Consent: any freely given, specific, informed and unambiguous expression of will by which the data subject signifies his or her agreement, by means of a declaration or a clear positive act, to personal data relating to him or her being processed.
Recipient: the natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the context of a particular enquiry in accordance with Union law or the law of a Member State shall not be regarded as recipients. The processing of such data by the public authorities in question shall be in accordance with the applicable data protection rules depending on the purposes of the processing.
Data (personal): Personal data" is "any information relating to an identified or identifiable natural person".
A person can be identified:
directly (example: surname, first name)
or indirectly (e.g. by an identifier (customer number), a (telephone) number, biometric data, several specific elements of his physical, physiological, genetic, psychic, economic, cultural or social identity, but also voice or image).
The identification of a natural person can be done :
from a single piece of data (example: social security number, DNA)
from the cross-referencing of a set of data (e.g. a woman living at such and such an address, born on such and such a day, subscribing to such and such a magazine and being active in such and such an association)
Sensitive data: Sensitive data is a special category of personal data. It is information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning the sex life or sexual orientation of a natural person.
Controller: the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing. Where the purposes and means of the processing are determined by Union law or the law of a Member State, the controller may be designated or the specific criteria for designation may be laid down by Union law or by the law of a Member State.
GDPR: The acronym GDPR stands for General Data Protection Regulation. The GDPR regulates the processing of personal data within the European Union.
Processor: the natural or legal person, public authority, department or other body which processes personal data on behalf of the controller.
Processing: A "processing of personal data" is an operation, or set of operations, relating to personal data, regardless of the process used (collection, recording, organisation, storage, adaptation, modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, matching).
(a) processing of personal data which takes place within the Union in the course of the activities of establishments in several Member States of a controller or processor where the controller or processor is established in several Member States; or
(b) processing of personal data which takes place within the Union in the context of the activities of a single establishment of a controller or processor but which substantially affects or is likely to substantially affect data subjects in several Member States.
2. Objective and scope of the Policy
BforCure attaches the utmost importance and care to the protection of privacy and personal data, as well as to compliance with the provisions of the applicable Legislation.
3. Data controller
In the context of your activity on the bforcure.com website, we collect and use personal data relating to you, a natural person (hereinafter referred to as the "Data Subject").
For all Processing, BforCure, [BforCure - SAS with a capital of €1,086,241.00 registered with the RCS 834261307 in Bobigny and having its registered office at 14 rue de la Beaune in Montreuil, 93100], determines the means and purposes of Processing. Thus, we act as a Data Controller, within the meaning of the Regulation on Personal Data, and in particular Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
4. What Personal Data do we collect and how?
By using our website or by being a customer and user of our online space, you provide us with a certain amount of information about yourself, some of which is likely to identify you ("Personal Data"). This is the case when you browse our sites, when you fill in online forms, or simply when you become a customer.
The nature and quality of the Personal Data collected about you will vary depending on the relationship you have with BforCure:
Identification data: this includes all information that would allow us to identify you, such as your name, first name, telephone number. We may also collect your e-mail address and your postal address (in case of payment, the postal address will be necessary to generate an invoice).
Login Data: This is all the information we need to access your personal account, such as password, and other information needed to authenticate and access an account. We also collect your IP address for maintenance and statistical purposes.
Financial data: this corresponds to bank data such as a RIB.
Documents of different natures (PDF, Office format, Image) with titles, contents, folder names, or information related to a document, such as comments written in the documents, alert and reminder dates.
Browsing information: When you browse our website, you interact with it. As a result, some information about your browsing is collected.
Data collected from Third Parties: Personal Data that you have agreed to share with us or on publicly available social networks and/or that we may collect from other publicly available databases.
HR application data: this is the data specified in a CV and/or cover letter (skills assessment, career and training follow-up, interests, etc.)
All data collected is done so in strict compliance with the regulations in force. In this respect, BforCure ensures that it complies with the various principles of the RGPD, including the principle of minimising the data collected. Indeed, all data collected or requested in our forms is limited to what is strictly necessary for the related processing. This data is indicated by an asterisk. Any other information requested that is not strictly necessary for processing is therefore optional.
5. Why do we collect your Personal Data and how?
We collect your Personal Data for specific purposes and on different legal grounds.
On the basis of your consent, your Data is processed for the following purposes:
Carrying out commercial and marketing prospection operations;
Newsletter management ;
Management of cookies requiring your consent ;
Management of events organised by BforCure.
In the context of the execution of the contract or pre-contractual measures, your Data is processed for the following purposes
Order management, purchasing ;
Commercial contract management ;
Managing your customer account ;
Complaints and after-sales service management ;
In the context of BforCure's legitimate interests, your Data is processed for the following purposes
Establishment of statistics for product and service improvement;
Conducting satisfaction surveys and polls;
Management of pre-litigation and litigation.
In the context of the legal and regulatory obligations to which BforCure is subject, your Data is processed for the following purposes
General and subsidiary accounting ;
Management of data subject rights.
6. Do we share your Personal Data?
Your Data is intended for use by authorised BforCure employees in charge of managing and executing contracts and legal obligations, depending on the purpose of the collection and within the limits of their respective responsibilities.
It may be transmitted for certain tasks related to the purposes, and within the limits of their respective missions and authorisations, to the following recipients
Service providers and subcontractors that we use to carry out a range of operations and tasks on our behalf, including
In recruitment: Recruitee (https://www.recruitee.com/fr) and Welcome to the jungle (https://www.welcometothejungle.com/)
For communications: Oxymailing (https://www.oxemis.com) and Sendinblue (https://www.sendinblue.com)
For analytics monitoring: Google Analytics (https://analytics.google.com)
For commercial management: Pipedrive (https://www.pipedrive.com)
Duly authorised public authorities (judicial, supervisory, etc.), in the context of our legal and regulatory obligations;
Regulated professions (lawyers, bailiffs, etc.) who may be involved in the implementation of guarantees, recovery or litigation.
When your Data is communicated to our service providers and subcontractors, they are also required not to use the Data for purposes other than those initially intended by BforCure. We make every effort to ensure that these Third Parties maintain the confidentiality and security of your Data.
In any case, only the necessary Data is provided. We make every effort to ensure the secure communication or transmission of your Data.
We do not sell your Data.
7. Is your Personal Data transferred to Third Countries?
BforCure endeavours to store Personal Data in France, or at least within the European Economic Area (EEA).
However, it is possible that the Data we collect when you use our platform or services may be transferred to other countries. This is for example the case if some of our service providers are located outside the European Economic Area.
In the event of such a Transfer, we guarantee that it will be carried out:
To a country providing an adequate level of protection, i.e. a level of protection equivalent to that required by the EU Regulations;
In the context of standard contractual clauses ;
Within the framework of internal company rules.
8. How long do we keep your Personal Data?
We retain your Personal Data only for as long as is necessary to fulfil the purpose for which we hold the Data and to meet your needs or our legal obligations.
Retention periods vary depending on several factors, such as
The needs of BforCure's activities ;
Contractual requirements ;
Legal obligations ;
Recommendations from supervisory authorities.
The retention periods for your Data are as follows:
|Carrying out commercial and marketing prospection operations||3 years||From the last contact|
|Newsletter management||3 years||From the last contact|
|Management of events organised by BforCure||3 years||From the last contact|
|Managing cookies requiring your consent||13 months|
|Management of data subjects' rights||3 years||From the last contact|
|HR application management||2 years||From the last contact|
9. How do we ensure the security of your Personal Data?
BforCure is committed to protecting the Personal Data we collect or process from loss, destruction, alteration, unauthorised access or disclosure.
Thus, we implement all appropriate technical and organisational measures, depending on the nature of the Data and the risks that their Processing entails. These measures must preserve the security and confidentiality of your Personal Data. They may include practices such as limited access to Personal Data by persons authorised by virtue of their functions, pseudonymisation or encryption.
In addition, our practices and policies and/or physical and/or logical security measures (secure access, authentication process, back-up, software, etc.) are regularly reviewed and updated as necessary.
10. What are your rights?
The GDPR provides Data Subjects with rights that they can exercise. These include:
Right to information: the right to have clear, precise and complete information on the use of personal data by BforCure.
Right of access: the right to obtain a copy of the Personal Data that the Controller holds on the applicant.
Right of rectification: the right to have Personal Data rectified if it is inaccurate or outdated and/or completed if it is incomplete.
Right to erasure / right to be forgotten: the right, under certain conditions, to have Data erased or deleted, unless BforCure has a legitimate interest in keeping it.
Right to object: the right to object to the Processing of Personal Data by BforCure for reasons relating to the particular situation of the applicant (subject to conditions).
Right to withdraw Consent: the right at any time to withdraw Consent where Processing is based on Consent.
Right to restrict Processing: the right, under certain conditions, to request that the Processing of Personal Data be temporarily suspended.
Right to Data Portability: the right to request that Personal Data be transmitted in a reusable format for use in another database.
To this end, BforCure has implemented a procedure for the management of the rights of Persons in accordance with the requirements of the applicable Legislation. This procedure establishes:
The standards to be respected to ensure transparent information of the Persons concerned;
Legal requirements that must be met;
The means by which an application can be made for each right, depending on the category of Persons concerned ;
The operational processes for handling these applications in accordance with the above requirements;
The parties involved in these processes, their roles and responsibilities.
To exercise your rights, you can contact the Data Protection Officer:
To the following email address: firstname.lastname@example.org
To our postal address: BforCure, for the attention of the RGPD referent, 14 rue de la Beaune, 93100 Montreuil
When you send us a request to exercise a right, you are asked to specify as far as possible the scope of the request, the type of right exercised, the Personal Data Processing concerned, and any other useful information, in order to facilitate the examination of your request. In addition, in case of reasonable doubt, you may be asked to prove your identity.
You also have the right to complain to the Commission Nationale de l'Informatique et des Libertés (CNIL), 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07, about the way in which BforCure collects and processes your data.
11. Updating of this Policy
This Policy may be regularly updated to take into account changes in the Personal Data Regulations.
Date of last update: 18 January 2022.