1. What is meant by “Personal Data”?
Personal Data is any information relating to a Data Subject making it possible to identify a natural person directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.Personal Data is any information relating to a Data Subject making it possible to identify a natural person directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Who controls my Personal Data?
Any company of the Fareva Group can be a data controller within the meaning of the GDPR
The headquarters of the Fareva Group are located at 28 place de la Gare, 1616 Luxembourg, LUXEMBOURG, and can be contacted by regular mail sent to the attention of “Data Protection”, e-mail (firstname.lastname@example.org) or by phone (+ 352 268 646 12).
The identity and contact details of the other entities of the Fareva Group are identified here.
The effective Data Controller :
- with respect to the processing related to the management of the business relationship or direct marketing with a customer, supplier or prospect or the relationship with another contact person, is the Fareva Group entity with which you are in contact,
- with respect to the processing of job applications is the Fareva Group entity from which the job offer emanates or to which your spontaneous application is sent,
- with respect to the processing for contact requests is the Fareva Group entity that you contact or if the request for information or contact is made via this site, the Fareva Group entity most likely to respond to this request for information or contact.
3. What is the purpose for the Fareva Group processing my Personal Data and the legal basis for such processing?
The Fareva Group processes your Personal Data for the following purposes:
a) Business relationships and direct marketing
- Management of the (i) business relationship with a customer, supplier or prospect or (ii) the relationship with another contact person (administration, etc.). To the extent necessary for the management of such relationship, the concerned Fareva Group entity may also process Personal Data related to such customer, supplier, prospect of contact person’s employees, managers and other counterparts for the legitimate interests it pursues, notably to communicate with these individuals within the framework of its commercial activity,
- Unless you have objected to it, management of the direct marketing operations for a customer or a prospect. This processing is necessary for the legitimate interests pursued by the concerned Fareva Group entity to promote its activities.
b) Job application management
- Job application. This processing is necessary in order to take steps at the request of the applicant prior to entering into a potential employment contract,
- Unless you have objected to it, retention of the application for the purpose of handling a database of profiles of applicants to be contacted again. This processing is necessary for the legitimate interests pursued by the concerned Fareva Group entity to recontact the candidate later.
c) Information and contact management
- any request from Data Subjects, in any form. This processing is necessary for the legitimate interests pursued by the concerned Fareva Group entity, more specifically its economic interest in communicating clearly with you, understanding your needs and expectations and following up on your contact request.
4. What are the obligations of the Fareva Group in view of my Personal Data?
The Fareva Group entities must ensure that any Personal Data processed in connection with its activities are:
- collected for specified, explicit and legitimate purposes (as stated above under Section 3) and not further processed in a manner that is incompatible with those purposes or unnecessary,
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed,
- accurate and, where necessary, kept up to date,
- kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data are processed,
- processed in a manner that ensures its security using appropriate technical or organisational measures
- processed lawfully (see below), fairly and in a manner that is transparent for the Data Subject.
5. Who will receive my Personal Data?
Personal Data is processed by the people working in the departments of the concerned Fareva Group entity who have a need to know such Personal Data.
If a Fareva Group entity relies on another Fareva Group entity or a third party for the processing of Personal Data within the meaning of the GDPR (hereafter, the “Data Processor”), the Fareva Group entity being considered as the Data Controller shall ensure that the Data Processor implements appropriate technical and organisational measures in such a manner that processing will meet the requirements of the GDPR and ensure the protection of the rights of the Data Subject. Where applicable, the Data Controller shall execute a written agreement with the Data Processor detailing the obligations provided for by the GDPR.
6. Will my Personal Data be transferred outside of the EU/EEA?
Personal data is only intended to be transferred outside the EU / EEA within the Fareva Group in cases where:
- the performance of a contract with a customer or a supplier requires the communication of data to a Fareva Group entity located outside the EU / EEA,
- the job offer concerns a Fareva Group entity established outside the EU / EEA,
- the request for contact or information involves a response from a Fareva Group entity established outside the EU / EEA.
In these cases, only the Fareva Group entity established outside the EU / EEA who needs to know such information will actually receive it.
In addition, a Fareva Group entity acting as a Data Controller may also use Data Processors established or having processing facilities outside the EU / EEA. Where the said Data Processor is not established in a territory for which the Commission has recognized the appropriate level of protection (Andorra, Argentina, Canada, United States, Guernsey, Isle of Man, Faroe Islands, Israel, Japan, Jersey, New Zealand, Switzerland, Uruguay) appropriate safeguards are taken, such as the use of standard contractual clauses that can be consulted here.
7. How long can my Personal Data be retained?
The retention period for Personal Data very much depends on the purpose for which the Personal Data has been collected, the type of Personal Data, the relationship between the Data Subject and the Data Controller as well as regulatory and legal obligations of the Data Controller.
Concerning the management of the business relationship, the Personal Data will be retained for the duration of the contractual relationship and archived for the applicable limitation period.
Concerning direct marketing, the Personal Data are retained for a period of 3 years from the last contact with the Data Subject.
Any Personal Data provided within the frame of a job application, will be retained until the job application has been treated, or, if the job application is successful, for the needs of the employment relationship.
If your application is kept to allow us to contact you for a future position, the Personal Data will be retained for a period of 2 years maximum.
Concerning information and contact management, the Personal Data will be retained for the period of time necessary to answer your request.
8. What are my rights regarding my Personal Data?
The GDPR grants certain rights to you, such as:
- restriction on processing of your Personal Data,
- objection to processing,
- portability of Personal Data.
Some local regulations may give you additional rights, e.g. in France the right to send special instructions regarding the fate of your Personal Data after your death.
You can exercise the foregoing rights at any time, in particular by sending a request per e-mail to the Fareva Group at email@example.com or regular mail to the address indicated in Section 2 above. Any request will be treated without undue delay.
If needed, you can lodge a complaint with the National Commission for Data Protection (CNPD), 1, avenue du Rock’n’Roll, L-4361 Esch-sur-Alzette, (+352) 26 10 60-1.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereafter “General Data Protection Regulation”). (hereafter, a “Data Controller”).