AFNOR undertakes, as part of its activities and in accordance with current legislation in France (Law No. 78-017 of 6 January 1978 concerning information technology, files and freedoms (known as the Data Protection Act) and in Europe (Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 concerning the protection of physical individuals with regard to the Processing of Personal Data and the free movement of such data (RGPD), to ensure the protection, confidentiality and security of the personal Data of the people who enjoy the services and/or products of the entities of the AFNOR Group as well as to respect their privacy.
To ensure that they are properly enforced, AFNOR has appointed a personal Data protection representative, who is the principal contact with regard to the protection of personal Data, both within the AFNOR Group, as well as with regard to its relations with the National Commission for information technology and civil liberties (CNIL). The Data protection representative at the CNIL which has been appointed for the French entities of the AFNOR Group is: DPO, AFNOR, 11 rue Francis de Pressensé 93571 La Plaine Saint Denis - firstname.lastname@example.org.
By logging onto or by visiting one of the web sites published by AFNOR, you acknowledge having read, understood and accepted, without limitation or reservation, the personal data and privacy protection charter. The purpose of this charter is to inform you of the rights and freedoms that you may invoke with regard to AFNOR concerning the use of your personal Data and to describe the measures that AFNOR has in place in order to protect them.
Personal data: Personal data means any information concerning a physical individual who has been identified or who can be identified, directly or indirectly, by reference to an identification number or to one or more details which are unique to him or her.
Processing of personal Data: Processing personal Data means any operation or any set of operations concerning such Data, regardless of the process used, and in particular the collection, registration, organization, storage, adaptation or the modification, extraction, consultation, use, release by transmission, broadcasting or any other form of provision, reconciliation or interconnection, as well as the blocking, erasure or destruction of such data.
Cookie : a Cookie is an item of information which is deposited on an Internet user’s hard drive by the server of the site that he or she is visiting. It contains several items of Data: the name of the server which deposited it, a user name in the form of a unique number, which may be an expiry date. Sometimes, this information is stored on the computer in a simple text file which is accessed by a server to read and record information.
2. COLLECTION OF PERSONAL DATA
AFNOR undertakes not to collect personal Data without having informed the persons concerned.
AFNOR collects this Data in order to provide the services and/or products requested by the persons concerned, to meet their needs and informs them of what the data is used for.
AFNOR ensures the relevance of the personal Data that are collected in order to have a better understanding of the persons concerned.
AFNOR collects information submitted automatically by the users concerned about the very use they make of the web site. This information may be the user names of single devices, Protocol Internet ("IP") addresses, browser features, language preferences, details of the operating systems and referring URLs. as well as the duration of the visits to the web site and the pages visited. AFNOR may have to use tools, such as Cookies (see.) §9), web tags, embedded scripts, web server logs or other similar technologies for collecting details on the services and devices used for accessing the web sites of AFNOR.
AFNOR uses third-party web analytics services, like Google Analytics, to help it analyse how the people concerned use the web sites of AFNOR. For more information about how Google is likely to use the information collected on the web sites of AFNOR, please click on the following link: https://policies.google.com/privacy/partners?hl=fr. For more information on how to refuse the collection of Data by Google Analytics, please click on the following link: https://tools.google.com/dlpage/gaoptout .
3. USE OF COLLECTED PERSONAL DATA
AFNOR guarantees the confidentiality of the personal Data which are entrusted to it and right from the design stage of the services, sites, and applications respects the principles of Data protection.
AFNOR uses the personal Data of the persons concerned in order to authenticate them, to provide them with the service and/or the subscribed product and to provide them with offers which are tailored to their needs.
AFNOR only releases personal Data to its authorized service providers/subcontractors and ensures that they meet the strict conditions of confidentiality, use and protection of this Data.
AFNOR undertakes not to release personal Data to third parties without having informed the persons concerned and without having offered them the opportunity to exercise their right of opposition.
AFNOR is liable to use the Data of the persons concerned and who were previously kept permanently anonymous for the purposes of statistical studies.
4. PURPOSES OF THE PROCESSING
When you visit one of the websites published by AFNOR, you may provide us with a certain amount of personal data in order to take advantage of the services and/or products offered by AFNOR. The Processing of Personal Data is needed for the performance of services or for AFNOR's legitimate interest relating to standardisation, publishing, and is needed for the performance of services or for AFNOR DEVELOPPEMENT's legitimate interest relating to energy engineering, performance indicator activities or promote responsible purchasing. They are also required for the performance of AFNOR's public service mission as regards standardisation. The collection of Personal Data allows AFNOR to provide data subjects with the best possible monitoring of the services/products delivered by AFNOR, and to improve the operation of the website or the applications used (if applicable); it also allows AFNOR to conduct voluntary satisfaction surveys of its services/products with a view to improving them. The Personal Data collected may also be used for the purposes of preventing and combating computer fraud (spamming, hacking, etc.), or to initiate voluntary satisfaction surveys of AFNOR’s services/products.
Finally, if you have given your express consent, your personal data may be used to send you commercial information.
In online forms, required fields are marked with an asterisk. If you do not answer the mandatory questions, AFNOR will not be able to provide you with the service(s)/product(s) requested. The mandatory or optional nature of the Personal Data requested and the possible consequences of a failure to answer for the data subjects are stated at the time the personal data are collected.
Your personal data will not be processed at a later date in a way incompatible with the purposes described above or in the collection forms. They shall be kept only for as long as necessary to achieve those purposes.
Your personal data may be communicated to some of the data controller’s departments, as well as to certain partners or subcontractors for the purposes of analyses and surveys.
5. SECURITY OF THE PERSONAL DATA COLLECTED
AFNOR has security measures in place which are appropriate to the degree of sensitivity of the personal Data in order to protect them against any malicious intrusion, any loss, or any unauthorised alteration or disclosure to third parties.
AFNOR guarantees the security of information which is exchanged during transactions or when payments are made.
AFNOR only issues access permits for its information system to those people who need such permits in order to perform their function.
AFNOR educates its employees on the protection of the personal Data which is provided to them as part of their duties and ensures that they adhere to the rules and ethics of the AFNOR Group.
AFNOR conducts audits to verify that on an operational basis these rules are properly enforced.
AFNOR requires its suppliers and/or subcontractors to comply with its principles on security.
6. STORAGE DURATION OF THE COLLECTED PERSONAL DATA
AFNOR does not keep personal Data for longer than is necessary for achieving the Processing purpose, whilst at the same time observing the legal and regulatory limits applicable or any other duration given the operational constraints such as effective customer relationship management and the responses to requests from courts or supervisory authorities which have authority over AFNOR.
Regarding customers, the majority of the information is kept for the duration of the contractual relationship and for 10 years after the end of the contractual period. Regarding sales leads, the information is stored for 3 years from the time when it was collected or from the last contact with AFNOR.
7. INFORMATION AND EXERCISE OF RIGHTS
The individuals concerned whose personal Data are collected have a right of access to the personal Data concerning them, to the rectification or erasure of such data, to a limitation of the Processing, the portability of the Data as well as the right to oppose the Processing.
The individuals concerned are informed, however, that the personal Data collected are, as appropriate, necessary for the performance of the service delivered by AFNOR, so that should they wish to use their right to erase the said Data, or to oppose or limit the Processing before the end of the contractual relationship, the service may not be performed.
These rights may be exercised by sending an email to email@example.com or by writing to AFNOR for the attention of the DPO, AFNOR, 11, rue Francis de Pressensé - 93571 La Plaine Saint-Denis Cedex
AFNOR will reply to anyone invoking any of the aforementioned rights within one (1) month as of the receipt of the request.
However, this deadline may be extended by two (2) months, depending on the complexity of and the number of requests. In this eventuality, AFNOR will inform the person concerned of this extension within one (1) month as of the receipt of the request.
If the person concerned makes his or her request in electronic form, the information is provided electronically where possible and unless the person requests it to be done so otherwise.
Should the Processing manager refuse to proceed with the request for information made by the person concerned, then the Processing manager will give the reasons for this refusal.
The person concerned has the option of lodging a complaint with the National Commission for information technology and civil liberties or the supervisory authority of the European Union Member State in which he or she resides and of seeking judicial redress.
7.1. RIGHT OF ACCESS
Any person may apply to the Processing manager, if any personal Data concerning him or her is subject to Processing. If so, the person concerned may obtain a copy of the personal Data which is subject to Processing as well as the following information:
- purposes of the Processing;
- categories of personal Data concerned;
- recipients or categories of recipients of the Data;
- where possible, the planned storage period for the Data or, if this is not possible, the criteria used for determining this period.
- if the personal Data are not collected from the person concerned, any available information about their source;
- as the case may be, the existence of an automated decision making process, including profiling, and the appropriate information concerning the underlying principle, as well as the importance and the expected consequences of this Processing for the person concerned.
7.2. RIGHT OF RECTIFICATION
Any person whose personal Data are subject to Processing has the right to obtain the rectification of any personal Data concerning them which are inaccurate and for these Data to be supplemented if the purpose of the Processing so requires.
7.3. RIGHT TO ERASE
Any person whose personal Data are subject to Processing has the right to obtain from the Processing manager the erasure of the said Data in the following cases:
- If the personal Data are no longer needed for the purposes for which they have been collected or have been processed in a different way;
- If the person concerned has withdrawn the consent on which the Processing was based and there is no other legal basis for the Processing;
- In the event of the Processing being based on the legitimate interest of the Processing manager, if the person concerned objected to the Processing and that there is no pressing reason for the Processing,
- In the event of the Processing having as its purpose the sales canvassing or profiling related to such canvassing, if the person concerned has objected to the Processing;
- If the personal Data have been subject to unlawful Processing;
- If the personal Data have to be erased in order to comply with a legal obligation, which is stipulated by European Union law or by the law of the Member State to which the Processing manager is subject;
The Processing manager may however refuse to erase the Data in the following cases:
- in order to comply with a legal obligation which requires the Processing as stipulated by European Union law or by French law;
- if the Processing is solely for statistical purposes;
- if the Processing is necessary for establishing, exercising or defending rights in court.
7.4. RIGHT TO THE LIMITATION
Any person whose personal Data are subject to Processing may ask the Processing manager for the limitation of the Processing in the following cases:
- If this person challenges the accuracy of his or her personal Data, over a period enabling the Processing manager to verify the accuracy of the said Data;
- If the Processing does not comply with the regulations but the Data owner does not wish to erase the Data;
- If the Processing manager no longer needs the personal Data for the Processing purposes, but the Data are still needed by the persons concerned for establishing, exercising or defending rights in court;
- If the person has objected to the Processing during the verification to establish whether the legitimate grounds pursued by the Processing manager take precedence over those of the person concerned.
- If the Processing has been limited, with the exception of the storage, the Data may only be processed in the following cases:
o with the consent of the person concerned,
o for the establishment, the exercise or defence of rights in court.
o for the protection of the rights of another physical individual or legal entity, or for important reasons of public interest of the European Union or a Member State.
Were the limitation to then be lifted, the Processing manager will first inform the person concerned about this.
7.5. RIGHT OF PORTABILITY
Any person whose personal Data are subject to Processing may ask the Processing manager to provide him or her with these Data or to pass them on to another Processing manager in the following cases:
o if the Processing has been implemented based on the consent of the person concerned
o if the Processing is necessary for the performance of a contract to which the person concerned is party or for the implementation of precontractual measures taken at the request of the person concerned
o if the Processing is carried out using automated processes
7.6. RIGHT OF OPPOSITION
Any person whose personal Data are subject to Processing has a right to oppose this Processing under the following conditions:
o if the Processing based on the satisfaction of the legitimate interests pursued by the Processing manager or by a third party, for reasons relating to his or her particular situation and if the Processing manager cannot demonstrate that there are legitimate and compelling reasons for the Processing which prevail over the interests and the rights and freedoms of the person concerned, or for the establishment, exercise or defence of rights in court
o if the Processing has been implemented for the purposes of sales canvassing or profiling related to such canvassing he or she may oppose this Processing without condition
o if the Processing is implemented for statistical purposes, for reasons relating to his or her particular situation
8. PROTECTION OF PRIVACY
AFNOR has appropriate physical, electronic and administrative security systems, designed to protect the personal information obtained from the people concerned, customers and prospects in accordance with this charter. Despite the reasonable efforts that are deployed to protect this information, no transmission over the Internet is completely secure, and AFNOR cannot guarantee the confidentiality of the Data which are sent to it via the Internet.
AFNOR takes measures to limit the intrusive actions of third parties (spam...) and provides information about electronic attacks (phishing, viruses, kidnapping of information...)
The different AFNOR web sites may contain hypertext links which provide access to other third party web sites or third-party online spaces for the convenience and information of the individuals concerned. These third-party web sites concerned may be operated by unaffiliated entities and may have their own policies or opinions on the subject of confidentiality. Consequently, AFNOR recommends that users check the privacy policies shown on these third party web sites so as to understand how such sites may collect and use personal Data. AFNOR is neither responsible for the content nor the practices applied in terms of confidentiality by third-party web sites, over which AFNOR has no control.
The different web sites of AFNOR may also include features designed to allow the people concerned to interact with third party web sites or third-party services, including third-party social networks. in the event of third party web sites, third party services or third-party social networks being used, AFNOR asks those concerned to read their policy on confidentiality and protection of personal Data.
9.1 TYPES OF COOKIES USED
Cookies required for browsing on the web sites of AFNOR. These cookies are absolutely vital in order for the web sites of AFNOR to function properly. Their removal may cause browsing difficulties.
Four types of Cookies, which are for the purposes described below, may thus be stored on the computers of users visiting any of the web sites of AFNOR.
· Technical Cookies are needed for browsing on our web sites, as well as for accessing the various products and services. Technical cookies in particular make it possible to adapt the presentation of the web sites to the display preferences of the user’s computer terminal (language used, display resolution), as well as to memorise passwords and other information which is contained in a form filled out on the web sites (registration or access to members’ personal spaces) and to implement security measures. These Cookies cannot be disabled or configured otherwise access to the site and/or to the services of the web sites may be denied.
· The Cookies for measuring visitor numbers are generated by AFNOR or by its technical service providers for the purposes of measuring the number of visits to the different contents and sections of the web sites, so that they can be evaluated and organised better. These Cookies also make it possible, as the case may be, to detect browsing problems and consequently improve the ergonomics of the services of AFNOR. These Cookies only generate anonymous statistics on traffic volumes, and do not provide any individual information.
· The advertising Cookies are generated by our network partners, in the advertising spaces of our web sites, and the use of these spaces contributes to the funding of the contents and services that AFNOR provides to users free of charge. These Cookies are deposited by our partners as part of advertising partnerships under the terms of which the networks may be required to collect data about the contents viewed on our site.
· “Social networks” cookies make it possible to share the contents of AFNOR sites with other people or to inform these other people that a given person is viewing such content or to inform them of the opinion of that person concerning a content of the web site(s) of AFNOR. This is, in particular, the case for the "share" buttons from “twitter” social networks. Any social network which provides such an application button is liable to identify the person using this button, even if the person did not use this button when visiting one or more AFNOR web sites. AFNOR recommends that you read the privacy protection policies of these social networks so that you are aware of the purposes of use, in particular for advertising, of the browser information that is collected by means of these application buttons.
9.2 COOKIE MANAGEMENT
Users have the option of accepting or refusing cookies on a case-by-case basis or of refusing them for good by configuring their browser. If the user chooses to refuse all the cookies, the browsing options which provide access to certain pages of the different web sites of AFNOR will be reduced.
Depending on the browser used by the users, the procedures for removing cookies are as follows:
· For Internet Explorer: Click on the Tools button, then on Internet Options
On the General tab, in browsing History, click on Settings
Click the Display files button
Select the cookies which you wish to refuse and click on remove
· Fir Firefox: Click on the browser Tools icon, then select the Options menu
In the window that appears, choose "Privacy" and click on "Display cookies".
Select the cookies which you wish to refuse and click on remove
· For Safari: Click on the Edit icon, then select the Preferences menu
Click on Security and then on Display cookies
Select the cookies which you wish to refuse and click on remove
· For Google Chrome: Click on the Tools icon, select the Options menu then click on the advanced Options tab and go to the "Confidentiality" section.
Click on the “Display cookies" button.
Select the cookies that you wish to refuse, then click on remove
If you need any support regarding the different browsers, AFNOR recommends that you refer to the official documentation.
10. UPDATE OF THE CHARTER
AFNOR may be required to amend this charter at any time, due in particular:
- to the introduction of new services or new technologies
- or legislative and regulatory changes
In the interest of transparency, AFNOR recommends that the people concerned visit this page as often as they wish so as to find out about any changes that there may be.