Personal data protection policy

1. Introduction

Insuco is engaged in a continuous process of compliance with the local laws of the countries where it operates particularly and with international standards and best practices more generally. Under this logic, respect for privacy and the protection of personal data constitute values and commitments that we place at the heart of our activities. Until now, they constitute a moral commitment, sometimes contractual, intended to reinforce its legitimacy and its credibility as an international consulting firm.

With the adoption and entry into force in Europe of the General Data Protection Regulation (GDPR) of April 27, 2016, Insuco strengthens its practice by setting up a real formalised policy on the protection of personal data to ensure the collection and processing of personal data in a transparent, confidential and secure manner.

Each legal entity of the Insuco Group that collects and / or uses personal data as part of its activities, acts as a Responsible party for processing and undertakes to implement appropriate measures to ensure the protection, confidentiality and security of personal data of any person from whom such data are collected, in accordance with legal requirements, in particular the European Regulation on the Protection of Personal Data and the national laws in force.

2. Field of application

Our personal data protection policy applies to all processing by Insuco, as the controller, of personal data of customers, partners, subcontractors, suppliers, experts, permanent employees, temporary employees, candidates for recruitment, any other persons and entities contacted in the course of our activities.

The storage of your personal data in our systems is above all a free and voluntary decision on your part. We do not take or collect this data under any circumstances without your knowledge and without you being informed.

3. Collected data

The only personal data we collect is that which is relevant, adequate and strictly necessary to ensure our normal and ethical functioning as a consulting firm in relation to our employees, our suppliers, subcontractors and the performance of our services for our clients. The nature and use of the vast majority of this data is also dictated by national and international legislation and by our contractual and ethical commitments.

4. Recipients of the collected data

The recipients of the data that we collect are for the use of our internal services authorised to receive and process the data within the scope of their authorities. These are mainly our administrative and human resource departments, our commercial or technical departments, our subcontractors or partners responding with us to offers of services for common clients, to clients requesting or not services from us.

5. Purpose of the processing

We collect and process information or data about you under general conditions of transparency and security of the processing of personal data to meet specific and legitimate purposes. Your personal data may, in addition, be processed for the following purposes:

  • Follow-up on your application file;
  • Contractual relationship with its employees;
  • Business relationship with its clients;
  • Business relationship with its suppliers, partners and subcontractors;
  • Response to your employment applications.

We mainly use your personal data as part of the management of our clients, and in particular to respond to your requests or to send you regular information about our services, our news and / or our media likely to meet your expectations.

6. Personal data processing

Personal data shall be processed in accordance with the provisions of the General Data Protection Regulation and to the extent necessary for the purposes mentioned above.

The processing of the information or data that we collect and / or that is transmitted to us is conditioned by two criteria that make it possible to meet the purpose for which we intend it:

  • The person concerned has consented to the processing of his personal data for one or more specific purposes;
  • Processing is necessary to fulfil a legal obligation to which the processing manager is subject.

Thus, you are responsible for the accuracy of the personal data that you communicate to us.

7. Transmission of your data

The confidentiality of the information we use, when it is personal data of individuals, and respect for professional confidentiality prevent us from disclosing any data or information about a person to third parties without the prior consent of those concerned. However, the transmission of personal data about individuals to third parties may be justified by a number of circumstances, such as:

  • Communication to public or private law institutions and bodies where it is provided for, required and/or regulated by law;
  • The transmission of your personal data to our subcontractors when it is necessary to perform the services for which you have mandated us as part of the execution of our mission;
  • Sharing employment application data with the various entities in the group.

Subject to what is stated in this privacy policy or unless we have obtained your consent, we are likely to disclose your personal data to persons employed by the Insuco group or our subcontractors and partners for the above-mentioned purposes, and only within the strict limit necessary to carry out the tasks entrusted to them. These people may be asked to contact you directly from the contact information you have given us. Please note that we strictly require our subcontractors and partners to use your personal data only to manage the services we ask them to provide. We also ask our subcontractors and service providers to always act in accordance with applicable data protection laws and to pay particular attention to the confidentiality of this data. Insuco ensures that your data continues to enjoy an adequate level of security and privacy protection.

8. Data retention

Depending on the nature of the personal data, the purpose of the treatment, and/or the legal or regulatory requirements, retention times vary. However, we set up processes for anonymising personal data when it is necessary for us to keep certain information attached to this personal data without it being strictly mandatory to identify individuals to whom it is related.

9. Security of the data

We pay particular attention to the security of our data in general and more specifically when it relates to your personal data. Also, we aim to always keep your personal data in the safest and most secure way, and only for the duration necessary to achieve the purpose pursued by the treatment and in accordance with the law in force, in particular, at the request of an authority authorised by law. To do this, we take appropriate physical, technical and organisational measures to prevent, as far as possible, any alteration or loss of your data or unauthorised access to it, by implementing data protection through the use of physical and logical security.

Thus, access to personal data on all of our networks is subject to strict authorisation conditions put in place at the level of each entity of the group.

10. Rights of the persons concerned

In accordance with the applicable legislation regarding the protection of personal data, you have rights to consult, correct or modify, make a claim, and to erase your personal data collected and held by Insuco.

These rights can be exercised by sending us an e-mail to the address contact@insuco.com.

11. Modification of the policy

This document, which constitutes our general policy for the protection of personal data, may be updated at any time to take into account the latest legislative developments or the scope in which they are intended to be applied. We will share it with you whenever we come in contact with you for the collection or use of your personal data, in order to keep you informed of the conditions under which we process this data.

For any request relating to our general personal data protection policy, please send an email to contact@insuco.com.