Protecting your privacy as a Praditus user and keeping your personal data confidential are important concerns that Praditus pays close attention to in all its business processes.
This Policy for protecting personal data (referred to as the “Policy”) aims to inform you about how Praditus manages your personal information. This information includes self-reported information as well as what we have learned about you as a user. This Policy also informs you about your rights to privacy protection and the protections provided by the law.
Praditus promises to hold to these two fundamental principles:
- You are in charge of your personal data
- Your data are always treated transparently, confidentially, and securely.
Your personal data are collected and processed by PRADITUS, a simplified joint-stock company, registration number 801 284 563 with the Paris company and trade register, headquartered at 33 rue Raffet, 75016 Paris.
PRADITUS is thus responsible for the processing of the personal data carried out as part of the operations of the site it publishes.
PRADITUS (also designated as “Praditus” or “we”) agrees to protect individual rights in conformance with the General Data Protection Regulation (EU Regulation 2016/679) of the European Commission of 27 April 2016 regulating the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter “GDPR”) and with all applicable laws and national regulations related to the protection of personal data (collectively designated as “data protection laws and regulations”).
What is Personal Data?
Personal data include any information that could be used to directly or indirectly identify a natural person (hereafter designated as “personal data”).
A “personal identifier” is a data element that identifies a natural person. This definition covers a wide range of personal identifiers that make up the ensemble of personal data, such as name, address, email address, identification number, location data, or login name.
There are special categories of personal data that are similar to personal data in that they could be used to identify a unique natural person: data on ethnic or racial origin, political opinions, religious or philosophical beliefs, union membership, health status, sexuality, or genetic or biometric information (hereafter designated as “special category data”).
Praditus does not collect any individual information that is sensitive or belongs in a special category.
What personal data do we use?
When you come to Praditus as a user, we collect, use, and process the personal data you provide, such as:
- Identifying data (first and last name, birth year)
- Professional data (type of job, job title, company)
- Skills and academic background (degrees, school, skills)
- Login and online data as well as data involved in the management and security of your account (IP addresses, connection logs)
- Psychometric data (personality, interests, motivation)
- Statistical data (raw and standardized scores)
- Data on the business relationship: information requests and logs of interactions with Praditus departments
We specify whether each piece of personal information is required or optional when it is collected.
What is the legal basis for the data processing we do?
As we are a responsible company, we collect and/or process your data on a lawful basis. We have set reasons for the data processing within our business activities.
We process your personal data in conformance with all the provisions of the GDPR and the applicable and relevant data protection laws and regulations.
The legal bases we have for processing your personal data are:
- Our duty to adhere to our contractual obligations: when you sign up for a specific service on the website, we process your data for the purposes of providing this service.
- The result of your consent: once you have given us your consent to process your personal data for certain services the website offers, you can revoke your consent at any time by following the instructions to be found in the registration process or by contacting us at this address: email@example.com.
- Legitimate interests: in some cases, we may not need your consent to use your data due to our legitimate interests, but we are required to inform you. These legitimate interests include: • Analyzing and optimizing our website, • Ensuring data security and the proper functioning of the Praditus IT systems and • Preventing and investigating illegal activities
- Praditus’s legal obligations or the common good: Praditus, like any other company, is subject to legal obligations and regulations. In specific cases, it is necessary to process your personal data so that Praditus can fulfill these obligations.
For what purposes do we process your personal data?
We process your personal data to effectively manage your Praditus experience. The purposes of this data processing:
- To improve your employability
- Performance and objectives
- Competency management
- To develop and manage training programs
- Professional development
- For academic publications
- For partnership with universities or research laboratories
- To ensure security for all users
- Authorization checks
- User management
- To communicate with you
- Praditus social activities
- Event management
- To comply with our legal and regulatory obligations: we use your personal data in order to comply with the applicable legal obligations, especially in responding to the authorities, a legal decision, or prior written requests.
- To protect ourselves and others: we will use your data if we judge it necessary to carry out an investigation, block an action, or take measures against illegal activities or in case of suspected fraud or situations involving personal danger to individuals or involving infractions of laws, directives, or procedures.
Who will receive your data?
Some of your data may be transferred to partners or subcontractors who host or maintain our Site.
Your data are not shared, traded, sold, or rented to any other person other than those mentioned below.
The data you have entered as part of your profile may be made accessible to your company and other users and company members according to the settings you have chosen in your user account.
The following data you have entered could be made accessible: - First name - Name - Email address
Within the limits of their duties and for the purposes listed above, these are the main people who could potentially have access to your data:
- Our authorized staff in our marketing, sales, administrative, logistics, and IT departments who are responsible for client relations and prospecting as well as site monitoring;
- Our internal departments providing a wide range of necessary products and services such as IT maintenance and tech support as well as security and compliance aid when necessary;
- Our research team and affiliate researchers, in an aggregated and anonymized form;
- Judicial or administrative authorities whenever necessary to comply with the laws in force; when applicable, this includes the relevant jurisdictions, mediators, accountants, external auditors, attorneys, bailiffs, and debt collection agencies;
- Third parties that might set cookies on your devices (computers, tablets, mobile phones) with your consent.
Praditus processes your personal data essentially within the European Economic Area (EEA).
It may happen that your non-personal data is transmitted to Praditus affiliates, including those outside the EEA, on a need-to-know basis.
This transmission is subject to the appropriate data protection rules and occurs within the legal framework of our binding corporate rules or within a contractual framework in which a third party helps us in providing you with web services.
That being said, our binding corporate rules authorize us to transmit personal data within our company, including the following countries where we have a presence and where we are authorized to share personal data: United Kingdom, United States.
For how long your personal data will be stored?
We only save your data long enough to provide the services we offer, unless the law demands that your personal data be stored in a different manner.
We thus store your account/profile data for a maximum of 3 months from the closing of your account unless the law demands that some of your data be stored for a shorter duration.
The cookies set on your browser expire within 21 days.
Notwithstanding, your data may be saved and archived for an additional period of time to manage any ongoing complaints or litigation as well as to comply with legal and/or regulatory obligations and/or to comply with requests from authorities with the right to make these requests.
We implement technical and organizational security measures to protect the data entrusted to us, protecting it especially from becoming distorted, damaged, or accessed by unauthorized third parties. We take all necessary precautions given the nature of your data and the existing risks against its accidental or malicious manipulation, loss, or destruction.
Our security procedures are continuously updated as new technologies develop.
It should be noted that as part of the processing of your data and in compliance with the provisions of the law and the GDPR, you have the following rights:
- Right of access (article 15 of the GDPR): you have the right to obtain confirmation as to whether your personal data are being processed by Praditus. If they are, you have the right to know exactly which data are being processed.
- Right to rectification (article 16 of the GDPR): you have the right to change any incorrect personal data about yourself.
- Right to erasure (article 17 of the GDPR): in some cases, for example, when your personal data are no longer needed for the purposes for which they were collected, you have the right to erase your personal data.
- Right to restriction of processing (article 18 of the GDPR): you have the right to restrict Praditus’s processing of your personal data, if, for example, this processing is unlawful, and to oppose this processing by requesting the erasure of your personal data. In these cases, your personal data will not be processed unless you provide consent or within the exercise or defense of legal claims.
- Right to data portability (article 20 of the GDPR): in some circumstances defined by the law, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and/or to transmit these data to another data controller.
- Right not to be subject to a decision based solely on automated processing, including profiling (article 22 of the GDPR)
- Right to object (article 21 of the GDPR): you have the right to object to the processing of your data and to revoke your consent at any time.
To exercise these rights, please contact Praditus, either by email firstname.lastname@example.org or by post, enclosing a copy of a proof of identity (Praditus SAS, Data Protection Manager, 33 Rue Raffet, 75016, Paris, France).
If the answers provided do not provide satisfaction, you have the right to file a complaint with the National Commission on Informatics and Liberty (CNIL), the French regulatory body responsible for enforcing regulations related to personal data.
All the rights listed here are personal and may not be exercised by anyone other than those people who have provided their data to Praditus.
We can occasionally and at any time make changes to this Policy, especially when we update our services and/or when the regulations in force require it; we will inform you of this change through a mention on the Site or another means.
In any case, we recommend that you regularly check the Policy in order to obtain the latest information on our privacy practices.
The most recent version of the Policy is the one released on the date indicated at the end of this document.
Last update 26 November 2019.