Preamble
The TeamWork Group (hereinafter, “we”, “us”, “our” or “TeamWork”) is committed to ensuring that the processing of personal data carried out on its website www.teamwork.net complies with the General Data Protection Regulation (GDPR) and the French Data Protection Act (Loi Informatique et Libertés).
The purpose of this policy is to provide you with clear and transparent information about the processing of your personal data.
1.1 Synthesis
We only use your data to manage your browsing and interaction with our website and its services and have no strategy to re-use your data in any way. Thus, we never sell your data or make them available to third-party partners, except, if necessary, to the authorities or to our Group’s entities.
Your data will be deleted in accordance with the requirements of the GDPR.
1.2 Collection of personal data
Privacy policy and data protection keywords
- GDPR: General Data Protection Regulation” frames the processing of personal data on the territory of the European Union. It follows on from the French Data Protection Act of 1978, and strengthens citizens’ control over the use that can be made of data concerning them. It harmonizes rules across Europe, providing a single legal framework for professionals. It enables them to develop their digital activities within the EU on the basis of user trust.
- LIL: Law no. 78-17 of January 6, 1978 on data processing, data files and individual liberties, better known as the Data Processing and Individual Liberties Act, is a French law that regulates the free processing of personal data.
- CNIL: Commission nationale de l’informatique et des libertés de France is an independent French administrative authority. The CNIL is responsible for ensuring that information technology serves the citizen and does not undermine human identity, human rights, privacy or individual or public freedoms.
- Personal data: any information relating to an identifiable person, directly or indirectly.
- Sensitive personal data: race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade-union membership, information concerning the data subject’s state of health, and genetic and biometric data. In some countries, the social security number may be considered sensitive personal data.
- Treatment processing: any operation performed on personal data by any means (such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, communication by transmission, dissemination or otherwise making available, alignment or combination, limitation, erasure or destruction).
- Lawfulness of processing: data may only be processed lawfully. The GDPR provides, among other provisions, that the processing of data on the basis of the data subject’s consent, in connection with the conclusion, performance and termination of a contract, for the purposes of fulfilling a legal obligation, in the public interest, based on a vital interest, or based on legitimate interests, is lawful.
- Data controller: an individual, organization or public authority exercising overall control over the motives and methods of a data processing activity. It is the responsibility of the Data Protection Officer to ensure compliance with the GDPR.
- Data Protection Officer (DPO): a person with specialist knowledge of data protection law and practice, who works alongside the data controller to monitor internal compliance with the RGPD. The DPO informs and advises TeamWork and its employees about their rights and obligations.
- Data recipients: natural or legal persons, public authorities, agencies or other bodies, whether third parties or not, to whom personal data is communicated. However, public authorities likely to receive personal data as part of a specific investigation will not be considered as data recipients.
- Data subject: any person who can be identified, directly or indirectly, by means of an identifier (e.g. name, identification number or location data) or one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
- Consent: free, specific, informed and unequivocal agreement. Consent covers only the processing of data carried out for the specific purposes set out in this charter; any processing for distinct purposes will require an additional specific expression of consent.
- Automated individual decision-making: decision based solely on technological means using personal data without human intervention.
- Personal data breach: a security violation resulting in the accidental or unlawful destruction, loss, alteration or unauthorized disclosure of personal data.
- Transfer of personal data: Any communication, copy or movement of personal data intended for processing in a country outside the European Union.
YOUR PERSONAL DATA
As a general rule, you can visit our website without providing any personal data about yourself. However, in order to access certain parts of our websites and/or to enable you to request specific information or services, certain personal data concerning you may be collected for the purposes described below.
2.1 Who is responsible for processing your personal data?
TeamWork is the data controller and has choices regarding the use and storage of your personal data in accordance with the legislation governing the protection of personal data.
2.2 Why do we process your personal data?
- Studies, surveys and tests
- Mailing campaigns (newsletters, information, webinars, white papers, news, etc.)
- Conduct satisfaction surveys to improve our services
2.3 Why do we collect your data (purposes) and on what legal basis?
We collect your data to carry out the following activities:
Goals | Legal fundamentals |
Respond to any requests, inquiries or investigations you may submit to our website | Legitimate interest |
Conduct satisfaction surveys for mailing campaigns (newsletters, information, webinars, white papers, news) | Obtaining consent |
Allow you to connect to certain restricted areas of our website | Obtaining consent |
Manage your browsing and interactions on the website | Obtaining consent |
For recruitment purposes, when you submit a resume or job application online. | Legitimate interest |
Global statistics on website use | Obtaining consent |
2.4 Where is your personal data stored?
The data collected is stored at our partner Microsoft’s data centers in France.
2.5 What personal data is collected?
The personal data collected is as follows:
Essential for operation | Recommended for a better user experience |
– First and last name – Browsing data (usage statistics) – Connection data (IP address, date and time) | – Profile picture – Phone number – Biography – Organization – Title / Function – LinkedIn Profile – Profile X (Twitter) |
2.6 Exclusion of sensitive data :
“Sensitive” data are those revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data or sexual orientation. We do not collect any sensitive data about you.
2.7 Contact details for the Data Protection Officer (DPO)
Our Group DPO, Mr Philippe DUBY, has been appointed to ensure compliance with this data protection policy. If you have any questions about this policy or the way in which we manage your personal data, or if you wish to exercise your rights, please contact us at the following e-mail address: dpo@teamwork.net .
2.8 Data retention period
You will find below the main retention periods for your data.
We will only keep your personal data for as long as is necessary to achieve the purposes for which it was collected and in accordance with the legal provisions in force.
In order to determine the appropriate retention period, we take into account the amount and nature of the personal data, the potential risks of unauthorized use or disclosure, the purposes for which we process your personal data and whether these purposes can be achieved by other means, as well as any applicable legal requirements. The data collected will be kept for as short a time as possible, consistent with the maintenance, understanding and improvement of our website and our obligations under applicable law.
Data category | Goals | Data retention periods |
Contact data | mailing campaigns (newsletters, information, webinars, white papers, news) | Until withdrawal of consent or 3 years from the last contact from the prospect |
Where applicable, the data collected during the exercise GDPR rights (Copy of ID) | Management of the file of persons exercising their right of access, reification, deletion, limitation and opposition | 12 months |
2.9 Who has access to the data?
Access to your data | Explanation |
TeamWork Group | Only duly authorized recipients may access the information strictly necessary for their activity, within the framework of our logical and physical access policy. |
TeamWork’s partners | TeamWork uses third-party service providers to contribute to the operation and improvement of the site, in particular for site hosting, maintenance, e-mail dispatch, usage statistics for the creation of reports, platform research, observation of security events, survey activities, etc. |
Competent authorities | Your personal data may be disclosed to the authorities in application of a law, regulation or by virtue of a decision by a competent regulatory or judicial authority. |
Social networking | If you interact with third-party elements, for example by clicking on the “Like” button or leaving a comment, the corresponding information will be transmitted to the social network and published on your profile. |
2.10 Your rights regarding your personal data
It is important that the personal data we process about you is up to date and accurate. You are obliged to inform us of any changes to your personal data that occur during your working relationship with us.
— | What can you ask for? |
Right to information | You have the right to be informed in a clear, transparent and comprehensible manner of any processing of your data. |
Right of access | This right entitles you to receive a copy of the personal data we hold about you, and to receive any information concerning the processing of such data. |
Right of rectification | You have the right to have your data corrected if it is incomplete or inaccurate. |
Right to erasure Right to be forgotten | This right allows you to request the deletion of your personal data when one of the following reasons applies: – The data are no longer necessary for the purposes for which they were collected; or – You have withdrawn your consent (when data processing is based on consent); or – Following a successful opposition request; or – The data has been processed unlawfully. Please note that your right to erasure/right to be forgotten may be subject to limitations in several cases (e.g. exercise of the right of expression and information, compliance with a legal obligation, public interest in the field of public health, processing for archival/statistical/scientific or historical research purposes, or for the establishment, exercise or defence of legal claims). |
Right to object to processing | You have the right to object at any time, for reasons relating to your particular situation, to the processing of your personal data on the basis of our legitimate interests. We will then no longer process this data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. |
Right to restrict processing | You have the right to request the restriction of the processing of your personal data in the following cases: – Where the accuracy of your personal data is disputed, to enable us to verify its accuracy; or – If the processing is unlawful, but you do not wish your personal data to be deleted; or – When your personal data is no longer required for the purposes for which it was collected, but is still necessary for us to establish, exercise or defend a legal claim; or – When you have exercised your right to object, and verification of a compelling reason is underway. |
Right to portability | You may ask us to provide you with your personal data in a structured, commonly used and machine-readable format, or to transfer it to another data controller, subject to the following cumulative criteria: – Where processing is based on your consent or on the performance of a contract binding us; – When processing is carried out using automated procedures. Your portability request will be analyzed on a case-by-case basis. |
Right to withdraw consent | You may withdraw your prior consent to processing based on this consent at any time. Upon receipt of notice of withdrawal of your consent, we will cease to process your information for the purposes for which you originally gave your consent, unless we have another legal basis for doing so. |
Right to lodge a complaint with a supervisory authority | If you are not satisfied with the way your personal data has been processed, you can contact the DPO. If you consider this exchange unsuccessful, you have the right to lodge a complaint with the main supervisory authority. In France, you can contact the Commission Nationale de l’Informatique et des Libertés (CNIL), 3, place de Fontenoy – 75007 Paris, using the form available at the following address: www.cnil.fr/fr/plaintes. |
2.11 Exercising your rights regarding your personal data
You can exercise the rights mentioned above either by post or by e-mail addressed to our DPO, whose contact details can be found in the Section (DPO contact details).
To ensure that your personal data is not disclosed to any unauthorized person, please enclose a copy of your identity card with your request.
There is no charge for exercising your rights. However, we reserve the right to charge a reasonable fee, based on administrative costs, for any request that is manifestly unfounded or excessive.
We will respond to your request as soon as possible and, in any event, within one (1) month of receipt of the request. In certain cases, this period may be extended to two (2) months, in which case we will inform you within one (1) month of receipt of the request.
However, we reserve the right to refuse your request if it proves unfounded or excessive.
2.12 Transfer of your personal data
Although our website is hosted in France, TeamWork is a multinational group present on several continents. Data transfers between subsidiaries located outside the European Union are legally governed by Binding Corporate Rules (BCR), which guarantee compliance with our obligations in terms of personal data protection:
- Strict confidentiality of personal data, which may only be disclosed in accordance with BCR requirements; and
- Access to personal data is restricted to those members of staff who legitimately require it in order to fulfil their contractual obligations.
2.13 Safety measures
As data controller, TeamWork implements appropriate technical and organizational security measures to protect your personal data against alteration, accidental or unlawful loss, use, disclosure or unauthorized access.
2.14 Modifications to this policy
We reserve the right to modify this policy at any time to reflect changes in legal requirements and our human resources processes. You will be notified of any significant changes to this policy before they take effect, as well as the opportunity to exercise your rights.
If you have any questions about this privacy policy, please contact the Group DPO, whose contact details can be found in the Section (DPO contact details).
Cookies
3.1 What is a “cookie”?
A “cookie” is a set of information stored in a small file, generally of a small size and identified by a number.
A “cookie” is a small alphanumeric file stored on your computer terminal (or smartphone/tablet/mobile phone, etc.) when you browse a site. A cookie doesn’t necessarily contain your name or e-mail address; it’s more like your browser’s ID card, recording your use of a website.
3.2 Type of cookies
Depending on the function of the cookies and the purpose of the data obtained, a distinction is made between :
- Essential (or technical) cookies: technically essential for browsing the site (to move around, use its basic functions and secure your connection) and for providing the service.
- Functional (or personalization) cookies: improve your browsing experience on the website and enable us to offer you personalized functionalities, such as a personal welcome and the recording of your preferences (language or region).
- Analysis (or performance) cookies: enable tracking and statistical analysis of the user(s) of the Site to which they are linked (most viewed pages, error messages, overview of site traffic, origin of traffic and pages visited, etc.). The aim is to improve your user experience and to perfect the way our site works so that you can find what you are looking for intuitively.
Our LMS uses several types of cookies for the following purposes:
Internal cookies | Type | Use |
Google analytics | Analysis | When browsing our site for audience analysis purposes |
Salesforce | indispensable | Technical use of the Salesforce environment |
3.3 Do I have to give my consent?
The installation of certain cookies is subject to your consent, when their sole purpose is not to enable or facilitate navigation or when they are not strictly necessary for the provision of services or the management of your orders. Therefore, when you first visit the site, you will be informed by a banner that if you continue browsing, you accept the installation of these cookies on your equipment. A cookie will be installed to remember your choice.
Please note, however, that if you delete this cookie your consent will be requested again.