SG GSC DATA PRIVACY POLICY

Citește în continuare

INTRODUCTION

Societe Generale Global Solution Centre (hereinafter referred to as “SG GSC”), an entity member of the Societe Generale Group, places great importance on the protection of personal data so that your data protected and secured in accordance with legal requirements.

As part of the fundamental obligations regarding the processing of personal data, SG GSC commits to protecting and properly processing the personal information (hereinafter referred to as “personal data”) collected electronically through the social media platform “Instagram.”

Hereby, we inform you about all aspects concerning the processing of your personal data and about your rights according to the provisions of Regulation (EU) 2016/679 “General Data Protection Regulation” (“GDPR”), Law 190/2018 implementing the GDPR provisions, as well as any other decisions that may be issued by the National Supervisory Authority for Personal Data Processing regarding personal data protection.

SG GSC will process only the personal data voluntarily provided by online visitors of the Societe Générale Global Solution Centre page (societegenerale_gsc) by accessing the social media platform “Instagram,” data processed for the purpose of promoting our image, employer branding, and employment opportunities.

Through this Policy, we aim to inform you about the personal data we process, the purposes for which we collect and process this data, the categories of recipients, the rights you benefit from according to Regulation (EU) No. 679/2016, the legal grounds for these processing activities, and so forth.

Since the Societe Générale Global Solution Centre page (societegenerale_gsc) on the social media platform “Instagram” is jointly used with Societe Generale Global Solution Centre Pvt Ltd (hereinafter referred to as “SG GSC India”), please be aware that your personal data will also be accessed from India, a country located outside the EU/EEA. Therefore, please take this into consideration when contacting the entity through the chat or comments sections.

*SG GSC India is an entity part of the Societe Generale SA Group and a strategic partner of SG GSC, legally named Societe Generale Global Solution Centre Private, headquartered in Bangalore, India.

LEGAL BASIS

In general, SG GSC collects only the personal data necessary to fulfill your request. If additional personal data are required, you will be informed about this circumstance at the time of collection.

The law allows us to process personal data as long as we have a legal basis or a legitimate interest to do so. Consequently, when processing your personal data, we will rely on one of the following processing conditions:

• Legitimate interest: we will process personal data about you if this processing is carried out in our legitimate interest, during the course of a legal/business/promotional relationship, in accordance with the provisions of the law, to continue its execution, as long as it does not override your interests; or
• Consent of the data subject, i.e., you: in certain cases, we will ask for your specific permission to process some of your personal data, and we will process your personal data in this way only if you agree. For any processing carried out by SG GSC based on your consent, you may withdraw your consent at any time by contacting SG GSC at the email address: data-protection-sggscro.eur@socgen.com.

Examples of the legitimate interests mentioned above include:

• Providing information and/or services to individuals visiting our Instagram account or providing information about employment opportunities.
• Preventing fraud or criminal activities and protecting our IT systems.
• Exercising our fundamental rights in the EU under Articles 16 and 17 of the Charter of Fundamental Rights, including our freedom to conduct a business and the right to property.

Processing of personal data in the context of online promotional activities
a) Categories of personal data subject to processing
The categories of personal data that may be processed by SG GSC are as follows:

• Identification or contact personal data, such as name, surname, photograph, username;

1. b) Categories of data subjects and purposes of personal data processing

• Visitors of the Instagram account

1. Security and integrity of data

SG GSC has adopted and implemented security policies and procedures to protect personal data against unauthorized access, loss, misuse, alteration, or unauthorized destruction. However, despite SG GSC’s efforts, security cannot be absolutely guaranteed against all threats. Access to your personal data is limited to those who need to know it. Persons with access to personal data are obliged to maintain the confidentiality of this information.
To protect your personal data, we have taken technical and organizational measures, especially against unauthorized access, loss or unlawful disclosure, manipulation, or unauthorized destruction. The measures taken are regularly reviewed and constantly adapted in accordance with applicable state-of-the-art technical standards.

Among the security measures applied by SG GSC are:

• Implementation and periodic review of Policies, Procedures, and Work Instructions aimed at ensuring the security of personal data;
• Periodic training, through dedicated courses, of employees who process personal data;
• Limiting access to personal data according to the need-to-know, need-to-see, and need-to-have principles;
• Securing access to applications and files containing personal data;
• Monitoring the processes of transferring personal data via email services;
• Encryption of communications containing personal data, etc.

3. Collection and processing of personal data

• Data provided by you

SG GSC collects and processes personal data about you if you choose to provide it, for example, to contact us through the Chat functionality on the Instagram account, or to express your opinions in the comments section of posts made by SG GSC.
When you register or send personal data to SG GSC, we will use this information as described in this Policy. Your personal data will not be used for other purposes unless we obtain your permission or it is otherwise provided or permitted by applicable SG GSC legislation.

SHARING AND TRANSFER OF PERSONAL DATA

1. Transfer within Societe Générale entities

Your personal data, as described above, will be processed by SG GSC Romania for the purposes presented above. As a general rule, SG GSC Romania carries out data processing activities on Romanian territory. However, as provided below, there may be situations where part of the processing operations of your personal data for the purposes described above are carried out outside Romania or the European Union/European Economic Area, mainly in France.

Thus, before any data transfer, we ensure that our contractual partner will fulfill their obligations regarding protecting your personal data, and we perform such transfer after ensuring one of the guarantees required by EU Regulation 679/2016 (GDPR) concerning the assurance of an adequate level of protection, following the performance of a dedicated analysis called Data Transfer Impact Assessment. Among these guarantees are: signing Standard Contractual Clauses in accordance with European Commission Decisions.

1. Transfers to third parties

We do not disclose personal data to third parties except where necessary for our legitimate professional and operational needs, to fulfill your requests, and/or as required or permitted by applicable law.

If we make such a transfer, it will be to:

1. Our service providers: we transfer your personal data to our third-party service providers, such as our marketing service providers. SG GSC collaborates with such providers so that they can process your personal data on our behalf while respecting all legal requirements regarding the processing and protection of personal data.
2. Competent public authorities: courts, tribunals, enforcement or regulatory bodies.
3. Internal and external auditors: disclosure of personal data will also be necessary for audit activities to ensure proper business continuity, security of premises, assets, and persons, as well as SG GSC’s legitimate interest that does not override the rights and freedoms of the data subjects.
   SG GSC will not transfer the personal data you provide to third parties for their direct use in marketing purposes. All processing activities mentioned in this section are concluded, as appropriate, based on one or more of the following legal grounds: (i) your consent, (ii) conclusion or performance of a contract, (iii) legal obligation, (iv) our legitimate interest, (v) processing necessary for the establishment, exercise, or defense of a legal claim.

THE RIGHTS THAT YOU BENEFIT FROM

1. Rights that you benefit from following personal data processing by SG GSC Romania

As a data subject, you benefit from a series of rights provided by European Regulation No. 679/2016 on the protection of personal data (“GDPR”), as described below, as well as as these rights are regulated by the GDPR. The provisions in this Policy regarding the rights of the data subject concerning the processing of their personal data apply in accordance with European Regulation No. 679/2016, as well as in accordance with the applicable national legislation.

1. The right of access

As data subject you shall have the right to request and obtain from SG GSC a confirmation as to whether or not your data are processed by SG GSC, and if so, you shall have the right of access said data, as well as the information such as: the purposes of the processing, the categories of data processed, the recipients or the categories of data recipients, the data storage period thus processed. Also, to the extent that SG GSC has obtained your personal data from other sources and not from you directly, you may request any available information regarding the source of the data thus collected.

1. The right to rectification

As data subject you shall have the right to obtain from SG GSC the rectification and/or completion of inaccurate and/or incomplete personal data concerning you.

1. The right to erasure (“The right to be forgotten”)

As data subject you shall have the right to obtain from SG GSC the erasure of the personal data concerning you, and SG GSC must erase the personal data without undue delay where one of the following grounds applies:

1. the personal data are no longer necessary for the fulfilment of the purposes for which they were collected or processed;
2. when you withdraw your consent based on which the processing takes place, where the grounds for the data processing is represented by your consent.;

iii.       when you exercise the right to object;

1. the personal data were unlawfully processed;
2. the personal data must be erased in order to comply with a legal obligation incumbent upon SG GSC under the Union law or under the internal law;
3. the personal data were collected in relation to the provision of services of the information company.

The obligation of SG GSC to erase the personal data shall not apply to the extent the processing is necessary:

(a) to exercise the right of free expression and information;

(b) to comply with a legal obligation requiring the processing under the Union law or under the national law;

(c) to find, exercise or defend any legal claim.

1. The right to restriction of processing

As data subject you shall have the right to request SG GSC and obtain from it the restriction of processing of your data, where one of the following applies:

1. a) you challenge the accuracy of the data for a period enabling SG GSC to verify the accuracy of the data;

(b) the processing is unlawful and you object to the erasure of the personal data, requesting the restriction of their use instead;

(c) SG GSC no longer needs the personal data for the purposes of processing, but you request them to find, exercise or defend a legal claim; or

(d) you objected to the data processing for a period of time in which it shall be verified if the legitimate rights of SG GSC prevail those invoked by you.

1. The right to data portability

As data subject you shall have the right to receive the personal data concerning you and which you provided to SG GSC in a structured (for example, through an online form), commonly used and machine-readable format and you have the right to transmit those data to another controller, without hindrance from SG GSC, where:

(a) the processing is based on consent; and

(b) the processing is carried out by automated means.

1. The right to object

You may object at any time, for grounds related to your particular situation, to the processing carried out under the public interest or the legitimate interest followed by SG GSC or by a third party. SG GSC will no longer process your personal data, as a result of your exercise of this right, unless SG GSC has compelling legitimate grounds justifying the processing or when the purpose for the further data processing is represented by the finding, exercise or defence of a legal claim of SG GSC.

You can also contact the National Supervisory Authority for Personal Data Processing (ANSPDCP) à 28-30 G-ral. Gheorghe Magheru Blvd., District 1, postal code 010336, Bucharest, Romania; www.dataprotection.ro

To the extent that you wish to exercise any of the rights provided above, please contact privacysupport@socgen.com, the Privacy Support team will answer you, whose purpose is to accompany you in the process of understanding the GDPR, as well as to facilitate the exercise of your rights regarding the personal data processing or you can contact directly the Data Protection Officer at the following address data-protection-sggscro.eur@socgen.com.

Retention Period

SG GSC has implemented technical and organizational measures to keep your personal data safe. Thus, we will retain your personal data in accordance with the provisions of the Personal Data Protection Policy applicable at SG GSC.
However, we will process any of your personal data only as long as necessary for the purposes established or until you withdraw your consent when consent is the legal basis for processing and (i) there are no overriding legitimate grounds for SG GSC to continue processing, interests that prevail over your interests, rights, and freedoms, or (ii) if the personal data is no longer necessary for the establishment, exercise, or defense of a legal claim.

Modification of this Policy

SG GSC may amend this Policy from time to time to reflect applicable legal requirements and the processes carried out within SG GSC that involve the processing of personal data.