Privacy Policy
This Privacy Policy legally framse the activities driven through the site www.crizalia.com
In effect as of 24/04/2024
Respect for privacy and the protection of personal data is a factor of trust, a value that is particularly important to us, which is committed to respecting the fundamental rights and freedoms of each individual.
The present personal data protection policy reflects the commitments implemented by Crizalia.com in the context of our daily activities for a responsible use of personal data.
Data Protection Officer – DPO
In order to preserve the privacy and protection of personal data, crizalia.com has appointed a Data Protection Officer (DPO) in April, 2024.
The DPO is a pledge of trust; a contact specialized in the protection of personal data, responsible for ensuring the preservation of privacy and the proper application of rules for the protection of personal data, the privileged contact of the Commission Nationale Informatique et Libertés (CNIL), and all persons concerned by the collection or processing of personal data.
To contact the DPO: write to “DPO Crizalia.com 182 rue de Lompret, 59130 Lambersart, FRANCE” or by e-mail at info@crizalia.com.
The DPO keeps the records of the processing activities of crizalia.com, which is available to the CNIL if necessary.
Principles applicable to the protection of personal data
Crizalia.com provides a solution to its clients to process personal data in compliance with applicable laws and regulations, in particular the European General Data Protection Regulation n°2016/679 of 27th of April 2016. According to the accountability principle, a personal data accountability policy is implemented in the association and compliance is monitored.
Specific, explicit and legitimate purpose of the processing operation
Personal data are stored in our solution for specific purposes, brought to the attention of the persons concerned at the time of first contact by our partners, clients and beneficiaries. Such data may not be used subsequently in a manner incompatible with those purposes.
The treatment of the data is legally based on explicit consent. More specifically, the purpose for treatment by crizalia.com are:
- Managing the client account;
- Planning of events;
- Management of logistics for the delivery of online classes;
- Operation and optimization of the crizalia.com website;
- Verification, identification, and authentication of data provided by the users;
These data must be processed lawfully, fairly and transparently by our partners, clients and beneficiaries. Crizalia.com does not collect data relating to health, racial origin, religious or racial beliefs, political opinions or philosophical beliefs. Similarly, it does not collect genetic or biometric data or data concerning the health, sex life or sexual orientation of the person concerned.
Proportion and relevance of data collected
The personal data collected are strictly necessary for the purpose for which they are collected. Crizalia.com strives to minimize the data collected, to keep them accurate and up to date by facilitating the rights of data subjects.
A personal data is constituted of any information regarding a physical person identified or identifiable (the concerned person). Is deemed identifiable a person which can be identified directly or indirectly, specifically by means of a name, an identification number or a combination of elements specific to its physical, psychological, genetic, psychic, economic, cultural or social identity.
The following personal data may be collected:
- First and last name
- Postal address
- Email address
- Phone number
- Date of Birth
- Geolocalization
- Tutor identity (for minors)
- Bank or other payment details
A DPO : info@crizalia.com, is available for all questions relative to the protection of your personal data.
Limited retention period for personal data
Personal data shall be kept for a limited period which shall not exceed the period necessary for the purposes of collection. Data retention periods are implemented according to our partners, clients and beneficiaries’ needs and vary according to the nature of the data, the purpose of the processing, or legal or regulatory requirements.
Confidentiality / Data security
Information system protection measures are implemented, adapted to the nature of the data processed and the services of on the crizalia.com site. Appropriate physical, logical and organizational security measures are in place to ensure data confidentiality, including the prevention of unauthorized access.
Crizalia.com has implemented a procedure for notifying the CNIL and / or individuals concerned of a violation of personal data.
Crizalia.com also requires any subcontractor to provide appropriate guarantees to ensure the security, protection and confidentiality of personal data. This requirement requires the establishment of contracts, which include for the subcontractor the obligation to respect the content of the European Regulation. These contracts provide for controls and audits to be carried out where necessary.
Personal data may be transferred to countries within or outside the European Union. If this is the case, the persons concerned are precisely informed, and specific measures, for example European contractual clauses, are taken to regulate these transfers.
Lawfulness of the processing
The crizalia.com site’s processing operations are based either on your consent, on the performance of the contract binding us, on compliance with a legal obligation, or on the pursuit of our crizalia.com site’s legitimate interests.
When the treatment of the personal information is based on consent, the crizalia.com site is capable of proving that such consent was given.
Rights of individuals
All necessary means to guarantee the effectiveness of individuals’ rights over their personal data are implemented.
A clear and complete description of the data treatment is provided on all supports and tools collecting personal data. This description is easily accessible and is intended for everyone’s understanding.
According to the regulations relative to personal data protection, owners of this data have the following rights:
- Right to access: to ask for a complete detail of the personal data that has been collected on them.
- Right to rectification: to ask for updates or completion to their personal information.
- Right to erasure: to ask that all their personal data detained by crizalia.com be deleted.
- Right to restrict processing: to ask that treatment of their personal data be restricted according to the scenarios planned by the GDPR
- Right to object to processing: to ask that treatment of their personal data be disallowed according to the scenarios planned by the GDPR
- Right to data portability: to ask that all their personal data collected by the crizalia.com site be restituted so they can be transmitted to another party, within certain limitations.
Each request relative to these rights must be sent to info@crizalia.com and accompanied with the photocopy of an official proof of identity, current and signed, and the mention of a valid email address at which the requestor can be contacted by the Crizalia.com site. Answer to these requests will be provided within one month from receipt of the request. This delay can be extended by two months based on the complexity of the request or the overall volume of all requests received by the crizalia.com site, if warranted.
Finally, every person has the right to decide the fate of his data after his death. These rights may be exercised according to the procedures brought to the attention of the persons concerned by our partners, clients and beneficiaries. In that event, the crizalia.com site will help bring the best answer to each client.
Monitoring of the Personal Data Protection Policy
This policy is updated regularly to consider legislative and regulatory changes, and any changes in the organization of the crizalia.com site or the services offered.
In case of new processing or modification of an existing processing that could have an impact on the rights and freedoms of the data subjects, the crizalia.com site will work with its clients to carry out a data protection impact assessment.