Protection of personal data
CEN takes respect for the privacy and protection of its Customers' personal data very seriously and undertakes to implement appropriate measures to ensure the protection of personal data (hereinafter the "Data") and to process and use such data in compliance with the applicable provisions and in particular with European Regulation 2016/679 of 27 April 2016 and Law No. 78-17 of 6 January 1978, as amended, known as the "Data Protection Act" (hereinafter the "Applicable Provisions").
The Data is processed electronically by CEN acting through its RGPD Referent.
Personal data is collected in a variety of ways: on the www.cenego.com website, at conferences organised by our organisation and through recommendations.
This data helps us for logistical and commercial purposes.
This data may be communicated to our partners for the strict purposes of managing commercial relations.
The Data is kept for the time strictly necessary to fulfil the purposes set out above.
All individuals have the right to access, rectify, delete and port their Data, as well as the right to limit and object to the processing and to organise what happens to their Data, including after their death. These rights may be exercised in accordance with the following procedures:
- electronically to the RGPD referent at the following address: firstname.lastname@example.org
- or by post to the address below:
European Negotiation Centre
Ms Natacha Roset
10 Rue de Penthièvre - 75008 PARIS
If the right to object is exercised, all communication with the Customer (with the exception of account management) will cease.
If the Customer transmits and/or integrates Data necessary for the provision of Training, the Customer will be the Data Controller.
In its capacity as subcontractor, CEN undertakes to process the Data in accordance with the Customer's documented instructions and solely for the purpose of providing the Training. If CEN considers that any instruction constitutes a breach of the applicable Provisions, it shall immediately inform the Customer. By way of exception, if CEN may be required to process Customer Data under the Applicable Provisions, then CEN will inform Customer of this legal obligation prior to processing, unless the relevant law prohibits such information. CEN guarantees the confidentiality of the Data processed in the context of the Training. CEN undertakes to ensure that persons authorised to process the Data receive the necessary training in the protection of personal data and undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality. CEN undertakes to take into account, with respect to its tools, products, applications or services, the principles of data protection by design and data protection by default. CEN undertakes to put in place appropriate technical and organisational measures to protect the integrity and confidentiality of stored Data. CEN undertakes to present sufficient guarantees to ensure the implementation of security and confidentiality measures with regard to the nature of the Data and the risks presented by the processing.
CEN shall make available to Customer the documentation necessary to demonstrate compliance with all of its obligations and to permit and assist in audits, including inspections, by Customer or another auditor appointed by Customer. In the event that the Customer is required to provide Data to a third party and/or an administrative or judicial authority, CEN shall cooperate with the Customer in providing the required information in accordance with this Agreement and applicable standards. CEN shall notify the Customer of any Data breach after becoming aware of it. The name and contact details of CEN's RGPD Referent are set out in Article 9.2.
CEN hereby informs the Customer that the Data is hosted within the European Economic Area. In the event of subcontracting, CEN undertakes to sign a written contract with the subcontractor requiring the latter to comply with the applicable Provisions and with all of the obligations referred to in this article, it being specified that in the event of a subcontractor failing to comply with its obligations with regard to the protection of personal data, CEN shall remain fully liable to the Customer.
Any person whose Data has been collected by the Customer benefits from the rights of access, rectification, deletion, portability of the Data as well as limitation and opposition to the processing and organisation of the fate of their Data after their death by contacting the Customer directly. The Customer guarantees CEN that it has carried out all the obligations incumbent upon it under the applicable Provisions and that it has informed natural persons of the use made of the Data. In this respect, the Customer guarantees CEN against any recourse, complaint or claim emanating from a natural person whose Data is processed. In addition, the Customer undertakes to document in writing any instructions concerning the processing of the Data by CEN, to ensure, beforehand and throughout the duration of the Training, that CEN complies with the obligations set out in the Applicable Provisions, and to supervise the processing, including carrying out audits and inspections of CEN.
The Data is kept only for as long as is necessary for the purpose for which it was collected. CEN undertakes, at the Customer's option, to destroy or return the Data at the end of the Training, and to justify in writing to the Customer that it will not be keeping any copies.