It's a strong declaration, we admit. Dive into our privacy policy to see the foundation of our confidence.
Last Updated: Dec-09-2024
Humanlinker, which manages the www.humanlinker.com website, attaches great importance to the protection and confidentiality of your personal data, which we consider to be a guarantee of reliability and trust.
As such, our Personal Data Privacy Policy precisely reflects our desire to ensure that Humanlinker complies with the applicable rules on the protection of personal data and, more specifically, those of the General Data Protection Regulation ("GDPR").
In particular, our Privacy Policy aims to inform you about how and why we process your personal data in connection with the services we provide to you.
Our Privacy Policy applies to you, regardless of where you live, as long as you are at least 15 years old, whether you are a customer, a candidate for a position with Humanlinker, or a visitor to www.humanlinker.com.
If you are under the legal age detailed above, you are not authorized to use our services without the prior and explicit consent of one of your parents or the holder of parental authority, which must be sent to us by email at dpo@humanlinker.com.
If you believe that we are holding personal data about your children without your consent, please contact us at the dedicated address detailed above.
We process your personal data mainly for the following purposes
Your data is collected directly from you when you are a customer of our services or a "simple" visitor to our website www.humanlinker.com and we undertake to process your data only for the purposes described above.
Your personal data may also be processed indirectly in connection with trade fairs or social networks (e.g. Linkedin).
On the other hand, when you voluntarily publish content on the pages we publish on social networks, you acknowledge that you are entirely responsible for any personal information you may transmit, whatever the nature and origin of the information provided.
We have summarized the categories of personal data and their respective retention periods below:
Once the applicable retention periods have expired, the deletion of your personal data is irreversible and we will no longer be able to communicate it to you. At most, we can only keep anonymous data for statistical purposes.
Please also note that in the event of litigation, we are obliged to retain all personal data concerning you for the duration of the case, even after the expiry of the retention periods described above.
The applicable data protection regulations grant you specific rights which you can exercise, at any time and free of charge, to control the use we make of your data.
For a request to be taken into account, it must be sent directly by you to dpo@humanlinker.com. Any request not made in this way cannot be processed.
Requests cannot come from anyone other than you. We may therefore ask you to provide proof of identity if there is any doubt about the identity of the person making the request.
We will respond to your request as quickly as possible, subject to a maximum of three months from receipt if the request is technically complex or if we receive many requests at the same time.
Please note that we can always refuse to respond to any excessive or unfounded request, particularly if it is repetitive.
Your personal data is processed by our teams and by our technical service providers for the sole purpose of operating our service.
We check all our technical service providers before recruiting them, to ensure that they comply scrupulously with the rules applicable to the protection of personal data.
WE GUARANTEE THAT WE WILL NEVER TRANSFER OR SELL YOUR DATA TO THIRD PARTIES OR BUSINESS PARTNERS.
Personal data processed by our website is hosted on servers located outside the European Union. In order to protect your personal data, we scrupulously ensure that our host implements the appropriate warranties required to ensure the confidentiality and protection of your data.
We may also use technical tools located outside the European Union. If this is the case, we guarantee that they comply strictly with the applicable transfer rules in order to guarantee confidentiality and adequate protection of your personal data.
We implement all the technical and organizational means required to guarantee the security of your personal data on a daily basis and, in particular, to combat any risk of destruction, loss, alteration or disclosure.
Please note that we use cookies when you browse our website. For more information, please consult our Cookie Policy.
To best guarantee the protection and integrity of your data, we have officially appointed an independent Data Protection Officer ("DPO") to our supervisory authority.
You can contact our DPO at any time and free of charge at dpo@humanlinker.com to obtain more information or details on how we process your data.
You may at any time contact the "Commission nationale de l'informatique et des libertés" or "CNIL" at the following address: CNIL Complaints Department, 3 place de Fontenoy - TSA 80751, 75334 Paris Cedex 07 or by telephone at 01.53.73.22.22.
We may modify our Privacy Policy at any time to adapt it to new legal requirements and to new processing operations that we may implement in the future.
Certified by Dipeeo ®.
Humanlinker, located at 7 RUE MEYERBEER 75009 PARIS and registered with the Paris Register of Companies under number 889422283 (hereinafter the "Subcontractor").
And
/CLIENT/, /SOCIETE/, located in /ADRESSE/ and registered in /REGISTRE/ under number /NUMERO/ (hereinafter the "Customer")
Have come together to enter into the Data Protection Agreement (hereinafter the "Agreement") which is intended to govern the use of the Customer's personal data by the Subcontractor in connection with the Humanlinker service.
All terms relating to the applicable personal data protection regulations used in the Agreement are defined in Article 4 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR").
Under the Agreement, the Customer acts as a personal data controller and the Subcontractor acts as a data processor within the meaning of Article 28 of the GDPR (hereinafter, together, the "Parties").
The Agreement, which is an indivisible appendix to the contract signed between the Customer and the Subcontractor for the use of the Service (hereinafter the "Contract"), is applicable for the duration of the existing contractual relationship between the Parties.
In the event of any contradiction between the Contract concluded for the use of the Service and the Agreement, the obligations set forth in the Agreement shall prevail over the Contract with regard to the applicable data protection rules.
The Subcontractor declares that it complies with all applicable rules on the protection of personal data and presents all sufficient guarantees to meet the requirements of the GDPR in connection with the provision of the Service.
The Subcontractor declares that all internal and external personnel who are required to process the Customer's personal data are bound by a confidentiality clause, an information systems charter or any other binding legal document, and are regularly trained and made aware of this fact.
The Subcontractor declares that the Service has been produced in compliance with the rules of "Privacy by design" and "Privacy by default" and therefore that the Service is accompanied by functionalities enabling the Customer to comply with its obligations as data controller.
The Subcontractor undertakes to use the Customer's personal data in connection with the use of the Service only on the Customer's documented instructions.
The list of treatments carried out is detailed in the appendix or can be supplied on request.
The Subcontractor undertakes to guarantee the security of the Customer's personal data and to implement all the technical and organizational measures necessary for its Service.
All technical and organizational security measures are detailed in the appendix hereto, or are provided on request.
The Subcontractor undertakes to notify the Customer, in accordance with the obligations set out in Article 28 of the GDPR, as soon as possible after becoming aware of any personal data breach that may affect the Customer's personal data.
The Subcontractor undertakes to communicate, as soon as possible after becoming aware of it, all necessary and required information in its possession to mitigate the effects of the personal data breach suffered and to enable the Customer to take adequate safeguarding and protection measures.
Unless agreed otherwise between the Parties, the Subcontractor is not authorized to take charge of notifications of personal data breaches to the relevant supervisory authority and to inform, on behalf of the Customer, the persons concerned by the processing carried out under the Contract.
The Subcontractor shall provide the Customer, upon written request, with all necessary and required information on the technical and organizational security measures to be implemented to guarantee the security of its personal data.
The Subcontractor shall provide the Customer, upon written request, with all information necessary and required to ensure the performance of an privacy impact assesment ("PIA").
The Subcontractor undertakes to notify the Customer as soon as possible after becoming aware of any request for rights to the Customer.
The Subcontractor shall provide the Customer, upon written request, with all necessary and required information to enable the Customer to fulfil its obligation to comply with the requests of the persons concerned.
At the Customer's written request, the Subcontractor shall carry out the actions necessary for the Customer to fulfil its obligation to comply with the requests of the persons concerned.
The Subcontractor is never responsible for any use of the Service by the Customer that does not comply with the applicable rules on the protection of personal data.
The Subcontractor is not obliged to manage requests for personal rights in place of and on behalf of the Customer. Any additional request for such management may be refused and, where appropriate, an additional fee may be charged.
The Subcontractor is not obliged to ensure or audit the Customer's security, or to carry out DPAs for and on behalf of the Customer. Any additional request for information may be refused and, where appropriate, an additional fee may be charged.
The Customer accepts that the Subcontractor may recruit subsequent subcontractors as part of the performance of the Agreement provided that it informs the Customer, by any means, of any changes concerning such subsequent subcontractors occurring during the performance of the Agreement and remains responsible for the acts of the subsequent subcontractor as part of the Agreement.
The Subcontractor undertakes to recruit only subsequent subcontractors that offer the necessary and sufficient guarantees to ensure the security and confidentiality of the Customer's personal data.
The Subcontractor undertakes to monitor its subsequent subcontractors and to ensure that the contract entered into with the subsequent subcontractors used in connection with the service contains obligations similar to those set out in the Agreement.
The Customer may raise objections by registered letter with acknowledgement of receipt i) if the subsequent subcontractors is one of its competitors, ii) if the Customer and the subsequent subcontractors are in a pre-litigation or litigation situation, and iii) if the subsequent subcontractors has been convicted by a data protection supervisory authority in the year of its recruitment.
The Subcontractor has 6 months from receipt of the objection to amend the subsequent subcontractors.
The Subcontractor deletes the Customer's personal data at the end of the term of performance of the Agreement entered into in connection with the use of the Service and agrees that the Subcontractor may, where technically possible, anonymize the Customer's personal data for statistical purposes.
The Subcontractor shall certify to the Customer, upon written request, that its personal data and all existing copies thereof have been effectively deleted.
The Customer must recover his personal data before the end of the Agreement. Failing this, the Customer may no longer recover his personal data, as the deletion of personal data is irreversible.
The Customer remains solely responsible for the loss of personal data following the deletion of data at the end of the Contract.
The Customer has the right to carry out an audit in the form of a written questionnaire once a year to verify compliance with this Agreement. The questionnaire has the force of a sworn undertaking binding on the Subcontractor.
The questionnaire may be sent in any form to the Subcontractor, who undertakes to reply within a maximum of two months of receipt.
The Customer also has the right to carry out an audit at the Subcontractor's premises, at its own expense, once a year only in the event of a data breach or proven and demonstrated failure to comply with the applicable data protection rules and this Agreement.
An audit at the Subcontractor's premises may be carried out either by the Customer or by an independent third party appointed by the Customer and must be notified to the Subcontractor in writing at least thirty (30) days prior to the audit.
The Subcontractor has the right to refuse the choice of the independent third party if the latter is i) a competitor or ii) in pre-litigation or litigation with the Subcontractor. In this case, the Customer undertakes to select a new independent third party to carry out the audit.
The Subcontractor may refuse access to certain areas for reasons of confidentiality or security. In this case, the Subcontractor carries out the audit in these areas at its own expense and communicates the results to the Customer.
In the event of any discrepancy identified during the audit, the Subcontractor undertakes to implement, without delay, the necessary measures to comply with this Agreement.
The Subcontractor undertakes to take all necessary steps not to transfer the Customer's personal data outside the European Union or to recruit subsequent subcontractors located outside the European Union.
Where this concerns processing carried out under the Agreement, the Subcontractor undertakes to provide, on request, all the information necessary for the Customer to cooperate with the competent supervisory authority.
The Customer and the Subcontractor shall each designate a contact person for this Agreement, who shall be the recipient of the various notifications and communications to be made under the Agreement.
The Subcontractor informs the Customer that it has appointed Dipeeo SAS as its Data Protection Officer, who can be contacted at the following address:
The Subcontractor reserves the right to modify this Agreement in the event of changes to the applicable rules on the protection of personal data which would have the effect of modifying any of its provisions.
This Agreement is governed by French law. Any dispute arising in connection with the performance of this Agreement shall be subject to the exclusive jurisdiction of the courts within the jurisdiction of the Court of Appeal of the place where the Subcontractor is domiciled.
Certified by Dipeeo ®.
