This page describes how Cegid processes the personal data collected from data subjects (clients, prospects…).
If you have any questions or concerns regarding this page, please contact email@example.com
This document is likely to evolve, where necessary in order to implement the obligations imposed by the legislation on personal data protection. The notions concerning personal data protection used in this document have the meaning given in the GDPR, notably in accordance with Article 4 of the GDPR.
It may be necessary for Cegid to access and process personal data provided by its clients within the framework of completion of offers and services to which the customer subscribes.
The access and processing are organized by a contract containing specific clauses for data protection signed between Cedig and the client.
Cegid processes personal data only on behalf of the client in accordance with the provisions of the contract.
Cegid is certified ISO 27001 with regard to its Information Security Management System on the following scope: “Application hosting services in a Cloud environment, containing data provided by the clients”.
This certification guarantees the implementation of a certified security policy applied to the processes and workflow of Cegid during the duration of the SaaS service issued to the client.
All employees of Cegid are subject to an IT charter annexed to the internal regulation for ensuring an appropriate level of security.According to articles 33 and 34 of the GDPR, personal data breaches shall be notified:
All requests related to those rights shall be made by filling out the form “Data subject’s rights” available on this page.
Cegid reserves the right to ask for clarifications in relation to any request and to justify the identity of the requester.
In any event, Cegid actively recommends to contact the competent national supervisory authority for more information about the legislation on data protection, rights of data subjects and the possibility of lodging a complaint with this authority.
In the event Cegid receives a request from the data subject as part of the realization of the contract between Cegid and the client, Cegid will communicate this request to the client at the earliest from its receipt and, taking into account the nature of the processing and the terms of the contract, will assist the client by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of its obligation to respond to requests for exercising the data subject’s rights.
The client remains nevertheless responsible for replying to the data subject concerned.
Pursuant to article 13 of the GDPR, the controller has the responsibility to inform data subjects.
In accordance with the terms of the contract, Cegid provides its clients, acting as data controllers, with any information that might help them to enforce article 13 of the GDPR.
According to article 28 of the GDPR and its contractual engagements, Cegid undertakes to cooperate with its clients in order to assist them to comply with their legal obligations pursuant to articles 32 to 36 of the GDPR.
Generally speaking, Cegid undertakes to cooperate with the French supervisory authority (CNIL) where necessary and to take into account its recommendations.
If Cegid plans to develop a new service or offer, Cegid, as software provider, will make every effort to introduce from the beginning of this project the principles for the protection of personal data (“privacy by design”) and help its clients to comply with the applicable legislation through functionalities and specific means.
All new Cegid employees must follow an awareness training concerning personal data protection.
More generally, Cegid will make every effort to offer its employees regular awareness raising with regard to personal data protection.
Awareness raising or more specific trainings may be conducted for employees working on a regular basis with personal data.
In order to have optimum control of personal data protection, Cegid has a dedicated governance.
A Data Protection Officer was designated in May 2018 and declared to the French supervisory authority (CNIL). The latter is in charge of the governance.
A strategic committee transversally supervises all the activities of Cegid with the support of an operational committee composed of the DPO and contact points within different departments of Cegid.
These records are made available to the CNIL upon request.
Cegid has taken into account the new mandatory contractual stipulations according to article 28 of the GDPR in all contracts concerned.Therefore, specific contractual clauses on data protection and in compliance with the applicable legislation have been introduced to:
Effective Date: November 28th, 2018
We collect contact information such as name, email address, address, phone number and company name. Cegid reserves the right to obtain information on the provenance of its visitors to insure the development of its products and web sites. This information can be of geographical, statistical or other nature.
We use this information to:
We may receive information about you from other sources, including third parties from whom we have obtained data such as name, affiliated company, and phone number, and may combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new customers, and provide products and services that may be of interest to you. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. If you believe that your personal information has been provided to us and would like to request that it be removed from our database, please contact us at the contact information below.
You may learn about and apply for positions at Cegid on the Career page of our corporate website. We may collect your name, email address, phone number and citizenship. We will use this information to evaluate and contact you about your candidacy.
We may share your information with third parties who provide services on our behalf to help with our business activities. These companies are authorized to use your personal information only as necessary to provide these services to us. These may include providing computing and networking infrastructure services.
Legal DisclaimerIn certain situations, Cegid may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. If Cegid is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information. We may also disclose your personal information to any other third party with your prior consent.
Upon request Cegid will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information please contact us at firstname.lastname@example.org or by contacting us by telephone or postal mail at the contact information listed below.
You may access, correct, or request deletion of your personal information by contacting us at email@example.com or by contacting us by telephone or postal mail at the contact information listed below. In certain circumstances we may be required by law to retain your personal information, or may need to retain your personal information in order to continue providing a service.
We will respond to these requests within a reasonable timeframe.
You may sign-up to receive newsletters or other communications from us. If you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you or by contacting us at firstname.lastname@example.org.
With the present document, Cegid reaffirms its commitment to insure the security and integrity of the data collected via this website. Personal information gathered via this website is stored in secured offices, on secured servers which are not accessible via the Internet. The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. If you have any questions about the security of your personal information, you can contact us at email@example.com.
We may retain your information for as long as your account is active or as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements.
We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Cegid collects information under the direction of its Clients, and has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the Cegid’s Client (the data controller). If requested to remove by the data controller, we will respond within a reasonable timeframe. Cegid may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our Clients.
We will retain personal data we process on behalf of our Clients for as long as needed to provide services to them. Cegid will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. The use of information collected through our service shall be limited to the purpose of providing the service for which the Client has engaged Cegid.
As is true of most websites, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.
Our website includes Social Media Features, such as the Facebook Like button, and Widgets, such as the Share this button or interactive mini-programs that run on our website. These Features may collect your Internet protocol address, which page you are visiting on our website, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our website. Your interactions with these Features are governed by the privacy statement of the company providing it.
We self-certify in compliance with :
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
Cegid (HR & Talent Management Solution business unit) participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, please visit the U.S. Department of Commerce’s Privacy Shield List.
Cegid is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Cegid complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Cegid is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Cegid Corporation1270 Avenue of the Americas – Suite 807New York, NY 10020T: +1 800.413.3521
Depending on the nature of the form, Cegid SAS, as data controller, located at 52 quai Paul Sedallian, 69009 Lyon (France), may collect the following personal data: Surname, name, e-mail address, telephone number, position, company.
These personal data are processed by Cegid SAS for the purposes of management of its customer and prospects database and for commercial communications.
Cegid SAS and its subsidiaries and partners may also (i) be the recipients of those personal data for the purposes described above and (ii) transfer those data to third countries. You can contact Cegid for more information on this matter.
These data will only be stored for the necessary period to accomplish the object of the processing and you can exercise your rights in accordance with this policy by filling out the form “Data subject’s rights” available on this page.
In order to deliver the required service, Cegid SAS, acting as data controller, located at 52 quai Paul Sedallian, 69009 Lyon (France), collects and processes the following personal data: surname, name, e-mail address, telephone number, position, company.
These personal data are processed by Cegid SAS for the purposes of user account management.
The activities on the platform (connection and use) are also registered by Cegid SAS (log). These data are registered in order to ensure the traceability and security of the data and they are stored for a maximum period of one year.
You can exercise your rights in accordance with this policy by filling out the form “Data subject’s rights” available on this page.
In accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (« GDPR »), you have the right of access, rectification, data portability, restriction of processing, object and to erasure (“right to be forgotten”) concerning your personal data processing by Cegid.
To exercise your right, please complete the following form.
To lodge a complaint, please visit the website of your national supervisory authority