Personal Data Protection Charter
ALC respects User (hereinafter referred to as “You”) privacy and has thus drawn up a Personal Data Protection Charter in order to inform you as clearly as possible about processing implemented regarding social support and website services (signing up for the newsletter, sending publications, surveys etc.).
This Charter complies with current regulations and especially the GDPR Regulation 2016/679 of the European Parliament and of the European Council dated 27 April 2016 on the protection of physical persons regarding the processing of Personal Data and the free circulation of data, which rescinds Directive 95/46/CE.
Generally speaking, the Organisation ALC pledges that your Personal Data shall be:
- obtained and processed loyally, legally and transparently,
- collected for predetermined, legal purposes on a basis of legitimate interest,
- used in compliance with these purposes,
- adequate, pertinent and non excessive with respect to these purposes in the respect of the data minimization principle.
The various categories of Personal Data collected by using the Services available on our website are as follows:
- ID data (especially first and last names and member number),
- Contact data (especially mailing and email addresses),
- Usage data (especially web pages visited and destinations visited),
- Connection data (especially your computer’s IP address, connection and destination logs),
- Commercial data (list of Products and Services You benefit from),
- Content data.
The various categories of Personal Data collected in order to manage hiring applications (CVs, interview reports etc.) are processed by ALC, in its capacity as Processing Officer, based on legitimate interest for the Organisation to assess the applicant’s capacity to perform the job/s they may be offered, for the time their data remains on file, as well as when needing to take measures prior to ending the work contract.
These are as follows:
- ID data of applicants (especially first and last names, photograph, date of birth, mailing address, telephone number and e-mail address),
- Professional experience, training and languages spoken.
The various categories of Personal Data collected to handle donor and potential donor relations are processed by ALC, in its capacity as Processing Officer, on the following legal basis:
Details of the purposes of processing
Monitoring donor relations (soliciting new donations, informing donors of initiatives and calls for donations, answering questions, suggesting a donor section)
Managing donations, issuing tax receipts and keeping accounting records
Charity fundraising and informing donors about the Organisation’s initiatives and needs in terms of donations
Legitimate interest of ALC in better targeting donation campaigns and identifying future donors or testators, including donations in line with the Organisation’s purpose.
These are as follows:
- Civil status: first and last names, title, date of birth,
- Name of sponsoring organisation,
- Type of organisation,
- Contacts within the organisation,
- Duties within the organisation,
- Mailing addresses,
- Email addresses,
- Telephone numbers,
- Initiatives carried out, monitoring of donor relations,
- Log of transactions and means of payment,
- Information communicated to us freely such as family composition and circumstances, financial information, donor testament wishes and those of potential donors.
Data collected is not sensitive in nature.
The Personal Data of beneficiaries and/or employees may be processed by approved staff (social workers, administrative staff, HR and operating support) at ALC and other approved partners.
Should these recipients process your Personal Data outside the European Union, transfers shall take place in compliance with the Regulations.
Concerning donor and potential donor data, some Personal Data may be shared with some of our support service providers, working with ALC to:
- Conduct and monitor donation campaigns,
- Host our donor relationship management software and online donation form,
- Host our website.
Personal Data is collected for the following purposes:
- Social support of Users,
- Managing User requests,
- Managing User opinions,
- Managing newsletter subscriptions,
- Managing hiring and internships,
- Planning HR development initiatives,
- Managing human resources,
- Managing donor relations (soliciting new donations, informing them of initiatives and calls for donations),
- Managing donations and issuing tax receipts,
- Charity fundraising and information on initiatives and donation needs.
ALC hereby pledges that you shall enjoy the right to access, rectify, delete, exercise portability of, limit, oppose and define directives regarding the use of your Personal Data following your death further to a request sent by mail or email to ALC, as Processing Officer (your requests shall be processed within one month at most).
The rights defined in this article may be exercised by writing to the Data Protection Officer (DPO) by mail at this address:
ALC – Ref. DPO – 2, Avenue du Dr E. Roux – l’Octogone – 06200 NICE, France.
The right to rectify may also exceptionally be sent by email to the following address: firstname.lastname@example.org .
Furthermore, in the event of ALC failing to comply with its obligations regarding current legislation/regulations, you have the right to file a claim with the French Commission for Data Protection and Liberties (CNIL).
Should you exercise your access rights, your Personal Data shall communicated in all confidentiality to you only. For your access request to be fulfilled, you will have to send the elements needed to identify you, namely, a written sworn statement in which you declare that you are indeed the owner of said Personal Data along with a photocopy of your ID.
KEEPING PERSONAL DATA ON FILE
ALC only keeps your Personal Data for the time needed to accomplish the purposes mentioned above and to fulfil our legal obligations.
For candidates in a hiring process
Personal Data relative to hiring are kept on file for twenty-four (24) months after the last time ALC contacted the applicant.
For those benefitting from ALC services
The time your Personal Data is kept on file depends on the support. This time is specified in the internal records charter. ALC hereby agrees not to keep your Personal Data on file beyond the time needed to supply a service, and thus your availing yourself of the service, plus record-keeping time imposed by legal provisions for the applicable rules.
For donors and potential donors
We make sure not to keep records of your Personal Data any longer than the time needed for the purposes set forth here, or in compliance with applicable law.
Active donors: Records may be kept in the active database for 10 years starting from the last donation or expression of renewed interest. Records are then anonymised and kept on file for analysis and statistics. People having forbidden any communication with ALC shall be excluded from mailings at the client’s request for GDPR reasons, and data needed to identify them (email address, first and last names and mailing address) shall be kept on file.
Prospective and active testators: Records may be kept in the active database through to execution of the testament and on file without any limitation in time, since the GDPR excludes the deceased in the processing of Personal Data, unless the testator designates a person to manage their right to oblivion. Should the testator inform ALC of a change of mind, they shall be deleted. People having forbidden all communication with ALC shall be excluded from mailings at the client’s request for GDPR reasons, and data needed to identify them (email address, first and last names and mailing address) shall be kept on file.
Potential donors: Records may be kept in the active database for six years starting from the time of data input or expression of renewed interest. They are then deleted, except for the people having forbidden all communication with ALC. Their data shall be excluded from mailings at the client’s request for GDPR reasons, and data needed to identify them (email address, first and last names and mailing address) shall be kept on file.
PROTECTION OF PERSONAL DATA
ALC undertakes to take all necessary measures in order to ensure Personal Data security and confidentiality and especially to prevent said data from being damaged, deleted or accessed by non-approved third parties.
Furthermore, in the event of a security incident affecting your Personal Data (destruction, loss, alteration or divulgation), ALC undertakes to notify violations of Personal Data, especially to the French Commission for Data Protection and Liberties (CNIL) as required by law.
There are two types of cookies on the ALC website:
- temporary cookies, which remain in your browser’s cookie file until you exit the website,
- persistent cookies, which remain much longer in your browser’s cookie file (the length of time depends on the cookie’s lifetime).
Temporary cookies are used:
- To help you transfer information from one page to another on our site without having to type it again,
- To help you access sign-up information on file.
Persistent cookies are used:
- To help us identify you as a visitor (using a non-personal number) when you come back to our website,
- To compile anonymous statistics to help us understand how visitors use our website and help us improve its structure (we cannot identify you personally in this way).
You may modify your browser settings to view and accept or refuse the list of cookies used on the website. You do risk losing some interactive website functions should you refuse certain cookies.
An alert message, in the form of a banner, asks all website users whether they accept cookies.
Users going to the home page or any other website page via a search engine shall be informed:
- Of the specific purposes of the cookies used,
- That you may refuse these cookies by clicking on a link in the banner,
- And that you may continue to browse by accepting cookies on your device.
The banner only disappears once the User has given their free, informed, unequivocal consent.
You may delete and block all cookies from the ALC website, by modifying the browser setting that lets you refuse some or all cookies. Bear in mind that if you do decide to block cookies on your browser, parts of our website may not work properly.
COMMUNICATING PERSONAL DATA
ALC shall refrain from sharing or divulging your Personal Data, except in the following cases:
- When you have given ALC permission to do so,
- When ALC needs to share your Personal Data with service providers, especially technical service providers, for you to be able to use the website and/or for us to provide you with information you have requested (storage of Personal Data on our server hosted by our service provider),
- When required by law or by a legal authority.
ALC makes every best effort to protect your Personal Data from any form of damage, loss, leakage, intrusion, divulgation, alteration or destruction, especially by:
- Using an entry control point for sites and sensitive premises,
- Protecting sites and premises with an alarm,
- Restricting access to administrative and website data to approved people only,
- Setting up preventive and curative security procedures and checks for managing security incidents.
ALC employees who need access to your Personal Data to perform their duties shall exercise strict confidentiality while processing said data.
All capitalised terms are used in the sense given below.
- “Confidentiality and Personal Data Protection Policy” and “Policy” designate this Policy describing the measures taken to process, exploit and manage your Personal Data and your rights as the person affected by the processing,
- “Personal Data” designates all information about you and that identify you, whether directly or indirectly,
- “Processing” designates any operation or set of operations applied to your Personal Data,
- “Processing Officer” designates ALC, which processes your Personal Data,
- “Violation of Personal Data” designates a security violation, leading to the accidental or illegal destruction, loss, alteration, divulgation or non-authorised access to your Personal Data,
- “Recipient” designates the organisation department, approved external partner or the service provider company which can access your Personal Data given their data processing role (e.g. web agency)