Confidentiality policy

Last updated: January 7, 2021

Preamble

This Confidentiality Policy is intended to inform ASAS Users about how we collect and process their personal information.

Protecting privacy and your personal data is a priority for ASAS. For that reason, we undertake to process this information in strict compliance with the French data protection law, the Law on information technology, data files and civil liberties of January 6, 1978 as amended and the EU General Data Protection Regulation of April 27, 2016 (hereinafter, GDPR).

In any case, we undertake to respect the following two (2) essential principles:

- The User remains in control of their personal data;
- Data is handled transparently, securely and confidentially.

Find out more ^

What is personal data?

Personal data is information that relates to you or that can identify you either directly or indirectly. Personal data can include your name or a photo that identifies you directly, or your email address that identifies you indirectly.

What is processing?

The word “processing” refers to any operation or set of operations on personal data, regardless of the procedure used (such as collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, etc.).

1. Definitions

“Subscriber” or “Member”: an individual who is a current or former SUEZ employee or shareholder and who has a valid membership to the Association.
“General Terms of Use” or “Contract“: the contractual terms and conditions provided on the site’s home page. They set out the legal terms that apply to all Users of this website.
“Membership fees”: the fees due every year from the Member. The amount is specified in the Membership form or on ASAS’s online payment page on the HelloAsso website.
“Parties”: all Users and the Association.
“Services”: in general the Services offered by the Association to Users through the Site and defined in the General Terms of Use.
“Site”: the website at http://asas-asso.com/. The Site includes all the web pages, services and features offered to Users.
“User”: all individuals and legal entities who are a member or have applied for membership to the Association.

2. Data controller

The Suez Group Employee and Shareholder Association (Association des Salariés et Actionnaires du Groupe Suez, ASAS), a non-profit organization under the 1901 Law in France and registered in the National Register of Non-Profit Organizations under number W922018069 and with its registered office at Tour CB21 – 16, Place de l’Iris, 92040 Paris is the data controller for the purposes set out in article 6 of this Confidentiality policy.

Find out more ^

Legal reminder :

Under the French data protection act, the law on information technology, data files and civil liberties, and the EU General Data Protection Regulation (GDPR), the data controller is the person who determines why and how your data is processed.

3. How we collect personal data and where it comes from

We collect Members’ and potential Members’ personal data as part of our role in managing the Association and signing up Members when you join and when you interact with the Association.

You are informed about how we use your personal data and why through the data collection forms, the emails sent to you, and notices on the Site.

Find out more ^

User data collected by the Association is processed in accordance with the purposes stated when we collect this data.

Where necessary, we undertake to get your consent and/or to allow you to oppose our use of your data for certain purposes, for example to place third-party cookies on your devices (mobile phone, computer, tablet) to measure traffic to our site, or for commercial offers and ads targeted according to your interests.

4. Consent

To comply with the principles of privacy by design and privacy by default, we make sure that we obtain the required consents when Members apply for membership.

5. Why we process your data and the legal grounds for processing your data

Here are the reasons why we collect your data:

To manage contact and information requests

Find out more ^

More information about how and why we process your information :

We process data for the following purposes :

- To process contact and information requests about how the Association operates, how to join, and our aims and work.

Legal basis :

Contractual : User Consent

Administrative management of Members and membership applications

Find out more ^

More information about how and why we process your information :

We process data for the following purposes :

- To collect Membership forms;
- To approve or reject a membership application;
- To communicate with members about their membership;
- To record and update information on members;
- To manage membership fees.

Legal basis :

Performing the contract (the membership form) between the Member and the Association.

Sending newsletters and other communications

Find out more ^

More information about how and why we process your information :

We process data for the following purposes :

  - Sending out the newsletter to members, as well as other communications by telephone, text, email, and post to members who agree to receive other communications.

Legal basis :

Member’s consent is required.

Managing rights claims under the GDPR and the French Law on information technology, data files and civil liberties as amended

Find out more ^

More information about how and why we process your information :

Processing covers all the operations needed to handle entitlement requests sent to the Association (analyzing the request, investigating the request and specific technical operations, etc.).

Legal basis :

Our legal obligation under articles 15 et seq. of the GDPR and articles 48 et seq. of the French law on information technology and civil liberties.

6. Who we share your data with

Within the limits of their respective responsibilities and for the purposes set out in article 5, the main parties that may have access to your data are:

- Authorized Association staff; - HelloAsso, as a subcontractor handling applications for membership and/or payment of membership fees;
- If need be, subcontractors’ authorized staff;
- If need be, the relevant courts, mediators, accountants, auditors, lawyers, bailiffs and debt collection agencies;

Find out more ^

We will not share, exchange, sell or rent your personal information without your prior express consent, in accordance with the applicable legal and regulatory provisions.

7. Transfers of data outside the European Union

ASAS undertakes not to transfer Members’ data outside the European Union.

Whenever such transfers are required, the Association will notify the Members and inform them of the steps taken to secure the transfer and ensure protection of their personal data.

8. How long we keep your personal data

We keep your personal data for only as long as we need to for the purposes described in article 5.

Click below for more information on how long your data can legally be retained.

Find out more ^

9. Your rights

You have a number of rights under the Law on information technology, data files and civil liberties and the GDPR (find out more):

- You have the right to access the data (GDPR, article 15), correct (GDPR, article 16), update and complete your data;
- Right to erasure (sometimes referred to as the “right to be forgotten”): you have the right to request us to delete personal data that we hold about you if they are inaccurate, incomplete, equivocal, out of date, or whose collection, use, disclosure or storage is prohibited;
- Right to withdraw your consent at any time (GDPR, article 7);
- Right to restrict processing of your data (GDPR, article 18);
- Right to object to processing (GDPR, article 21);
- Right to data portability: you have the right to receive the personal data provided when the processing is carried out by automated means, when the processing is based on consent or on a contract (GDPR, article 20);
- The right not to be subject to a decision based solely on automated processing (GDPR, article 22);
- The right to define what happens to your data after you die and to choose whether or not we disclose your information to a third party nominated by you ahead of time (Law on information technology, data files and civil liberties, article 85). If you have left no instructions, on your death, we undertake to destroy your data, unless required to retain it for purposes of proof or to meet a legal obligation.

You can exercise your rights:
- By email: asas.asso@suez.com;
- By post: Head office - Tour CB21 - 16 place de l’iris, 92040 Paris La Défense Cedex, France

You can also file a complaint with the regulator or the CNIL in France, or with any other competent authority.

10. Security

ASAS complies with the GDPR and the French Law on information technology, data files and civil liberties with regard to protecting the security of your personal data.

We implement appropriate technical and organizational controls to protect the security and confidentiality of the personal data that we collect.

We do our best and take every precaution in light of the type of information and the risks generated by processing to protect your personal data against accidental loss, damage or destruction and unauthorized access. Measures include physical security of the premises, authentication procedures for personal and secure data access using confidential logins and passwords, secure https protocol, logging and traceability of connections, and encryption of certain data.