Personal data protection policy
- What is the purpose of this policy?
In accordance with the General Data Protection Regulation n°2016/679 and the French Data Protection Act of January 6, 1978 in its latest version, the purpose of this personal data protection policy is to inform you of all the processing activities carried out on your personal data on the website accessible at the address https://theblunomy.com/.
- Who is the data controller?
The data controller for the processing of Personal Data on the https://theblunomy.com/ is BLUNOMY, SAS, registered in the PARIS Trade and Companies Register under number 919 971 564, for which the head office is located at 17-21, Rue Saint-Fiacre 75002 - PARIS - France.
The following terms shall have the following meanings, in the plural or singular:
"BLUNOMY" or "we" or "us": refers to the company BLUNOMY ;
"Personal Data": means any personal data within the meaning of Article 4 of the GDPR;
"CNIL": refers to the National Commission for Information Technology and Liberties (“Commission nationale de l’informatique et des libertés”);
"GDPR": refers to the General Data Protection Regulation No.2016/679 of 27 April 2016 ;
"French Data Protection Act": refers to the Act No.78-17 of 6 January 1978 on Information Technology, Data files and Civil liberties (“Loi informatique et libertés”), in its latest version ;
"Applicable Regulations": means the GDPR and the French Data Protection Act.
- What Personal Data is processed and under what circumstances?
BLUNOMY collects, via the Website, the following categories of data:
- Data communicated via email to contact BLUNOMY (e.g. name, surname, company name, city, country, telephone number, email and any other information directly and voluntarily provided by the user, including the content of the sent message.
- Browsing and traffic data collected automatically when you use the Website;
- Data relating to the device used to access and use the Website: technical information concerning the characteristics and operating data of the user's device, the operator, the operating system, the device model, the IP address.
Personal Data are obtained directly from you or as a result of your use of the Website.
- For what purposes and on what legal basis are your Personal Data processed? How long are they kept?
The processing of your Personal Data is based on the following legal basis and for the following data retention periods:
Management of the relationship with the users of the website
- Purpose: Management of inquiries (communication and exchange of information to respond to contact requests)
- Legal basis: Legitimate interest of Blunomy to respond to user's request
- Data retention periods: 3 years from last contact request
- Purpose: job application management
- Legal basis: pre-contractual measures and consent (for CVdata base)
- Data retention period: 2 years after the last contact with the unsuccessful candidate if the candidate has consented
Management of data subjects exercising their rights
- Purpose: Management of users' requests to exercise their rights on the processing of their personal data (right of access, erasure, restrict processing, object...)
- Legal basis: Legal obligation
- Data retention periods: 1 year from the date of the requests for the rights of access, rectification, deletion and limitation of processing. 6 years from the date of the request for the exercise of the right to object to the processing for any other purpose.
- Who are the recipients of your Personal Data?
Your Personal Data may be communicated, according to their attributions and the purposes pursued, to the recipients listed below:
Internal recipients at Blunomy: the personnel in charge of sales, communication and IT departments at Blunomy.
External recipients: subcontractors in charge of personal data processing, or in the context of consulting and assistance missions. For recruitment purposes, if you are applying for a job offer on https://www.welcometothejungle.com/ website: the company CORUSCANT, SAS.
Those involved in operations relating to the business of the data controller (transfer, merger, absorption of companies, universal transmission of assets, etc.).
- How do we ensure the security of your personal data?
BLUNOMY takes all technical and organisational measures to ensure the protection and security of Personal Data, in particular against loss, alteration, distribution or illegal use.
BLUNOMY ensures that such measures are in place for all operations carried out in the context of its processing, including the collection of Personal Data, their storage and hosting.
In this respect, BLUNOMY also ensures that third parties it may use (technical service providers, suppliers) comply to this requirement to protect the user's Personal Data by implementing appropriate measures, in accordance with the Applicable Regulations. The technical and organisational measures put in place may include the use of secure registration forms, encryption of certain data and restricted access to Personal Data.
- Is your Personal Data transferred outside the European Economic Area (EEA)?
Your Personal Data is not transferred outside the EEA.
In the event of a transfer of your Personal Data to a country outside the EEA, BLUNOMY will implement all appropriate safeguards to ensure a sufficient level of protection for your Personal Data, such as:
- Give preference to so-called "safe" countries, i.e. countries offering significant protection for your Personal Data;
- Obtain guarantees of security and confidentiality by formalising standard contractual clauses of the European Commission and by reserving the possibility of reviewing them regularly.
- What are your rights regarding your Personal Data?
You have the following rights regarding your Personal Data:
Right of access: you may at any time obtain a copy of your Personal Data as well as information on the nature, origin and use of such data, the identity or categories of possible recipients of such data;
Right to rectification: you may request that Personal Data about you that is inaccurate or incomplete be amended or completed;
Right to erasure: you may request the deletion of your Personal Data, in particular if they are no longer necessary for the processing carried out, except if legal obligations require the data controller to retain such data or if they are necessary for the establishment, exercise or defence of legal claims;
Right to restriction of processing: You may request that your Personal Data be made temporarily inaccessible in order to limit its future processing in the following situations:
- when you dispute the accuracy of your Personal Data, for a period of time that allows the data controller to verify the accuracy of your Personal Data;
- when you consider that the processing is unlawful and you object to the erasure of your Personal Data;
- when your Personal Data no longer have any reason to be kept but you want them to be kept for the exercise or defence of your legal rights;
- when you have objected to the processing, during the verification as to whether the legitimate reasons pursued by the data controller prevail over your own;
Right to portability: you may request to receive communication of the Personal Data concerning you that you have provided to the data controller and which are processed by automated means, in a structured and commonly used format. This right can be exercised only if the processing is based on your consent or on the performance of a contract or pre-contractual measures ;
Right to object: you may object at any time, on grounds relating to your particular situation, to processing of your Personal Data based on the legitimate interests of the data controller unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims;
Right to define instructions in case of death: you can give instructions on the retention, deletion, and communication of your Personal Data. In the event of your death, your Personal Data will normally be deleted, unless legal and regulatory obligations and/or statutes of limitation require that it be retained;
Right to withdraw consent: You may withdraw your consent to the processing of your Personal Data based solely on that consent at any time.
However, please note that some of the above rights are subject to specific conditions dictated by the Applicable Regulations for the protection of Personal Data. Therefore, in the event that your particular situation does not meet these conditions, we will unfortunately not be able to respond to your request.
- How to exercise your rights?
You may make any request relating to the exercise of your rights concerning your Personal Data at the following email address email@example.com
Proof of identity may be requested. The exercise of one of these rights may be refused if your request does not meet the conditions laid down by Applicable Regulations. In this case, you will be duly informed.
- How to lodge a complaint before the CNIL?
If you believe that the processing of your Personal Data does not comply with legal and regulatory provisions, you may lodge a complaint before the CNIL at the following address: 3 place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07, or directly online via the CNIL website https://www.cnil.fr/.