Privacy policy

TMA (hereinafter referred to indifferently as “TMA” or the “Company”), whose trade name is THOMAS MARKO & ASSOCIÉS, a simplified joint stock company with capital of €1,000, registered with the Nanterre Trade and Companies Register under number 841 367 097, whose registered office is at Boulogne-Billancourt (92100), 37-41, rue Fernand Pelloutier, implements the processing of personal data.

The Company may act as a “data controller” when processing personal data on its own behalf. It may also act as “controller” or “processor” when processing personal data on behalf of its customers. In this case, the collaboration contract with the customer clearly defines TMA’s status (“controller” or “processor”).

1. Purpose of the TMA Privacy Policy

This personal data protection policy applies to the processing carried out by TMA via its website www.thomasmarko-associes.com. TMA is committed to protecting the privacy and personal data of users of the Site and of the Company’s customers.

The purpose of TMA’s Privacy Policy is to explain how data is collected and how it is used. The personal data collected or held is directly communicated by the person him/herself from the activity on the website www.thomasmarko-associes.com (hereinafter referred to as the “Site”).

This Privacy Policy has been drafted in consideration of the applicable legal and regulatory provisions, in particular the General Regulation of the European Parliament and of the Council on the protection of personal data No. 2016/679 of April 27, 2016 (hereinafter referred to as the “RGPD”) and the Loi Informatique et Libertés as amended to incorporate the provisions of said RGPD into French law.

2. Personal data collected by the Company

Pursuant to Article 4.1 of the RGPD, personal data is any information that makes it possible to identify the user of the Site either directly or indirectly. This Site collects personal data via its various forms:

  • As part of its recruitment process, through the “Contact us” form;
  • For commercial prospecting, marketing operations or the detection of suppliers, service providers and partners via the “Contact us” form.

2.1. Données collectées dans le cadre du processus de candidatures spontanées et de réponse aux offres d’emplois ou de stages

Data collected :

TMA collects the following data through the application forms available on its Site (“Contact Us” section):

  • Type of collaboration desired (permanent contract, fixed-term contract, internship, work-study contract, etc.) ;
  • First name ;
  • Name ;
  • Phone ;
  • Email ;
  • CV ;
  • Message (the candidate leaves a message with information about himself or his application);
  • Other (cover letter and any other documents the applicant wishes to submit)

to carry out candidate detection and selection activities as part of a candidate search and recruitment process.

Possible consequences of not providing certain data :

In order to be able to respond to requests from users of the Site, certain data is essential and is indicated by an asterisk placed before the data request. If this data is not provided, TMA will be unable to respond to applications.

Legal basis for this data processing :

The processing of personal data by means of application forms (“Contact us” section of the Site) in response to a job or internship offer, or for unsolicited applications, is based on the Site user’s consent to leave this information in anticipation of recruitment.

Recipients of this data :

Only those involved in the identification and recruitment process have access to the candidate’s information: Director, Deputy Director in charge of Human Resources and her assistant, Communication, Development and CSR Manager.

Data retention period :

The data of successful candidates may be kept in an active database for the duration of the recruitment procedure, until a hiring decision is made. Once this decision has been made, the data can be reused and stored for personnel management and future recruitment purposes.

In the event of a negative outcome to an application, the Company informs the candidate that it wishes to keep his/her file, in order to give him/her the possibility of requesting its destruction.

If the candidate does not request the deletion of his/her file, the data is automatically deleted two (2) years after the last contact. Longer retention is only possible with the candidate’s consent.

It is also possible, at any time, to send an e-mail to the following address dpo-TMA@agencergpd.eu to request the deletion of data.

2.2. Données collectées à des fins de prospection commerciale, d’opérations de marketing ou de détection de fournisseurs, prestataires et partenaires

Data collected :

The following information is collected and processed via the contact form (“Contact us” section of the Site):

  • purpose of request (new project, press information, partnership opportunities, service providers, etc.) ;
  • first name ;
  • name ;
  • company ;
  • function,
  • telephone ;
  • email ;
  • message (the contact leaves a message and provides information about his/her request) ;
  • files (any documents the contact wishes to communicate).

Possible consequences of not providing certain data :

In order to be able to respond to requests from users of the Site, certain data is essential and is indicated by an asterisk placed before the data request. If this data is not provided, TMA will be unable to respond to requests.

Purpose of data collection :

The purpose of using this information, which constitutes personal data, is :

  • to send communications about the services and expertise offered by the Company for the purposes of commercial prospecting and marketing operations. These communications may take the form of an e-mail or letter, an SMS, a telephone call or targeted advertising, or contact on social networks;
  • establish new contacts with suppliers, service providers and potential partners of the Company;
  • and, more generally, to establish new contacts with individuals or legal entities connected with the Company’s business or its customers.

Legal basis for data processing :

TMA’s processing of the Site user’s data is based on the user’s consent in the event that the user communicates his/her data. This consent may be withdrawn at any time.

Recipients of this data :

The following departments may receive this data within the limits of their respective responsibilities: TMA’s communications department and TMA’s sales department.

Where data has been collected in response to requests for information, information on similar services or services targeted in response to previous requests may be sent, unless the person concerned requests that such commercial communications cease or chooses not to receive them.

Data retention period

This data is kept for up to 3 years after collection.

The use of data and information as described above is authorized by the regulations applicable to the protection of personal data. In most cases, this processing of personal data for the purposes of commercial prospecting, marketing operations or the detection of suppliers, service providers and partners is based on the user’s consent and/or the Company’s legitimate interest.

3. Cookies and other trackers

A cookie is a small file stored by a server for a limited time on a user’s terminal (computer, tablet, telephone, smartphone, etc.) and associated with a web domain (i.e., in most cases, all the pages of a single website). This file is automatically returned on subsequent contacts with the same domain.

The Company’s website uses cookie technology to improve navigation and user experience. When users consult the Site, cookies may be stored on their browsers, regardless of the terminal they are using.

In particular, they are used for identification purposes, to analyze traffic and the use of Site elements. Cookies also enable the Company to recognize users, to store certain information about their preferences and user paths, and to understand how they use the services available on the Site.

The cookie has a validity period which varies according to the type of cookie and enables the visitor to be recognized the next time he or she uses the Site. In any event, this period does not exceed thirteen (13) months.

Cookies are deposited by TMA.

At any time, visitors can decide to accept or refuse the use of cookies and modify their preferences.

Users can change their cookie preferences or delete cookies by adjusting their browser settings:

  • Safari
  • Chrome
  • Firefox
  • Internet Explorer
  • iOS

Users can also manage their cookie preferences via the “cookies” information banner on the Site’s home page.

As long as the visitor has not given his consent to the collection of cookies, no cookies may be deposited on his terminal, with the exception of cookies exempt from the collection of consent insofar as they are strictly necessary for the provision of a service expressly requested by the user.

The Company retains the user’s choices for six (6) months.

Users are informed that the setting of cookies may modify the conditions of access to the services offered by the Company and alter their browsing comfort.

For more information on cookies, please refer to TMA’s Cookie Policy.

4. Transmission of data collected by the Company to third parties

The information collected may be transmitted to the Company’s partners and subcontractors.

As an interest representative, TMA also has reporting obligations. The Company may be required to pass on personal data to a number of authorities, notably the Haute Autorité pour la Transparence de la Vie Publique (HATVP), in accordance with legislative and regulatory provisions.

In such a situation, the Company undertakes to disclose to the authorized third party only the information or documents strictly necessary for the performance of its mission, in accordance with the principle of minimization.

5. Transfer of data outside the European Union

Personal data collected by TMA may be transferred to countries outside the European Union.

These transfers may take place to countries recognized by the European Commission as providing an adequate level of protection for personal data (see European Commission adequacy decisions: https: //ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).

Failing this, such transfers are subject to the conclusion of contractual clauses with the recipients of the data, in accordance with the recommendations of the European Commission, enabling TMA to ensure that appropriate guarantees are taken concerning the protection of said data.

A copy of the reference documents referred to in this paragraph may be obtained from the contact mentioned in the last article of this Privacy Policy.

6. Personal data rights

In accordance with the RGPD, any person affected by the processing of personal data is entitled to the following rights:

  • The right to access personal data;
  • The right to correct any errors in the files or to update its data;
  • The right to limit their treatment ;
  • The right to object to the processing of your data, if your situation so warrants;
  • The right to have personal data permanently deleted (right to be forgotten);
  • The right to withdraw consent ;
  • The right to object to receiving future commercial prospecting documents;
  • The right to data portability (transfer of data to the data subject or to a third party);
  • The right to refuse an automated individual decision ;
  • The right to define directives concerning the fate of her personal data and the way in which she wishes her rights to be exercised after her death.

To exercise the rights mentioned above, the user may send an e-mail to the following address dpo-TMA@agencergpd.eu or a letter to the following address :

Data Protection Officer

TMA

37-41, rue Fernand Pelloutier

92100 Boulogne-Billancourt

TMA may ask the user to prove his identity before processing his request, in compliance with the regulations in force.

Users of the Site who, after contacting TMA, feel that their “data protection” rights have not been respected may lodge a complaint with the CNIL.

7. Personal data protection

TMA undertakes to implement and maintain, at its own expense, appropriate technical and organizational measures for the processing and security of personal data, having regard to the nature of the data processed and the risks involved.

The measures put in place are designed to protect users’ personal data against accidental or unlawful destruction, loss, modification, unauthorized disclosure or access.

Only certain members of the Company’s staff have access to users’ personal data, via administrator accounts.

The Company also undertakes to keep, update and retain complete and accurate records concerning the processing of personal data implemented in connection with the services provided. These records detail its processing activities.

8. Notification of personal data breaches

In the event of a violation presenting a risk to the rights and freedoms of individuals, the Company will send a notification to the CNIL within a maximum period of seventy-two (72) hours.

In the event of a personal data breach presenting a high risk, and except in special cases, the Company will inform the persons concerned without delay and no later than twenty-four (24) hours after becoming aware of such a breach.

In all cases, the Company will document the incident internally in its “Data Breach Register”, determining the nature of the breach, the categories and approximate number of people affected, the likely consequences of the data breach and the measures taken or envisaged to mitigate the negative consequences of the breach and prevent such an incident from recurring.

9. Links to other sites

The Site may include links to other sites or other Internet sources.

Insofar as TMA has no control over the content and privacy policies of third-party sites, TMA declines all responsibility for them.

Users are therefore invited to consult the privacy policy of each site they visit.

10. Status and modification of the Privacy Policy

This Privacy Policy was last updated on 15/10/2024.

This Privacy Policy may be modified by TMA in order to provide users with up-to-date and transparent information on how TMA collects and processes personal data on its website.

The “last updated” date mentioned above will be modified. The new version of the Privacy Policy will be effective as of that date.

The latest version of the Privacy Policy is available for consultation at any time on the Site.

11. Contact

All questions relating to this Privacy Policy are handled by the Data Protection Officer, who can be contacted by e-mail at dpo-TMA@agencergpd.eu or by post at :

Data Protection Officer

TMA

37-41, rue Fernand Pelloutier

92100 Boulogne-Billancourt