Privacy policy

LAST UPDATE : FEBRUARY 2024

The following Privacy Policy describes the Personal Data Processing carried out by EKINO – MFG Labs Division, ( also referred to as “the Company” or “we”), simplified joint stock company with capital of 296,000 Euros, registered with the Bobigny Trade and Companies Register under number 509 512 760, whose registered office is located at 9 rue de l’Ancien Canal, Pantin (93500), intracommunity VAT number FR70509512760, SIRET n°509512760 00034, tel : 01 49 68 17 88, email address : contact@mfglabs.com, as the Controller in our relationship with “you”, the candidates, customers, prospects, contacts, internet users, suppliers, service providers or data processors.

Your privacy is important to us and we pay special attention to it. We respect confidentiality and undertake to protect the personal data collected about you. This privacy policy describes the information that EKINO collects about you through or via, in whole or in part, our website or one of our social media pages and how we process such information (see information on how your personal data is collected, processed and used).

This privacy policy also specifies the rights on your personal data in accordance with the applicable legal and regulatory provisions.

Employees, corporate officers, interns and apprentices of EKINO are invited to consult the Privacy Policy which is appended to the internal rules of the UES FULLSIX EKINO  in order to :

  • Know how their Personal Data are processed by l’UES FULLSIX EKINO and their rights regarding their Personal Data ;
  • Know the rules regarding Personal Data processing when performing their duties.

If you have any questions, comments or concerns about this policy, you can of course contact our Data Protection Officer whose details are provided below in the paragraph “What are your rights and how can you exercise them?”.

1 – DEFINITIONS

In addition to the terms defined elsewhere in this policy, the following terms, in which the first letter is written in capital letters, whether used in the singular or plural in this policy, shall have the following definitions:

1.1     “Recipient” means the natural or legal person, public authority, agency or other body that receives the Personal Data, whether or not it is a third party.

1.2     “Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “Data Subject”); “identifiable natural person” means a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, online identifier, or one or more elements specific to his/her physical, physiological, genetic, psychic, economic, cultural or social identity.

1.3     “Controller” means the natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of the Processing.

1.4     “Data processor” means the natural or legal person, public authority, agency or other body that processes Personal Data on behalf of the Controller.

1.5     “Processing” means any operation or set of operations carried out or not using automated processes and applied to data or sets of Personal Data, such as collection, recording, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, reconciliation or interconnection, limitation, erasure or destruction.

2 – WHAT IS OUR ROLE IN TERMS OF PROCESSING PERSONAL DATA?

2.1     EKINO carries on a communication agency business and assists its customers in designing, creating and deploying new digital products and services and includes MFG Labs Division specialized in data and artificial intelligence.

To learn more about our company, click here.

2.2     EKINO operates the websites accessible to the public at the following address: www.mfglabs.fr and www.mfglabs.com.

This website is intended to make available to users (i.e., any natural or legal person who visits or uses these websites, hereinafter the “users” or “you”) information to discover the activity and services offered by the company as well as its news (events, publications, etc.).

It also offers features allowing users to contact the company (contact request, spontaneous application or response to a job offer …) and presents the services offered by the company, the projects carried out by the company or the employees working within the company.

The company also administers pages presenting its activity and allowing it to publish content on social networks and interact with internet users (particularly on Twitter, LinkedIn or Instagram).

When you browse and interact with the aforementioned website (hereinafter referred to as the “Website”), on the pages administered by the company on social networks or, generally, during your interactions or exchanges with the company, the company may collect and process Personal Data concerning you, for the management of its activities and on its own behalf, as Data Controller.

In this context, the company applies the principles defined by the legal and regulatory provisions on the protection of Personal Data, in particular in Regulation (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the Processing of Personal Data (“GDPR”), and implements internal procedures for the management, storage and security of your Personal Data, whether you are a candidate, employee, customer, prospect, contact, internet user, supplier, service provider or Data processor.

2.3     When our customers request us to process Personal Data on their own behalf, in accordance with the purposes and means defined by them, we act as a Data Processor, in the context of a specific contract, concluded to this end, it being specified that this policy relates exclusively to the Processing of Personal Data implemented by the company as Data Controller and not as Data Processor.

3 – WHAT ARE THE PROCEDURES FOR COLLECTING YOUR PERSONAL DATA?

3.1     Your Personal Data is collected directly from you or indirectly from third parties.

3.1.1. In fact, your Personal Data is collected or processed in whole or in part during your browsing on the Website and the input by you of information in the data collection forms contained therein, but also more generally in the context of requests that you may be required to send to the company by any means at your convenience, your relationship and your exchanges with the company, as well as when you connect to a third party social network from the Website, when you share content on the Website using “buttons” offered on our Website, or during your browsing on one of the company’s pages on social networks.

In general, your Personal Data is therefore collected directly from you in the above-mentioned cases.

3.1.2. However, your Personal Data may also be collected through third parties (see indirect collection from third parties).

Indeed, the Personal Data we collect and process about you may be collected or enriched by us, including for the purposes of carrying out commercial, communication, solicitation, canvassing or marketing operations, through other sources of information (social networks, so-called “public” information, websites, file rentals, etc.).

In addition, with regard in particular to Personal Data processed as part of our recruitment operations, we use the information you provide to us (for example: form for this purpose on the Website or more generally information mentioned in your CV) that we include in our pool of candidates (CV database). However, we may also be required to contact third parties (for example, recruitment agencies, previous employers, internship supervisors or clients with whom you have worked in previous assignments) or to use other sources of information (including professional social networks, recruitment firms or recruitment websites) in order to collect information about you for the purpose of studying your application or profile. In addition, and even in the absence of an application by you, we may be required, in particular in connection with our monitoring and active search for professional profiles that may correspond to our job offers, to collect Personal Data from third parties (for example, recruitment agencies or “head hunters”) or to use other sources of information (including professional social networks or recruitment websites) in order to collect information about you in order to offer you to apply to a position.

In addition, in the case of Personal Data of suppliers, they are generally collected directly from them. However, with respect to the Personal Data of suppliers with whom we do not have a direct contractual or commercial relationship, their Personal Data may be communicated to us through third parties, such as other suppliers. Similarly, in the case of personnel/contacts from our suppliers in the broad sense, we may collect such Personal Data from any supplier.

3.2     In general, you are informed that:

  • if the Processing of your Personal Data is necessary to comply with our legal or regulatory obligations, the collection of such Data is mandatory;
  • if the Processing of your Personal Data is subject to your consent, the collection of such Data is completely optional (it being specified that the lack of communication may, however, prevent us at least in certain cases from carrying out the Processing concerned);
  • if the Processing of your Personal Data is necessary for the performance of a contract or pre-contractual measures taken at your request, the disclosure of such Data is necessary for that purpose and the company may, in the absence of such data, be prevented from performing its contractual obligations or the aforementioned pre-contractual measures;
  • if the Processing of your Personal Data is based on the pursuit of our legitimate interests, the disclosure of such Data is necessary for this purpose, and the failure to disclose your Data may not allow us to implement or may hinder the Processing concerned. For example, in the absence of any information that would be necessary to respond to a request from you (request for information, application, etc.), your request related to such collection of Personal Data may not be able to be processed or its processing may be delayed.

If Personal Data collection forms (for example, forms integrated on the Website or on our social media pages, or any collection form in any format that we may be required to make available to you to collect information about you) require the entry of mandatory Personal Data for the implementation of the Related Processing, the relevant fields will contain an asterisk and you will be notified of the possible consequences of the failure to provide such information. In the absence of an asterisk, the information requested is optional.

3.3     With the exception of specific legal obligations, or unless otherwise specified in this policy, we do not collect Personal Data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic or biometric data for the purpose of uniquely identifying a natural person, health data or data concerning a natural person’s sex life or sexual orientation.

3.4     Personal data of minors or protected adults: we draw the attention of persons with parental authority over minors and persons entrusted with a mission of representation in the context of guardianship, family member guardianship order or future protection mandate, on the need to ensure that the Personal Data of vulnerable persons whose legal protection they provide are not disseminated or in any manner used or processed outside their control and supervision. The fact, in particular, that a minor can legally consent to a Processing of Personal Data with regard to the direct provision of services of the information society from (in France, this age being likely to vary depending on the State of residence of the child) of the age of fifteen years does not limit the duty and interest, for holders of parental authority, to educate their children to the importance of respect for their privacy and their Personal Data.

In general, the use of the Website and the company’s dedicated pages on social networks is reserved for adults with legal capacity, and the company cannot under any circumstances be held liable for the use of the Website or its pages on social networks by minors or incapacitated persons, and therefore for the consequences that may result, in particular, in terms of the Processing of their Personal Data.

As an exception, the company may be required to process Personal Data of minors of at least fifteen years of age when the latter come into contact with the company in order to apply for an offer of employment or internship, for example.

4 – WHAT DATA IS COLLECTED, FOR WHAT PROCESSING PURPOSES AND ON WHAT BASIS?

4.1     In our capacity as Data Controller, we may be required to carry out Processing of your Personal Data for the following purposes:

  1. a) Management of requests for information and exchanges with the company, initiated via or through the Website or the company’s social media pages:
  • Purpose:we process your Personal Data in order torespond to any request sent to us (contact and or/ information request, documentation request such as white papers, participation request in an event/ webinar organised by EKINO), including through or initiated via the Website or through interactions on our social media pages (and, in this case, including in particular the management, processing, monitoring and moderation of your messages or comments), and to process, manage and track such requests and the answers to be provided, and more generally for the purposes of managing our relationships with our contacts.
  • Processed data: identity (civility, first name, last name), user name (if the request is initiated on the company’s social media pages), contact details (including telephone number or email address), relevant company, request for contact, information or documentation and correspondence exchanged.
  • Legal basis: Processing of your Personal Data in this context is necessary to pursue the legitimate interests of the company in responding to your requests and more generally to manage and monitor its relations with its contacts.
  • b) Management of our relations with our customers (pre-contractual, contractual and post-contractual relations):
  • Purpose: to manage our pre- contractual, contractual and post-contractual relationships with our customers, we collect the Personal Data of our customers and/or our contacts from our customers to manage and track service quotations and offers, the conclusion and performance of contracts, orders, deliveries, invoices, payments and transactions (including the management of unpaid amounts and litigation), related accounting, customer relationship in the broad sense, and in particular the management and monitoring of customer accounts, complaints, or for the carrying out and preparation of studies, analyses, reports and statistics, including for commercial use.
  • Processed data: identity, contact details (e-mail address, postal address, telephone number, etc.), relevant company and position, details of orders, quotations, payment details and means of payment, transaction data, contract monitoring and business relationship data, invoice data.
  • Legal basis: In the case of Customer Personal Data, such Processing is, in principle, necessary for the performance of pre-contractual measures taken at the request of the customer or based on a contract concluded with the customer.

However, as regards in particular the management of invoicing and the keeping of the associated accounts, such Processing may result from legal obligations of the company. In addition, the secondary purposes of such Processing related to the management and monitoring of our relationships with our clients in the broad sense (including in particular the management and monitoring of accounts receivable, unpaid amounts and litigation, claims, or the preparation and development of studies, analyses, reports and statistics, etc.) are necessary for the pursuit of our legitimate interests in the management and monitoring of our relationships with our customers. With regard to the Personal Data of contacts at our customers, the Processing is based on our legitimate interests in managing and monitoring our relationships with our customers in the broad sense, particularly with a view to the organisation and proper performance of the tasks or services entrusted to us by the latter.

  • c) Management of applications and the recruitment process :
  • Purpose: We process your Personal Data to ensure :
    • The processing, management and monitoring of candidates who respond  to job offers (fixed-term contract, permanent contract, apprenticeship) or internships or who send  us their application spontaneously or the monitoring and active search of professional profiles directly by EKINO, or indirectly via a recruitment agency, corresponding to vacant positions within the companythe reception, registration, classification and study of applications (CV and letters of intent),the evaluation and selection of applications and professional profiles, particularly through the creation of a pool of candidates (or CV database), as well as methods and techniques of recruitment assistance,convening candidates and conducting recruitment interviews (possibly via videoconference) in order to evaluate the candidate’s ability and to measure his capacity to occupy the position and his professional skills, as well as the resulting decision making (rejection of the application or recruitment of the candidate or registration in the CV database),
    • If your application is accepted by the Company, processing of your Personal Data will have as a purpose accomplishing mandatory legal formalities and your Personal Data will be integrated in your employee file for administrative management of your contract.
  • Processed data: In order to carry out these purposes, only personal information strictly necessary to evaluate your capacity to occupy the proposed position or to measure your professional skills are collected during the selection phase. For this end, we will demand data related to your identity, contact details (email address, postal address, telephone number…), to your diplomas and certifications, your professional experience, your abilities, and professional skills related to the proposed position, any information contained in your CV and LinkedIn profile (including your interests where applicable), letter of intent, book, current salary, and salary expectations. The interview can be conducted by videoconference (i.e., via teams), in which case the video stream and sound are not recorded, as well as the technical data related to the connection (such as the identity of the participants, the date and time of the session, its duration, etc.). We can conduct tests of your expertise and soft skills, subject to ad hoc information on the process and their importance to the decision of recruitment. Certain information might be collected by an outside source. These indirect sources are co-opting, or job sites/ professional social media such as LinkedIn, who are the Controller in this case. Failure to provide the required information will render your participation to the recruitment process impossible.

Legal basis:

PurposeLegal Basis
If applicable, authentification in the recruitment section/ creation of a badge for an interview for security purposesLegitimate interest
Search for relevant profiles : management of the « Career » section of our website (reply to a job offer or a spontaneous application) usage of the job board/websites proposing job offers or the monitoring and active search of professional profile corresponding to vacant positions within the company and co-opting.Legitimate interest
Creation of the CV database for a duration of two years in order for us to recontact you during this time if a position related to your profile became available.Legitimate interest
Preselection of candidates (screening, registation, classification of CV/letters of intent in our software tools), management and monitoring of candidatesPerformance of the contract (precontractual measures)
Establishment of contact with the candidate to evaluate his capacity to occupy the position and to measure his professional skills (phone interview, videoconference or face-to-face)Performance of the contract (precontractual measures)
Reference check (with the prior consent of the candidate)Legitimate interest
Usage of tools and innovative technologies to evaluate the capacity to occupy a position and to measure professional skills.Legitimate interest
Intermediate archiving for the potential management of a possible dispute.Legitimate interest

It is specified that you have in any event the possibility to object to these processing and to request the erasure of your Data from our systems. These requests on your part would not result in any consequence for the processing and outcome of your application (except for the fact that we would not be able to contact you)

  • d) Management of our relationships with our suppliers, including in particular our service providers and Subcontractors:
    • Purpose: in order to manage our relationships with our suppliers, we collect Personal Data concerning the following data subjects: suppliers with whom we have a direct contractual or commercial relationship and/or members of their staff, and/or other suppliers with whom we do not have a direct contractual or commercial relationship and/or members of their staff, and/or more generally our contacts with the aforementioned suppliers. The purpose of such Processing is to manage suppliers and/or manage our relations with them, including in particular the management and monitoring of the performance of contracts, orders/services entrusted, deliveries, invoices, payments and transactions, related accounting, and in particular the management and monitoring of accounts payable, the supplier relationship in the broad sense and any claims or disputes.
    • Processed data: identity, contact details (e-mail address, postal address, telephone number, etc.), relevant company and position, details of orders, payment details and means of payment, transaction data, contract monitoring and business relationship data, invoice data.
    • Legal basis: with respect to the Personal Data of suppliers with whom we have a direct contractual or commercial relationship, such Processing is in principle necessary for the performance of pre-contractual measures taken at their request or a contract entered into by them with the company. However, as regards in particular the management of invoicing and the keeping of the associated accounts, such Processing may result from legal obligations of the company. Furthermore, the secondary purposes of the Processing related to the management and monitoring of the company’s relationships with its suppliers in the broad sense (including in particular the management and monitoring of accounts payable, or any claims or disputes, etc.) are necessary to pursue the legitimate interests of the company to manage and monitor its relations with its suppliers. With regard to the Personal Data of other data subjects (providers with whom we do not have a direct contractual or commercial relationship and/or staff/contacts at our suppliers in the broad sense), the Processing is based on our legitimate interests in managing and monitoring our relationships with our suppliers, particularly for the organisation and proper performance of the tasks or services entrusted to them.
  • e) Compliance with legal and regulatory obligations (including accounting, tax and administrative obligations) related to the performance of contracts entered into by the company, and more generally to the business of the company:
    • Purpose: in order to comply with the various legal or regulatory obligations incumbent upon us (particularly with regard to our accounting, tax, or administrative obligations) arising from the performance of commercial contracts for which we are a party and more generally of our business, we process the Personal Data of our contacts (including, but not limited to, our customers, suppliers, etc.) for the pursuit of this purpose.
    • Data processed: identity, contact details, payment details and means of payment, transaction data, contract monitoring and relationships with our contacts, invoice data.
    • Legal basis: such Processing is necessary to comply with our legal or regulatory obligations (including financial, tax and accounting documents).
  • f) Newsletter (in case of registration on our Website)
    • Purpose: we are also required to process your Personal Data in order to ensure the management and monitoring of the sending of our newsletters, relating in particular to the company’s news (mainly upcoming events/ webinars and publications such as EKINO’s white papers) and/or activity (including possibly the performance of technical operations of segmentation, profiling or targeting for this purpose).
    • Data: e-mail address, identity if applicable.
    • Legal basis: by subscribing to the newsletter, you are doing a clear positive act that indicates your consent that we can send you such communications, it being specified that in any event you have the possibility to withdraw your consent at any time. In this respect, however, it is specified that you may also receive our newsletter as a result of the Processing that we carry out for marketing purposes by e-mail as part of our B2B relations with some of our contacts, without your prior consent, in which case you have the right to object to it at any time without having to provide any reason or explanation (see below).
  • h) Direct prospecting by post or telephone:
    • Purpose: in the context of carrying out commercial, communication, solicitation, prospecting, loyalty or marketing operations (including technical operations of segmentation, targeting, etc.) in order to offer our customers, prospects, and more generally contacts, products and services that may be of interest to them, we may send them by post or telephone prospecting information or materials, including, but not limited to studies, surveys, promotions, or satisfaction surveys.
    • Processed data: identity, contact details.
    • Legal basis: such Processing is carried out on the basis of the pursuit of our legitimate interests to make our products and services known on the market, and more generally to carry out prospecting operations, knowing that the recipient of such prospecting has the right in any event to object to it at any time without having to provide any reason or explanation.
  • i) Organisation, management and monitoring of events:
    • Purpose:we may process your Personal Data in connection with the management and monitoring of the events we propose (organisation of interventions, management, processing and monitoring of registrations, responses to inquiries, etc.).
    • Processed data: identity, contact details, position and relevant company.
    • Legal basis: in general, the Processing of your Personal Data in this case is necessary for the organisation and management of events, and therefore based on the performance of a contract to which you are a party (see the event registration agreement).
  • j) Management of requests to exercise rights from data subjects:
    • Purpose: in order to comply with our various legal and regulatory obligations regarding the protection of Personal Data, we process your Personal Data in connection with that purpose.
    • Processed data: reception of requests, identity, contact details, instruction and monitoring of requests, in relation with the relevant department, track of history of requests and replies sent to claimants, development of data activity (statistics)
    • Legal basis: such Processing is necessary to comply with our aforementioned legal and regulatory obligations.
  • k) Management and monitoring of pre-litigation and litigation
    • Purpose: such Processing of Personal Data about you is carried out for:
      • the management and monitoring of pre-litigation and litigation (sales representatives or suppliers), including in particular the preparation, exercise and monitoring of disputes and the enforcement of the decisions rendered;
      • the management and monitoring of actions aimed at the establishment, exercise or defence of a legal right (including, where applicable, the enforcement of the decision rendered).
    • Data processed: information relating to the persons involved, victims, witnesses, judicial officers appointed in the dispute/in the proceedings (full name, contact details, date of birth, etc., history of discussions with the company (ex: reminder letters, formal notices, pleadings and procedural documents, etc.), information on the financial situation, and also economic and financial information relating to the dispute and the persons involved, etc., and more generally any information if this is necessary with regard to the subject matter of the dispute, including, where applicable, data relating to criminal convictions or offences or security measures, the proceedings at issue, the proceedings at the origin of the dispute, including, where applicable, data relating to criminal convictions, breaches or security measures, the disputed facts giving rise to the proceedings, the information, documents and records collected to establish the facts that may be alleged (finding, testimony, certificate, formal notice, report, logs extracted from a computer resource security tool, fact finding sheet, filing of complaint, medical certificate), the details of the dispute (start and closing date of dispute, court seized, date of summons, date of hearing, state of the proceedings, nature and scope of claims, allegations, arguments, observations and views of legal representatives, date of the judgment), the date, nature, reasons, the amounts and any staggered payments of the decision, comments on the description and follow-up of the proceedings,…
    • Legal basis: such processing of your personal data by the company is based on the legitimate interests pursued by the company in order to preserve/assert its interests and legal rights, particularly in performance of contractual relations with its customers, suppliers, contacts, training participants, etc. Furthermore, in the context of this Processing, so-called “special” Personal Data may be processed for the aforementioned purposes if they are strictly necessary for these purposes (for example: health data, data relating to criminal convictions, offences or security measures, etc.) and the establishment, exercise or defence of a legal right.

5 – WHO ARE THE ACCESSORS AND RECIPIENTS OF YOUR PERSONAL DATA? HOW DO WE SHARE YOUR DATA?

5.1     We make sure that only persons authorised within the company (“the Accessors”) can access your Personal Data when such access is necessary for the performance of their duties, including:

  • The authorised personnel of the marketing and communication department, as well as their line managers;
  • Authorised sales department staff and their line managers;
  • Authorised staff of the customer relationship and prospecting departments and their line managers;
  • Authorized administrative, financial and legal staff as well as their line managers;
  • Authorised staff of the development, production and maintenance departments and their line managers;
  • The authorized staff of the IT department, as well as their line managers;
  • Project management staff, as well as their line managers;
  • In terms of recruitment:
    • The managers of the company offering the position or the managers interested in an application from a specific entity;
    • The human resources team dealing with the local recruitment process in France,or outside the European Union (Vietnam, Singapore, USA);
    • President and General Director
    • At the end of the recruitment process, different departments may have access to the candidate’s personal information necessary for the performance of their duties either to prepare for his recruitment (i.e. the department in charge of the management of handicap to adapt the position before the recruitment), or to manage the candidate in human resources (i.e. service in charge of the payroll, formation, logistics services to create a badge, head of IT services to provide system accreditations necessary for the performance of the professional activity).
  • The DPO and the legal department may have access to Personal Data if there is a need related to data processing in special cases and on the condition that such access is strictly necessary.

5.2     Recipients may also receive your Personal Data, whether it was third party recipients or not, namely:

  • The authorised staff of the departments responsible for control in our company (auditor, services responsible for the (internal or external) control procedures, bodies authorised to carry out controls, particularly social and tax audits, etc.;
  • With the finalisation of the recruitment process by recruiting the candidate, information necessary for unemployment insurance, health insurance, retirement, health mutual of the Company etc., may be transferred to the managing bodies of these services, who are recipients. Therefore, the pre-hire declaration that EKINO must accomplish, under certain conditions, with the social welfare organization, leads to the transfer to these organizations of, in particular the first and last name, sex, date and place of birth, social security number of the candidate (if he’s already registered).
  • The staff of our counsel;
  • Authorised staff of suppliers, including in particular service providers and data processors, who are subject to a contract specifying their obligations;
  • Partners, whether contractual or commercial, and third-party companies, including, but not limited to social media publishers, publishers of third-party websites or publishers of cookies used on our Website, for example for marketing, communication, etc. or in the management of our digital marketing activities. In this respect, it is specified for the record that if you post content disclosing your Personal Data on the Internet, and in particular on our Website or on the social media pages of the company, such content may, of course, be accessible to any internet user;

Technical or other service providers involved in activities or missions for which access to Personal Data is strictly necessary and/or justified. This category of recipients may also include any application or tool publisher that would be used in connection with our activities, or any provider of IT service or provider of tool maintenance and applications that we use and in which your Personal Data may be processed;

  • Bodies, judicial officers and ministerial officers, within the framework of their mission of collecting debts;
  • If necessary, the body in charge of managing the telephone marketing opposition list;
  • Judicial officers, ministerial officers and, where applicable, competent jurisdictions to allow the sale or transfer of all or part of our activities or assets, or in the management and monitoring of pre-litigation and/or litigation procedures;
  • Our insurers;
  • If applicable, the entities of the group to which we belong: HAVAS/VIVENDI, in particular relating to recruitment or in order to participate in global projects, for example that can be, , located, for some of them, outside the European Union. In this case, you will be informed of the nature of the projects concerned and the entities involved, and if your consent is required in accordance with the applicable laws or regulations relating to the protection of Personal Data, it will be requested in advance.

For more information about Recipients and Personal Data flows as well as the appropriate safeguards that we implement to ensure the protection of such Data, we invite you to refer to the paragraph dedicated to Data Transfer outside the European Union below.

5.3     We may also be required to disclose your Personal Data in the event of legitimate requests from public authorities worldwide, including in order to meet requirements regarding compliance with the law of Personal Data, national security, the fight against fraud or, more generally, the application of legal or regulatory provisions. Your Personal Data may therefore, in particular, be communicated to any authority authorised to have access to it, particularly in case of requisition from the judicial, police or administrative authorities. In these cases, we will examine the applicable local provisions, the nature of the request, as well as its legitimacy and proportionality of the information requested. Finally, we reserve the right to report activities that we consider in good faith as illegal and alleged abuses to the public authorities.

5.4     It is specified that the Recipients referred to above are not necessarily Recipients of all your Personal Data, but only of the data required for the purpose involving such communication.

6 – HOW LONG DO WE KEEP YOUR PERSONAL DATA?

6.1     Unless otherwise specified, our retention periods for your Personal Data are as follows:

  • Management of requests for information and exchanges with the company, initiated via or through the Website or the company’s social media pages: retention for the period necessary to respond to your request;
  • Management of applications and the recruitment process: your Personal Data is retained for the duration necessary for the completion of the process of recruitment.

C.1. In the event of a negative outcome of your application:

(i) If we wish to retain your Application Data in order to be able to resume contact with you immediately after a position that matches your profile is proposed, we will inform you and maintain such Data active in the database for a maximum period of two years from the mail informing you of the negative outcome of your application, unless you oppose to this processing,

 (ii) If we do not wish to keep your Application Data to contact you later, we will keep your Data active in a database for three months from the email sent to you by the company indicating that your application is not successful and is not maintained in our applicant database so that you may, in this period, possibly question us about the reasons that led to this decision.

When the retention period in an active base expires, the information is placed in intermediate archiving for a period of five years from the end of the recruitment process for the purposes of proof in case of legal actions against the Company.

If your application is accepted by the company (hiring by the company), the information concerning you will be kept for a longer period of time, particularly for the administrative management of the company’s staff and payroll management, in accordance with any applicable legislative or regulatory requirements and with the privacy policy which is appended to our company’s internal rules;

C.2 In case of indirect collection and absence of application from your part :

(i) If we wish to retain your Data in order to contact you when a position related to your profile is proposed, we will inform you of this and we will keep such Data in the active database for a maximum period of two years from our mail with acknowledgment of receipt, unless you object to this processing. In case of a rejection decision and If no other application has been presented during the two year period, your Data will be erased. In case of a rejection decision and if another application has been presented during the two-year period, when the retention period in an active base expires, the information collected is placed in intermediate archiving for a period of five years from the end of the recruitment process for the purposes of proof to guard against legal actions against the Company in particular.

If your application is accepted by the company (hiring by the company), the information concerning you will be kept for a longer period of time, particularly for the administrative management of the company’s staff and payroll management, in accordance with any applicable legislative or regulatory requirements and with the privacy policy which is appended to our company’s internal rules

(ii) If we do not wish to keep your Data in order to contact you when a position matching your profile is vacant, we will erase your Data within three months, in order to keep your choice regarding the position in question, unless you object to this processing.

  • Management of our relations with our suppliers, including in particular our service providers and data processors: duration of the contractual or commercial relation;
  • Compliance with legal and regulatory obligations (including accounting, tax and administrative obligations) related to the performance of the contracts entered into by the company, and more generally to the company’s activity: duration of the current financial year increased by six months;
  • Newsletter (in case of registration on the Website): three years from the collection of Personal Data (see newsletter subscription) or the last contact from the Data Subject (for example: click on a link in the newsletter);

B2B prospecting/relationships with journalists/influencers by e-mail or by post or telephone: three years from the collection of Personal Data or the last contact from the Data Subject (for example, for a customer, from an order, the end of a service contract or the last contact from the customer and, for a potential customer, from the last contact by the customer (online request, e-mail or postal mail, telephone call, or click in an email to the customer’s attention sent by the company, etc.);

Understanding and browsing studies, including the carrying out and preparation of studies, analyses, reports and statistics: period to receive consent for cookies of six months from the storage of cookies on your terminal, and up to 25 months for Personal Data collected by this method. For more information, please refer to our dedicated Cookies Policy ;

  1. Organisation, management and monitoring of events: retention for the duration necessary for the organisation and follow-up of the event;
  • Management of requests for the exercise of the rights of data subjects: Data (date of request, date of rely, motive and the copy of the reply) are kept for the calendar year of the request, and five years after. Identification documents possibly transferred are:
  • Immediately erased if the request is not admissible or if the request that has been correctly addressed didn’t need any identification document.
  • Erased one year after reception of the request in any other case.

6.2     It is specified that your Personal Data may, however, be retained for longer than the aforementioned periods:

  • either after obtaining your consent; or
  • or, in the form of archives, in order to meet any legal and regulatory obligations imposed on the company (for example ten years with regard to the retention of documents and accounting documents) or even during the statutory limitation periods, particularly for purposes of evidence (in general five years as regards the statutory limitation period in civil matters, six years with regard to the statutory limitation period for criminal offences or two to five years in labour law) or opposition (15 months for payment card data that have been used in a transaction for example).

6.3     In the event of pre-litigation initiated before the end of the above periods and which would require the retention of the Personal Data, particularly in view of the establishment, exercise or defence of the rights of the company, the data shall be retained until the amicable settlement of the dispute (including its enforcement if applicable), or, failing this, shall be deleted when the corresponding legal action has been time-barred.

In the event of litigation/procedure, particularly legal proceedings, initiated before the end of the above periods and which would require the retention of the Personal Data particularly in view of the establishment, exercise or defence of the rights of the company, the data shall be retained for the duration of such proceedings and until ordinary and extraordinary remedies are no longer possible against the decision handed down. The decisions handed down may be kept by the company until the full enforcement of the decision, or even as definitive archives.

7 – WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?

7.1     You have the following rights, in accordance with the terms and conditions and within the limits defined by the applicable provisions relating to the protection of Personal Data:

  • Right of access: you may obtain confirmation that your Personal Data is processed or not by the company and, when it is, access to such Personal Data, as well as certain information relating to the Processing of your Personal Data;
  • Right of correction: you can ask for any of your Personal Data that you consider incomplete or inaccurate to be corrected;
  • Right to erasure: you may in some cases request deletion of your Personal Data; this right is not applicable for processing that has the respect of a legal obligation as its legal basis;
  • Right to restriction of Processing: you may request that the Processing of your Personal Data be restricted, allowing you to request in certain cases the marking of your Personal Data in order to limit its future Processing;
  • Right to portability of your Personal Data: you have the right in certain circumstances and under certain conditions to request the receipt of Personal Data about you that you have provided to us or, where technically possible, to transfer it to a third party, in a machine-readable form; this right is not applicable for processing that has legitimate interest or the respect of a legal obligation as its legal basis.
  • Right to withdraw your consent if the Processing is carried out on the legal basis of your consent;
  • Right to refer any complaints to the Commission Nationale de l’Informatique et des Libertés (National Commission for IT and Liberties) (cnil.fr) or “Cnil” if you consider that the Processing of your Personal Data is not carried out in accordance with the applicable provisions on the protection of Personal Data;
  • Right to set guidelines regarding the retention, erasure or disclosure of your Personal Data after your death. In this respect, in the event of death brought to our attention, please note that your Personal Data will be deleted, unless we need to retain it for a fixed period of time for reasons relating to our legal and regulatory obligations and/or the statutory limitation periods referred to above, after, where applicable, it has been communicated to a third party that may be designated by you.

In addition, under certain circumstances and under certain conditions, you have a Right of Objection by which you may object to the Processing of your Personal Data for reasons related to your particular situation, knowing that in case of prospecting, including profiling operations that would be related to such prospecting, you have a right of absolute opposition. This right is not applicable to processing that has consent, execution of contract or the respect of a legal obligation as its legal basis.

7.2     You may exercise your rights with our data protection officer (i) by email to the following address: dpo@mfglabs.com or (ii) by post to the following address: EKINO – Data Protection Officer – 9 rue de l’Ancien Canal – 93500 Pantin. In any event, in case of reasonable doubt as to the identity of the person making such a request for the exercise of his/her rights, the company may always request that it be provided with additional information necessary to confirm the identity of the Data Subject and request, where the situation so requires, the photocopy of an identity document bearing the signature of the holder.

We will respond as soon as possible and in any event within a maximum period of one month from the receipt of the request. If necessary, we may extend this period by two months, given the complexity and the number of requests, and we will inform you of this specifically.

7.3     Please be informed that pursuant to Articles L.223-1 et seq. of the Consumer Code, you may, if you are a consumer, object at any time to be solicited by telephone, by registering for free on the website “www.bloctel.gouv.fr“.

8 – HOW IS YOUR PERSONAL DATA SECURED?

8.1     The company shall implement appropriate organisational and technical security measures, in particular with regard to the categories of Personal Data processed, the state of knowledge, the implementation costs and the nature, scope, context and purposes of the Processing and the risks, the degree of likelihood and severity of which varies, for the rights and freedoms of natural persons, to protect your Personal Data against malicious intrusion, loss, alteration or disclosure to unauthorised third parties, and more generally to protect the security and confidentiality of such Personal Data and ensure a level of security appropriate to the risk.

Due to the difficulties inherent in carrying out an activity on the Internet and the risks that you are aware of, resulting from the electronic transmission of data, the company cannot, however, be bound by an obligation of result.

In the event of difficulties, the company shall make its best efforts to mitigate the risks and take all appropriate measures, in accordance with its legal and regulatory obligations (corrective actions, inform the Cnil and, where applicable, the data subjects, …).

8.2     When developing, designing, selecting and using our services offered on the Website which are based on the Processing of Personal Data, the company takes into account the right to the protection of Personal Data by default and as soon as they are designed (Privacy by design and by default principles).

8.3     The access to Personal Data about you is limited to our employees or partners, and more generally the Recipients referred to above, who are authorised and need to know the data in the performance of their duties. All employees who have access to your Personal Data are bound by a confidentiality obligation and are subject to sanctions if they do not comply with these obligations.

8.4     If all or part of the Processing of Personal Data is carried out by third party processors, the company contractually imposes on its third party data processors security guarantees and in particular confidentiality with regard to the Personal Data to which they may have access (appropriate technical and organisational measures for the protection of such Data).

9 – ARE YOUR PERSONAL DATA TRANSFERRED OUTSIDE OF THE EUROPEAN UNION?

9.1     Your Personal Data is preferably processed in the European Union.

9.2     As part of the aforementioned purposes, some of your Personal Data may, however, be transferred to third parties established in countries outside the European Union (for example, entities of the HAVAS VIVENDI Group, Data Processors of the company involved in the aforementioned Processing, your home company if established outside the European Union, etc.).

Some of these entities receiving your Personal Data are considered to ensure a sufficient level of protection of Personal Data because they are established in a country whose Personal Data protection regulations have been recognized as ensuring an adequate level of protection of the Personal Data (adequacy decisions of the European Commission https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).

In addition, if the country of the entity receiving your Personal Data does not provide an adequate level of protection for that Personal Data, we ensure that appropriate security and confidentiality measures are taken to ensure that your Data is protected.

Therefore, in these cases, you are informed that transfers of your Personal Data to other entities outside the European Union are governed by the provision of appropriate safeguards such as the conclusion, with the Recipients of such Data, of contractual clauses consistent with the European Commission’s recommendations to ensure that appropriate safeguards are in place in relation to the protection of such Data.

Please be informed that transfers of Personal Data outside the European Union are lawful if (i) the transfer is necessary for the performance of a contract between the Data Subject and the Controller or the implementation of pre-contractual measures taken at the request of the Data Subject, if (ii) the transfer is necessary for the conclusion or performance of a contract entered into in the interests of the Data Subject between the Controller and another natural or legal person, or if (iii) the Data Subject has explicitly consented to the proposed transfer, after having been informed of the risks that such transfer might involve for him/her due to the absence of an adequacy decision and appropriate safeguards.

A copy of the reference documents referred to in this paragraph may be obtained (exempt from any commercial information considered sensitive or confidential or covered by business secrecy), from the contact person mentioned in paragraph above “What are your rights and how can you exercise them?”.

10 – WHAT ARE THE LINKS TO THIRD PARTY WEBSITES?

10.1   Regardless of any considerations specific to the functioning of cookies, please be informed that our digital media may provide links to third party websites, including social networking websites. We do not control the activity of these websites and the policies they apply regarding the protection of your Personal Data and your rights, and we cannot control them. We invite you to examine the guarantees offered by these websites before any interaction with them. In this respect, your attention is drawn to the fact that the personal data protection policy of these websites may be different from that of the company and that it is your responsibility to read it.

10.2   If you post content disclosing your Personal Data on the Internet, and in particular on social networks, including the social media pages of the company, such content may be accessible to any Internet user, and collected or exploited by third parties, for purposes that are not our responsibility. In any event, the company cannot be held liable in the event that the Personal Data Processing implemented via one of these third-party websites contravenes the applicable legal and regulatory provisions.

11 – CHANGES TO THIS PRIVACY POLICY

11.1   This Privacy Policy may be amended at any time, and such amendments will take effect on the date of publication of the corresponding update.

11.2   In the event of a change, the new privacy policy will be posted on the Website in the dedicated section. In addition, all Personal Data collection forms on our Website provide a link to this policy.

11.3        We invite you to consult it regularly.

12 – MANAGEMENT OF COOKIES

12.1   Cookies and other trackers or similar technologies may be installed and/or read in your browser when you visit the Website in accordance with our Cookies Policy. For more information on the management of cookies, please consult our dedicated Cookies Policy.