This data protection notice applies to the processing of personal data we collect when you visit our website, use our mobile app and the processing of personal data of persons who work for companies with which we conduct (or intend to conduct) business.
Your privacy and the security of your personal data is important to AUSY SAS and the rest of the Randstad Group companies. We are responsible for ensuring that all personal data entrusted to us is processed in accordance with applicable data protection legislation.
This notice explains who we are, for what purposes we may use your personal data, how we handle it, to whom we may disclose it where it may be transferred to or accessible from and what your rights are.
About Ausy SAS
AUSY SAS(referred to in this notice as: “we” or “us” or “AUSY”), will process your personal data in accordance with this data protection notice (such personal data sometimes also referred to as “information”).
Except as otherwise set out below, AUSY is the controller of the personal data (‘controller’ within the meaning of applicable data protection legislation).
AUSY may in certain instances jointly define the purposes and means of Processing Personal Data (joint controllers). Examples of processing activities where AUSY jointly process personal data are those related to managing our Misconduct Reporting Procedure and Sanctions checks, which we do jointly with AUSY Please contact us (see the section “Contact us” below) if you want to know more about these jointly-controlled processing activities or would like to receive a summary of the joint controllers’ roles and responsibilities and/or exercise your data protection rights regarding any jointly-controlled processing of your personal data.
With whom do we share your personal data
We may share your personal data:
- with other entities of AUSY and AUSY, and in some cases with the Randstad Group, group of companies if we have legitimate interest on this share (for example applicable law of the other entities).
- with AUSY clients. Within the scope of our service
- with third parties providing HR-related services to use (e.g. payroll service providers).
- with third party providers of IT-related services (e.g. we use an external provider to support our IT-infrastructure; e.g. an important part of our software and databases sit in a cloud-environment which is operated by a third party service provider).
- with third parties providers of marketing-related services (e.g. we may store your personal data in a cloud-based CRM-application that is hosted and provided by a third party service provider; e.g. when we use a third party service provider to organise an event we may share your personal data with that third party in order to invite you to that event).
- with providers of professional services (e.g. to our auditors, our tax advisors, our legal advisors).
- with banks and insurers (e.g. in order to pay the salaries of our workers we share some of their personal data with our bank).
- with pension funds.
- with public authorities (e.g. pursuant to applicable law AUSY must disclose personal data to the social security authorities and to tax authorities).
- with law enforcement authorities, courts and regulatory authorities (e.g. as part of a criminal investigation police services may require us to disclose personal data to them).
We may also disclose your personal data to third parties:
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; or
- if all or a substantial part of our assets are acquired by a third party, in which case the personal data that we hold about you may be one of the transferred assets.
When we share your personal data as described above, such personal data may be transferred both within and outside the European Economic Area (EEA).
In the event that we transfer your personal data internationally, we will only do so in line with applicable law, and we will require that there is an adequate level of protection for your personal data, and that appropriate security measures are in place.
Your personal data may be transferred from countries located within the EEA to countries located outside of the EEA (such as the United States). In such cases, we will require that the following safeguards are observed:
- The laws of the country to which your personal data is transferred ensure an adequate level of data protection. Click here for the list of non-EEA countries that, according to the European Commission, provide an adequate level of data protection; or
- The transfer is subject to standard data protection clauses approved by the European Commission. More information about those data protection clauses is available here; or
- Any other applicable appropriate safeguards under article 46 of the EU General Data Protection Regulation (2016/679).
For more information about the safeguards that we have implemented to protect your personal data internationally, please contact us by contacting AUSY in France, including a copy of your identity document – without which your request cannot be processed – by email through the following address firstname.lastname@example.org or by a letter to the address « For the attention of DPO – AUSY- 6 rue Troyon – Sèvres 92310 ».
How we will protect your personal data
We have technical and organizational security measures in place to protect your personal data from being accidentally lost, used, altered, destructed, disclosed or accessed in an unauthorized way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your personal data are governed by AUSY’s rules for information and IT security, data protection and other internal regulations and guidelines applicable to the processing of personal data.
Your data protection rights
1. Right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we are providing you with the information in this notice.
2. Right of access
You have the right to access the personal data we keep about you – this is because we want you to be aware of the personal data we have about you and to enable you to verify whether we process your personal data in accordance with applicable data protection laws and regulations.
3. Right to rectification
If your personal data is inaccurate or incomplete, you have the right to request the rectification of your personal data.
4. Right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there is no compelling reason for us to keep it. This is not a general right to erasure, there are exceptions.
5. Right to restrict processing
You have rights to ‘block’ or suppress further use of your personal data in certain circumstances. When processing is restricted, we can still store your personal data, but may not use it further.
6. Right to data portability
You have the right to obtain and reuse your personal data in a structured, commonly used and machine-readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such personal data transferred directly to a third party.
7. Right to object to processing
You have the right to object to certain types of processing, in certain circumstances. In particular, the right to object to the processing of your personal data based on our legitimate interests or on public interest grounds; the right to object to processing for direct marketing purposes (including profiling); the right to object to the use of your personal data for scientific or historical research purposes or statistical purposes in certain circumstances.
8. Right to withdraw consent
If our processing of your personal data is based specifically on your consent, you have the right to withdraw that consent at any time. This includes your right to withdraw consent to our use of your personal data in the context of voluntary employee surveys.
9. Right to object to automated decision making
You have the right not to be subject to a decision based solely on automated Processing, including profiling, which produces legal effects for you or similarly significantly affects you. Automated decision making takes place when an electronic system uses personal data to make a decision without human intervention. This is not a general right to object, there are exceptions. For example, we are allowed to use automated decision making where it is necessary to perform a contract with you and appropriate measures are in place to safeguard your rights.
You can exercise your rights by contacting AUSY SAS, including a copy of your identity document – without which your request cannot be processed – by email through the following address email@example.com or by a letter to the address « For the attention of DPO – AUSY- 6 rue Troyon – Sèvres 92310 »..
We will handle your request with special care to ensure your rights can be exercised effectively. We may ask you for proof of identity to ensure that we are not sharing your personal data with anyone else but yourself!
You must be aware that, in particular cases (for instance, due to legal requirements) we may not be able to make your request effective right away.
In any case, within one month from your request, we will inform you on the actions taken.
You have the right to lodge a complaint with a supervisory data protection authority: Commission Nationale Informatique et liberté (CNIL) - 3 Pl. de Fontenoy, 75007 Paris.
Changes to this Data Protection notice
We may update this notice from time to time. You can see the date on which the last change was made below in this notice. We advise you to review this notice on a regular basis so that you are aware of any changes.
This notice was updated on: 2022 March 23.