Privacy policy

Privacy policy

Last updated: January 1, 2020

Preamble

Alotra is concerned about the protection of personal data and undertakes to ensure the best level of protection for your personal data, in accordance with the Data Protection Act of 6 January 1978 as amended (hereinafter "LIL") and the Regulations ( EU) General on Data Protection of April 27, 2016 (hereinafter “GDPR”). The following information explains our policy regarding the collection, use and disclosure of personal data when you use our services as well as the choices available to you with regard to this data.
Alotra may be required to modify the terms of this Data Protection policy, in particular in the event of the implementation of new processing of Personal Data. You are encouraged to check this page regularly to ensure that you are happy with any changes. You will be informed of these changes either by special notice on our website or by email notification.

What is personal data?

Personal data means any information or set of information that identifies you directly or indirectly.

Who are the data controllers responsible for protecting your personal data?

A controller is an entity which determines the purposes and means of processing your personal data and which is responsible for complying with the applicable regulations on the protection of personal data.
The person responsible for processing personal data is Alotra, an association declared to be governed by the law of July 1, 1901, whose head office is located at 33 boulevard Maréchal Juin, 13004 Marseille, registered under number 377 740 709 00110 and represented by its Chairman in office Henri RIEU. Whether it is a controller or a subcontractor, Alotra takes appropriate measures to ensure the protection and confidentiality of the personal information it holds or processes in compliance with the provisions of the LIL and the GDPR.
Alotra has appointed a Personal Data Manager (RPD) who is your contact for any question relating to the processing of your data. You have the right to access, rectify and delete personal data concerning you. You also have a right to object to the processing of your data for legitimate reasons as well as a right to object to this data being used for commercial prospecting purposes.
You can implement these rights by mail or by using the contact form accessible on the contact page of the website, specifying at the beginning of your message: RGPD Message for the Person in charge of the Protection of Personal Data and attaching your document. identity bearing your signature.
Your written request must be signed and accompanied by a photocopy of an identity document bearing your signature and specify the address to which you must send the response. A response will then be sent to you within one month of receipt of the request.
The user is informed that during his visits to the site, a cookie may be automatically installed on his browser software. The configuration of the navigation software makes it possible to inform of the presence of a cookie and possibly to refuse it.
In the event of a complaint about the way we process your data, you also have the right to contact the Commission Nationale de l'Informatique et des Libertés (CNIL), 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07, tel. : 01 53 73 22 22, www.cnil.fr.

How do we collect your data?

We collect your personal data directly from you when you use our website and our services by filling out various forms or by contacting us by telephone. We also collect your personal data automatically when you access or use the Website.

What personal data do we collect?

We collect information relating to your identity, your postal and / or electronic contact details directly from you. We also collect directly from you the information necessary for the proper execution of our missions. Finally, we automatically collect technical data: device used to use our website: operating system, browser type, IP address, access times, pages visited and the link that allowed you to access to our website.
We limit the collection of personal data to data that is adequate, relevant and strictly necessary for processing.
Alotra is contractually committed within the framework of its mission contracts to bring the greatest respect to the security and confidentiality of the personal data that it is called upon to process in this context.

On what legal grounds and for what purposes do we use the data we collect?

In accordance with the applicable personal data protection regulations, article 6 of the GDPR, we only collect personal data when we have a legal basis for this.
Personal data is collected either on the basis of your consent (1), in our legitimate interest (2) and in order to fulfill our legal obligations (3).
We collect personal data on the basis of your consent for the following purposes:
1a. Manage your requests and questions: we use your data to send you the information you request,
1b. Manage your housing requests: we use your data to study your housing request and develop statistics.
1 C. Manage your applications: we use your data to study your application.
We collect personal data on the basis of our legitimate interest for the following purposes:
2a. Perform our contractual obligations,
2b. Defend our interests in the event of litigation or legal action,
2c. Manage the cyber-security of the website,
2d. Prevent fraudulent actions to ensure the security of our assets and content.
We collect personal data in order to fulfill our legal obligations for the following purposes:
3a. Manage our staff (employment contract, payslip, payment of salaries, keeping of various registers, mutual health insurance, professional interviews and training, social declarations, etc.)
3b. Manage invoicing
We may also have to keep your personal data when the law requires us to do so or in order to assert the rights we have under the law.

Who has access to your data?

Your data is processed by Alotra for the purposes referred to above and is only accessible to staff members who need to know about it in the performance of their duties.
Your data may also be made accessible to third parties, namely: our subcontractors and service providers intervening for technical reasons (hosting, security and maintenance provider of the website, technical provider in charge of the internal server, etc. .), any authority, jurisdiction or other third party when such communication is required by law, a regulatory provision or a court decision, or if such communication is necessary to ensure the protection and defense of our rights.

Are personal data transferred outside the European economic area?

The personal data that we process is not transferred outside the European economic area.

How long do we keep your data?

Your data is kept for the duration necessary for the purpose for which it was collected and / or according to the legal retention period imposed by law and, in any case, will be destroyed at the end of this period.

How is the security of your data ensured?

The security of your data is important to us. We implement and require from our partners and subcontractors, technical and organizational measures in accordance with applicable French and European legal and regulatory requirements, which ensure the security and confidentiality of your data.
However, no method of transmitting data over the Internet or method of electronic storage is 100% secure. Although we try to use commercially acceptable methods to protect your personal data, we cannot guarantee absolute security.