THOMAS MORE PARTNERS, a simplified joint stock company with share capital of €100,000, with registered office at 14 avenue Franklin Delano Roosevelt – 75008 PARIS, registered with the Paris Trade and Companies Register under number 937 697 852 (hereinafter “TMP”), is concerned about protecting the Personal Data that any user, a natural person (hereinafter the “User”), may disclose when using its MyLeadership web app (hereinafter the “App”).
The purpose of this Confidentiality Policy is therefore to inform Users of the way in which Personal Data is collected from the App, how it is processed by TMP, and, finally, the rights that data subjects enjoy with regard to this processing, as defined below.
1. Definition
As this Confidentiality Policy forms an integral part of the General Terms and Conditions of Use (GTCU) of the App, the definitions used in the latter are reused in this Confidentiality Policy.
In addition to the terms defined in the GTCU or in the preamble, the following terms shall, for the performance and interpretation of this Confidentiality Policy, have the meaning defined below whether they are used in the singular or the plural:
“Recipient” means the natural person or legal entity, public authority, agency or any other body that receives Personal Data, whether or not it is a third party;
“Data Controller” means the natural person or legal entity, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the Processing;
“Applicable Regulations” means the regulations applicable to the collection and Processing of Personal Data, and in particular Regulation (EU) No. 2016/679 of 27 April 2016 known as the “General Data Protection Regulation” or “GDPR” and Law No. 78-17 of 6 January 1978 known as the “French Data Protection Act” as amended by the latter;
“Data Processor” means the natural person or legal entity, public authority, agency or any other body that processes Personal Data on behalf of the Data Controller or the initial data processor;
“Processing” means any operation or set of operations performed on data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2. Personal Data collected and Data Controllers
TMP collects and processes, via the use of the App by Users, the following Personal Data:
(i) Personal Data relating to the identification of the User in the creation and management of his/her Personal Account, namely:
Surname and first name;
E-mail address;
Telephone number;
Company and role;
Department or team to which s/he is attached.
In the context of the collection and Processing of this Personal Data, TMP acts as Data Controller.
(ii) First name, in the form of a pseudo (hereinafter “Pseudo”) of natural persons entered by the User when using the App (hereinafter the “Data Subjects”).
In the context of the collection and Processing of these Pseudo, the User acts as Data Controller, and TMP, as Data Processor.
The User acknowledges that this Processing must therefore be carried out in compliance with the Applicable Regulations and is subject to the strictest confidentiality.
The User therefore undertakes to take all necessary measures to ensure that s/he and the company that employs him/her, where applicable, comply with the obligations of the Applicable Regulations, and, more particularly, those to which s/he is subject in his/her capacity as Data Controller. In this respect, s/he undertakes in particular to:
Take into account, with regard to its use of the App, the principles governing the protection of Personal Data from the design stage and protection of Personal Data by default, in particular by only entering in the App, when necessary, the first name of third parties in the form of a pseudo;
Assist TMP in fulfilling its obligation to respond to requests to exercise the rights of Data Subjects as defined in the Applicable Regulations.
3. Legal basis and purposes of the Processing
TMP collects and processes the User’s Personal Data, based on the User’s consent, for the following purposes:
When the User wishes to create his/her Personal Account;
- In order to authenticate the User so that s/he is able to access his/her Personal Account and use the App.
Furthermore, in order to make full use of the Content and therefore to benefit effectively from the Training offered by TMP, the User must enter Pseudo when using the App. The latter therefore has a legitimate interest which justifies the collection and processing of these Pseudo via the App.
In this case, the User, in his/her capacity as Data Controller, ensures that the Processing of Pseudo is necessary for the fulfilment of his/her legitimate interest and assesses the consequences of this Processing on the Data Subject, in particular by taking into account the nature of the Data entered in the form of Pseudo.
The User also ensures that s/he does not disregard the rights of the Data Subjects, by allowing the latter to exercise those rights at any time.
4. Retention period
TMP only retains the Personal Data collected for the time the Personal Account of the User concerned is active and in compliance with the regulations in force.
5. Recipients
As part of a strict access and confidentiality management policy, only recipients duly authorised by TMP may access the Personal Data the User has disclosed using the App.
a. Internal recipients
The Personal Data collected may be used within the following TMP services: the project manager for the Training concerned.
b. External service providers
The Personal Data collected may only be transmitted to external service providers working on the App in order to guarantee an optimal experience for Users or those responsible for hosting said Personal Data, within the limits provided for by the Applicable Regulations and in accordance with this Confidentiality Policy.
External service providers to whom Personal Data collected is transmitted, process it solely on behalf of TMP and according to its instructions.
The transmission of Personal Data collected to external service providers of TMP is regulated in order to ensure the security of said Personal Data.
Please find below the list of these subcontractors and external service providers:
GONNAEAT, a limited liability company (SARL) with share capital of €15,000, with registered office at 87, rue Blomet - 75015 Paris
Paris Trade and Companies Register 501 396 733
Telephone: +33 (0)1 46 99 03 10
GANDI SAS, a simplified joint stock company with share capital of €800,000, with registered office at 63-65 boulevard Masséna Paris (75013) FRANCE
Siren No. 423 093 459 Paris Trade and Companies Register
VAT no. FR81423093459
Tel. +33 (0) 1 70.37.76.61
Fax +33. (0) 1 43 73 18 51
6. Hosting of Personal Data
The Personal Data collected is hosted by the company, the contact details of which can be found below:
GANDI SAS, a simplified joint stock company with share capital of €800,000, with registered office at 63-65 boulevard Masséna Paris (75013) FRANCE
Siren No. 423 093 459 Paris Trade and Companies Register
VAT no. FR81423093459
Tel. +33 (0) 1 70.37.76.61
Fax +33. (0) 1 43 73 18 51
The Processing and hosting of Personal Data takes place exclusively within the European Union.
Every precaution has been taken to ensure that the Personal Data collected is stored in a secure environment and to prevent it from being distorted, damaged or accessed by unauthorised third parties. The Personal Data collected will never be transmitted to third parties for commercial purposes, nor will it be sold or exchanged.
7. Security measures taken
TMP undertakes to ensure the security and integrity of the Personal Data collected.
In this respect, TMP takes and maintains technical and organisational security measures for the App and its information system which are adapted to the nature of the Personal Data collected and the risks presented by the Processing of that Data.
These measures aim to:
Protect the Personal Data collected from destruction, loss, alteration and/or disclosure to unauthorised third parties;
Ensure that the availability of the Personal Data collected and access to it are restored in the event of a physical or technical incident.
8. Rights of the User
In accordance with the Applicable Regulations, the User has the rights listed below.
Right to information: the right for the User to have clear, precise and complete information on the use of Personal Data by TMP;
Right of access: the right to obtain a copy of the Personal Data TMP holds on the User;
Right to rectification: the right for the User to have his/her Personal Data rectified if it is inaccurate or obsolete and/or to complete it if it is incomplete;
Right to erasure (“right to be forgotten”): the right granted to the User, under certain conditions, to have his/her Personal Data erased or deleted, unless TMP has a legitimate interest in retaining it;
Right to restriction of Processing: the User has the right, under certain conditions, to request the temporary suspension of the Processing of his/her Personal Data;
Right to portability: the User has the right to request that his/her Personal Data be transmitted in a reusable format which enables it to be used in another Personal Data database;
Right to object: the right for the User to object to the Processing of his/her Personal Data by TMP for reasons relating to a particular situation;
Withdrawal of consent: the User may withdraw his/her consent to the future Processing of his/her Personal Data by TMP;
Right not to be the subject of a decision based exclusively on an automated process: the User has the right not to be the subject of a decision based exclusively on an automated process if the decision produces legal effects that concern him/her, or which significantly affects him/her in a similar way. In the event that at least one automated process is necessary for the performance of a service by TMP, it is then possible that TMP may be unable to provide all or part of the service, and, in this case, the User expressly acknowledges that s/he is requesting the cancellation of the service in question.
Right to lodge a complaint: right for the User to lodge a complaint with the French Data Protection Authority (CNIL) if s/he considers that the Processing carried out by TMP constitutes a breach of his/her Personal Data.
In order for TMP to grant his/her request, the User is required to provide him/her with: his/her first name and surname, e-mail address, telephone number, proof of identity and the subject of his/her request.
TMP is required to respond to the User within a maximum period of 30 (thirty) days, except in the case where a large number of requests are made simultaneously, or in the case where the search for information requires an additional period.
In this case, TMP will inform the User of this impossibility to adhere to the 30-day deadline and will inform him/her of the necessary deadline, which may not exceed three (3) months.
The User may exercise his/her rights at any time by contacting TMP, by e-mail, at the following address: rgpd@thomas-more-partners.com.
As each Data Subject may also exercise the specific rights conferred on it by the Applicable Regulations, TMP shall respond to any request from a Data Subject based on one of these specific rights upon receipt of said request, it being specified that the User must therefore convey to TMP any request received directly from a Data Subject as soon as possible.
9. Cookies
No cookies or trackers are used on the App.
10. Policy Change
This Confidentiality Policy may be amended or modified at any time in the event of changes in the law or case law, decisions and recommendations of the European Commission, the European Data Protection Committee, the CNIL or common practices.
Users will be informed of any new version of this policy by any means, including by electronic means (e.g. by e-mail or online).