Ciril GROUP is a software publisher and a Cloud hosting services provider. Ciril GROUP considers that the processing of personal data is at the heart of its activity and that of its customers who use its solutions.
The purpose of this personal data protection policy is to provide the persons concerned by Ciril GROUP's data processing operations with useful information about their methods. Below is a brief presentation of the principles that guide the development of each of the company's personal data processing operations.
Lawfulness of processing
Before the implementation of each personal data processing, GROUP reflects on the basis of these operations, giving as much priority as possible to the consent of the persons concerned. Personal data processing led by Ciril GROUP is therefore based on one of the possibilities offered by the regulations on personal data, namely:
- the consent of the data subject,
- the performance of a contract between Ciril GROUP and this person,
- the compliance with a legal obligation,
- the protection of the vital interest of a person,
- the performance of a public interest mission,
- the legitimate interest of Ciril GROUP.
Respect for rights of data subjects
Exercise of your rights
In matter of applications about health data hosted by Ciril GROUP, please prioritary contact the controller of this processing (in most cases, their health establishment or their attending physician). Failing this, please contact Ciril GROUP’s doctor : Docteur Wilfrid ECUER, 48 route de Lyon, 38300 Domarin, France.
In order to allow Ciril GROUP’s DPO to verify your identity, which is a legal obligation according to article 12 of the European GDPR and to section 3 of the French Data Protection Act "loi informatique et libertés", your applications must be signed and be send with appropriate proof of identity. In order to facilitate the consideration of, and response to, your request, you are invited to specify which pieces of data or data processing operations your request is related to, as well as the context of your request (type of relationship with Ciril GROUP, ex. supplier, customer, partner, etc.). Information provided in this case will be kept for 5 years for probative reasons. Data subjects can exercise their rights of access, rectification, opposition, limitation on legitimate grounds and portability by the means previously exposed.
Information of data subjects
Before each data processing controlled by Ciril GROUP, you are informed by an explanatory notice provided by the General Data Protection Regulation. This notice mentions, among others:
- the identity and the contact details of the controller,
- the contact details of its data protection officer,
- the purposes of the processing,
- the basis of the treatment,
- the recipients of the personal data,
- the existence of a data transfer outside the European Union,
- the rights of the persons concerned by the processing,
- the existence of automated decision-making.
Moreover, Ciril GROUP takes appropriate measures to inform the persons concerned by its data processing operations.
Purpose of processing
Ciril GROUP ensures that the purposes of the processing that the company implements are determined and legitimate. So that, data collected by Ciril GROUP are only processed within the strict limit of the purpose determined before their processing. In no case Ciril GROUP process them in other purposes.
Data retention period
Once the purpose of the processing has been determined, it allows to determine the period for which personal data will be stored. This period is determined either on a case-by-case at the end of a specific reflection lead on this subject or according to instructions of the French CNIL or to other statutory time limits. At the end of this retention period, data is deleted or, depending on the case, stored for evidentiary purposes. In such hypothesis, periods for which personal data will be stored are based on the statutory limitation periods.
According to principles of proportionality and of minimization of collected data provided by article 5 of the European GDPR, only adequate and relevant data necessary to the purpose of the processing are processed.
Security and confidentiality
Physical, logical and organisational security measures are implemented to grant the security of data processed by Ciril GROUP.
When hosted internally, the data processed by Ciril GROUP benefits from the high level of security guaranteed by its ISO 27001:2013 certified datacenter. The ISO 27001:2013 certification is recognized as the highest standard in the world in terms of Information Security Management Systems (ISMS). Moreover, all of the Ciril GROUP staff intervening in a personal data processing is also submitted to a rigorous non-disclosure agreement.
Finally, before choosing its processors, Ciril GROUP looks after the fact that their guarantees are sufficient in matter of security and confidentiality.
Recipient of personal data
The only recipients of personal data collected by Ciril GROUP are its staff and its potential processors, acting in this case under the authority of Ciril GROUP. For more details on the recipients of personal data for a precise processing, this recipient is indicated in the record of processing activities of Ciril GROUP. Whatever the hypothesis, people concerned by the processing of Ciril GROUP are informed of these recipients according to legal term in this matter.
Transfers of personal data to a third country
In the event that a transfer of personal data to a third country would be considered, Ciril GROUP makes sure that this transfer is allowed by one of the legal hypotheses of the European GDPR (standard contractual clauses, binding corporate rules, etc.).
Processing of minor of 15 years
If Ciril GROUP is required to process data from minors under 15 years of age, Ciril GROUP is committed to apply adequate lawful measures, including in matter of receiving the consent of their parents or of the person having parental authority. Nevertheless, Ciril GROUP reminds you that its offers are addressed to professionals and, as such, Ciril GROUP doesn’t process deliberately data relating to minor under 15 years of age. Thus, if Ciril GROUP learns that a minor under 15 years of age has submitted personal information to it, without the methods described above being implemented, Ciril GROUP will immediately delete this data from its database.
Contact details of the data protection officer
Cookies are text files dropped off on your computer and used by internet sites to send information to your browser, information that allow you, for example, to determine your language choice, to use some social features, to play videos or to login to your session.
Overall, cookies dropped off when you are visiting Ciril GROUP’s website can be stored either for the period of your visit or, at most, for a period of 13 months. Some cookies, in particular Google Analytics’ cookies, can’t be dropped off on your computer without your consent.
To delete a cookie, you can, at your choice, either delete all cookies on your computer (however, this may affect your browsing on other sites) from your Internet Explorer™, Safari™, Chrome™, Firefox™, Opera™ browser (deletion procedures being detailed for each of the browsers in question in previous links), or delete only the cookie in question. To delete only this cookie, the process can be more complex because according to your browser and its parameters. You may need to access to the developer menu of this last (F12 key), then the cookie menu to, finally, delete the unwanted cookie.
Cookies dropped off your computer when you are visiting Ciril GROUP’s websites are as follows:
Google Analytics: This cookie, named _ga, is dropped off your computer if you consent it. It is used to measure our site's audience and expires automatically after 12 months.
To refuse the deposit of this cookie, two methods exist:
1/ You can click on « refuse » in the banner displayed at your first connexion. Indeed, by clicking on « refuse », another cookie « _jbcookies » notifies that you are opposed to the deposit of Google Analytics’ cookies. To change your choice to consent or to refuse this cookie, you can delete this cookie « _jbcookies » then refresh the page of the Ciril GROUP website (F5 key).
2/ If you’re using Google Chrome™, you can also download a Google Analytics opt-out browser add-on. In general, your browser also allow you to manage your cookie preferences. All information on this point are available in the support documents of your browser (Internet Explorer™, Safari™, Chrome™, Firefox™, Opera™).
Jbcookies: As previously stated, this cookie is necessary to allow you to record your objection or consent to the audience measurement cookie. This cookie is kept for 12 months. You can delete it to modify your choice according to the process previously exposed. If you do not delete it, this cookie will be dropped again on your computer when you will visit our websites after these 12 months.
Session and interface personalisation cookies: These cookies allow you, for example, to authenticate yourself, to use a multimedia player, as Youtube™, to save your language preferences, etc. Session cookies are stored only the time of your visit of our websites. The others expire in all cases at the latest 13 months after their deposit.
Modification of data protection and cookie management policies: Ciril GROUP reserves the right to modify or update these statements at any time without notice.
Last updated: May 28, 2018.