To ensure that the act4Posidonia platform functions properly, it is required to implement and operate personal data processing. The purpose of this policy is to comply with the obligation to provide information and to remind you of your rights regarding personal data.
2. LEGAL BASIS
All the processing implemented by act4Posidonia platform under this policy have as legal basis the consent or legitimate interest
We process your personal data for the following purposes:
• Execution and monitoring of our contracts
• Execution and monitoring of our services
• Services improvement and surveys
• Production of statistical statements
Your data is sent to internal or external recipients as follow.
The internal recipients are under the responsibility of the Sea and Coast Service – Region SUD, which acts as contact service.
External recipients are our technical service providers (who manage the platform) or our European partners (subcontractors for example)
5. LENGTH OF DATA STORAGE
Your data is processed for a limited period of time, which we determine in light of the legal and contractual constraints that weigh on us and, failing that, according to our needs. The following principles are retained:
Contact data : kept for 3 years from the last contact exchange
6. YOUR RIGHTS
You have the following rights regarding your personal data:
• A right to request confirmation that data about you is being processed, to access that data and to request a copy of it
• A right to have any data concerning you corrected if it is incorrect or obsolete
• A right to have your data erased if you object to its processing for commercial prospecting purposes
• A right to obtain the portability of your data when the processing is based on the performance of a contract, when you yourself have provided your data to our company and its processing is automated
The request to exercise your rights must come from you exclusively, be accompanied by your ID and be formulated in writing to the marketing manager.
We implement technical and organizational measures that we consider appropriate to combat the unauthorized destruction, loss, alteration, or disclosure of your data.
In the event of a data breach, we undertake to notify the French data protection authority - CNIL - under the General Data Protection Regulation - GDPR.
If the breach poses a high risk to our contacts, we undertake to inform those concerned and to provide them with the necessary information and recommendations.