Privacy
Policy
This privacy policy (hereinafter the ‘Privacy Policy’) describes how MGP Online, as defined in Article 1 below, collects, uses, shares, and more generally, processes Personal Data as defined below.
Any mention of the term ‘MGP Online’ refers to the MGP Online entity defined below, which acts as the controller of your Personal Data pursuant to the General Data Protection Regulation (GDPR), as further explained in this Privacy Policy.
This policy is subject to change, particularly when necessary to meet the requirements of data protection regulation. You are therefore encouraged to visit our site regularly on this page to remain informed of any changes.
1. DEFINITIONS
Each of the following terms, used in the singular or plural, shall have the meaning assigned by its definition:
The terms ‘personal data’ (hereinafter ‘Personal Data’), ‘categories of data’, ‘process/processing’, ‘controller’ and ‘subcontractor’ hold the meaning given to them in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, hereinafter ‘GDPR’) and Law No. 78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties, as amended by Decree No. 2019-536 of 30 May 2019 (hereinafter together ‘IT and liberties regulations’).
‘Customer’: the organization (legal entity) that has entered into the contract with MGP Online.
‘MGP Online’: refers to the Company MGP Online, registered in the Paris Business and Company Register (RCS) under number 485 374 649 and headquartered at 40-44 Rue Letort, 75018 Paris, France and to its Affiliated Companies.
‘Website’ www.mgponline.com
‘Third-party services’: tools and/or platforms and/or software made available and operated by third parties.
‘Affiliated companies’: existing and future companies controlled by, controlling or under common control with the company MGP Online, as the term ‘control’ is defined in Article L233-3 of the Commercial Code.
2. APPLICABILITY OF THIS PRIVACY POLICY
This Privacy Policy applies to the Website as well as to other interactions that you may have with MGP Online (e.g. customer service inquiries, forms or email correspondence of any kind with prospective or existing customers).
If you do not agree with the content of the Privacy Policy, we invite you not to access the Website, nor engage with MGP Online in any way.
This Privacy Policy does not apply to Third-party services. They have their own privacy policies and you are invited to refer to them.
3. COLLECTION AND OBTENTION OF PERSONAL DATA
1.Personal data provided by you or by a third party (customer, supplier, etc.)
MGP Online may directly or indirectly collect Personal Data concerning you by the following means:
– When you interact with MGP Online on the Website, in particular by completing an online form;
– When you subscribe to MGP Online newsletters;
– For the purpose of marketing campaigns of any nature and satisfaction surveys carried out by MGP Online;
– When you register for an event (e.g. webinars);
– When sending and receiving emails, in particular if you contact us to obtain information regarding MGP Online products;
– When you take part in a discussion group, a contest or when you interact with MGP Online’s social media accounts or otherwise communicate with MGP Online;
– When you are the representative of a MGP Online Customer;
– When you are the representative of a MGP Online Supplier;
– When you apply for a job at MGP Online.
Concerning indirectly collected data, MGP Online may, as indicated above, collect data concerning you within the framework of contractual relations with its customers and suppliers. This data is usually transmitted to MGP Online by the person designated by the customer or supplier to deal with MGP Online. This data is mainly contact data, such as first name, last name, title, business mailing address, business email address, business telephone number and job title.
MGP Online may also process applications submitted by recruitment agencies.
This Personal Data may be supplemented by other sources, including those listed below.
2. Passively collected personal data
When you visit our Website, certain Personal Data is automatically collected, including:
– Connection and traffic data: MGP Online servers automatically collect and record information when you access the Web site. These records may include the Internet Protocol address (IP address), the address of the web page you visited prior to using the Web site, the type of browser used and information about its browser configuration and plug-ins, the date and time of use of the Services, language preferences, and cookie data (for more details, please refer to our Cookies Policy).
– Device information: MGP Online collects information about devices, including the type of device, its operating system, device settings, application identifiers, unique device identifiers, and shutdown data.
– Communication-related information: MGP Online may also collect information concerning your communication with MGP Online, via email, in particular to know if you have read, transferred, or clicked on a message.
– Cookie information: MGP Online collects information by using cookies and similar technology on the Website. The Website may include similar cookies and tracking technology which may collect information about you via third-party services. To learn more about how MGP Online uses these technologies please consult the Cookies Policy.
4. USE OF PERSONAL DATA
As the controller pursuant to the IT and liberties regulations, MGP Online may use Personal Data for the following purposes, based on the corresponding legal provision:
Purpose
Legal provision
Duration
Management of accounts receivable or payable and other administrative matters such as invoicing
Legitimate interest (customer and supplier relationship management)
Duration of the contract and legal retention period
Marketing (campaigns, online or trade show events, customer satisfaction surveys)
Consent or legitimate interest (communications with professionals)
Withdrawal of consent or duration of the event or termination of the Customer account
Communication on new product features, promotions or any other news related to MGP Online
Consent or legitimate interest (communications with professionals)
Withdrawal of consent or termination of the Customer account or data inactive for 2.5 years.
Customer relationship management
Legitimate interest (customer relationship management)
Duration of the business relationship
Security assessments and the prevention of security or fraud problems and potential abuse
Legitimate interest
Duration required to manage security or fraud assessments and to resolve any problems. Extension possible in the event of litigation.
Management of requests via the contact form or any other means
Consent
Withdrawal of consent or duration required to process the request
Job applications
Consent
Withdrawal of consent or termination of the recruitment process
Statistics and reporting on visitors to the Websites
Consent and legitimate interest
Durations vary but do not exceed 13 months (see Cookies Policy)
Personal Data will be used by MGP Online in accordance with applicable regulations.
5. DATA RETENTION
In addition to the retention periods indicated above, MGP Online, in its capacity as data controller, retains Personal Data used for related processing in accordance with the various legal or regulatory obligations when they exist, for all of its activities.
Where no legal or regulatory provision exists, MGP Online defines the retention period for Personal Data used for related processing in line with the provisions of GDPR regulation (Article 5, paragraph 1e))
As such, MGP Online may retain the data for any useful period insofar as the applicable limitation period allows.
6. SHARING AND DISCLOSURE OF INFORMATION
Data collected and processed by MGP Online for the purposes mentioned above may be shared with:
– the customer service department, the marketing department and the technical department of MGP Online,
– the administrative, accounting and legal departments of MGP Online,
– the general management team as well as the direct manager involved in a recruitment process,
– companies from which MGP Online requests services, on the understanding that these service providers are contractually obliged to protect the personal data shared with them in this context,
– affiliates for the purpose of providing information about their products and services.
MGP Online may share your email address with subcontractors located outside of the European Union who may use emailing tools. Such transfers are governed by standard contractual clauses (see Paragraph 8 on ‘Data transfer’). A copy of these clauses can be requested from MGP Online by email at the following address:
7. SECURITY
Protecting your Personal Data is very important at MGP Online. MGP Online takes the necessary technical and organizational measures to ensure the security of your Personal Data and prevent any risk of loss, misuse and unauthorized access or disclosure. These measures take into account the sensitivity of the information that MGP Online collects, processes and stores and the current state of technology. These measures apply, in whole or in part, to certain cases of processing of Personal Data.
7.1 TECHNICAL SECURITY MEASURES
1. Personal Data encryption: based on the processing involved and the degree of sensitivity of the Personal Data, MGP Online may encrypt the Personal Data, for its storage in databases (at rest) as well as for the transit of this Personal Data.
2. Guarantee of the ongoing confidentiality, integrity, availability and resilience of the processing systems: all forms of processing used are defined in accordance with GDPR obligations and MGP Online’s interpretation of said obligations, in particular with regard to the assessment of risks related to Personal Data collection. These resources may be managed by MGP Online itself or delegated to third-party hosts who meet high security standards.
3. Resources to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident: all forms of processing used are defined in accordance with GDPR obligations and MGP Online’s interpretation of said obligations, in particular with regard to the assessment of risks related to Personal Data collection.
4. A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing: the Information Systems Security Policy (PSSI) describes the organization and means provided to establish the measures that are applicable on MGP Online Internal Information System, which may contain Customer Data and Personal Data. Other tests, carried out regularly by independent external bodies, allow us to verify the efficiency of existing technical and organizational measures and to take remedial action if weaknesses are identified.
7.2 ORGANIZATIONAL SECURITY MEASURES
1. Information security policy: information security is a key component of the company, both in its internal processes and with respect to its customers. As such, support to ensure the security of data shared in the conduct of business by MGP Online employees is provided by the company’s executive team, in accordance with business requirements and applicable laws and regulations.
2. Information Security organization: A management framework for initiating and then verifying the implementation and operation of information security measures within the organization is established, documented, and monitored.
3. Security in human resources management: MGP Online ensures that employees and contractors understand their responsibilities. All employees and contractors are subject to confidentiality clauses in the performance of their duties. In addition, MGP Online has implemented an information security and best practices awareness program related to the handling of Personal Data to ensure a level of understanding of the issues and responsibilities faced by employees and contractors on a regular basis.
4. Asset management: company assets (human or technical resources such as applications and infrastructure) involved in processing Customer and Personal Data are identified, and responsibilities are defined, both in terms of organizational and human resources, and in terms of technical resources, in order to provide appropriate data protection guarantees. Furthermore, access to these assets is strictly controlled and limited.
8. DATA TRANSFER
MGP Online may transfer your Personal Data to countries other than where you reside. If MGP Online transfers Personal Data outside the European Union to countries not recognized as having equivalent Personal Data legislation, MGP Online shall ensure that the obligations set out in Article 44 et seq. of the GDPR are met, for example by committing to sign applicable EU standard contract terms in accordance with applicable regulatory requirements.
9. YOUR RIGHTS
Under the conditions and within the limits provided for by the IT and liberties regulations, you are entitled to exercise the following rights regarding your personal data:
– Right of access: you can ask MGP Online to send you the personal data it holds which concerns you;
– Right to rectification: you can ask MGP Online to rectify inaccurate information which concerns you;
– Right to object: you may object at any time to the processing of your data, for reasons relating to your particular situation;
– Right to erasure (or to be forgotten): you can ask MGP Online to delete the data for the reasons stated in the Applicable Regulation;
– Right to processing limitations: you can ask MGP Online to restrict processing for the reasons stated in the Applicable Regulation;
– Right to set out your instructions for the retention, deletion and disclosure of your personal data after your death.
If you wish to exercise one or more of these rights, it is advisable to address the corresponding request to MGP Online by e-mail to the following address: .
In certain cases, MGP Online may not respond favorably to your request. If this happens, MGP Online will give you the reason or reasons for this refusal.
In any case, you may file a complaint with the competent control authority (the Commission Nationale de l’Informatique et des Libertés (CNIL) in France).
10. COMPETENT DATA PROTECTION AUTHORITY
Subject to applicable legislation, you also have the right, if you are unsatisfied with the answer to your request (i) to restrict MGP Online’s use of your Personal Data and (ii) to lodge a complaint with your local supervisory authority, in accordance with Articles 13 and 14 of the GDPR, or with the lead authority designated by MGP Online, which in France is the CNIL, at the following address:
Commission nationale de l’informatique et des libertés
Mgp Online – VILMIN INVESTISSEMENT
1 RUE DE LA REPUBLIQUE 13002 MARSEILLE
France
Contact form:
11. CONTACT MGP Online
Any individual may contact MGP Online regarding this Privacy Policy or MGP Online’s Personal Data practices, or to exercise his or her rights.
Moreover, he or she can contact the MGP Online Data Protection Officer (DPO) by email: or at the mailing address below:
Délégué à la Protection des Données (DPO)
Mgp Online – VILMIN INVESTISSEMENT
1 RUE DE LA REPUBLIQUE 13002 MARSEILLE
France
