Confidentiality policy
Preamble
The company ORIKIO (hereinafter referred to as “” ORIKIO ”) is a company specialized in the computer programming business sector. ORIKIO has developed and markets a solution consisting of a remote surveillance and alert device based on software technology equipped with “machine learning” whose function is to identify, isolate and analyze sounds, in order to detect abnormal or emergency situations and thus trigger an alert in Residential Establishments for Dependent Elderly Persons (EHPAD) or Homes & Nursing Homes (FAM-MAS).
This privacy policy (hereinafter the” Politics ”) is intended to inform visitors and users (hereinafter collectively referred to as the” Users ”) of the website www.orikio.com (hereinafter the” Site ”) on the conditions for the processing of their Personal Data collected in the context of the use of the Site or via the addresses rh@orikio.com and contact@orikio.com information on the Site, and to describe the conditions for complying with the rules for the protection of their Personal Data.
• Regulation (EU) No. 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (known as” General Data Protection Regulation ” or” RGPD ”); and
• French law no. 78-17 of 6 January 1978 as amended, relating to information technology, files and freedoms (the” Data Protection Act ” or” LIL ”).
The GDPR and the LIL are hereinafter referred to collectively as the” Applicable regulations ”.
ORIKIO carries out all the necessary checks in order to implement its compliance with the Applicable Regulations.
ORIKIO has appointed a Data Protection Officer (” DPO ”) in order to implement its compliance with the Applicable Regulations. For any questions regarding the protection of Personal Data, the ORIKIO DPO can be contacted by email at the following address: dpo@orikio.com
Definitions
What is “Personal Data” or “Personal Data” : any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”, i.e., the User).
An “identifiable natural person” is deemed to be any natural person who can be identified, directly or indirectly, in particular by reference to:
• to an identifier, such as a name, an identification number, location data, an online identifier;
• to one or more specific elements specific to their physical, physiological, physiological, genetic, psychological, economic, cultural or social identity.
What is a “Treatment” : it is any operation or set of operations carried out or not carried out using automated processes and applied to data or sets of personal data, such as collection, registration, organization, structuring, conservation, adaptation or modification, adaptation or modification, extraction, consultation, modification, extraction, consultation, modification, extraction, consultation, use, use, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection, adaptation or modification, extraction, consultation, modification, extraction, consultation, use, use, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection, limitation, deletion or destruction.
What is a “Data Controller” : it is any natural or legal person who determines, alone or jointly with others, the purposes and means of a treatment. When ORIKIO processes Users' Personal Data, for example for commercial prospecting purposes, ORIKIO acts as data controller.
What is a “Subcontractor” : this is any natural or legal person who processes personal data on behalf of the data controller. The IT service provider (host) that hosts the Personal Data of Users collected by ORIKIO intervenes in the processing on its behalf and is qualified as a subcontractor within the meaning of the Applicable Regulations.
Principles for the protection of personal data
This Policy is based on compliance with the principles described below, established by the Applicable Regulations.
As the Data Controller that it implements as part of the management of the Site, and in particular via the contact forms, ORIKIO is responsible for respecting these principles and must be in a position to demonstrate its compliance at any time.
The implementation and respect of these principles are essential and must be monitored regularly by the persons responsible for issues related to the Processing of Personal Data within ORIKIO.
Legality, loyalty and transparency
Personal Data must be processed in a lawful, loyal and transparent manner in relation to the Person Concerned by the Processing of Personal Data.
Limitation of purposes
Personal Data must be processed for specific, explicit and legitimate purposes, and not be further processed in a manner that is incompatible with these purposes.
Data minimization
Personal Data must be adequate, relevant and limited to what is necessary for the purposes for which they are processed.
Accuracy
Personal Data must be accurate and, if necessary, kept up to date; all reasonable steps must be taken to ensure that Personal Data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay.
Limitation of conservation
Personal Data must be kept in a form that allows the identification of Data Subjects for a period of time that does not exceed that required for the purposes for which they are processed. They may be stored for longer periods of time insofar as they will be processed exclusively for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes, provided that appropriate technical and organizational measures are implemented in order to guarantee the rights and freedoms of the person concerned.
Integrity and confidentiality
Personal Data must be processed in such a way as to ensure appropriate security, including protection against unauthorized or unlawful Processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
Personal data processed by ORIKIO
Data collected as part of the use of the ORIKIO Site
The Personal Data collected and processed by ORIKIO as Data Controller are those that may be collected as part of the use of the Site by the User.
The Personal Data of Users that may be processed by ORIKIO is identification data of Users, namely:
• Civil status (name, first name, age, sex, date of birth);
• Professional information (Data contained in a CV for example);
• Any other Data transmitted by a User as part of a contact.
This Personal Data is collected via ORIKIO's contact forms or through email exchanges with ORIKIO, via the address contact@orikio.com and/or any other generic ORIKIO address such as commercial@orikio.com, as well as during exchanges with ORIKIO staff members, especially during exhibitions and fairs.
In addition, ORIKIO collects and processes the following Personal Data:
• The User's connection data, such as the IP address, the operating system used or the type of browser;
• Data contained in a log file (date and time of connection, actions performed).
Purposes of data processing
ORIKIO acts as Data Controller for the Processing of Users' Personal Data in the context of the use and management of the Site, including in particular the establishment of contact by Users.
ORIKIO collects and processes Users' Personal Data for the following purposes:
• Management of requests and contacts from Users via the Site published by ORIKIO, including:
- Develop quotes and commercial proposals according to the needs expressed by the User;
- Collect information on the needs of the User and provide advice;
• Promote the products and services marketed by ORIKIO, in particular the IT solution “ARI”/“Oso-box”, in particular electronically;
• Manage the contractual relationship and the customer relationship;
• Receive and process applications sent to ORIKIO by candidates for employment;
• Carry out marketing operations using the data collected via the cookies placed during the User's navigation on the Site;
• Carry out statistics in order to improve the functionalities and performance of the Site and to know how the User uses the ORIKIO Site thanks to the data collected via cookies.
Users' Personal Data is strictly confidential and is processed by ORIKIO for the sole purposes described above.
ORIKIO expressly undertakes not to further process Personal Data for purposes that are incompatible with the purposes mentioned above.
In addition, ORIKIO undertakes not to disclose, transfer, rent or transmit Users' Personal Data to third parties other than the host of the Site Data.
Legal basis (s) for Data Processing
ORIKIO acts as a Data Controller within the meaning of the Applicable Regulations when it processes Users' Personal Data in the context of the use of the Site and in particular when the User contacts ORIKIO. The legal basis for this treatment is:
• Consent, when it is given by the User to ORIKIO in a free, specific, informed and unequivocal manner for one or more specific purposes, such as:
- Commercial prospecting actions by electronic means;
- The deposit of certain categories of cookies when browsing the Site, in accordance with the information in the Cookie Management Policy;
• Legitimate interests of ORIKIO as Data Controller, in particular for:
- The carrying out of commercial prospecting operations that are not subject to the consent of the User;
- The processing and responses to applications submitted to ORIKIO by Users;
• The execution of a contract or pre-contractual measures as part of:
- The development of quotes and commercial proposals at the request of Users;
- Manage the contractual relationship, provide information and respond to requests from Users.
Data Retention Period
Personal Data collected by ORIKIO is only kept for the period strictly necessary to achieve the purposes for which they were collected in accordance with the Applicable Regulations.
At the end of this period, Users' Personal Data will be archived by ORIKIO for evidentiary purposes for the period necessary for the establishment, exercise or defense of a right in court, or in order to allow ORIKIO to comply with its legal and/or regulatory obligations, then will be deleted by ORIKIO at the end of this period.
A summary table showing the storage periods applied by ORIKIO is attached at the end of this Policy.
Hosting the ORIKIO Site
The User acknowledges and accepts that the hosting services of the Site are subcontracted to an external service provider as part of the hosting of the latter.
However, the host who acts on behalf of ORIKIO has no right to access and use Personal Data collected from Users through the Site. The intervention of the host is limited to purely technical services.
The host acts as a Subcontractor of ORIKIO, in accordance with the instructions sent to him by ORIKIO, and is bound by a written contract defining his obligations under the conditions required by article 28 of the RGPD. The data is hosted within the European Union.
Personal Data Security Measures
ORIKIO is committed to protecting Users' Personal Data through reinforced security measures intended to guarantee a high level of processing security. Indeed, as Data Controller, ORIKIO implements technical and organizational security measures in accordance with the requirements of the Applicable Regulations and industry standards, in order to ensure the protection of Data processed by ORIKIO against their destruction, loss, alteration, and disclosure to unauthorized third parties, to ensure the restoration of the availability of Personal Data and access to them within appropriate time frames in the event of a physical or technical incident.
However, the User must be aware that despite all the security measures implemented, no data transmission on the Internet is 100% secure and that all information communicated online may be potentially intercepted and used by persons other than the desired recipient. However, the host who acts on behalf of ORIKIO has no right to access and use Personal Data collected from Users through the Site. The intervention of the host is limited to purely technical services.
ORIKIO also ensures that its subcontractors, in particular the data host, comply with their data security obligations prior to any data communication.
Users' rights to their personal data
In accordance with the Applicable Regulations, all Users have rights to the Personal Data concerning them processed by ORIKIO. The User may exercise his rights or ask any question relating to the protection of his Personal Data to the ORIKIO DPO, at the following address: dpo@orikio.com.
The User's rights to their Personal Data are as follows:
• Right of access to Personal Data concerning him and to information relating to Processing (purposes, categories of data concerned, recipients, storage period, etc.);
• Right to rectification of his Personal Data in the event of erroneous or incomplete information;
• Right to erasure (right to be forgotten) of his Personal Data that would no longer be necessary for the purposes pursued, or (ii) for which the User has exercised his right to oppose the Processing;
• Right to withdrawal the consent of their Personal Data, which allows the User to withdraw their consent at any time by informing ORIKIO by email;
• Right to limitation the Processing of his Personal Data, when (i) the User contests their accuracy or (ii) when the Data retention period has come to an end but the User needs to keep his Data for the establishment, exercise or defense of a legal right or (iii) when the User objects to one of the Processing of his Personal Data;
• Right to portability of his Personal Data, namely the right to receive his Personal Data that is the subject of Processing in a usable format and/or to request that they be transmitted to another data controller;
• Right to object to the Processing of his Personal Data for legitimate reasons specific to him, subject to the closure of the Account.
Except in the case where the request seems excessive or if it requires disproportionate efforts, ORIKIO, as Data Controller, has the obligation to respond to Users' requests to exercise their rights as soon as possible and at the latest one (1) month after receiving the request.
Transfer of personal data processed by ORIKIO
The Applicable Regulations strictly and precisely regulate the international transfers of Personal Data. ORIKIO prohibits any transfer of Personal Data to a third country that would not be considered adequate by the European Commission, without the establishment of appropriate guarantees within the meaning of article 46 of the RGPD (in particular the European Commission's Standard Contractual Clauses), so that Users' Personal Data is properly protected when transferred to a place located outside the European Union.
Appendices
| Activities/purposes of the treatment | Shelf life | Reference texts |
|---|---|---|
| Management of contacts, management of prospects and other requests sent to ORIKIO by Users | 3 years from their collection or the last contact from the User (prospect), whether the latter intervenes by a new request sent to ORIKIO or a click on a hypertext link contained in an email. Beyond that, archiving for a period of 5 years necessary to save the proof of a right or an act. | Deliberation No. 2021-131 of September 23, 2021 adopting a framework relating to the processing of personal data implemented for the purposes of managing commercial activities. Art. 2224 of the Civil Code |
| Customer relationship management | Duration of the commercial relationship between ORIKIO and the User. Beyond that, archiving for a period of time necessary to save the proof of a right or an act. | Deliberation No. 2021-131 of September 23, 2021 adopting a framework relating to the processing of personal data implemented for the purposes of managing commercial activities. Art. 2224 of the Civil Code |
| Application processing | Duration necessary to process the application, then storage for a maximum of 2 years from the date of collection in a CV-library in order to be able to contact the candidate again, unless the candidate objects. | Recommendations from the CNIL, taken from its guide dedicated to Recruitment |
| Realization of statistics, audience measurements and performance | Retention of data collected via cookies for a maximum period of 25 months in accordance with the cookie management policy |