Privacy Policy

Personal Data Protection Policy

Geopost is committed to personal data protection both during our business operations and as part of the services provided.
This Policy sets out the principles and guidelines we apply to protect your Personal Data. It is designed to explain:
• The types of Personal Data we collect and the reasons why we collect it,
• How we use your Personal Data,
• Your rights as the data subject.

This Policy applies to the processing of Personal Data in the context of GeoPost’s group intranet accessible through intranet.geopost.com. All operations on your Personal Data are carried out in compliance with the regulations in force and in particular with the European Regulation (EU) 2016/679 of 27 April 2016 on the protection of personal data (GDPR), the law n°78-17 “Informatique, Fichiers et Libertés” of 6th January 1978 as amended, as well as its application decrees.

How does Geopost deal with Personal Data Protection?

Geopost considers the protection of your Personal Data and privacy when designing new products and services (principles of “privacy by design” and “privacy by default”), and where appropriate, when these products or services are revised/upgraded. To ensure the security of your Personal Data and safeguard the proper exercise of your rights, GeoPost implements measures designed to protect your Personal Data :

  • Establishment of a procedure for exercising rights and a procedure in the event of a personal data breach;
  • Carrying out IT security and GDPR compliance questionnaires prior to the implementation of a project or an application;
  • Verification of the guarantees presented by our subcontractors and future subcontractors with regard to the requirements of the GDPR;
  • Carrying out internal audits, drawing up recommendations, monitoring and updating the inherent actions;
  • Consulting with project managers to define relevant and reasonable retention periods, not exceeding the time necessary to fulfil the purpose of the processing;
  • Maintaining and updating a register of processing operations;
  • Conducting regular training sessions for all our employees;
  • Coordination of a Data Protection Officer network including all our European subsidiaries

What Personal Data are used by Geopost?

GeoPost undertakes to only collect the data that is strictly necessary for the provision of the requested services.
If optional data is requested, you will be given a clear explanation of the Personal Data Geopost needs to provide the requested service and the data you may decide to provide voluntarily.

Where does the data we process come from?

The Group Intranet retrieves your identification data (name, surname, email) from the Group SSO. They are collected in order to identify you on the Group Internet and are mandatory.

To which services or companies are your Personal Data transferred to?

In the context of the Group Intranet, the data are not transferred to other services or companies.

Can your Personal Data be transferred to non-EU countries?
The data processed in the context of the Group Intranet is not transferred to non-EU countries.

How long will Geopost keep your Personal Data?
Geopost undertakes not to retain your Personal Data any longer than is necessary for the provision of the service or, if applicable, for compliance with the retention periods arising from the applicable limitation periods.
In the context of the Group Intranet, your data is retained from the creation of your account to up to 6 months after the deletion of your account. Following that limit, the information from your profile is deleted and the publications are anonymised.

Are your Personal Data protected?
Geopost undertakes to adopt all measures protecting the security and confidentiality of your Personal Data and, in particular, to prevent any damage, erasure or unauthorised access by a third party.
To this end, GeoPost has an Information System Security Policy based on the ISO 27002 standard, which defines the guidelines for good information security management practices. The policy covers human, physical, organisational and technical security controls.
If your Personal Data is affected by a security breach (destruction, loss, alteration or disclosure), Geopost undertakes to fulfil our obligation to notify Personal Data Breaches, in particular to the French Data Protection Authority (CNIL) and to inform you as soon as possible in accordance with Article 34 of the GDPR.

What are your rights concerning your Personal Data?
You may contact Geopost to exercise your rights held under the personal data regulations in force at any time:
Right of access: you may obtain a copy of your Personal Data being processed by Geopost;
Right to rectification: you may update your Personal Data or ask us to rectify your Personal Data processed by Geopost;
Right to object, in particular to prevent direct marketing: you may notify your preference not to receive direct marketing from Geopost or ask GeoPost to stop processing your Personal Data;
Right to erasure: you may ask Geopost to delete your Personal Data;
Right to restrict processing: you may ask Geopost to suspend the processing of your Personal Data;
Right to data portability: you may ask GeoPost to retrieve your Personal Data for reuse.

Whenever you sign up for a service or provide Personal Data, Geopost will state the postal and/or email address to which any data subject requests may be sent.
All requests must be submitted with proof of your identity. Geopost undertakes to respond to your data subject requests without undue delay and in any event, within the times imposed by law.

Contact
If you have any questions about the use of your data by Geopost, you can contact us at [email protected].

Has GeoPost appointed a Data Protection Officer?

The appointment of a Data Protection Officer reflects Geopost’s commitment to ensuring the protection, security and confidentiality of Personal Data.
Our Data Protection Officer may be contacted at the following address:
Data Protection Officer
CP C703
9 Rue du Colonel Pierre Avia
75015 Paris

If you believe, after having contacted us, that your rights with regard to your data have not been respected, you may submit a complaint to the Commission Nationale de l’Informatique et des Libertés (3 place de Fontenoy – TSA 80715 – 75334 Paris cedex 07; tel: 01 53 73 22 22).

Changes to this Privacy policy

Our privacy policy is reviewed on a regular basis.

Geopost reserves the right to change its privacy policy at any time with or without prior notice. We therefore recommend that you inform yourself regularly about any changes. By using Geopost’s intranet you accept the terms of this privacy policy.

Cookies

We use cookies or other tracers to facilitate the use of the site, improve the performance and security of the site. These cookies are necessary for the use of the intranet.

GLOSSARY

All capitalised terms are defined as follows:

“Data Protection Policy”: Means this Policy describing the measures adopted for the processing, exploitation and management of your Personal Data and your data subject rights.

“Personal Data”: Means any information relating to you that can be used to identify you, directly or indirectly as a natural person.

“Processing”: Means any operation or any set of operations performed on your Personal Data.

“Personal Data Breach”: Means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your Personal Data.

Like 0