Protection Policy of Personal Data
Welcome to the personal data protection policy of mySTART application (hereinafter the “Application”).
This Application was developed by Systel, Systèmes et Télécommunications SA, a public limited company with a board of directors, registered in France with the Trade and Companies Register of LA ROCHELLE under number 331 633 123 RCS, whose head office is located 17 rue le Verrier, 17440 AYTRE, France (hereinafter “Systel”).
The mySTART Application offers services enabling its users, volunteer firefighters and professionals (hereinafter the “Users” or “You”), to manage their schedule by indicating in real time their availability (hereinafter the “Services”).
“Personal Data Processing” means any transaction, or set of operations, relating to such Data, regardless of the process used (collection, registration, organisation, preservation, adaptation, modification, extraction, consultation, use , communication by transmission broadcast or any other form of provision, reconciliation or interconnection, locking, deletion or destruction, …)
“Personal Data” or “Data” means any information relating to an identified or identifiable person.
“Controller” means the person who determines the purposes and means of this process.
“Subcontractor” means the natural or legal person who processes Personal Data on behalf of the Controller.
2. DATA COLLECTED
When you register on the Application, you must complete the following Data:
- Surname and first name
- Registration number
- Base station
With your consent, the Application can geolocate you. To do this, you must activate the geolocation function, if you wish, directly in the settings of your mobile device and accept that the Application can use it. This feature can be activated or deactivated at any time and without charge.
3. PURPOSES OF DATA PROCESSING AND LEGAL BASIS
Data collected via the Application is used by the Controller :
- to manage your registration
- for the strict need of the implementation of the Services and your identification for this purpose
- to allow you to manage your schedule by indicating in real time your availability
- to communicate with you, especially when you contact us by any means whatsoever.
The Controller will determine the legal basis (s) applicable to the processes made:
- Execution of the contract
This legal basis may be claimed when the Data collected is necessary for the provision of the Services.
- Legitimate interest
The Controller may also collect Personal Data for purposes of legitimate interest, such as improving the Services. You may at any time object to the processing of your data on this basis.
In certain circumstances, and in particular where the legal bases mentioned above are not applicable, the Controller may be required to obtain your express consent to the processing of your Data. In this case, you may withdraw your consent at any time.
4. CATEGORIES OF RECIPIENTS OF DATA COLLECTED
The recipients of the Personal Data collected are:
- the Systel teams having to know and,
- the FRS listed below and their potential service providers, subcontractors or suppliers in the performance of their services on behalf of the FRS;
SDIS 04, SDIS 08, SDIS 09 , SDIS 10, SDIS 11, SDIS 15, SDIS 16 , SDIS 17, SDIS 26, SDIS 27 , SDIS 28 , SDIS 2B, SDIS 29, SDIS 31 , SDIS 32, SDIS 35 , SDIS 36 , SDIS 38, SDIS 40 , SDIS 41, SDIS 43, SDIS 47 , SDIS 48 , SDIS 50, SDIS 51, SDIS 53 , SDIS 60, SDIS 63, SDIS 68 , SDIS 74, SDIS 79 , SDIS 81, SDIS 82, SDIS 86 , SDIS 87, SDIS 88 , SDIS 90 , SDIS 971, SDIS 972, SDIS 973, SDIS 976, DDIS 998, TRISERVICE, WYSY , CSPM, ECA.
These recipients are subject either contractually or legally to an obligation of confidentiality. The Controller may also disclose / transfer your Personal Data to third parties in the following particular circumstances:
- by law, in the context of legal proceedings, litigation and / or a request from public authorities in your country of residence or otherwise;
- If disclosure is necessary for national security, law enforcement or other public purposes ;· If we dispose of an activity or assets, in which case we may disclose your Personal Data to the potential acquirer of that activity or assets.
5. DURATION OF DATA CONSERVATION
The Controller may keep the Personal Data communicated via the Application during the term of your contractual relationship and then for probative purposes for the applicable legal limitation period. Beyond this period, these Data may be anonymized and used for internal statistical purposes only and will not give rise to any other exploitation of any kind.
6. DATA TRANSFERS
No personal data is sent to recipients outside the EU.
- In the transfer hypothesis, the Controller undertakes that: Personal Data is transferred to countries recognized as offering an equivalent level of protection or
- the Personal Data is transferred to entities certified under the Privacy Shield or,
- For Personal Data transferred outside the countries recognized by the CNIL as having a sufficient level of protection, one of the mechanisms providing appropriate guarantees as provided by the applicable regulations, and in particular the adoption standard contractual clauses.
7. PERSONAL DATA OF MINORS
The Controller does not collect or process Personal Data relating to children under 15 years of age.
8. YOUR RIGHTS ON THE DATA THAT WE COLLECT
8.1. Your rights
You have all the following rights on the Data collected via the Application:
- Right to access your data
You have the right to obtain confirmation that your Personal Data is or is not being processed and, when they are, the right to obtain access to such Data. This right also includes the right to obtain a copy of the Data that is the subject of a Processing.
- Right to request correction of your Data if it is incorrect
You have the right to request that your Data be rectified, updated or completed when it is inaccurate, erroneous, incomplete or obsolete.
- Right to request the deletion of your Data
You have the right to request the deletion of your Data only for the reasons provided by the applicable regulations and in particular when:
- the Data are no longer necessary for the purposes for which they were collected or otherwise processed;
- you disagree with the data processing and there is no compelling legitimate reason for the processing;
- you consider that your Data has been the subject of unlawful processing;
- your Data must be deleted to comply with a legal obligation.
- Right to limit the processing concerning you.
You have the right to obtain from the controller the limitation of the use of your Data only for the reasons provided by the applicable regulations and in particular when:
- you dispute the accuracy of your Data;
- you consider that the Processing is unlawful and you oppose the deletion of your Data;
- The Data is still necessary for the recognition, exercise or defense of rights in court although the Controller no longer needs it.
- Right to oppose their process by withdrawing your consent when you have given it (remembering that this withdrawal will not affect the lawfulness of the process based on the consent made prior to its withdrawal)
- Right to benefit from the portability of your Data
You have the right to recover the Data you have provided to the Controller, in a structured, commonly used and machine-readable format, and the right to transmit this Data to another Controller, for example to be able to switch providers.
- Post-mortem guidelines
You have the right to provide specific or general death guidelines for the retention, deletion and disclosure of your Personal Data to designated third parties.
- Right to lodge a complaint with the CNIL
If you consider that the Person in charge does not respect his obligations with regard to your Personal Data, you can at any time send a complaint or a request to the competent authority. In France, the competent authority is the CNIL to which you can address a request electronically by clicking on the following link: https://www.cnil.fr/fr/plaintes/internet.
8.2. Procedures for exercising rights
Your rights may be exercised at any time by sending an e-mail to the address: firstname.lastname@example.org and / or directly to the Controller. You can also exercise the aforementioned rights by mail on written and detailed request to the following address:
SYSTEL – Personal Data – 17 rue le Verrier, 17440 AYTRE
If in doubt about your identity, we may ask you to provide proof of your identity, including the production of a scan of your valid ID or a signed photocopy of your valid ID.
The Controller will determine within a maximum of one month from receipt of the request if it is admissible or not. In the event that the said request is admissible, the Controller will provide the requested information or will implement the rights invoked without the aforementioned deadline.
If, given the complexity of the request or the number of requests received, the aforementioned period may not be respected, you will be informed of the postponement of the Controller’s decision within a maximum of two months before the expiry of this delay.
The Controller shall have the right, if necessary, to oppose manifestly abusive requests (by their number, their repetitive or systematic nature).
9. SECURITY OF PERSONAL DATA
We implement all necessary security measures to prevent as much as possible any alteration or loss of your Data or unauthorized access to it. In the event that we become aware of any illegal access to your Personal Data, we undertake to notify you of the incident as soon as possible if it meets a legal requirement.
10. UPDATE OF THIS POLICY