Data protection charter
The firm Herald undertakes to protect your personal data, in its capacity as data controller.
This data protection policy defines the type of personal data we have, the process by which we collect it, how we process it, with whom we share it in the course of our business, how we secure it and for how long we retain it.
Your personal data
As part of our business, we collect and process the following personal data:
• Identity and contact details, including your surname, first name, address, telephone number, date of birth, marital status, ID number, training and professional experience, tax status, title and position.
• Bank details and other financial data needed to manage payments and prevent fraud;
• Physical access data, through video surveillance;
• Sensitive personal data: in managing your file, we may collect and use sensitive personal information about you (physical or mental health, criminal convictions, etc.) in order to defend your interests.
When we need to collect personal data by law or to process your instructions or perform a contract we have with you and you do not provide this data on request, we may not be able to follow your instructions or perform the contract we have or are trying to enter into with you. In this case, we may have to cancel our commitment or contract with us, but we will inform you if this is the case at that time.
Collecting your personal data
We collect this personal data about you when:
• You, or the legal entity for which you act, seek legal advice from our firm;
• You, or the legal entity for which you act, offer to provide us with services;
• You interact with a member of the firm by telephone, email or other electronic means, or in writing;
• You apply for a position through our contact emails: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org;
• You complete a form on our websites www.ustartbygranrut.fr and www.ustartbygranrut.com;
• You attend our events or you ask us to receive data from us, including training.
The legal basis for the processing of personal data used is:
• The performance of the contract:
– the production, management and monitoring of customer files;
• Compliance with legal and regulatory obligations:
– preventing money laundering and the financing of terrorism and combating corruption;
• The legitimate interest pursued by the firm:
– prospecting and facilitation;
– management of the relationship with its customers and prospects;
– organisation, registration and invitation to the firm’s events.
As part of the provision of legal services, we may share your data, in addition to the members of the firm concerned by your file, with:
• Jurisdictions and law enforcement authorities;
• Our partners: lawyers, notaries, bailiffs, experts, mediators, referees, consultants, translators;
• Banking institutions;
• Service providers we use for the administration and management of files: IT outsourcing company, publisher of secure online storage software, business software publishers, host of our websites.
Security of your personal data
We have appropriate security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised manner, modified or disclosed. In accordance with our procedures, in the event of a suspected violation of your personal data, we will notify you when we are legally required to do so.
Transfer of your personal data
We do not transfer your personal data outside the European Union.
In accordance with the regulations and under the conditions set out in them, natural persons have the following rights:
• Access to your data: you can request a copy of the personal data we retain about you;
• Opposition: under certain circumstances, you also have the right to oppose the processing of your personal data and to ask us to block, delete and restrict your personal data.
• Portability of your data: we are able to send your personal data to another data controller in a structured, commonly used and machine-readable format.
• Rectification: at any time, we will receive rectification requests enabling you to correct inaccurate data concerning you or to complete data relating to the purpose of the processing.
• Deletion: you have the right to ask us to delete your personal data when it is not or no longer needed for the purposes for which it was originally collected or processed.
• You can define the fate of your data after your death in relation to all your data.
You may exercise one of the above rights at any time by contacting our DPO and attaching a copy of your proof of identity:
• by email to email@example.com
• by mail to 91 rue du Faubourg Saint-Honoré – 75008 Paris.
If you believe that we had failed to fulfil our obligations, you may file a complaint with the French data protection authority (Commission Nationale Informatique et Libertés (CNIL) – 3 Place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07)
Right to withdraw your consent
If you have consented to the collection, processing and transfer of your personal data, you have the right to withdraw your consent in whole or in part. To do this, please follow the unsubscribe link on any prospecting or invitation email, or write directly to firstname.lastname@example.org.
Once your request has been received, we will no longer process your data for the processing for which you had initially consented. Withdrawal of consent to receive marketing communications will not affect the processing of personal data for the provision of our legal services.
Duration of storage of your personal data
We will only retain your personal data for the time necessary to meet the purposes for which we have collected it, including to meet legal, accounting or reporting requirements and, if necessary, to enable the firm Granrut to assert its rights or defend itself in court proceedings, until the end of the limitation period or until the proceedings in question are closed.
In this respect, customer data is retained for the duration of the contractual relationship plus five years, the duration of the professional civil liability limitation period.
For the purposes of prevention of money laundering and the financing of terrorism, data is retained five years after the end of relations with the firm.
For accounting purposes, data is retained for ten years from the end of the financial year.
Data on prospects is retained for a period of three years from the last registration to an event organised by the firm.
Upon expiry of the retention period, we will securely destroy your personal data in accordance with applicable regulations.
For further information on this policy and the provisions contained therein, please contact the firm’s DPO by sending an email to email@example.com or a letter to SCP Herald, anciennement Granrut, DPO, 91 rue du Faubourg Saint-Honoré, 75008 Paris.