Personal data protection

GENERAL PERSONAL DATA PROTECTION POLICY

1 – Who processes your personal data ?

VIAPOSTE, as the Data Controller, places the protection of your personal data at the centre of its concerns. This Personal Data Protection Policy sets out the principles and guidelines for the protection of your personal data as a data subject, and aims to inform you about:

• The personal data collected by VIAPOSTE and the purposes for this collection;
• The way in which VIAPOSTE processes your personal data;
• Your rights concerning your personal data.

VIAPOSTE undertakes to comply with applicable regulations in force regarding personal data processing and, in particular, with Regulation (EU) 2016/679 of the European Parliament and the Council of April 27, 2016 (hereinafter also “GDPR”) and any applicable national regulations, hereinafter also referred to collectively as the “Regulations”.

2 – What personal data is processed by VIAPOSTE ?

VIAPOSTE undertakes to collect from its website’s visitors only the data strictly necessary for the stated processing purposes. VIAPOSTE mainly processes personal data that it collects directly from its website’s visitors, such as:

• Identification data: name, first name, postal address, email address, telephone numbers, etc.
• Connection data: IP address, logs, navigation data, etc.

The personal data used on this website is that collected via:

• The “Contact” form page;
• Applications for job offers;
• Spontaneous job applications.

In addition to the personal data collected on this website, VIAPOSTE may, as part of the management of its accounts on social networks, collect:

• Visible data on users of social media platforms, such as surnames, first names, pseudonyms, photographs, avatars, presentation messages, publications, and exchanged messages;
• The data made public by users, in accordance with their general settings on the platform concerned;
• Data on use of the platform for the purposes of anonymous statistics.

3 – Why does VIAPOSTE process your personal data ? 

VIAPOSTE undertakes to process your personal data only for determined, explicitly stated and legitimate purposes, and not to further process it in a way incompatible with such purposes.

Legal bases:

The processing carried out in relation to the VIAPOSTE website is based on the legal bases provided for in the Regulations, such as:

• The execution of a contract in which one of the parties is the data subject, or the execution of pre-contractual steps taken at the request of the latter;
• Compliance with legal and regulatory obligations to which VIAPOSTE is subject;
• The execution of a service in the public interest;
• Legitimate interests pursued by VIAPOSTE in the context of compliance with the interests, freedoms and fundamental rights of the data subject;
• And/or the obtaining of consent of the data subject for one or more specific purposes.

Purposes:

In particular, VIAPOSTE processes your personal data for the following purposes and in accordance with the legal bases presented in the table in Article 9 below:

• To provide content to visitors (e.g. information and news) relating to its activities;
• To respond to requests for information;
• To facilitate use of the website, and to manage and administer it;
• To manage job offer and spontaneous applications;
• To manage requests for exercising rights;
• To manage VIAPOSTE’s social media accounts.

4 – For how long is your personal data retained ?

The retention periods for different types of collected data are specified in Article 9 below.

At the end of these retention periods, we will proceed with the erasure of the data in accordance with our internal policy, or with its anonymisation for statistical purposes.

5 – How is your personal data protected ? 

In accordance with the Regulations, VIAPOSTE undertakes to take all appropriate technical and organisational measures to guarantee the security of your personal data to a level appropriate and proportionate to identified risks. Such measures (e.g. data partitioning, anonymisation, encryption, access restriction) aim to guarantee the confidentiality, integrity, availability and robustness of your personal data.

Such measures guarantee security, the exercising of your rights, and the protection of your personal data.

As the Data Controller, VIAPOSTE undertakes to notify any violations of the protection of personal data to the competent authority, namely the French National Commission for Data Protection (CNIL), as soon as possible and, if feasible, within seventy-two (72) hours after learning of such a violation likely to generate any risk for your rights and/or freedoms. Any violation of the protection of your personal data likely to generate a high risk for your rights and/or freedoms will be communicated to you as soon as possible in accordance with the Regulations.

6 – With which parties may your personal data shared ?

Your personal data is collected directly from you and is only used for the purposes brought to your attention.

The personal data is likely to be communicated, in particular, to the following recipients, for the purposes set out above:

• Internal services of VIAPOSTE or its subsidiaries;
• Subcontractors, partners and/or service providers that provide services on behalf of VIAPOSTE.

7 – Is your personal data transferred outside the European Union ?

VIAPOSTE processes your personal data within the territory of the European Union (EU).

In the event that VIAPOSTE uses subcontractors established outside the EU, which may be given have access to your personal data strictly for the stated purposes, VIAPOSTE demands from such subcontractors, in accordance with the Regulations, that they provide appropriate guarantees, in particular by signing specific contractual clauses as provided for by the European Commission, or by the adoption by such subcontractors of Binding Corporate Rules.

8 – What are your rights and how can you exercise them ?

When VIAPOSTE collects your personal data, you will receive, through informative notices, clear and transparent information on the processing carried out and on the ways by which you can exercise your rights regarding your personal data. In accordance with the Regulations, you have the freedom to exercise rights and options subject to the fulfilling of certain applicable conditions.

These rights and options include:

• The right to access the personal data we hold about you, including the right to ask us for additional information on:
   
  • The data categories that we process;
  • The purposes of processing the data;
  • The recipient parties and recipient categories with which your data has been shared;
  • When possible, the retention period of your data, or, when not possible, the criteria to determine such a retention period;
• The right to rectify inaccurate or incomplete personal data concerning you;
• The right to object to the processing of your personal data at any time; 
• The “right to be forgotten”, that is, the exercising of your right to have your personal data erased; 
• The right to request the restriction of the processing of your personal data (the “right to restriction”);
• The right to request that your personal data be provided to you in a structured, commonly used and machine-readable format, in order to have possession of your data and/or to transmit it to another data controller treatment (the “right to portability”); 
• The option to provide instructions relating to the handling of your personal data after your death;
• The right to withdraw consent that has been request for the processing of your personal data at any time. This will allow you, in particular, to modify and/or withdraw your consent regarding commercial prospecting.

Any request to exercise rights and/or options must clearly indicate your surname, first names, and an address at which you wish to receive the response. You must also provide evidence of your identity. In the event of any doubt concerning your identity, a copy of the front and back of an official identity document may be requested. This may be retained for the time taken to follow up on your request, after which it will be permanently deleted.

Your rights may be exercised by contacting us:

• Either, by post, at the address: VIAPOSTE - GDPR Contact - 67 Avenue de Fontainebleau - 94270, LE KREMLIN-BICETRE;
• Or, by email, at the address: dpo@viaposte.fr. 

VIAPOSTE undertakes to respond to your requests for the exercising of your rights as soon as possible and, in any event, in compliance with the deadlines set by the Regulations.

In accordance with the LA POSTE Group Data Protection Policy, it is also possible to contact the Group’s Data Protection Officer by post at the following address:

La Poste - Data Protection Officer - CP CY412 - 9 Rue du Colonel Pierre Avia - 75015 Paris.

If you consider, after contacting us, that your rights concerning your data have not been respected, you may lodge a complaint with the French National Commission for Data Protection:

CNIL - 3 Place de Fontenoy - TSA 80715 – 75334 Paris CEDEX 07, telephone +33 01 53 73 22 22.

9 - Table of the different processing purposes

Processing	Purposes	Retention period	Legal basis
Website management	Publication of content relating to the activities of companies of the VIAPOSTE Group	3 years from the first connection	Legitimate interest
	Contact form management	3 years from requesting the data	Consent from the data subject
	Use, management and administration of the website	3 years from the first connection	Legitimate interest
Recruitment	Management of job offer and spontaneous applications	Maximum 2 years from the last contact with the applicant, unless consent is withdrawn	Consent from the data subject
Management of VIAPOSTE’s social media accounts	Communication of VIAPOSTE’s activities Promotion of the VIAPOSTE employer brand and job offers Interactions (public or private messaging) with subscribers and other users of platforms Production of audience and use statistics of the services offered by VIAPOSTE	The data is retained during the existence of the account of the social network concerned, unless the right to erasure or the opposition of processing is exercised. Statistics, on the other hand, are anonymised.	Legitimate interest
Management of the exercising of rights	Processing of requests to exercise rights from data subjects	Data relating to the processing of requests: 5 years from the date of the response provided to the data subject Identity documents requested for evidence: the time necessary to follow up on the request made	Legal obligation

 

COOKIES POLICY

1 – What is a cookie ?

When connecting to the site, cookies may be temporarily stored in memory or on users' hard drives.

A cookie is a text file, placed and / or read during the consultation of a website, the purpose of which is to collect information facilitating access to the site and navigation on it.

The cookie is placed by the internet browser (Internet Explorer, Google Chrome, Safari, Firefox, etc.) on a dedicated space on the hard drive of the user's terminal.

2 – Who places a cookie ?

Cookies are placed by VIAPOSTE or its technical service providers on the site, and are used for its own needs. Viaposte is therefore controller. Other cookies are issued and used by VIAPOSTE partners or third-party companies for purposes determined by these third parties ; the latter are controllers. VIAPOSTE will be considered as co-controller when it authorizes the placement of third-party cookies on its site for purposes defined jointly with its partners or third-party companies. However, VIAPOSTE cannot be responsible for subsequent processing carried out by the partner or the third-party company, involving the processing of personal data, for which the said third party remains controller.

3 – Why Viaposte uses cookies ?

 VIAPOSTE uses :

• Strictly necessary cookies to facilitate navigation between pages, participate in the security of the site, allow you to benefit from certain features ;
• Performance cookies in order to analyze the pages of the site consulted and allow us to establish anonymous statistics of its visits ;
• Functionality cookies which make it possible to improve and personalize the functionality of the site.

Targeted advertising cookies may also be set by our partners, who may use these cookies to build a profile of your interests and deliver relevant advertising to you on other websites..

4 – Categories of cookies used on the site

• Cookies placed by VIAPOSTE :

Editor	Cookie name	Cookie lifetime	Category	Subject to acceptance
Viaposte	PHPSESSID	Session	Strictly necessary	No
Tarte au citron	tarteaucitron	12 months	Functional	No
Matomo	_pk_id	13 months	Performance	Yes
Matomo	_pk_ses	30 minutes	Performance	Yes
Matomo	_pk_ref	6 months	Performance	Yes

• Cookies placed by third parties :

Editor	Cookie name	Cookie lifetime	Category	Subject to acceptance
YouTube	VISITOR_INFO1_LIVE	6 months	Marketing	Yes
YouTube	PREF	2 years	Marketing	Yes
YouTube	VISITOR_PRIVACY_METADATA	6 months	Preferences	Yes
YouTube	YSC	Session	Marketing	Yes

5 – Retention period of the user's choice

The acceptance or rejection of cookies is, regardless of the type of cookies concerned, kept for 12 months.

The user's consent will be requested again at the end of this period by displaying the information banner.

6 – Scope of user consent

The consent applies to the site www.viaposte.fr. The preferences expressed concerning the management of cookies are taken into account as long as the address www.viaposte.fr appears in the navigation bar. If, during navigation, you are redirected to another site (www.123palette.fr for example), this site will ask you for your preferences for the management of its own cookies.

7 – Management of the choice of cookies

You can manage the implementation of cookies :

A - By using the cookie management platform, without affecting your access to the functionalities of the site. Your choices can be changed at any time.

B - By configuring your internet browser :

FIREFOX :

1. In the menu at the top of the page, click on “Tools” then “Options”
2. Select the "Privacy and security" tab
3. In "Cookies and site data", check "Delete cookies and site data when Firefox closes".

INTERNET EXPLORER / EDGE :

1. In the “Tools” menu, select “Internet Options”
2. Click on the "Confidentiality" tab
3. Click on "Advanced"
4. Check "Ignore automatic management of cookies"
5. Under "Internal cookies" and "Third party cookies", check "Refuse"
6. Save the preferences by clicking on "OK"

GOOGLE CHROME :

1. Click in the drop-down menu on the right of the window and choose "Parameters"
2. Select "Confidentiality and security"
3. Select "Cookies and other site data"
4. Check "Block all cookies"

SAFARI :

1. In the menu bar at the top, click on "Safari", then "Preferences"
2. Select the "Security" icon
3. Next to "Accept cookies", check "Never"
4. To see the cookies already saved on your computer, click on "Show cookies"

Legal Notice Terms and conditions