GDPR Compliance

At MIBNtech, protecting personal data is a priority. As an internationally operating IT services company, we are committed to processing the personal data of our clients, prospects, partners, employees and users in a lawful, fair, transparent and secure manner. Our approach is in line with the General Data Protection Regulation — GDPR, applicable since 25 May 2018 in the European Union, as well as local data protection regulations.

Our commitment

We ensure that personal data is collected only for specified, explicit and legitimate purposes. The data we process is limited to what is necessary for our activities: client relationship management, service delivery, handling contact requests, recruitment, business prospecting, and contractual, administrative or legal obligations.

In accordance with the principles of the GDPR, we are committed in particular to:

• clearly informing data subjects about the use of their data;
• collecting only the data necessary for the purposes pursued;
• retaining data for a proportionate period;
• implementing appropriate technical and organisational measures to protect data;
• governing our relationships with subcontractors and partners;
• respecting the rights of data subjects;
• ensuring an appropriate level of protection when data is transferred outside the European Union.

The CNIL notably recalls that the information provided to individuals must be concise, transparent, understandable and easily accessible.

Data processed

In the course of our activities, we may process different categories of personal data, such as:

• identification data: last name, first name, job title, company;
• contact data: email address, phone number, professional address;
• data relating to commercial or contractual exchanges;
• application data in the context of recruitment;
• technical data related to browsing on our site, where applicable.

We do not collect sensitive data, except where specifically necessary, with an appropriate legal basis and enhanced protection measures.

Purposes of processing

Personal data may be used for the following purposes:

• responding to requests submitted via our site or by email;
• providing our services and managing the client relationship;
• managing contracts, commercial proposals, invoices and administrative obligations;
• improving our services, website and communications;
• managing applications and recruitment processes;
• ensuring the security of our information systems;
• complying with our legal and regulatory obligations.

Legal bases

Depending on the case, the data processing carried out by MIBNtech is based on one of the legal bases provided for by the GDPR, including the performance of a contract, compliance with a legal obligation, the legitimate interest of the company, or the consent of the data subject. Any processing must be lawful, transparent and based on a legal basis provided for by the GDPR.

Subcontractors and partners

In the course of our activities, we may use technical, commercial, administrative or IT service providers. Where these providers process personal data on our behalf, they act as subcontractors and are subject to strict contractual obligations regarding confidentiality, security and data protection.

The GDPR distinguishes the data controller, who determines the purposes and means of processing, from the processor, who processes data on behalf of the controller.

International data transfers

Due to our international activities, certain data may be transferred to or accessed from countries outside the European Union. When such transfers take place, we ensure they are governed by appropriate safeguards, in accordance with the requirements of the GDPR, in particular by means of an adequacy decision, standard contractual clauses, or any other mechanism recognised by applicable regulations.

Data security

We implement technical and organisational measures designed to ensure a level of security appropriate to the risks: access controls, authorisation management, backups, securing IT environments, team awareness, confidentiality clauses and internal procedures.

These measures aim to prevent unauthorised access, loss, alteration, disclosure or destruction of personal data.

Retention period

Personal data is retained for a limited period, determined according to the purpose of the processing, applicable legal obligations and the operational needs of MIBNtech.

At the end of this period, data is deleted, anonymised or archived where necessary to comply with a legal obligation or to defend our rights.

Rights of data subjects

In accordance with the GDPR, data subjects have several rights regarding their personal data, in particular:

• right of access;
• right to rectification;
• right to erasure;
• right to restriction of processing;
• right to object;
• right to data portability, where applicable;
• right to withdraw consent at any time, where processing is based on consent.

To exercise these rights, you can contact us at the following address: contact@mibntech.com

We are committed to responding to requests within the timeframes set by applicable regulations.

Contact

For any questions relating to the protection of personal data or our GDPR compliance, you can contact us:

MIBNtech
contact@mibntech.com

You also have the right to lodge a complaint with the competent supervisory authority, including the CNIL in France.