing;
• assist the Client as far as possible in order to allow the persons holding the Data to exercise their rights (in particular their rights of access, rectification, deletion and opposition, their rights to limit the processing, the portability of the Data, their right not to be subject to an automated individual decision);
• inform the Customer of any incident or security flaw likely to affect the security and/or confidentiality of the Data without delay after its occurrence;
• to assist the Customer to the fullest extent possible in order to react effectively and promptly to a Data breach, including the obligation to use all means at its disposal to immediately inform the Customer of such a breach, and the obligation to cooperate with the Customer in order to inform the supervisory authority and the persons concerned, as well as the obligation to inform the Customer of the likely consequences of such a breach and the measures to be taken to remedy it;
• assist the Client, as far as possible, in the implementation of impact assessments, and in prior consultation with the supervisory authority, such assessments having the objective of determining a priori the risks that a particular processing operation may generate on the rights and freedoms of the data subjects;
• on the Client's instructions and without delay, delete the Data transmitted from all media on which they appear, keep no copies in any form whatsoever, make no use of them a posteriori and justify their destruction in writing;
• at the end of a period of 10 years from the date of execution of the order, permanently delete the Data transmitted from all media on which they appear, keep no copies of them in any form whatsoever, and make no use of them a posteriori and justify in writing their destruction, unless Union law or the law of the Member State requires the Data to be kept for a longer period;
• communicate the name and contact details of his or her Data Protection Officer (DPO), if he or she has appointed one;
• inform the Client of the existence of a register of treatments, if any;
• make available to the Client all the information necessary to demonstrate compliance with the obligations arising hereunder, and if necessary allow an audit to be carried out for these purposes, in the care of the Client or by any third party mandated by it.

 

II - Customer's personal data

In addition, in order to execute the order, and in a general way during its various exchanges with the Client, the Group may receive communication of personal data belonging to the Client's personnel (employees, staff, managers, etc.), hereinafter referred to as the Client's Data. The Client's Data may be of any nature, in particular: surname, first name, telephone number, e-mail address, etc. The Customer's Data being necessary for the execution of the order, they are collected and processed on the basis of article 6, paragraph 1, point b) of EU Regulation 2016/679 of 27 April 2016, hereafter the RGPD. The Customer's Data is collected and processed by the Group in order to :

• to process and follow up on orders;
• inform the Client of the Group's service offer in line with its needs;
• know the customer's opinion on the Group's services.

In accordance with article 6, paragraph 1, point a), the Client consents to the Group using his Data to contact him in order to inform him about its offer of services, and to know his opinion about the services rendered. The Group is responsible for processing the Client's Data. In this respect, it can be contacted by e-mail at the following address: info@tradutec.com or by post at the following postal address: 30 bis rue Émile Menier - 75 116 PARIS Customer Data is processed by the Group, its staff and its subcontractors in accordance with the purposes described above. As such, this Data may be subject to automated or partially automated processing. These Data may be transferred in whole or in part outside the European Union, and in some cases this transfer may be necessary to carry out our services. The Customer agrees that his contact details (in particular email) may be used to contact him for the purposes of completing the order, commercial follow-up and to find out his opinion on the services provided.

The Group does not sell the Customer's Data, which are only used for the proper execution of the order. During the execution of the order and as long as the Group remains in possession of the Customer's Data, the latter undertakes to :

• implement all technical and organisational measures to guarantee a maximum level of security, taking into account the sensitivity of the Data, the risk involved and the state of technical knowledge;
• to inform the Customer of any incident or security flaw likely to affect the security and/or confidentiality of the Data immediately upon its occurrence;
• inform the Customer, where appropriate, of the further processing of his Data for a purpose other than that for which the Data was collected.

By virtue of the RGPD and the law of 6 January 1978 relating to data processing, data files and liberties, the Customer benefits from the following rights subject to the conditions of exercise laid down by the texts:

• the right to access, rectify, update and delete Data when they are inaccurate, incomplete, ambiguous, out of date, or whose collection, use, communication or conservation is prohibited;
• the right to limitation of treatment ;
• the right to object to the processing ;
• the right to portability ;
• the right to lodge a complaint with a supervisory authority ;
• the right of withdrawal of consent;
• the right to define guidelines for the storage, deletion and communication of his Data after his death.
If the Customer wishes to exercise one or more of these rights, he must contact the Group by post at the following address: 30 bis rue Émile Menier - 75 116 PARIS or by e-mail at the following address: contact@groupe-tradutec.com. The Group undertakes to reply by e-mail or letter within 14 days.

For any complaint relating to the processing of your Data, the Customer may contact the Commission Nationale de l'Informatique et des Libertés (CNIL) located at 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07. Tel: 01 53 73 22 22 (Monday to Thursday from 9am to 6.30pm / Friday from 9am to 6pm). Fax : 01 53 73 22 00. In this respect, the Customer is informed that the data controller is from the Group and that the Group's Data Protection Delegate is Vincent Rivalle: 30 bis rue Émile Menier - 75 116 PARIS.

The Client's Data will be kept by the Group for the time necessary to process them for the purposes described above. If necessary for the purposes of administrative follow-up, due to legal or regulatory requirements, or for archiving purposes, this Data will be kept beyond the time necessary to achieve the above-mentioned purposes. In any event, the maximum period of Data retention is 10 years, after which the Data will be deleted.

 

PRIVACY

The Group undertakes to respect the confidentiality of Data and Customer Data. As part of its obligation of confidentiality, the Group undertakes, for as long as is necessary for the execution of the order and for 10 years beyond this, as below:

to treat the Data and the Customer's Data in a strictly confidential manner, and consequently to communicate them only to persons who must necessarily have access to them for the accomplishment of their missions, and who are themselves bound by an obligation of confidentiality of a legal or contractual nature;
not to make, under any circumstances, personal use of the Data and the Customer's Data;
to ensure the protection of the Customer's Data and Information, with the same care as it uses for the protection of its own confidential information of the same nature, and in any event by implementing an objectively sufficient level of protection.
This obligation of confidentiality does not apply to Data and Customer Data, and in general to information of any kind :

• in the public domain at the time of their communication or which became part of the public domain after their communication through no fault of any of the Parties; or
• received from a third party in a lawful manner without an obligation of confidentiality; or
• whose disclosure has been authorised by the Customer or whose disclosure is necessary for the execution of the order; or
• the disclosure of which has been imposed by a legal or regulatory provision or a court decision.

 

APPLICABLE LAW

The above provisions shall be governed exclusively by French law, both as regards their interpretation and execution. In the event of a dispute between the Parties, the Parties agree to approach each other in order to find an amicable solution. In the absence of an amicable agreement within thirty (30) days, the dispute will be brought by the most diligent Party before the French courts, which have sole jurisdiction to hear the dispute. The present provisions form an integral part of the Group's general terms and conditions of service on the date they are accepted by the Client. They cancel and replace any provision of the general conditions of service that is contrary to them.