On September 1st, 2024
Who is data controller?
AARPI AUMANS Avocats (hereinafter ‘AUMANS’), located at 25-29 place de la Madeleine, 75008 PARIS, acting as data controller, places great importance on protection of personal data and respect for your privacy.
The purpose of this personal data protection policy (hereinafter the ‘Policy’) is to inform you, in accordance with the Regulation No. 2016-679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the ‘Regulation’ or ‘GDPR’), of our practices regarding the collection, use and sharing of information that you may provide to us through our website (hereinafter our ‘Site’).
This policy aims to inform you about the categories of personal data we collect or hold about you, how we use it, with whom we share it, how we protect it, and the rights you have over your personal data.
Table of contents
- Article 1 – What data do we collect?
- Article 2 – How do we use the data?
- Article 3 – Who receives the data?
- Article 4 – How long do we keep your data?
- Article 5 – Are your data transferred?
- Article 6 – How is your data protected?
- Article 7 – What rights do you have over your data?
- Article 8 – The cookies used on our Site
- Article 9 – Changes to our personal data protection policy
- Article 10 – Contact us
Définitions
What is a personal data?
This is any information relating to an identified or identifiable natural person, which may identify you directly or indirectly, in any form whatsoever (e.g. surname, first name, postal address, e-mail address, CV, etc.).
What is data processing?
This refers to any operation or set of operations, whether or not by automated processes and applied to personal data or sets of personal data (e.g. data collection, data transfer, etc.).
What is a data controller?
This is the natural or legal person, public authority, department or body that determines, alone or jointly with others, the purposes and means of the processing.
What is a data processor?
A processor is a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the controller.
Article 1 – What data do we collect?
When you use our Site, you may send us information, some of which enables us to identify you and therefore constitutes personal data (hereinafter referred to as the ‘Data’). This is the case, in particular, when you send us a request via our online contact form on our Site.
Such information contains the following data:
- Identification data: your surname, first name, telephone number, postal address and e-mail address.
- Data relating to browsing: this refers to data that we collect during you navigation on our Site, such as the date and time of connection and/or browsing, the type of browser, the language of the browser and the IP address.
- Data relating to your professional life: the name of your company/entity, your training courses and qualifications, your professional e-mail address and your profession, as well as your resume and covering letter if you are applying for a position within the firm, via our contact form.
How do we collect your data?
We collect your Data when you visit our Site, when you send us a contact request, or when you send us an application for an in-house position, in particular an internship or collaboration offer.
Article 2 – How do we use data?
As data controller, we use the Data we collect for the purposes described below.
| Purposes | Legal basis |
| Contact requests and questions management via the contact form | Consent |
| Internal hiring management (internships, collaborations | Performance of an agreement or pre-contractual measures |
| CRM | Legitimate interest |
| Maintenance and improvement of the Site via cookie management techniques | Legitimate interest |
| Improvement of the Site and the user experience through the management audience measurement cookies | Consent |
When Data is collected, you will be informed whether certain Data is mandatory or optional. The compulsory nature of the answers is indicated on the Data collection forms by the presence of an asterisk (*) next to the field(s) concerned. If there is no asterisk, the information requested is optional.
Article 3 – Who are the data recipients?
1.1 Data transferred to public authorities and/or public bodies
In accordance with the regulations in force, Data may be transferred to the competent authorities upon request, in particular to public bodies, law enforcement officers, judicial officers and bodies responsible for debt recovery, exclusively to meet legal obligations, as well as in the case of the search for the perpetrators of offences committed on the Internet.
1.2 Data transferred to third parties
We work closely with third parties who may have access to your Data, and in particular with:
- Our IT service providers, which we use to host and maintain our Site;
- The editors of the solutions we use on our Site, whom we use to install cookies and our consent management platform;
- The publisher of our emailing solution;
- The service providers we use to implement the services offered by the Site.
We only provide these third parties with the Data required to perform their services, and we require that they do not use your Data for any other purpose. These third parties will act in accordance with our instructions and will be contractually bound to ensure a level of security and confidentiality of your Data equivalent to our own and to comply with applicable regulations and legislation on the protection of personal data.
Article 4 – How long do we store your data?
Your Data will not be kept beyond the time necessary for the purposes set out in this Policy, in accordance with applicable laws and regulations.
In this respect, the Data is kept by AUMANS for the periods indicated below.
| Purposes | Data retention period in active database | Data retention period in intermediate archiving |
| Managing requests via the contact form | 3 years from the last contact with the data subject | N/A |
| Management of internal recruitment (internships, collaborations) | 2 years from the last contact with the candidate | N/A |
| Duration of the collaboration contract/internship agreement with the successful candidate | 5 years from the end of the employment contract or traineeship | |
| Maintenance and enhancement of the Site by managing technical cookies | 6 months for connection logs | N/A |
| Improving the Site and the user through the management of audience measurement cookies | 25 months for audience measurement data | N/A |
| Your cookie preferences | 6 months | N/A |
Your Data is deleted when the retention period expires. However, your Data may be archived for longer periods, in particular for the purposes of establishing and prosecuting criminal offences, for the sole purpose of making your Data available to the judicial authorities, where necessary.
Archiving means that your Data will no longer be available for consultation online, but will be extracted and stored on an autonomous and secure medium.
Article 5 – Is your data transferred?
We use service providers who host your Data in France or, failing that, within the European Union. However, when necessary, your Data may be transferred to service providers operating outside the European Union.
Any transfer of Data outside the European Union is carried out in a secure manner:
- Either by transferring the Data to a recipient located in a third country that has been the subject of an adequacy decision by the European Commission certifying that it has a level of protection equivalent to that offered by the GDPR;
- Or by implementing or having implemented European Standard Contractual Clauses that have been approved by the European Commission as ensuring an adequate level of protection for your Data;
- Or by using Binding Internal Company Rules validated by the competent data protection authorities;
- Or by using any appropriate safeguards referred to in Article 46 of the GDPR.
You can access a copy or extract of these documents by contacting us at the address given in article 10 of this Policy.
Article 6 – How is your data protected?
AUMANS takes the necessary and appropriate technical and organisational measures to prevent unauthorised access, modification, disclosure, loss or destruction of your Data.
To this end, we require our staff and our service providers to comply with binding rules on data security and protection (such as confidentiality obligations, the use of encryption and anonymisation techniques, the implementation of physical security measures, etc.).
Article 7 – What are your rights regarding your data?
In accordance with the applicable regulations and legislation on the protection of personal data, you have rights relating to your Data, namely:
- A right of access and information (art. 15 GDPR): you have the right to be informed in a concise, transparent, intelligible and easily accessible manner of how your Data is processed. You also have the right to obtain (i) confirmation that Data concerning you is being processed and, where appropriate (ii) access to such Data and to obtain a copy thereof.
- A right of rectification (art. 16 RGPD): you have the right to obtain the rectification of inaccurate Data concerning you. You also have the right to complete incomplete Data concerning you, by providing an additional declaration. If you exercise this right, we undertake to communicate any rectification to all recipients of your Data.
- A right to erasure (art. 17 RGPD): you have the right to obtain the erasure of your Data. However, this is not an absolute right and we may, in particular because of legal obligations, retain this Data.
- A right to the limitation of processing (art. 18 RGPD): you have the right to obtain the limitation of the processing of your Data. Please note that this right only applies: (i) if you challenge the accuracy of your Data for the period of time necessary for us to verify its accuracy (ii) in the event of unlawful processing by us and you request a restriction on its use rather than erasure (iii) where we no longer need the personal data for the purposes of processing, but it is still necessary for you to establish, exercise or defend legal claims.
- A right to Data portability (art. 20 GDPR): you have the right to receive the Data you have provided to us, in a structured, commonly used and machine-readable format, for your personal use or to pass it on to a third party of your choice. This right only applies where the processing of your Data is based on your consent, on a contract or where such processing is carried out by automated means.
- A right to object to processing (art. 21 RGPD): you have the right to object at any time to the processing of your Data for processing based on our legitimate interest and those carried out for commercial prospecting purposes.
- The right to withdraw your consent at any time (art. 7(3) GDPR): you may withdraw your consent to the processing of your Data where such processing is based on your consent. Please note that the withdrawal of your consent does not affect the lawfulness of the processing based on your consent carried out prior to this withdrawal.
- The right to lodge a complaint with a supervisory authority (art. 77 RGPD): you have the right to lodge a complaint with the competent supervisory authority if you consider that your rights have not been respected. In France, this will be the CNIL: https://cnil.fr/fr
- The right to give instructions concerning the fate of your data after your death (art. 85 Law no. 78-17 of 6 January 1978): you have the right to give us instructions concerning the use of your Data after your death.
To exercise these rights, please contact us at the following address: [email protected].
If there is any doubt about your identity, we may ask you for proof of identity in order to exercise these rights.
Article 8 – Cookies used on our Website
When you visit our Site, cookies are placed on your computer, tablet or other terminal. This enables us to analyse page traffic and improve our site. Cookies are used differently depending on their nature and the objectives pursued, as indicated below.
You have the option of accepting or refusing cookies by using the mechanism integrated into the banner, and of modifying your choices at any time by clicking on the ‘Cookie management’ tab at the bottom of the page on our Site.
1.3 What is a cookie?
A cookie is a small text file stored on your terminal (e.g. PC, laptop or smartphone) by the websites you visit. Cookies enable the site to function properly and optimise its ergonomics and functions.
1.4 What cookies do we use?
Different types of cookies are used on our Site for different purposes. Some are necessary to use the Site, others are optional depending on your choices.
a. Strictly necessary technical cookies
These cookies are necessary for the operation of the Site. They enable Internet users to use the main functions of the Site. Without these cookies, Internet users cannot use the Site normally. These cookies only require information from the Internet user to be placed on their terminal and do not allow any tracking of their browsing. These cookies enable us to:
- Retain the choice expressed by the Internet user on the deposit of cookies;
- Authenticate the Internet user to a service, including services designed to ensure the security of the authentication mechanism (for example, by limiting robotic or unexpected access attempts);
- To balance the load of the equipment involved in a communication service;
- To adapt the presentation of the Site to the display preferences of the terminal (language used, display resolution, operating system used, etc.) when Internet users visit the Site, depending on the equipment and browsers used;
- To implement security measures.e conserver le choix exprimé par l’internaute sur le dépôt des cookies ;
b. Audience measurement cookies
Audience measurement cookies are used to compile statistics on the number of visitors to and use of the various components of the Site (sections and content visited, path taken). They enable us to improve the interest and ergonomics of the Site.
We use the following cookies for this purpose:
- Google Analytics cookies: We use cookies issued by Google Analytics to track the audience for our site. Internet users are invited to read the Google Analytics cookie management policy: https://support.google.com/analytics/answer/6004245
- Hubspot cookie: We use cookies issued by Hubspot to track the audience for our site. Internet users are invited to consult Hubspot’s cookie management policy: https://knowledge.hubspot.com/fr/privacy-and-consent/what-cookies-does-hubspot-set-in-a-visitor-s-browser
c. Social network sharing cookies
We use cookies issued by Facebook and LinkedIn (Pixels) as well as Youtube, which offer our web users functionalities enabling them to share editorial or other content published on the site via the social networks. These cookies also enable the social networks to target their advertising offers. Social network cookies are managed by the publisher of the social network.
Internet users are invited to read Meta’s cookie management policy: https://fr-fr.facebook.com/business/m/privacy-and-data ; LinkedIn’s cookie management policy: https://fr.linkedin.com/legal/cookie-policy ; and Youtube’s cookie management policy: https://www.youtube.com/howyoutubeworks/our-commitments/protecting-user-data/.
1.5 How do you manage cookies?
a. Managing the placement of third-party cookies
When connecting for the first time, Internet users are informed that your partners and any other identified third parties may place cookies on our Site. Only the sender of a cookie is likely to read the information contained therein and we have no access to the cookies that third parties may use. The issue and use of cookies by third parties are subject to the confidentiality policies of these third parties in addition to the provisions of this Policy. Consequently, Internet users are invited to visit the websites of these third parties for more information on the cookies they record and how Internet users can manage them.
b. Managing the cookies we deposit
Internet user can manage the placement of cookies in the following way:
- The deposit of strictly necessary technical cookies is activated by default and cannot be deactivated by the Internet user. These cookies are essential to the operation of the Site;
- Internet users can disable or activate the deposit of cookies subject to their consent (audience measurement cookies and advertising cookies) via the information banner displayed when they first connect or permanently available at the bottom of the page via the ‘Manage consent’ tab. Any deactivation entails the Internet user’s refusal to deposit the cookie in question.
If Internet users enable cookies to be stored on their terminal, the cookies embedded in the pages and content they have consulted may be stored temporarily in a dedicated space on their terminal. They will only be readable there by the sender. The consent given by the Internet user is only valid for a period of six (6) months from the first deposit in the equipment of the Internet user’s terminal, following the latter’s consent.
If the internet user deactivates the saving of cookies in his/her terminal or browser, or if he/she deletes those saved there, he/she is informed that his/her browsing and experience on the Site may be different from that of other internet users who have activated cookies (non-personalised content). AUMANS declines all responsibility for the consequences of the degraded functioning of the Site resulting from the refusal of cookies by the Internet user.
1.6 To find out more about cookies
To find out more about cookies, visit the CNIL website at https://www.cnil.fr/fr/site-web-cookies-et-autres-traceurs.
Internet user can also connect to the Youronlinechoices site, proposed by digital advertising professionals grouped together within the European Digital Advertising Alliance (EDAA). He can then refuse or accept the cookies used by the companies registered on the platform, in order to adapt the advertising displayed on his terminal, via the following link: http://www.youronlinechoices.com/fr/controler-ses-cookies/.
Article 9 – Changes to our personal data protection policy
We may occasionally modify this policy in order to comply with any regulatory, legal, editorial or technical developments. Where appropriate, we will change the ‘last updated’ date and indicate the date on which the changes were made.
Where necessary, we will inform you and/or seek your agreement. We advise you to check this page regularly for any changes or updates to our policy.
Article 10 – Contact :
If you have any questions about this policy or any requests relating to your Data, you can contact us by:
- Sending an e-mail to the following address: [email protected] ; ou
- Sending a letter to the following address: AARPI AUMANS Avocats, 25-29 place de la Madeleine, 75008 PARIS, France.
