Afnor logo

Privacy policy
RGPD Charter

CHARTER ON PERSONAL DATA PROTECTION AND PRIVACY - AFNOR INTERNATIONAL


AFNOR INTERNATIONAL undertakes, within the framework of its activities and in accordance with the legislation in force in France (Law No. 78-017 of January 6, 1978 relating to information technology, files and freedoms (known as the Loi Informatique et Libertés) and in Europe (Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such Data (RGPD), to ensure the protection, confidentiality and security of the Personal Data of persons benefiting from the services and/or products of AFNOR Group entities, as well as to respect their privacy.

To ensure that they are properly applied, AFNOR has appointed a personal data protection delegate, who is a key contact in the protection of personal data, both within the AFNOR Group and in its relations with the Commission Nationale de l'Informatique et des Libertés (CNIL). 

A Data Protection Officer has been appointed for the French entities of the AFNOR Group by the CNIL, whose contact is : 

DPO, AFNOR, 11 rue Francis de Pressensé 93571 La Plaine Saint Denis.

He can also be contacted by e-mail via the Internet: ENGLISH VERSION - VERSION FRANCAISE

By connecting or consulting one of the websites published by AFNOR INTERNATIONAL, you acknowledge having read, understood and accepted, without limitation or reservation, the charter on the protection of personal data and privacy. The purpose of this charter is to inform you of the rights and freedoms that you may assert with regard to AFNOR INTERNATIONAL concerning the use of your Personal Data and to describe the measures that AFNOR INTERNATIONAL implements in order to protect them.

1. DEFINITIONS

Personal data Personal data is any information relating to a natural person who is identified or can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to that person.

Processing of Personal Data Processing of Personal Data: any operation or set of operations involving such Data, whatever the process used, and in particular the collection, recording, organization, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, reconciliation or interconnection, as well as locking, erasure or destruction, constitutes Processing of Personal Data.

Cookie A cookie is a piece of information deposited on an Internet user's hard disk by the server of the site he or she is visiting. It contains several pieces of data: the name of the server that placed it, an identifier in the form of a unique number, and possibly an expiry date. This information is sometimes stored on the computer in a simple text file, which a server accesses to read and record information.

2. COLLECTION OF PERSONAL DATA

AFNOR INTERNATIONAL will not collect Personal Data without informing the persons concerned.

AFNOR INTERNATIONAL collects this Data in order to provide the services and/or products requested from the persons concerned, to meet their needs and to inform them of the use made of it.

AFNOR INTERNATIONAL ensures the relevance of the Personal Data collected in order to better know the persons concerned.

AFNOR INTERNATIONAL collects information automatically submitted by data subjects relating to the use of the website itself. This information may include unique device identifiers, Internet Protocol ("IP") addresses, browser characteristics, language preferences, operating system details and referring URLs, as well as the duration of visits to the website and the pages viewed. AFNOR INTERNATIONAL may use tools such as cookies (see §9), web beacons, embedded scripts, web server logs or similar technologies to collect details about the services and devices used to access AFNOR INTERNATIONAL websites.

AFNOR INTERNATIONAL uses third-party web analytics services, such as Google Analytics, to help AFNOR INTERNATIONAL analyze how users use the AFNOR INTERNATIONAL websites. To learn more about how Google may use information collected on AFNOR INTERNATIONAL websites, please visit the following link: https: //policies.google.com/privacy/partners?hl=fr. To learn more about how you can opt-out of the collection of data by Google Analytics, please visit the following link: https: //tools.google.com/dlpage/gaoptout.

3. USE OF PERSONAL DATA COLLECTED

AFNOR INTERNATIONAL ensures the confidentiality of personal data entrusted to it and, from the design stage of services, sites and applications, respects the principles of data protection.

AFNOR INTERNATIONAL uses the Personal Data of the persons concerned in order to authenticate them, to provide them with the service and/or product subscribed to and to propose offers adapted to their needs.

AFNOR INTERNATIONAL only communicates personal Data to its authorized service providers/subcontractors and ensures that they comply with strict conditions of confidentiality, use and protection of such Data.

AFNOR INTERNATIONAL shall not communicate Personal Data to third parties without having informed the persons concerned and without having offered them the possibility of exercising their right to object.

AFNOR INTERNATIONAL may use the irreversibly anonymized Data of the persons concerned for statistical studies.

4. PURPOSES OF THE PROCESSING OPERATION(S)

When you visit one of the websites published by AFNOR INTERNATIONAL, you are likely to provide us with a certain amount of personal data in order to benefit from the services and/or products offered by AFNOR INTERNATIONAL. The Processing of Personal Data is necessary for the performance of services or for the legitimate interest of AFNOR INTERNATIONAL relating to certification activities (management systems, product certification, service certification, certification of persons, assessments - CSR, performance, suppliers - online tests for companies or persons, on-site assessment visits, regulatory attestations, labeling, private controls, inspections, qualifications) and training (recognition systems, training systems, in particular through professional social networks, e-learning, serious games, online trainee areas, performance tests, e-books, association games, puzzle and mime games, quiz boxes, mock tests). 

The collection of Personal Data enables AFNOR INTERNATIONAL to provide the persons concerned with the best possible follow-up of the services/products delivered by AFNOR INTERNATIONAL, and to improve the operation of the site or applications (if any) used; it also enables AFNOR INTERNATIONAL to carry out optional satisfaction surveys on its services/products with a view to improving them. The personal data collected may also be used to prevent and combat computer fraud (spamming, hacking, etc.), or to conduct optional satisfaction surveys on AFNOR INTERNATIONAL's services/products. 

Finally, if you have given your express consent, your personal data may be used to send you commercial information.

In online forms, mandatory fields are marked with an asterisk. If you fail to answer the mandatory questions, AFNOR INTERNATIONAL will not be able to provide you with the service(s)/product(s) requested. The compulsory or optional nature of the Personal Data requested and the possible consequences of a failure to reply with regard to the persons concerned are specified at the time of their collection(s).

Your personal data will not be further processed in a manner incompatible with the purposes described above or under the collection forms. They are only kept for the time necessary to achieve these purposes.

Your personal data may be communicated to certain departments of the data controller, as well as to certain partners or subcontractors for analysis and survey purposes.

5. SECURITY OF PERSONAL DATA COLLECTED

AFNOR INTERNATIONAL implements security measures adapted to the degree of sensitivity of Personal Data to protect them against any malicious intrusion, loss, alteration or disclosure to unauthorized third parties.

AFNOR INTERNATIONAL guarantees the security of information exchanged during transactions or acts of payment.

AFNOR INTERNATIONAL issues access authorizations to its information system only to those persons who need them to perform their duties.

AFNOR INTERNATIONAL makes its employees aware of the need to protect the personal data made available to them in the course of their duties and ensures that they comply with the rules in force and the ethics of the AFNOR Group.

AFNOR INTERNATIONAL conducts audits to verify the correct operational application of these rules.

AFNOR INTERNATIONAL requires its service providers and/or subcontractors to comply with its security principles.

6. RETENTION PERIOD FOR PERSONAL DATA COLLECTED

AFNOR INTERNATIONAL does not keep Personal Data beyond the period necessary to achieve the purpose of the Processing, while respecting the applicable legal and regulatory limits or another period taking into account operational constraints such as efficient management of customer relations and responses to requests from the courts or supervisory authorities on which AFNOR INTERNATIONAL depends.

In the case of customers, most information is kept for the duration of the contractual relationship and for 10 years after the end of the contractual period. In the case of prospective customers, information is kept for 3 years from the date of collection or last contact with AFNOR INTERNATIONAL.

7. INFORMATION AND EXERCISE OF RIGHTS

Data subjects whose Personal Data is collected have the right to access their Personal Data, to have it corrected or deleted, to have the Processing limited, to have their Data ported, and to object to the Processing.

The persons concerned are nevertheless informed that the personal Data collected are, where applicable, necessary for the performance of the service provided by AFNOR INTERNATIONAL, so that if they exercise their right to erase said Data, oppose or limit Processing before the end of the contractual relationship, the service cannot be performed.

These rights may be exercised by sending an email to dpo@afnor.org or by post to AFNOR, for the attention of the DPO, AFNOR, 11, rue Francis de Pressensé - 93571 La Plaine Saint-Denis Cedex, France.

AFNOR responds to the person having made use of one of the aforementioned rights within one (1) month of receipt of the request.

This period may nevertheless be extended by two (2) months, taking into account the complexity and number of requests. In this case, AFNOR will inform the person concerned of the extension within one (1) month of receipt of the request.

When the data subject submits a request in electronic form, the information is provided electronically whenever possible and unless the data subject requests otherwise.

If the data controller refuses to comply with the data subject's request for information, he or she shall state the reasons for the refusal.

The data subject has the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés or the supervisory authority of the European Union member state in which he or she resides, and to take legal action.

7.1. ACCESS RIGHTS

Any person may ask the Data Controller whether Personal Data concerning him or her is being Processed. If so, the person concerned may obtain a copy of the Personal Data being Processed, as well as the following information:

- purposes of the Processing ;

- categories of personal data concerned ;

- recipients or categories of recipients of the Data ;

- where possible, the length of time for which the Data will be kept or, where this is not possible, the criteria used to determine this length of time;

- where personal data are not collected from the data subject, any available information as to their source;

- where applicable, the existence of automated decision-making, including profiling, and useful information concerning the underlying logic, as well as the importance and anticipated consequences of this Processing for the data subject.

7.2. RIGHT OF RECTIFICATION

Any person whose Personal Data is the subject of Processing has the right to obtain rectification of any Personal Data concerning them that is inaccurate, and to have such Data completed if the purpose of the Processing so requires.

7.3. RIGHT TO ERASURE

Any person whose Personal Data is the subject of Processing has the right to obtain from the Data Controller the erasure of said Data in the following cases:

- When Personal Data is no longer required for the purposes for which it was collected or otherwise processed;

- Where the data subject has withdrawn the consent on which the Processing was based and there is no other legal basis for the Processing;

- In the event that the Processing is based on the legitimate interests of the data controller, where the data subject has objected to the Processing there is no compelling legitimate reason for the Processing,

- In the event that the purpose of the Processing is canvassing or profiling related to such canvassing, where the data subject has objected to the Processing ;

- When Personal Data has been Unlawfully Processed ;

- Where Personal Data must be erased in order to comply with a legal obligation under Union law or the law of the Member State to which the Data Controller is subject;

However, the Data Controller may refuse to delete Data in the following cases:

- to comply with a legal obligation that requires Processing under EU or French law;

- when the sole purpose of the Processing is statistical ;

- when processing is necessary for the establishment, exercise or defense of legal claims.

7.4. RIGHT TO LIMITATION

Any person whose Personal Data is being Processed may ask the Data Controller to limit the Processing in the following cases:

- When he/she disputes the accuracy of his/her Personal Data, for a period of time allowing the data controller to verify the accuracy of said Data;

- When the Processing does not comply with the regulations but the Data Owner does not wish to delete the Data;

- When the Data Controller no longer needs the Personal Data for the purposes of the Processing, but they are still necessary for the Data Subject to establish, exercise or defend legal claims;

- Where the data subject has objected to the Processing, during the verification as to whether the legitimate motives pursued by the Data Controller prevail over those of the data subject.

- Where Processing has been restricted, with the exception of storage, Data may only be processed in the following cases:

  • with the consent of the person concerned,
  • to establish, exercise or defend legal claims,
  • to protect the rights of another natural or legal person, or for important reasons of public interest of the Union or a Member State.

If the limitation is subsequently lifted, the data controller will inform the data subject in advance.

7.5. RIGHT TO PORTABILITY

Any person whose Personal Data is the subject of a Processing operation may request the Data Controller to communicate such Data to him or her, or to transmit it to another Data Controller, in the following cases:

  • when the Processing has been set up following the consent of the data subject
  • when the Processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the data subject's request
  • when Processing is carried out using automated processes

7.6. RIGHT OF OBJECTION

Any person whose Personal Data is processed has the right to object to such processing under the following conditions:

  • where the Processing is based on the satisfaction of legitimate interests pursued by the controller or by a third party, for reasons relating to its particular situation and if the controller does not demonstrate that there are legitimate and compelling grounds for the Processing overriding the interests and rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims
  • when the Processing is implemented for canvassing purposes or profiling linked to such canvassing, may unconditionally object to such Processing
  • when processing is carried out for statistical purposes, for reasons relating to his or her particular situation

8. PRIVACY POLICY

AFNOR INTERNATIONAL has appropriate physical, electronic and administrative security measures designed to protect the personal information obtained from data subjects, customers and prospects in accordance with the present charter. Despite reasonable efforts to protect such information, no transmission over the Internet is totally secure and AFNOR INTERNATIONAL cannot guarantee the confidentiality of Data transmitted to it over the Internet.

AFNOR INTERNATIONAL takes measures to limit intrusive actions by third parties (spam...) and provides information on electronic attacks (phishing, viruses, information theft...).

AFNOR INTERNATIONAL's various websites may contain hypertext links to other third-party websites or third-party online spaces for your convenience and information. These linked third-party websites may be operated by unaffiliated entities and may have their own privacy policies or notices. Therefore, AFNOR INTERNATIONAL advises individuals to consult the privacy policies on these third-party websites to understand how they may collect and use Personal Data. AFNOR INTERNATIONAL is not responsible for the content or the privacy practices of third-party websites that AFNOR INTERNATIONAL does not control.

AFNOR INTERNATIONAL's various websites may also include features designed to enable data subjects to initiate interactions with third-party websites or third-party services, including third-party social networks. When using third-party websites, third-party services or third-party social networks, AFNOR INTERNATIONAL invites the persons concerned to consult their privacy and Personal Data protection policies.

9. COOKIES

AFNOR INTERNATIONAL's websites use cookies to facilitate navigation on said websites, to measure the site's audience or to enable the sharing of website pages. Cookies are stored on the terminal of the person concerned for a maximum period of 13 months from the date of consent. At the end of this period, consent will again be obtained.

9.1. TYPES OF COOKIES USED

Cookies necessary for navigation on AFNOR INTERNATIONAL websites. These cookies are strictly necessary for the operation of AFNOR INTERNATIONAL websites. Deleting them may cause navigation difficulties.

Four types of Cookies, meeting the purposes described below, may be stored in the terminal of persons visiting one of the AFNOR INTERNATIONAL websites.

  • Technical cookies are necessary for browsing our websites and accessing our products and services. In particular, technical cookies make it possible to adapt the presentation of websites to the display preferences of the person's terminal (language used, display resolution), to memorize passwords and other information relating to a form filled in on the websites (registration or access to the members' area) and to implement security measures. These cookies cannot be deactivated or configured, otherwise you may no longer be able to access the site and/or website services.
  • Audience measurement cookies are issued by AFNOR INTERNATIONAL or by its technical service providers for the purpose of measuring the audience for the various contents and sections of the websites, in order to evaluate and better organize them. These Cookies also make it possible, if necessary, to detect navigation problems and consequently to improve the ergonomics of AFNOR INTERNATIONAL's services. These Cookies only produce anonymous statistics and traffic volumes, to the exclusion of any individual information.
  • Advertising Cookies are issued by our advertising partners, in the advertising spaces of our websites, the operation of these spaces contributing to the financing of content and services that AFNOR INTERNATIONAL makes available to people free of charge. These Cookies are deposited by our partners within the framework of advertising partnerships under the terms of which the advertising agencies may collect data concerning the content consulted on our site.
  • Social network" cookies allow you to share the content of AFNOR INTERNATIONAL websites with other people or to inform these other people of your consultation or opinion concerning the content of AFNOR INTERNATIONAL website(s). This is notably the case with the "share" buttons from the "twitter" social networks. The social network providing such an applicative button is likely to identify the person thanks to this button, even if the person did not use this button during the consultation of AFNOR INTERNATIONAL website(s). AFNOR INTERNATIONAL invites you to consult the privacy protection policies of these social networks in order to learn about the purposes of use, in particular advertising, of the browsing information that these networks may collect using these application buttons.

9.2. COOKIE MANAGEMENT

Individuals have the option of accepting or refusing cookies on a case-by-case basis or of refusing them once and for all by configuring their browser. If the user chooses to refuse all cookies, navigation to certain pages of the various AFNOR INTERNATIONAL websites will be reduced.

Depending on the browser used, you can delete cookies in the following ways:

  • On Internet Explorer: Click on the Tools button, then on Internet Options

In the General tab, under Browsing history, click on Settings

Click on the View files button

Select the cookies you wish to refuse and click on delete

  • On Firefox: Click on the browser's Tools icon, select the Options menu

In the window that appears, select "Privacy" and click on "Show cookies".

Select the cookies you wish to refuse and click on delete

  • On Safari: Click on the Edit icon, select the Preferences menu

Click on Security, then on Show cookies

Select the cookies you wish to refuse and click on delete

  • On Google Chrome: Click on the Tools icon, select the Options menu, then click on the Advanced Options tab and access the "Privacy" section.

Click on the "Show cookies" button

Select the cookies you wish to refuse, then click on delete

AFNOR INTERNATIONAL recommends that you refer to the official documentation for support on the various browsers.

10. CHARTER UPDATE

AFNOR INTERNATIONAL may modify this charter at any time, in particular because of :

- the introduction of new services or technologies

- changes in the legislative and regulatory framework

In the interests of transparency, AFNOR INTERNATIONAL invites those concerned to consult this page as often as they wish to take note of any changes.

Page updated on June 7, 2022.

Back to top