This page describes the conditions under which SIGMA-RH Solutions and SIGMA-RH France (hereinafter "SIGMA-HR") process personal data collected from individuals (customers, prospects, etc.).
If you have any questions about this policy, you can send us your request to [email protected].
Privacy Policy
The purpose of this policy is to present the rules relating to the protection of personal data, in the capacity of data controller and subcontractor, which SIGMA-HR undertakes to respect. These rules come in particular in application of the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada and of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation or GDPR) of Europe, relating to the protection of natural persons with regard to the processing of personal data and to the free movement of such data, and repealing Directive 95/46/EC in Europe.
This document is likely to evolve, particularly when necessary to meet the obligations of the legislation on the protection of personal data. We therefore encourage you to visit this dedicated page regularly.
The concepts concerning the protection of personal data used in this document have the same meaning as those given by the PIPEDA or the RGPD.
Compliance with the general principles of personal data protection
When SIGMA-HR acts as a data controller
SIGMA-HR guarantees that personal data are:
When SIGMA-HR acts as a subcontractor
SIGMA-HR guarantees that :
Purpose and legal basis of personal data processing
When SIGMA-HR acts as data controller
For its internal needs, SIGMA-HR collects personal data for the following purposes
According to these different purposes, SIGMA-HR ensures that one of the following conditions is met:
When SIGMA-HR acts as a subcontractor
SIGMA-HR may have to access and process the personal data entrusted by its clients within the strict framework of the contract and services subscribed to.
This access and processing is governed by a contract containing specific data protection clauses signed between SIGMA-HR and its client.
SIGMA-HR processes personal data only on behalf of and on the documented instructions of its client in accordance with the provisions of the said contract.
Security and notification of data breaches
SIGMA-HR implements appropriate technical and organizational measures to ensure a level of security appropriate to the risks.
SIGMA-HR is ISO 27001 certified for its Information Security Management System for the delivery of a service allowing the hosting of applications containing data provided by customers in a cloud environment.
This certification guarantees the implementation of a certified security policy applied to SIGMA-HR's processes and workflows throughout the life of the SaaS service delivered to the customer.
More generally, SIGMA-HR employees are subject to an IT charter to ensure an appropriate level of security.
Any data breach will be notified :
Right of individuals
When SIGMA-HR acts as a data controller
Under the conditions provided for by local legislation, individuals have the right to
Requests related to these rights can be sent to [email protected]
SIGMA-HR reserves the right to ask for clarification of any request and to justify the identity of the applicant.
An unsubscribe link is also available in our email marketing communications.
In any case, SIGMA-HR recommends contacting the local control authority (such as the CNIL in France) to find out more about the regulations relating to the protection of personal data, the rights of individuals and the possibility of lodging a complaint with this authority.
When SIGMA-HR acts as a subcontractor
In the event that SIGMA-RH receives a request from an individual concerned with the processing of his or her personal data in the context of the performance of the contract between SIGMA-HR and its client, SIGMA-HR will communicate this request to its client as soon as possible after its receipt and, taking into account the nature of the processing and under the conditions established in the contract, will assist its client, by means of appropriate technical and organizational measures, to the fullest extent possible, in fulfilling its obligation to comply with these requests.
The customer remains responsible for the response to the natural person concerned.
Information of natural persons
When SIGMA-RHHR acts as a data controller
At the time of collection of personal data, SIGMA-HR undertakes to provide the natural persons concerned with at least the following information, as far as possible and whatever the processing carried out:
SIGMA-HR may also receive personal data (name, associated company, telephone number, e-mail address) from third party sources such as lead providers.
This data is only used to :
When SIGMA-HR acts as a subcontractor
The responsibility for informing individuals lies with the data controller. Under the conditions provided for in the contract, SIGMA-HR provides its clients acting as data controller with all useful information to enable them to comply with local regulations.
Transfers outside the European Union (where applicable)
The data collected may be processed outside the European Union. Thus, in accordance with the legislation on data protection, SIGMA-HR refrains from transferring Personal Data, without putting in place the adequate tools for the supervision of these transfers in application of article 46 of the RGPD, outside:
Recipients of the data
SIGMA-HR may share personal data with third parties only as provided in this document and/or the applicable contract.
To learn more about the recipients, contact us at [email protected].
Service Provider
SIGMA-HR may share personal data with third parties providing a service:
Distributors and/or sales partners
SIGMA-HR has developed a network of partners (distributors, editors, etc.) for several of its offers in order to help it supply and develop its products.
Depending on the offer that interests the contact or is likely to interest him/her, SIGMA-HR may share the contact information with a relevant partner.
SIGMA-HR subsidiaries
SIGMA-HR may share personal data with SIGMA-HR Group companies for the purposes mentioned in this policy if this is necessary for its realization (contract or application for a position in a subsidiary outside of Canada or France, etc.).
Public authorities
In some cases, SIGMA-HR may be required to share personal data in response to a request from a public authority, a subpoena or any other legal request under applicable laws.
In such cases, SIGMA-HR will provide the data necessary to comply with the request, including when SIGMA-HR believes in good faith that such sharing is necessary to protect your rights, ensure your safety or the safety of others, investigate fraud, or comply with a legal requirement.
SIGMA-HR's cooperation with its clients and the supervisory authority
In accordance with local legislation and in compliance with its contractual obligations, SIGMA-HR undertakes to cooperate reasonably with its clients in order to help them meet their obligations.
In general, SIGMA-HR undertakes to cooperate with the local supervisory authority when necessary and to reasonably take into account its recommendations.
Privacy by design in products and services
When SIGMA-HR plans to develop a new service or offer and in its capacity as a publisher, it will make its best efforts to introduce from the beginning of this project the principles of personal data protection ("privacy by design") and thus help its clients to comply with the requirements of the applicable regulations by specific functionalities and means.
Awareness of SIGMA-HR staff
All new employees at SIGMA-HR are required to undergo an awareness-raising course on the protection of personal data.
More generally, SIGMA-HR makes every effort to offer all its employees regular awareness training on the challenges of personal data protection.
More specific awareness-raising or training sessions may be carried out for employees who are required to handle personal data on a regular basis.
Governance of personal data protection
In order to manage the protection of personal data, SIGMA-HR has set up a dedicated governance structure.
A Data Protection Officer (DPO) has been appointed and declared to the relevant local supervisory authorities. The DPO leads this governance.
A strategic committee acts transversally on all of the company's activities, supported by an operational committee composed of the DPO and the relays within SIGMA-HR.
Data processing registers
SIGMA-HR maintains two personal data processing registers:
These records are made available to the relevant local supervisory authorities upon request.
Contractual policy
SIGMA-HR has taken into account the mandatory contractual obligations under local legislation in all the clients and contracts affected.
Thus, contractual clauses specific to data protection and in compliance with applicable regulations have been introduced in particular in :
Contact
For any question relating to this policy, you can contact our Data Protection Officer and send your request to [email protected].