The CIS EVIAN collects, through their activities, data, some of which identify or make identifiable natural persons.

1.1 The legal basis for collection

The legislation lists the legal bases for the collection of personal data, otherwise the legitimate justifications for data collection.
These legal bases are explained and/or recalled in the context of the collections carried out by CIS EVIAN

As such, the association may collect personal data on the basis of:

N.B.: The collection of the personal data of our members and/or users is necessary in order to fulfil the terms of the contract (e.g. membership, registration to an activity, reservation of a service...) and to ensure the provision of the subscribed service or product acquired by the natural person concerned.
Thus, in this context, the consent of the person is not necessary since the treatments performed are related to the execution of the « Contract ».

The legitimate interest of the controller:

N.B.: In certain circumstances, the very nature of the service provided by the CIS EVIAN implies the collection of the personal data of its customers and users and the transmission of this information to designated third parties (e.g. the linking services).

These treatments, linked to the legitimate interest of the controller in this case, are considered to be a reasonable expectation on the part of the data subject with regard to the description of the service provided.

It is the daily concern of the association to assess whether its legitimate interest is not offset by the interest of the person concerned or by respect for his fundamental rights and freedoms.

A legal obligation making treatment compulsory:

N.B.: The regulatory context of an activity may make certain processing and data transfer mandatory, e.g. for invoicing products or services, statistical institutions, etc.

1.2 Method of collection:
(a) Collection through forms

Access, use, download, purchase or subscription to certain services or products implies the collection of personal data concerning the user.

In these cases, when filling in the paper and electronic forms, the persons transmit information concerning them.

These forms systematically specify:

• the name of the controller,
• the purposes associated with the collection carried out,
• if the collection is made necessary by the subscription of the service concerned or by the purchase of the intended product,
• any other holdings envisaged and the legal basis for the collection carried out;
• a reference to the relevant pages of this Charter on the modalities for the exercise of rights by natural persons, the contact details of the DPO, the rules concerning the period of retention of data, the procedure for lodging complaints with the supervisory authority, etc...

(b) Telephone collection

The CIS EVIAN carries out certain services by telephone and on this occasion can collect personal data.

Where possible, telephone contact is confirmed by sending an email allowing the person concerned to keep a written record of the conversation and to be able to exercise his rights at any time.

2. What types of information are collected?

Some of the information collected is « Personal data », i.e. data concerning persons identifying them. In accordance with the legislation in force, the CIS EVIAN adopted the principle of minimisation in the collection and collects only the data strictly necessary for the purpose pursued and explained from the natural persons concerned, leaving them with any capacity to exercise their rights. The personal data that may be requested, depending on the nature of the services or products provided, are as follows:

Mainly:

• Your name and contact information, including your e-mail and postal addresses,
• Your function,
• Your phone numbers.

3. What is the purpose of the data collected?

3.1 Use of data collected

The EVIAN CIS may use the personal data in their possession in order to:

• sending information on its activities, services, offers and other information relating to its services adapted to the interests of the persons concerned;

These personal data will be used by CIS EVIAN in its activities and services. They are used only within the strict limits laid down by the legislation in force.

3.2 Method of sending information

Depending on the contact information collected, the CIS EVIAN may transmit information by the following means:

• Text message sent to a person (SMS, notification, email, and/or any other form of electronic message);
• Message via social networks;
• Telephone;
• Mail;
• Internet search engine.

3.3 Objectives of data collection

The purpose of the collection shall be systematically indicated when it is carried out directly by the EVIAN CIS and recalled during the transfer of the data when the collection has been carried out by a third party. The association may use a person's personal data in particular to register it on its websites and/or information systems and to manage the billing of the services and activities provided. Ex.: treatment of reservations or registration

4. How and how long are the data stored?

4.1 Storage of personal data

The EVIAN CIS shall take all appropriate precautions in order to preserve the security and confidentiality of Personal Data and in particular to prevent their distortion, damage or access by unauthorized third parties. The recommendations of the National Information Technology and Freedom Commission are taken into account in the management of security for the entire association.

4.2 Data retention period and archiving

The shelf life depends on the activity concerned, the nature of the contact (members / users or prospect) and the uses of the sector.

♦ The Evian MJC Spaces retain certain mandatory documents (invoices, etc.) for the legal retention period.

♦ The retention period of personal data is set by default for all CIS EVIAN for a period of 5 years.

♦ The duration is sometimes related to the relevance or necessity of its processing: the data of members / users are kept for the duration of the service relationship.

4

5. Who are the third parties having access to the personal data collected?

5.1. Inside CIS EVIAN

The CIS EVIAN is composed of several entities that may be provided with personal data from another entity of the association, as part of its functional organisation.

5.2. Outside CIS EVIAN

The EVIAN CIS may transfer the personal data it collects to different third parties, for example:

• partners in the context of a request to link up or in the context of setting up a prospecting file. For example the national network Ethics Steps.
• benefits on its behalf.
• in cases where the law provides for this or upon formal request by an authority (in particular in the context of a judicial procedure), public, parapublic or private bodies in the framework of a public service mission;

5.3. Working arrangements with third parties

In cases where personal data are transmitted to a third party for some reason (e.g. services provided to a user), the EVIAN CIS shall apply the conditions laid down by the legislation in force, in particular the information of the persons concerned about the transfer.

The association shall ensure that appropriate contractual provisions between the CIS EVIAN and the third party concerned ensure that the latter:

• The Commission shall use personal data only for the purpose specified by it and in accordance with the objectives set out in this Charter,
• And have taken appropriate security measures to prevent unauthorized or unlawful processing of personal data, accidental loss or destruction of or damage to such personal data.

6. Who to contact for information?

The CIS EVIAN has adapted their organisation in order to meet the requirements of the European Data Protection Regulation and to provide any person with all information on the personal data concerning them collected and on the processing carried out on these data.

6.1 The exercise of rights of access, opposition, rectification and deletion

Any request related to the exercise of your rights should be sent to the address evian.fjt@alfa3a.org
This request must contain a maximum of information so that it can be processed on receipt within a maximum of two months: for example, persons must specify the e-mail address requested and for which they send the request in order to facilitate the search.

6.2 Exercise of the right to forget

Any request for personal data must be sent via the contact form.

The request shall state the reasons for the request. Once data deletion is processed, any request for de-reference of an article in a search engine must be sent directly to that search engine by the data subject.

6.3 Data portability

Any request related to data portability must be sent to the CIS EVIAN DPO who will answer you on the feasibility of such a request.

6.4. Designation of a Data Protection Officer (DPO) and use of the supervisory authority

In order to complete this system, CIS EVIAN has appointed a Data Protection Officer which can be reached using the contact form for any questions or difficulties relating to the processing of personal data.

Anyone has the possibility to contact the National Commission for Information and Freedom (CNIL).

7. Recruitment

As part of its recruitment policy, the CIS EVIAN collects and stores personal data on potential candidates.

CIS EVIAN collects the information necessary to find the most suitable profiles for the positions to be filled in accordance with the law and the rights and freedoms of persons.

The association shall prohibit the transmission to a third party of the CV with the contact details of a person, without his consent. Candidates who wish to modify or delete their personal data from our databases may send an e-mail indicating the subject « Personal data ».

8. How will you be informed about updates to this charter?

The EVIAN CIS may be required to modify or update this Personal Data Charter. Any updates will be posted at locations deemed appropriate, so that any user will be notified of the date of the last update.