ARTICLE 1: FOREWORD
The GDPR and you…
Personal data protection is one of our major concerns. The privacy policy fits into a legal context marked by the EU General Data Protection Regulation (EU Regulation 2016/679 of 27 April 2016), applicable since 25 May 2018 and the amended French Data Protection Act no. 78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties. The purpose of this data protection policy is to tell you about:
- The personal data controller
- How your data is collected and processed. Personal data is any information which enables a natural person to be identified.
- Your rights regarding the use of your personal data
- The recipients to whom your data is transmitted
- The website’s cookie management policy
This privacy policy supplements the legal notices on the websites.
ARTICLE 2: GLOSSARY
You’ll understand us… promise!
Personal Data is any information relating to an identified or identifiable person, i.e. enabling the person to be identified directly (e.g., surname and first name) or indirectly (e.g. cookies).
The Processing of personal data is any operation or set of operations (automated or not) which is performed on data or sets of personal data, such as collection, recording, organisation, storage, data transmission, etc.
The Data Controller determines the purposes (objectives of the processing) and the means of processing.
The Data Processor processes personal data on behalf of the data controller and carries out its instructions.
ARTICLE 3: GENERAL PRINCIPLES
Legal obligations… we’ve got them!
In accordance with the provisions of Article 5 of the General Data Protection Regulation (GDPR), the collection and processing of your personal data shall comply with the following principles:
- Legality, loyalty and transparency: the collection and processing of personal data can only be based on a legal basis defined in advance (performance of a contract, legal obligation, consent, legitimate interest, preservation of vital interests)
- Limited purposes: the collection and processing of personal data is carried out to meet one or more defined objectives
- Minimisation of data collection and processing: only the data strictly necessary for the proper execution of the objectives pursued are collected
- Time-limited data retention: the data controller is under an obligation to define retention periods for the personal data processed
- Integrity and confidentiality of the data collected and processed: the data controller undertakes to guarantee the integrity and confidentiality of the data collected.
ARTICLE 4: DATA CONTROLLER
We are responsible for the data entrusted to us!
As data controller, KEOPSYS INDUSTRIES undertakes to comply with the obligations resulting from the Regulation and the amended French Data Protection Act, concerning the collection and processing of personal data. In accordance with Article 32 of the GDPR, we implement all technical and organisational measures to ensure your personal data are protected.
ARTICLE 5: PERSONAL DATA COLLECTED AND PROCESSED: WHAT DATA?
What do we know about you?
In accordance with the principle of minimisation, we only collect the data necessary to carry out our missions. Therefore, as part of our activity in the manufacture of fiber lasers and fiber amplifiers KEOPSYS INDUSTRIES may collect and process the following information:
- Identity: Surname, first name
- Work Life : Qualification, occupation, work e-mail address
- Personal life : Address, telephone number
We do not collect sensitive data such as religion, trade union membership, racial and ethnic origins, criminal convictions or health-related data.
ARTICLE 6: PERSONAL DATA COLLECTED AND PROCESSED: WHY?
We’d like to explain!
As a company of the LUMIBIRD SA Group, KEOPSYS INDUSTRIES acts as a “Processing Manager” in the sense of the GDPR, only for the following processing, the management of the website as well as the management of the customer relationship being attached to the LUMIBIRD SA Group. For more information on the processing carried out by LUMIBIRD SA, please consult its Data Protection Policy.
DATA COLLECTED | REASONS FOR COLLECTION | RETENTION PERIOD | LEGAL BASIS | |
MANUFACTURING MISSION OF LASER DEVICES AND FIBER AMPLIFIERS | ||||
– Identity
– Personal life – Work life |
We use these data to:
– Manage and track intra-group orders – Manage modifications and cancellations of intra-group orders – Manufacture products and manage labelling – Manage and track the shipment and delivery of products – Conclude and execute contracts with carriers – Manage customs obligations – Manage and monitor the compliance of supplier products (sending complaints and carrying out audits) – Set up and manage calls for tenders (monitoring, selection and validation of suppliers, etc.). – Manage and monitor the compliance of KEOPSYS products – Perform product maintenance – Manage and track under-warranty returns and compliance requests – Answer your questions and interact with you in other ways – Follow our relationship
– Manage payments, invoicing, etc… |
Kept for the length of the contractual relationship and 5 years after the relationship ends.
Invoices are kept for 10 years. The data collected are kept for 5 years from collection or the last contact with you |
Performance of a contract | |
– Manage your participation in satisfaction surveys to take into account your opinions and suggestions in order to improve our services and products. | Legitimate interest |
RECRUITMENT MANAGEMENT | |||
– Identity – Personal life – Work life |
We use these data for: – Application management – Interview management |
2 years after the last contact with the candidate upon the candidate’s consent | Legitimate interest |
ARTICLE 7: PERSONAL DATA: WHO HAS ACCESS TO YOUR PERSONAL DATA?
We don’t pass them on to just anyone!
KEOPSYS INDUSTRIES undertakes to transmit your personal data only to authorised people in-house and to authorised third parties such as the tax, customs or economic authorities, the administration of justice, the police and the gendarmerie or the administration of social action and health authorities.
KEOPSYS INDUSTRIES may, perhaps, transmit your personal data to data processors for hosting and managing its database in France, hosting its websites or carrying out accounting and employment missions (e.g. accounting firms, recruitment agencies or law firms). The use of these service providers is necessary for the proper performance of our services. We undertake to verify and ensure their compliance with the GDPR and the amended French Data Protection Act.
Other than the companies and subsidiaries of the LUMIBIRD SA Group, the carriers and consignees mentioned above, KEOPSYS INDUSTRIES undertakes not to transmit your personal data to third parties or to external agencies without your express agreement.
KEOPSYS INDUSTRIES does not and shall not sell, transfer or communicate your personal data to unauthorised third parties.
KEOPSYS INDUSTRIES does not make any automated decisions based on your personal data. No profiling is implemented during processing, and the data we collect will never be used without human intervention.
ARTICLE 8: YOUR RIGHTS
You hold all the cards!
8.1 Your rights
In accordance with current regulations, you have the following rights in relation to your personal data:
- RIGHT OF ACCESS: You may, at any time, access the personal data we hold about you.
- RIGHT TO RECTIFICATION If you notice an error, omission or ambiguity in your personal data, you may make a request to complete, correct or clarify your personal information.
- RIGHT TO OBJECT : At all times, you retain the right to object to the use of your personal data in the course of our company’s activities in relation to the processing of your data.
- RIGHT TO RESTRICT PROCESSING: You may demand that the future processing of your personal data be restricted under certain conditions
- RIGHT TO ERASURE : You may also ask us to erase your personal data.
8.2 The DPO
KEOPSYS INDUSTRIES has appointed a Data Protection Officer (DPO). In order to exercise your rights, you can contact our Data Protection Officer (DPO) at the following address:
KEOPSYS INDUSTRIES
2 rue Paul Sabatier
22 300 LANNION
FRANCE
or send an e-mail to: rgpd@lumibird.com
8.3 Complaining to the CNIL
You may at any time lodge a complaint with the competent authority i.e. the French Data Protection Agency (CNIL) using the following link: https://www.cnil.fr/fr/plaintes.
ARTICLE 9: SECURITY MEASURES
You entrust us with your data and we look after it!
KEOPSYS INDUSTRIES is concerned about the security of personal data which it undertakes to process securely and only for the length of time necessary to achieve the intended purpose.
KEOPSYS INDUSTRIES has put in place technical and organisational measures to ensure an adequate level of data protection in relation to the nature and purpose of the processing.
Therefore, in accordance with Article 32 of the GDPR on the security of processing, KEOPSYS INDUSTRIES has implemented:
- Ways of guaranteeing the constant confidentiality, integrity, availability and resilience of processing systems and services
- Ways of restoring data availability and access within an appropriate timescale in the event of a physical or technical incident
- A procedure to regularly test, analyse and evaluate the effectiveness of the technical and organisational measures to ensure the processing is secure.
However, the security obligation remains an obligation of means, i.e. we do everything possible to ensure the confidentiality and integrity of your personal data.
Everyone who has access to your personal data has been made aware of best data protection practices. They are bound by a confidentiality obligation, and are liable to disciplinary action in the event of non-compliance with this provision.
ARTICLE 10: DATA TRANSFERS OUTSIDE THE EUROPEAN UNION
A well-organised trip!
Within the framework of our activity and in particular for the hosting and management of its database, we may be led to use subcontractors hosting data outside the European Union, such as SALESFORCE (USA). However, prior to any transmission of your personal data, we verify the rules applicable to data transfers outside the European Union and ensure that our subcontractors present guarantees of protection equivalent to those imposed by the GDPR.
We undertake to inform you in advance of the possibility of data transfers outside the European Union and thus we will inform you of the guarantees put in place to ensure a sufficient and appropriate level of protection.
ARTICLE 11: COOKIES
You can choose between eating cookies and going on a diet
As with most websites, our website uses cookies that can be classified into five categories:
- STRICTLY NECESSARY: These cookies are essential to allow you to browse our websites and use their features.
- PERFORMANCE/ANALYTICAL: These cookies collect anonymous information about your use of our website. The information collected by these cookies is used only to improve your browsing experience on our website and never for identifying you. Sometimes these cookies are placed by third-party providers of web traffic analysis services, such as Google Analytics.
- FUNCTIONALITIES: These cookies remember the choices you make to improve your experience on our website and make your visit more personal and friendly. The information that these cookies collect can be anonymised and cannot be used to track your browsing activities on other websites.
- SOCIAL NETWORKS: These cookies allow you to share your activity on our website with social networking companies. Please refer to the privacy policies of these companies to find out how their cookies work.
- ADVERTISING : These cookies allow us to offer you more relevant advertisements from our partners based on your navigation and your customer profile.
If you wish to limit your tracking, it is recommended that you reject them by default via the cookie management banner we have set up on our website. In our cookie policy you will also find the procedure for accepting, customising or refusing cookies by expressing your choice using the banner that appears at the bottom of your screen.
ARTICLE 12: DATA PROTECTION POLICY UPDATES
Hang in there, you’ve almost finished!
This personal data protection policy may evolve. The last update was made on 2021.02.15