Privacy policy and treatment of personal data

Contact details of SONNAR's Data Protection Officer (DPO):

SONNAR, a simplified joint stock company with capital of 10,652.20 euros, registered in the Paris Trade and Companies Register under number 905 354 189, having its registered office at 12 rue Etienne Jodelle, 75018 Paris (hereinafter the " Company " or " SONNAR "), represented by Mr. Thibaut Dousset, its duly authorized Managing Director, collects and processes the personal data of persons representing its customers/prospects and those of candidates encountered in the course of services provided by SONNAR to its customers. As an employee or representative of one of SONNAR's clients or prospects, or as a candidate, you are considered to be a contact for SONNAR (hereinafter the " Contact " or " You ") and SONNAR must collect and process some of your personal data in order to interact with you and the client/prospect for whom the Contact works.

Accordingly, SONNAR ensures that it adopts and complies with a policy of confidentiality, processing and protection of personal data (hereinafter the "Policy") that complies with current regulations and in particular with the General Data Protection Regulation No. 2016/679 of April 27, 2016 (the " GDPR ") and the French Data Protection Act of 1978 as amended.

The purpose of this Policy is to set out the terms and conditions under which the Company processes the Interlocutor's personal data.

SONNAR reserves the right to modify the Policy at any time in accordance with regulations and undertakes to inform Interlocutors of such changes by means of a notification.

‍

1. The data controller

SONNAR is responsible for processing personal data collected and processed under the conditions of this Policy applicable to Interlocutors.

You may contact SONNAR using the contact details given in the preamble or in Article 9 "Contact" of this Policy.

2. Sources and categories of personal data

2.1. Source and collection of personal data

SONNAR collects the personal data of Interlocutors for the purpose of exchanging with them in order to facilitate the provision of services. In particular, SONNAR collects and processes the personal data of Interlocutors during the search for candidates or during exchanges between the Interlocutor and SONNAR employees via any communication medium.

SONNAR also processes all personal data provided spontaneously and voluntarily, in particular when a Contact Person contacts SONNAR.

2.2. Personal data

The Company collects and processes the personal data required to contact the Contact Person and to identify the Contact Person. The data collected is as follows:

Contact name and surname
Contact telephone number
Contact email address

2.3. Mandatory provision of data

The information listed in article 2.2 is mandatory in order for SONNAR to be able to contact the customer/prospect or applicant and present SONNAR's services to its customers/prospects or applicants. Without the provision of this data by the Interlocutor, Sonnar will not be able to enter into a relationship with the Interlocutor or a customer/prospect.

2.4. Data accuracy

SONNAR makes every effort to keep personal data accurate and complete. To ensure that we have the most up-to-date information, You may notify us of any changes to your contact details or any other data by contacting the Company using the contact details mentioned in Article 9 "Contact" below.

2.5. Location of personal data

The personal data collected for which SONNAR is responsible is hosted in France on SONNAR's servers hosted by the company AWS.

Further details concerning the guarantees taken for data transfers outside the European Economic Area are given in article 6.

3. Purposes and legal basis of processing

Personal data are processed by SONNAR for the following purposes:

Manage the relationship between SONNAR and its customers/prospects as well as with candidates;
Managing collections ;
Detect, investigate, prevent or take action regarding illegal activities, abuse, suspected fraud or situations involving potential threats to the security or rights of a person or entity and to use as evidence in litigation;
Investigate, prevent and deter violations of this Policy; and
Protect and defend the rights and interests of SONNAR, including its intellectual property rights, before the competent courts or tribunals.

For the above purposes, the Company's legitimate interest is to enforce its rights and prevent fraud and any prohibited or illegal activity.

The company also seeks to enable employee training and compliance and safety audits.

In this way, the Company's legitimate interest is to maintain the level of competence and enrich the knowledge of its teams.

Finally, data is collected to meet legal obligations:

Satisfy the legal and regulatory obligations to which SONNAR is subject;
Training SONNAR teams, as part of the legal obligations to which SONNAR is subject as an employer;
Handle requests from Contact Persons concerning their personal data rights.

4. Communication of personal data

Personal data collected and processed may be transmitted to :

Authorized SONNAR personnel;
In the event of a claim, theft or other breach of the GTCs or the law, personal data may be passed on to the insurance company and/or SONNAR's brokerage firm, which is obliged to maintain the confidentiality of the data passed on, and, if necessary, to the police and legal authorities.
To administrative and judicial authorities, and more generally to public bodies, in order to comply with the Company's legal obligations or to enable the Company to defend its rights and interests,
If necessary, SONNAR's legal advisors and lawyers,
If SONNAR sells or transfers its business or a portion thereof and your personal data relates to that sold or transferred portion, or if SONNAR merges with another company, the Company will share your personal data with the new business owner or its merger partner, respectively.

5. Personal data security

SONNAR implements organizational, technical, software and physical security measures to protect personal data against loss, unauthorized access, disclosure or alteration.

6. Transfer of data outside the European Economic Area

Your personal data may be transferred to countries outside the European Economic Area (hereinafter the "EEA "), in particular to the Company's commercial partners.

In order to ensure protection equivalent to that offered in the EEA, a territorial area outside which RGPD standards are not applicable, data transfers outside the EEA are governed by contractual clauses based on the European Commission's standard clauses.

7. Data retention

SONNAR retains your personal data for the time necessary to achieve the purposes for which it was collected, plus any statutory periods for archiving, retention of certain data and prescription. At the end of processing, personal data will be either deleted or anonymized by the Company.

For more information about how long your personal data will be kept, please contact the Company as indicated in article 9 "Contact" below.

8. Rights of the Contact Person

The Interlocutors are informed that they have, under the conditions of the RGPD and the laws applicable in France, a right of access, rectification, deletion and portability of their personal data, as well as a right to limit and object to the processing of such data.

Interlocutors also have the right to organize the fate of their personal data in the event of their death, as well as the right to lodge a complaint with the CNIL, whose website is accessible at http://www.cnil.fr and whose head office is located at 3 Place de Fontenoy, 75007 Paris.

Certain processing operations require the consent of the Contact Person. This consent may be withdrawn at any time. All processing carried out prior to the withdrawal of consent is lawful.

The Interlocutor may exercise his rights with the Company free of charge at the address given in Article 9 "Contact" below, except in the case of a manifestly excessive request, in which case charges may be applied.

The Contact Person also has the following rights:

Right of access: the Interlocutor has the right to obtain from the Company confirmation that his/her personal data are or are not being processed and, where they are, access to said data as well as information relating to the purposes of the processing (art. 15 of Regulation 2016/679 on the protection of personal data ("RGPD")). Requests that are manifestly unfounded, excessive or repeated are likely to receive no response or to generate costs.
Right of rectification: the Interlocutor has the right to obtain from the Company, as soon as possible, the rectification of his personal data that he deems inaccurate (art. 16 of the RGPD).
Right to erasure: the Interlocutor has the right to obtain from the Company the erasure of his personal data, under the conditions provided for in Article 17 of the RGPD.
Right to portability: the Interlocutor has the right to receive, or to request the sending to a third party, of the personal data concerning him that he has provided to the Company, in a structured, commonly used and readable format (art. 20 of the RGPD).
Right to restrict processing: the Customer may request the Company to restrict the processing of his/her personal data in accordance with article 18 of the GDPR.
Right to withdraw consent: the data subject has the right to withdraw his or her consent to the processing of his or her data if such processing is based on consent.
Right to object: the Interlocutor has the right to object at any time, for reasons relating to his/her particular situation, to the processing of his/her personal data, where this is based on legitimate interest and under the conditions of Article 21 of the RGPD.
Right to organize the fate of personal data in the event of death: the Contact User may define general or specific directives relating to the retention, deletion and communication of personal data after his or her death (amended law 78-17 of January 6, 1978, art. 40, II).
Right to lodge a complaint with a supervisory authority: without prejudice to any other administrative or judicial remedy, the Interlocutor has the right to lodge a complaint with a supervisory authority if he considers that the processing of personal data concerning him constitutes a breach of the regulations applicable to personal data (art. 77 of the RGPD).

9. Contact

For further information on the processing of your personal data or to exercise your rights, please contact us at the following address:

SONNAR - 12 rue Etienne Jodelle, 75018 Paris

Email : dpo@sonnar.fr