Personal Data Protection Policy — Cynoia
Last update: November 1st, 2023
Version 1.0
*This policy shall be reviewed annually or each time when the changes in our data processing occur.
1. Scope and definitions:
1.1. Scope:
This Personal Data Protection Policy (the “Policy”) describes Cynoia SAS internal rules for personal data processing and protection. The Policy applies to all Cynoia SAS group entities, including Cynoia SAS and all other subsidiaries of the group, employees and contractors of the entities (“we”, “us”, “our”, “Cynoia”). The management of each entity is ultimately responsible for the implementation of this policy, as well as to ensure, at entity level, there are adequate and effective procedures in place for its implementation and ongoing monitoring of its adherence. For the purposes of this Policy, employees and contractors are jointly referred to as the “employees”.
1.2. Privacy manager:
Privacy Manager is an employee of Cynoia responsible for personal data protection compliance within Cynoia (the “Privacy Manager”). The Privacy Manager is in charge of performing the obligations imposed by this Policy and supervising other employees, who subject to this Policy, regarding their adherence to this Policy. The Privacy Manager must be involved in all projects at an early stage in order to take personal data protection aspects into account as early as the planning phase.
The designated Privacy Manager at Cynoia SAS is Ayoub RABEH.
1.3. Definitions:
1.3.1. Competent Supervisory Authority:
Means a public authority that is responsible for regulating and supervising personal data protection with regards to activities of Cynoia.
1.3.2. Data Breach:
Means a breach of the security and/or confidentiality leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed. This includes but is not limited to e-mails sent to an incorrect or disclosed list of recipients, an unlawful publication of the Personal Data, loss or theft of physical records, and unauthorized access to personal information.
1.3.3. Data Controller:
Means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines (make a decision) the purposes and means of the processing of Personal Data.
1.3.4. Data Processor:
Means a natural or legal person, public authority, agency or other body which processes the Personal Data on behalf of the data controller.
1.3.5. Data Protection Laws:
Mean any laws and legal rules on personal data use and protection applicable to the activities of Cynoia, including, but not limited to the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR).
1.3.6. Data Subject Request (DSR):
Means any request from the Data Subject and concerning their personal data and/or data subject rights.
1.3.7. Data Subject:
Means a natural person, whose Personal Data we process. Data Subjects include but are not limited to users, website visitors, employees, contractors, and partners of Cynoia.
1.3.8. Personal Data:
Means any information relating to an identified or identifiable Data Subject; a Data Subject can be identified by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or the combination of factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that Data Subject.
1.3.9. Processing:
Means any operation or set of operations which is performed by Cynoia on Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.3.10. Standard Contractual Clauses:
Means the European Commission Decision of February, 5 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council (2010/87/EU).
1.3.11. Third Party:
Means a natural or legal person, who accesses the Personal Data for further processing and is not an employee, member or corporate affiliate of Cynoia. This definition does not apply to natural persons, who provide services to Cynoia as contractors on a regular basis.
1.3.12. User:
Means a Data Subject who uses our services provided on Cynoia website.
2. Data Processing Principles:
2.1.
Cynoia’s processing activities must be in line with the principles specified in this Section. The Privacy Manager must make sure that Cynoia’s compliance documentation, as well as data processing activities, are compliant with the data protection principles.
2.2.
We must process the Personal Data in accordance with the following principles: