Rights Management Charter

Charter for the management of your requests to exercise your "Data Protection" rights

When you exercise your rights with Fair & Smart (hereinafter “we”), we may process personal data about you in order to respond to your requests. This processing does not involve automated decision-making.

Purposes of the processing

The purpose of the processing is the management of requests for the exercise of rights that you send to us, by deposit or by any other means.

It allows us to:

  • Receive your requests to exercise your “Data Protection” rights;
  • Manage and follow-up on requests, in liaison with the relevant departments;
  • Respond to your requests;
  • Keep a record of requests and responses to users;
  • Develop activity data (statistics).

This processing is necessary to comply with a legal obligation to which we are subject (compliance with the General Data Protection Regulation (GDPR) and the amended Data Protection Act).
Article 6 1 c) GDPR

Data processed

The data we process is collected from you and from our departments involved in handling your requests.

The categories of data that may be processed are as follows:

  • Your identification data,
  • Vos coordonnées postales,
  • Your postal address, telephone number and/or email,
  • The subject of your request,
  • The follow-up to your request,
  • The data about you recorded in our processing,
  • Anonymous statistics.

It is specified that your identification data, the subject of your request, a postal or email address and, where applicable, the provision of supporting documents are necessary for the processing of your request to exercise your rights.

Recipients of the data

Depending on their respective needs, the following are recipients of all or part of your data:

  • Our Data Protection Officer (DPO),
  • Our services requested to manage and respond to your request,
  • The publisher and host of our CRM solution (Salesforce).

Data transfers outside the EU

The data from our CRM solution (Hubspot) is hosted in the European Union. Any transfers outside the EU (https://legal.hubspot.com/fr/dpa) are governed by different mechanisms implementing appropriate safeguards:

  • adherence by Hubspot, some of its subcontractors and some of its subcontractors to Privacy Shield;
  • the development by Hubspot of approved Binding Corporate Rules;
  • the conclusion of Standard Contractual Clauses with Hubspot.

You can check this information by consulting the list of companies adhering to Privacy Shield available at https://www.privacyshield.gov/list.

Data retention period

The data is kept for five (5) years from the end of the calendar year of your request.

If a copy of your identity document is requested, it is kept for one (1) year if your request is to exercise your rights of access or rectification and for three (3) years, if you exercise your right to object or delete.

How to exercise your rights

You can exercise your rights by using the fair&smart application available for free download:

You can also exercise your rights directly with our DPO. The DPO is also your contact for any request relating to the management of your personal data.

You can contact our DPO by sending an email to the following address:
dpo@fairandsmart.com
You can also contact the DPO by post by sending a letter to the following address:
DPO FAIR & SMART
HAAS SOCIETE D’AVOCAT
32 Rue La Boétie
75008 PARIS

In accordance with the Data Protection Act and the GDPR, you have the following rights:

  • right of access (article 15 GDPR), rectification (article 16 GDPR), right to update and complete your data,
  • right to block or erase your personal data (article 17 GDPR), when it is inaccurate, incomplete, ambiguous, out of date, or whose collection, use, communication or storage is prohibited
  • right to withdraw your consent at any time (article 13-2c GDPR)
  • right to restrict the processing of your data (article 18 GDPR)
  • right to object to the processing of your data (article 21 GDPR)
  • right to the portability of the data you have provided to us, when your data is subject to automated processing based on your consent or on a contract (article 20 RGPD)
  • right to define the fate of your data after your death and to choose whether or not we communicate your data to a third party that you have previously designated (find out more).

In the event of your death and in the absence of instructions from you, we undertake to destroy your data, unless its retention is necessary for evidential purposes or to meet a legal obligation.

More information on your Data Protection rights

We remind you that you can also lodge a complaint with the supervisory authorities and in particular with the French Data Protection Authority (CNIL). (https://www.cnil.fr/fr/plaintes).