EMB Company is one of the leaders in data for professionals in France and in Europe. As such, it collects and processes a large amount of personal data for its account, and for those of its clients and trading partners.
EMB Company is strongly committed to conforming to European Data Protection Regulations, and ensures that its practices and services are in compliance.
It also defines the general framework of the personal data processing carried out by EMB Company and, in this sense, its purpose is to provide the persons concerned with the necessary information, completely respecting the current regulation.
EMB Company collects, across all its activities, the data of natural persons that they have identified or that has been permitted to be identified.
1.1. The legal basis for collection
Legislation lists the legal bases for collecting personal data, in other words, the legitimate justification for collecting data. These legal bases are explained and/or recalled in the context of the collections carried out by EMB Company.
As such, EMB Company is liable to collect personal data based on:
1.2. Collection methods:
1.2.1. Collecting through forms
The access to, use of, download of, purchase of or subscription to certain services or products implies the collection of personal data concerning the prospective customer or user. In these scenarios, while completing paper or electronic forms, the person provides the related information. These forms systematically specify:
1.2.2. Collecting through cookies
The term “cookies” is to be taken in the broader sense: the group of markers left and/or read, for example, when visiting a website, reading an email, installing or using software or a mobile application.
The main goal of the cookies, which based on files stored on the user’s computer while browsing, is to simplify navigation of their websites (automatic authentication, personalisation of certain information, etc.) or to personalise the adverts that appear while the user is browsing.
Indications for configuring your browser can be found in Annex of the current policy.
Moreover, other cookies are left by companies outside EMB Company in order to collect user browsing data while they browse different websites. EMB Company works with a number of these companies. For more information, users can consult the confidentiality policies of these companies, including:
In compliance with current legal provisions, before leaving or reading a cookie stored on the user’s computer, EMB Company:
Cookies and trackers that are strictly necessary in order to provide a service expressly requested by the user do not need the user’s prior consent. So, for example, the following trackers do not need the user’s consent:
All other cookies require advance notification and consent request, for example:
In compliance with the recommendations of the CNIL, consent is received via a banner that appears on the website which must contain the following information:
Broadly speaking, if the user shares their computer with other people, they should ensure to delete the cookies installed on their computer in the browser settings.
1.2.3. Collecting by telephone
EMB Company performs certain services by telephone and in this instance can collect personal data. When possible, the telephone contact is confirmed by sending a message allowing the person concerned to keep a written record of the conversation and to be able to exercise their rights at any moment.
1.2.4. Indirect collection
EMB Company can obtain this personal data from third parties (see chapter 5). In such instances, EMB Company:
Some of the information collected is “Personal Data”, namely data concerning the persons that allows them to be identified.
In compliance with current legislation, EMB Company has adopted the minimisation principle when collecting data, and only collects the data from the natural persons concerned that is strictly necessary for the desired and explicit objective, allowing them to exercise their rights in all capacities.
In terms of the nature of the services or products provided, the following personal data is likely to be requested:
When necessary for certain products and services:
3.1. Use of the collected data
EMB Company can use the personal data it possesses to:
This personal data will be used by EMB Company as part of its activities in the promotion of its own products and services as well as prospecting third-party accounts. It is only used within the strict limits defined by current legislation.
3.2. Methods of sending information
According to the contact details which will have been collected, EMB Company and its partners will be able to transmit information in the following ways:
3.3. Aims of the collection
The aim of the collection is systematically indicated when carried out by EMB Company and recalled when the data is being transferred, if the collection has been undertaken by a third party.
EMB Company is liable to use a person’s personal data for the following objectives, in particular to:
The data found in EMB Company’s bases is processed, applying rules and strict checks, complying with the competent supervisory authority’s recommendations and state-of-the-art technology.
4.1. The storage of personal data
EMB Company takes all necessary precautions to preserve the security and confidentiality of personal data, and in particular to prevent it from being misrepresented, damaged or accessed by unauthorised third parties.
The recommendations of the National Commission on Informatics and Liberty are taken into account in the Group’s security management.
4.2. Storage period of the data and archiving
The storage period depends on the activity concerned, the nature of the contact (customer or potential customer) and the sector’s use.
5.1. Within EMB Company
EMB Company is comprised of several companies based both inside and outside the European Union, and are liable to convey the personal data from an affiliate of the group, within the framework of its functional organisation2.
By way of example, certain processes are carried out by employees of an affiliate of the group in order to perform business support services, market studies or customer services, as well as in terms of account management, both current and future products or services supplied, or to participate in competitions, lotteries or promotions.
Marketing and producing certain of EMB Company’s products and services is, in some cases, carried out in a transverse way between several of the group’s entities, with several entities sharing resources to make it possible to outsource or share responsibility of the processing. All intra-group transfers made outside of the European Union are covered by a contract using standard contractual clauses (see chapter 7 below).
5.2. Outside EMB Company
EMB Company is liable to transfer the personal data it collects to a third party, for example:
5.3. The methods of working with third parties
In the event of personal data being transmitted for any reason to a third party (for example: outsourcing, services carried out by a client), EMB Company applies the conditions defined by current legislation, notably informing the persons concerned of this transfer.
EMB Company ensures that the appropriate contractual stipulations between EMB Company and the third party concerned guarantee that the latter:
EMB Company has adapted its organisation in order to meet the demands of the European Data Protection Regulation and provide the concerned persons with all the information regarding their collected personal data and the processes carried out on it.
6.1. Exercising rights of access, refusal, rectification and removal
All requests related to exercising rights must be sent by email to firstname.lastname@example.org. This request must include as much information as possible so that it can be handled within a maximum of two months of reception: for example, you must specify the email address requested and to which address the requested information will be sent, in order to make the search easier.
6.2. Exercising the right to be forgotten
All requests concerning personal data that appears in magazine articles published by EMB Company must be sent by email to email@example.com.
The reasons for the request must be included in the email. Once the data has been removed, any request to remove an article from a search engine must be directly addressed to the stated search engine by the person concerned.
6.3. Data portability
All requests related to data portability must be sent to EMB Company’s DPO, who will respond regarding the feasibility of the request.
6.4. Appointing a Data Protection Officer (DPO) and the recourse to supervisory authority
In order to complete this measure, EMB Company has appointed a Data Protection Office who can be reached by email at firstname.lastname@example.org for any questions or problems relating to the processing of personal data.
Anyone can directly contact the National Commission on Informatics and Liberty (CNIL).
If EMB Company passes personal data on to an third party based outside of the European Union, measures are taken to assure that the stated data will receive the same level of protection as is imposed by the European Union regarding data protection.
As such, EMB Company assures that the process carried out will comply with the current policy and that it will be covered by the European Commission’s standard contractual clauses which guarantee a level of protection sufficient for the person’s private life and fundamental rights.
EMB Company is liable to combine information concerning businesses with information entrusted by natural persons in the conditions and for the purposes defined in the current policy.
The profiling methods used by EMB Company include undertaking manual or automatic cross-validation between company files and EMB Company’s contact databases (name, job, email address, etc.), as well as objective tests (size, sector, computer equipment, etc.).
In terms of its recruitment policy, EMB Company collects and stores personal data concerning potential candidates.
EMB Company collects the information necessary to search for the most appropriate profiles for the vacancies, while respecting both the law and the person’s rights and liberties. The Group refrains from sending CVs with personal details to third parties without the person’s consent.
Candidates who wish to modify or delete their personal data from our bases can email email@example.com at any time, indicating “personal data” in the subject line.
The candidate must have the referees’ consent to be contacted by EMB Company.
EMB Company can be brought to make changes to or update the current Personal Data Policy. All updates will be displayed in an appropriate place so that all users will be informed of the date of the last update.
The most important updates will be the subject of a notice on EMB Company’s corporate website (www.emb-europe.com), at latest when the stated changes come into force.
If the browser is configured to disable cookies, access to all or part of the site could be blocked.
In order to manage cookies in the way that user would like to, the browser should be configured with the aims of the cookies in mind.
In Internet Explorer, click on the Tools button, then on Internet Options. In the General tab, under Browser History, press Settings.
Click on the View Files button.
In the browser’s Tools menu, select Options.
In the displayed window, click Privacy and then View Cookies.
In the Safari menu, select Preferences.
Click on Show Cookies.
Click on the Chrome menu.
Click Show advanced settings and then choose Privacy.
1.Recital (47) of Regulation 2016/679: Legitimate interests of the person responsible for the processing (…) can form a legal basis for processing, unless the interests or liberties and fundamental rights of the person concerned do not prevail, taking into account the reasonable expectations of the persons concerned regarding their relationship with the person responsible for the processing. Such legitimate interest could, for example, exist while a pertinent and appropriate relationship between the person concerned and the person responsible for the processing exists (…). (…) Processing personal data for prospection reasons can be considered as a response to legitimate interest.
2.Recital (48) of Regulation 2016/679: The people responsible for processing that are members of a group of companies or establishments affiliated to a central body can have a legitimate interest in transmitting personal data within the group of companies for internal administrative purposes, including the processing of personal data related to the customers or employees.