DPO & GDPR - FinHarmony X GERESO
The GERESO group pays particular attention to the data of our customers and users. Mindful of this concept of data protection, particularly for automated processing, FinHarmony X GERESO is committed to complying with a strict data management policy that complies with the General Data Protection Regulation (GDPR).
For further information on the GDPR, please visit www.cnil.fr.
Data controller
GERESO SAS Company
38 rue de la Teillaie
72018 LE MANS Cedex 2
Tel.: 0 800 400 460
Identification of collected data, purpose, and use of processed data
FinHarmony X GERESO collects and processes data deemed necessary for the provision of its services (legal basis of 'contract').
When is the data collected?
- Request to create a personal account
- Contact request via online forms
- Application for enrollment in one of the services provided by FinHarmony X GERESO
- Contact Customer Service
To better understand the data processing carried out by FinHarmony X GERESO, here are the types of data that may be collected.
Purposes of processing and data collected
| Purpose | Data collected (examples) |
|---|---|
| Customer space management | Last name, First name, Company/Institution, Position, Postal address, Work email address, Phone number |
| Contact preferences & email/newsletter subscriptions | Professional email address, preferred contact methods (phone, email, postal mail, fax, etc.), preferred types of communication |
| Individual email results | Date and time sent, date and time opened, date and time clicked, number of clicks |
| Training program | Required information marked with an asterisk (*): title*, last name*, first name*, position*, company*, industry*, internal division and department*, still employed* or not, company mailing address*, work phone (landline and/or mobile)*, work email*. Other possible data: line manager, training manager, fax, personal mobile, fax number, etc. |
| Customer relationship management | Date and time of creation of the customer file, main contact person, list of emails sent, activity history (calls/transactional emails), reports, training courses completed (titles and dates), notes, and documents provided to ensure the smooth running of the training. |
| Monitoring of commercial information | Completed internships and/or ongoing applications, current subscriptions, purchases made on the librairie.gereso.com website, invoices associated with the customer account |
Data hosting and storage
The data collected and processed by FinHarmony X GERESO is hosted in France.
- Access to the customer database (CRM SalesForce - GERESO) is protected by a username and password specific to each employee.
- Access to this platform is only permitted during working hours and only via dedicated IP addresses.
- Each employee has a personal workstation, locked with a strictly confidential password.
- According to the IT system usage policy, users are required to change their high-security access credentials every six months.
- Extracting data belonging to GERESO is strictly prohibited without prior authorization from management.
- An internal firewall configured according to functions and workstations limits access to communications that could harm the computer network.
- Anti-virus functions related to the computer network are provided by Microsoft protection services.
- Personal data that may be stored on the internal server is protected and secured by access linked to functions and positions. Double protection via IP address identification limits external connections to the premises.
Destination of collected data
- The data collected may be transmitted to the entire GERESO Group.
- Data may also be transmitted to third-party organizations when such transmission is essential to the fulfillment of the contract between FinHarmony X GERESO and its client.
Data retention period
- The data is stored and used for a period of time in accordance with current legislation.
- In the context of a training program, personal data is retained for 36 months. After this period, and without interaction, the data is deleted.
- For accounting documents, the retention period can be up to 10 years.
- In the event of death, the data controller undertakes, as soon as it is informed, to delete personal data (excluding accounting documents).
Right to access and correct your data
In accordance with Law 78-17 'Informatique et Libertés' of January 6, 1978, every person has the right to access, rectify, update, limit the processing of, oppose, and delete their personal data. The data controller is:
You can exercise this right by contacting FinHarmony X GERESO:
By email: dpo@gereso.fr
Or by mail:
GERESO - Data Protection Department
38 rue de la Teillaie
72018 Le Mans Cedex 2
In accordance with Article 40 of the aforementioned law, all requests must be accompanied by a photocopy of a valid, signed identity document and must include the address at which GERESO can contact the applicant. A response will be sent within one month of receipt of the request.
Finally, every individual has the right to the portability of personal data that they have provided to the data controller. This right applies under the same conditions as the right of access and rectification.
Password
Each username and password is unique and intended exclusively for the person who creates them.
To ensure data security, it is important to take the following basic precautions:
- Change the encrypted password that was automatically created when you edited your customer account.
- Use a password that is more than 8 characters long and includes a capital letter, numbers, and a special character.
Cookie Policy
https://www.gereso.com/politique-d-utilisation-des-cookies
Protection of your personal data
The data collected, particularly in the context of training activities, is used only for the main purpose of this processing. No data collected is transferred to a third country.
All persons authorized to process this data are subject to strict confidentiality and are committed to complying with the internal IT charter, under penalty of sanctions.