1. General Provisions
FIVES attaches the utmost importance to the protection of personal data as well as compliance with legal and regulatory obligations in this area.
FIVES determines the purposes and means of all the processing of personal data and therefore acts as controller in accordance with the regulations applicable to personal data and in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation “GDPR”).
2. Definitions and personal data collection
"Personal data" is defined as any information relating to a directly or indirectly identified or identifiable person, in particular by reference to an identifier such as a name, first name, email address, IP address, etc.
"Personal data processing" is defined as any operation or collection of operations carried out with or without the use of automated procedures and applied to data or collections of data of a personal nature, such as collection, recording, organizing, storing, modification, consultation, use, distribution, deletion, destruction, etc.
A "purpose" is defined as the aim pursued by the implementation of processing, the reason for which the data are collected.
Applying a transparent approach, personal data are collected and processed in a fair and lawful manner. The collected data are suitable, relevant and not excessive in relation to the purpose for which they are collected.
3. Purposes of processing and legal bases
To realize its business, FIVES collects data from customer contacts for the purposes of customer management and business relationship monitoring, FIVES collects data from prospect contacts for commercial prospecting purposes, FIVES collects data supplier contacts for the purpose of managing the business relationship.
On its online recruitment platform, FIVES collects candidate data for recruitment management purposes.
The processing of data carried out by FIVES is based on the legal basis of the performance of a contract, pre-contractual measures or the legitimate interest of FIVES. As part of the commercial prospecting activities, FIVES ensures compliance with the consent of customers and prospects.
Personal data collected by FIVES are not used for purposes other than those described above.
4. Categories of data processed
The third-party contact data collected by FIVES is mainly identification data (first name, first name, professional email address, professional telephone numbers, business address) necessary to monitor the commercial relationship between FIVES and its partners.
As part of the management of applications and recruitment, the following categories of data are collected by FIVES: identification data (name, surname, email address, telephone number) data relating to working life (CV and cover letter).
5. Duration of storage
The data thus collected by FIVES are kept for a limited period of time depending on the purpose of the processing, the regulatory obligations or the recommendations of the supervisory authorities.
The data relating to the management of the commercial relationship are kept for a maximum of 5 years after the end of the commercial relationship for the customers and 3 years after the last contact for the prospects.
Data on the management of applications are deleted after 2 years for applications that have not resulted in recruitment.
6. Recipients of personal data
The data collected is intended for the internal services of FIVES as controller in charge of the data processing.
The collected data may be transmitted to partners or subcontractors as processors involved in the data processing.
The personal data collected is not subject to any communication to third parties for the purposes of commercial prospecting without the consent of the person concerned. FIVES does not sell personal data to third parties.
7. Data transfers
The collected data may be transferred to a country outside the European Economic Area (EEA). In this case, FIVES ensures that the transfer is framed by appropriate legal safeguards.
8. Data Protection Officer
The FIVES Group has freely chosen to appoint a Data Protection Officer (DPO) to ensure compliance with the regulations on the protection of personal data by the Group companies concerned.
9. Data security
FIVES places great importance on the confidentiality and security of data and puts in place technical and organizational measures to protect the personal data it collects and / or processes against any loss, destruction, alteration, access or unauthorized disclosure.
10. Rights of the data subject
Any data subject has a right of access, to rectification, to erasure, to object, to restriction of processing, to data portability.
- Right of access to data: the data subject may request directly to FIVES information about data and processing affecting them;
- Right to rectification: if FIVES is holding obsolete or incorrect data, the data subject may request the rectification of incorrect, incomplete, ambiguous or expired data;
- Right to erasure (right to be forgotten): the data subject may ask FIVES to delete their personal data if they are not necessary or for any other reason stipulated in law;
- Right to object to use: the data subject may object, at any time and no cost, to processing of their data, pursuant to legal provisions and particularly when their data are processed for direct marketing purposes.
- Right to restriction: the data subject also has the right to limit the processing of their data pursuant to legal provisions.
- Right to data portability: the data subject has the right to receive their personal data in a structured, commonly used and machine-readable format (this right applies only to cases where the personal data is provided by the user and processed with their consent or for the execution of a contract).
Finally, the user has a right of decision over the disposal of their data post-mortem.
These rights can be exercised, provided that the person justifies their identity, on simple written request sent by e-mail to the following address DPO@fivesgroup.com or by post to the Data Protection Officer at the following address: Fives, 3 Rue Drouot, 75009 Paris.
The data subject has the right to lodge a complaint with the supervisory authority of his country.
In France, the supervisory authority is the “Commission Nationale Informatique et Libertés (CNIL)” reachable online on www.cnil.fr/fr/plaintes or by mail at the following address: 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07.
The contact information of the European supervisory authorities of the countries in which FIVES operates is available here bellow.
European supervisory authorities
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BFDI)
Address : Husarenstr. 30 - 53117 Bonn
Phone : +49 (0)228-997799-0
Address : Drukpersstraat 35, 1000 Brussel
Phone : +32 (0)2 274 48 00
Commission Nationale de l’Informatique et des Libertés (CNIL)
Address : 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07
Phone : +33 (0)1 53 73 22 22
Garante per la protezione dei dati personali (Il garante)
Address : Piazza Venezia 11 – 00187 Roma
Phone : +39 06 6967 71
Address : Postbus 93374 - 2509 AJ DEN HAAG
Phone : +31 (0)70-8888-500
Information Commissioner's Office (ICO)
Address : Information Commissioner’s Office, Wycliffe House, Water lane, Wilmslow, Cheshire, SK9 5AF
Phone : + 44 (0)303 123 1113