Privacy policy
Object
This Policy is issued by SINARI INVEST, a company registered under SIREN number 851 197 830 R.C.S. Rennes, whose registered office is Technoparc Bät A, 4 avenue des peupliers 35510 Cesson-Sévigné.
Hereinafter referred to as the "data controller".
The purpose of this policy is to inform visitors to the sinari.com website of how data is collected and processed by the data controller.
This policy is part of the data controller's desire to act transparently, in compliance with national provisions and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
(Hereinafter referred to as the "General Data Protection Regulation").
The data controller pays particular attention to the protection of the privacy of the data subjects and therefore undertakes to take the reasonable precautions required to protect the personal data collected against loss, theft, disclosure or unauthorized use.
Personal data" is defined as all personal data relating to the user of the website (hereinafter referred to as "the data subject"), i.e. any information that enables him or her to be identified directly or indirectly as a natural person.
If the data subject wishes to respond to any of the practices described below, he or she may contact the data controller at the postal address or e-mail address specified in the "contact details" section of this Policy.
What data do we collect?
The data controller collects and processes the following personal data on data subjects in accordance with the procedures and principles described below:
- IP address;
- Data collected via the contact form;
- Data collected for job applications;
- All information concerning the pages consulted by the data subject on the site.
The data controller may also collect non-personal data. This data is considered non-personal because it does not directly or indirectly identify a specific individual. It may therefore be used for any purpose whatsoever, for example to improve the website, the products and services offered or the advertising of the data controller.
In the event that non-personal data is combined with personal data in such a way that it is possible to identify the persons concerned, such data will be treated as personal data until such time as it is impossible to associate it with a specific person.
Collection/processing methods
The data controller may process personal data in the following ways:
- Contact form;
- Application form;
- Cookies.
Categories of data collected, purposes, legal basis for processing and retention periods
Personal data is collected and processed solely for the purposes mentioned below:
|
Processing |
Data category |
Purpose |
Legal basis |
Retention period |
|
Contactform |
Name First name Company Address Zip or postalcode City Phone |
To respond to requests from Internet users. |
The legal basis for processing is the pursuit of the Data Controller's legitimate interest in providing follow-up to Internet users. |
- 3 years from the last contact with the data subject. - Mandatory request from the data subject to extend the data retention period by 3 years. |
|
Applicationform |
Last name First name Address Zipcode City CV |
-Managing the recruitment process for candidates, - follow-up and processing of applications, - management and follow-up of job interviews, - building up and maintaining the CV database. |
The legal bases for processing are: - the performance of pre-contractual measures - the pursuit of the Data Controller's legitimate interest in managing its recruitment processes. |
2 years after the last contact with the candidate, unless the candidate has objected to this storage. |
|
Commercialprospecting |
Name First name Company Address Postal code City Phone |
Commercial prospecting for professionals by electronic means. |
The legal basis for the processing is the pursuit of the Data Controller's legitimate interest in promoting its business. |
Until objection or 3 years from the last contact of the data subjects with the Data Controller. |
|
Cookies |
IP and connectiondata |
- to ensure site operation - keep users connected - audience analysis - advertising purposes |
The legal basis is the consent of the person concerned. |
13 months, except for site operation cookies whose duration is limited to the duration of the browser session. |
The data controller may carry out processing operations that are not yet covered by this Policy. In such cases, the data controller will contact the data subject before re-using his or her personal data, to inform him or her of the changes and give him or her the opportunity, where appropriate, to refuse such re-use.
Recipients of data and disclosure to third parties
Internal recipients:
The data recipients are exclusively the personnel authorized by the data controller, in charge of commercial relations, marketing and human resources.
External recipients:
|
Third parties |
Transmitted data |
|
SinariGroup entities |
Other Sinari Group entities may have access to the data, notably in the context of commercial prospecting operations or as part of centralized human resources management. |
|
Hubspot (digital marketing agency in charge of website creation and hosting) |
All site data. |
In the event of data being disclosed to third parties for direct marketing or commercial prospecting purposes, the person concerned will be informed in advance so that he or she can choose to accept the transfer of his or her data to third parties.
Where such transfer is based on the consent of the data subject, the latter may withdraw his or her consent at any time for this specific purpose.
The data controller complies with the legal and regulatory provisions in force, and will in all cases ensure that its partners, employees, subcontractors or other third parties with access to personal data comply with this Policy.
The data controller discloses the personal data of the data subject in the event that a law, a legal proceeding or an order from a public authority makes such disclosure necessary.
Enforcement of rights
The data controller reserves the right to verify the identity of the data subject in order to apply the rights set out below.
This request for additional information will be made within one month of the request being made by the data subject.
Data access and copying
The person concerned may obtain free of charge written communication or a copy of the personal data concerning him or her that has been collected.
The data controller may charge a reasonable fee based on administrative costs for any additional copies requested by the data subject.
Where the data subject makes such a request electronically, the information shall be provided in a commonly used electronic form, unless the data subject requests otherwise.
Unless otherwise stipulated by the General Data Protection Regulation, the data subject will be sent a copy of his or her data no later than one month after receipt of the request.
Right to withdraw consent
For all processing operations based on consent, in this case cookies, the data subject has the right to withdraw consent at any time.
Right of rectification
The person concerned may obtain, free of charge, as soon as possible and at the latest within one month, the rectification of any personal data that may be inaccurate, incomplete or irrelevant, as well as the completion of such data if it proves to be incomplete.
Unless otherwise stipulated by the General Data Protection Regulation, a request for rectification will be processed within one month of its submission.
Right to object to processing
The data subject may at any time, for reasons relating to his or her particular situation, object free of charge to the processing of his or her personal data, except where:
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject require protection of personal data (in particular where the data subject is a child).
The data controller may refuse to implement the data subject's right to object if it establishes the existence of compelling and legitimate grounds for the processing, which override the interests or rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims. In the event of a dispute, the data subject may lodge a complaint in accordance with the "Complaints" section of this Policy.
The data subject may also, at any time, object, without justification and free of charge, to the processing of personal data concerning him or her when the data is collected for the purposes of commercial prospecting (including profiling).
Where personal data is processed for scientific or historical research or statistical purposes in accordance with the General Data Protection Regulation, the data subject has the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her, unless the processing is necessary for the performance of a task in the public interest.
Subject to the exceptions provided for in the General Data Protection Regulation, the data controller is required to respond to the data subject's request as soon as possible and within one month at the latest, and to state the reasons for its response if it intends not to comply with such a request.
Right to limit processing
The data subject may obtain the restriction of the processing of his/her personal data in the cases listed below:
- Where the data subject disputes the accuracy of the data, and only for as long as it takes the controller to check it;
- Where processing is unlawful and the data subject prefers restriction of processing to erasure;
- when, although no longer necessary for the purposes of the processing, the data subject needs it for the establishment, exercise or defense of legal claims;
- During the time required to examine the merits of a request for opposition made by the data subject, in other words, the time required for the controller to check the balance of interests between the legitimate interests of the controller and those of the data subject.
The controller will inform the data subject when the processing restriction is lifted.
Right to erasure (right to be forgotten)
The data subject may obtain the erasure of personal data concerning him or her, where one of the following grounds applies:
- The data is no longer required for the purposes for which it was processed;
- The data subject has withdrawn his/her consent to the processing of his/her data and there is no other legal basis for the processing;
- The data subject objects to the processing and there are no compelling legitimate grounds for the processing and/or the data subject exercises his/her specific right to object in relation to direct marketing (including profiling);
- Personal data has been processed unlawfully;
- Personal data must be erased to comply with a legal obligation (under Union or Member State law) to which the data controller is subject;
- Personal data have been collected in the context of offering information society services to children.
However, data deletion is not applicable in the following cases:
- Where processing is necessary for the exercise of the right to freedom of expression and information;
- Where processing is necessary for compliance with a legal obligation which requires processing under Union law or the law of the Member State to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- Where processing is necessary for reasons of public interest in the field of public health;
- Where processing is necessary for archival purposes in the public interest, for scientific or historical research, or for statistical purposes, and insofar as the right to erasure is likely to render impossible or seriously compromise the achievement of the purposes of the processing in question;
- when processing is necessary for the establishment, exercise or defense of legal claims.
Subject to the exceptions provided for in the General Data Protection Regulation, the data controller is required to respond to the data subject's request as soon as possible and within one month at the latest, and to give reasons for its response if it intends not to comply with such a request.
Right to data portability
The data subject may, at any time, request to receive, free of charge, his/her personal data in a structured, commonly used and machine-readable format, in particular with a view to transmitting it to another data controller, where:
- Data processing is carried out using automated procedures; and when
- The processing is based on the consent of the data subject or on a contract between the data subject and the data controller.
Under the same conditions and according to the same procedures, the data subject has the right to obtain from the data controller that personal data concerning him or her be transmitted directly to another data controller, insofar as this is technically possible.
The right to data portability does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Security
The data controller implements the appropriate technical and organizational measures to guarantee a level of security for the processing and the data collected, appropriate to the risks presented by the processing and the nature of the data to be protected. He takes into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks to the rights and freedoms of the persons concerned.
The data controller has put in place appropriate security measures to protect and prevent the loss, misuse or alteration of the information received.
Should the personal data under the controller's control be compromised, it will act promptly to identify the cause of the breach and take appropriate remedial action.
The data controller will inform the data subject of the incident if required to do so by law.
Information recruitmentform
The information collected on this form is recorded in a computer file used by the SINARI groupas data controller for (i) managing the recruitment process for candidates, (ii) tracking and processing applications, (iii) managing and tracking job interviews, where applicable, and (iv) building up and maintaining the CV database.
This processing is necessary for the performance of any pre-contractual measures that may exist between the Data Controller and candidates responding to these job offers, as well as for the pursuit of the Data Controller's legitimate interest, namely the management of its recruitment processes.
The data collected will be communicated only to the following recipients: in-house recruitment staff and service providers required for the proper management of the website. The Data Controller may also transfer some of your personal data to other companies in the Sinari group, if necessary, for the purposes of managing your application and enriching its CV library.
You can consult the list of third parties with access to data in our privacy policy.
Fields marked with an asterisk must be completed by the applicant, and failure to do so may compromise the processing of his/her application. In all other cases, the information required is optional and has no impact on the examination of the application.
Data is kept for 2 years after the last contact with the candidate, unless the candidate has objected to this retention.
You have the right to access your personal data, rectify it, ask for it to be deleted or exercise your right to limit the processing of your data. Visit cnil.fr for more information on your rights.
To exercise these rights, or if you have any questions about the processing of your data under this system, please contact us at dpo@sinari.com , indicating "Individual rights" in the subject line.
If, after contacting us, you feel that your rights under the Data Protection Act have not been respected, you may submit a complaint to the CNIL (French Data Protection Authority).
Claims and complaints
If the data subject wishes to respond to any of the practices described in this Policy, he or she is advised to contact the data controller directly.
The data subject may also lodge a complaint with his or her national supervisory authority. They can send a complaint online to the CNIL or by post:
Commission nationale de l'informatique et des libertés (CNIL)
3 Place de Fontenoy
TSA 80715
75334 Paris cedex 07
Tel: +33 1 53 73 22 22
In addition, the person concerned may lodge a complaint with the competent national courts.
Contact details
For any questions and/or complaints relating to this Policy, the data subject may contact the data controller at the following e-mail address: dpo@sinari.com
Modification
The data controller reserves the right to modify the provisions of this Policy at any time. Amendments will be published directly on the data controller's website.
Applicable law and jurisdiction
This Policy is governed by the national law of the data controller's principal place of business.
Any dispute relating to the interpretation or execution of this Policy shall be subject to the jurisdiction of this national law.
The current version of the Policy is dated 06/03/2025.