Privacy Policy
RGPD Charter

CHARTER ON PERSONAL DATA PROTECTION AND PRIVACY - AFNOR INTERNATIONAL

AFNOR INTERNATIONAL undertakes, within the framework of its activities and in accordance with the legislation in force in France (Law No. 78-017 of 6 January 1978 relating to data processing, files and freedoms (known as the Data Protection Act) and in Europe (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (RGPD), to ensure the protection, confidentiality and security of the Personal Data of persons benefiting from the services and/or products of AFNOR Group entities, as well as to respect their privacy.

To ensure that they are properly applied, AFNOR has appointed a personal data protection delegate, who is a privileged interlocutor in the protection of personal data, both within the AFNOR Group and in its relations with the Commission Nationale de l'Informatique et des Libertés (CNIL). 

A Data Protection Officer has been appointed for the French entities of the AFNOR Group by the CNIL, whose contact is : 

DPO, AFNOR, 11 rue Francis de Pressensé 93571 La Plaine Saint Denis.

This one can also be contacted by email via internet : ENGLISH VERSION - FRENCH VERSION

By connecting to or consulting one of the websites published by AFNOR INTERNATIONAL, you acknowledge having read, understood and accepted, without limitation or reservation, the charter on the protection of personal data and privacy. This charter aims to inform you of the rights and freedoms that you may assert with regard to AFNOR INTERNATIONAL concerning the use of your personal data and describes the measures that AFNOR INTERNATIONAL implements in order to protect them.

1. DEFINITIONS

Personal data Personal data is any information relating to an identified natural person or a person who can be identified, directly or indirectly, by reference to an identification number or to one or more elements that are specific to him.

Processing of Personal Data Processing of personal data: any operation or set of operations relating to such data, whatever the process used, and in particular the collection, recording, organisation, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, matching or interconnection, as well as blocking, erasure or destruction, constitutes Processing of personal data.

Cookie A cookie is a piece of information deposited on the hard disk of an Internet user by the server of the site he or she visits. It contains several pieces of data: the name of the server that placed it, an identifier in the form of a unique number, and possibly an expiry date. This information is sometimes stored on the computer in a simple text file which a server accesses to read and record information.

2. COLLECTION OF PERSONAL DATA

AFNOR INTERNATIONAL shall not collect Personal Data without informing the persons concerned.

AFNOR INTERNATIONAL collects this Data to provide the services and/or products requested from the persons concerned, to meet their needs and to inform them of the use made of it.

AFNOR INTERNATIONAL ensures that the Personal Data collected is relevant to the persons concerned.

AFNOR INTERNATIONAL collects information submitted by data subjects automatically in connection with the use of the website itself. This information may include unique device identifiers, Internet Protocol ("IP") addresses, browser characteristics, language preferences, operating system details and referring URLs, as well as the duration of visits to the website and the pages viewed. AFNOR INTERNATIONAL may use tools such as cookies (see §9), web beacons, embedded scripts, web server logs or other similar technologies to collect details about the services and devices used to access AFNOR INTERNATIONAL websites.

AFNOR INTERNATIONAL uses third-party web analytics services, such as Google Analytics, to help AFNOR INTERNATIONAL analyse how individuals use AFNOR INTERNATIONAL websites. To learn more about how Google may use information collected on AFNOR INTERNATIONAL websites, please visit the following link: https: //policies.google.com/privacy/partners?hl=fr. For more information on how to opt-out of the collection of Data by Google Analytics, please visit the following link: https: //tools.google.com/dlpage/gaoptout.

3. USE OF THE PERSONAL DATA COLLECTED

AFNOR INTERNATIONAL ensures the confidentiality of the personal data entrusted to it and, from the design of services, sites and applications, respects the principles of data protection.

AFNOR INTERNATIONAL uses the Personal Data of the persons concerned in order to authenticate them, to provide them with the service and/or product subscribed to and to propose offers adapted to their needs.

AFNOR INTERNATIONAL only communicates Personal Data to its authorised service providers/subcontractors and ensures that they respect strict conditions of confidentiality, use and protection of this Data.

AFNOR INTERNATIONAL shall refrain from communicating Personal Data to third parties without having informed the persons concerned and without having offered them the possibility of exercising their right of opposition.

AFNOR INTERNATIONAL may use the irreversibly anonymised Data of the persons concerned for statistical studies.

4. PURPOSES OF THE PROCESSING OPERATION(S)

When you visit one of the websites published by AFNOR INTERNATIONAL, you are likely to provide us with a certain amount of personal data in order to benefit from the services and/or products offered by AFNOR INTERNATIONAL. The Processing of Personal Data is necessary for the performance of services or for the legitimate interest of AFNOR INTERNATIONAL relating to certification activities (management systems, product certification, service certification, certification of persons, assessments - CSR, performance, suppliers - online tests for companies or persons, on-site assessment visits, regulatory attestations, labelling, private controls, inspections, qualifications) and training (recognition systems, training systems, in particular through professional social networks, e-learning, serious games, online trainee spaces, performance tests, e-books, association games, brain games and mimes, quiz boxes, mock tests). 

The collection of Personal Data allows AFNOR INTERNATIONAL to provide the persons concerned with the best possible follow-up of the services/products delivered by AFNOR INTERNATIONAL, and to improve the functioning of the website or applications (if any) used; it also allows AFNOR INTERNATIONAL to carry out optional satisfaction surveys on its services/products with a view to improving them. The personal data collected may also be used to prevent and fight against computer fraud (spamming, hacking...), or to carry out optional satisfaction surveys on AFNOR INTERNATIONAL services/products. 

Finally, where appropriate, if you have given your express consent, your personal data may be used to send you commercial information.

In online forms, mandatory fields are marked with an asterisk. If you do not answer the mandatory questions, AFNOR INTERNATIONAL will not be able to provide you with the service(s)/product(s) requested. The compulsory or optional nature of the Personal Data requested and the possible consequences of a failure to reply with regard to the persons concerned are specified at the time of their collection(s).

Your personal data is not further processed in a way that is incompatible with the purposes described above or under the collection forms. They are only kept for the time necessary to achieve these purposes.

Your personal data may be communicated to certain departments of the controller, as well as to certain partners or subcontractors for analysis and survey purposes.

5. SECURITY OF PERSONAL DATA COLLECTED

AFNOR INTERNATIONAL implements security measures adapted to the degree of sensitivity of the Personal Data to protect them against any malicious intrusion, loss, alteration or disclosure to unauthorised third parties.

AFNOR INTERNATIONAL guarantees the security of the information exchanged during transactions or payment acts.

AFNOR INTERNATIONAL issues access authorisations to its information system only to those persons who need them to perform their duties.

AFNOR INTERNATIONAL makes its employees aware of the protection of personal data made available to them in the context of their duties and ensures that they respect the rules in force and the ethics of the AFNOR Group.

AFNOR INTERNATIONAL carries out audits to verify the correct operational application of these rules.

AFNOR INTERNATIONAL requires its service providers and/or subcontractors to comply with its security principles.

6. RETENTION PERIOD OF COLLECTED PERSONAL DATA

AFNOR INTERNATIONAL shall not retain Personal Data beyond the period necessary to achieve the purpose of the Processing, while respecting the applicable legal and regulatory limits or another period taking into account operational constraints such as efficient management of customer relations and responses to legal requests or requests from the supervisory authorities on which AFNOR INTERNATIONAL depends.

With regard to customers, most of the information is kept for the duration of the contractual relationship and for 10 years after the end of the contractual period. With regard to prospects, the information is kept for 3 years from the date of collection or the last contact with AFNOR INTERNATIONAL.

7. INFORMATION AND EXERCISE OF RIGHTS

Data subjects whose Personal Data is collected shall have the right of access to their Personal Data, rectification or deletion of the same, limitation of Processing, portability of Data and the right to object to Processing.

The persons concerned are however informed that the personal Data collected are, where applicable, necessary for the execution of the service provided by AFNOR INTERNATIONAL, so that in the event of use of their right to erase the said Data, to object or to limit the Processing before the end of the contractual relationship, the service cannot be executed.

These rights may be exercised by sending an email to dpo@afnor.org or by post to AFNOR, for the attention of the DPO, AFNOR, 11, rue Francis de Pressensé - 93571 La Plaine Saint-Denis Cedex

AFNOR shall respond to the person who has made use of one of the aforementioned rights within one (1) month of receipt of the request.

This period may nevertheless be extended by two (2) months, taking into account the complexity and number of requests. In this case, AFNOR shall inform the person concerned of this extension within one (1) month of receiving the request.

Where the data subject makes his or her request in electronic form, the information shall be provided electronically where possible and unless the data subject requests otherwise.

If the controller refuses to comply with the data subject's request for information, the controller shall state the reasons for the refusal.

The data subject has the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés or the supervisory authority of the EU Member State in which he or she resides and to seek legal redress.

7.1. RIGHT OF ACCESS

Any person may ask the controller whether Personal Data concerning him or her are being Processed. If so, the data subject may obtain a copy of the Personal Data being Processed and the following information:

- purposes of the Processing ;

- categories of Personal Data concerned ;

- recipients or categories of recipients of the Data ;

- where possible, the intended period of retention of the Data or, where this is not possible, the criteria used to determine this period;

- where personal data are not collected from the data subject, any available information as to their source;

- where applicable, the existence of automated decision-making, including profiling, and relevant information about the underlying logic, as well as the significance and intended consequences of such Processing for the data subject.

7.2. RIGHT OF RECTIFICATION

Any person whose Personal Data is processed has the right to obtain the rectification of Personal Data concerning him or her that is inaccurate and that such Data is completed if the purpose of the Processing so requires.

7.3. RIGHT TO ERASURE

Any person whose Personal Data is processed has the right to obtain from the controller the erasure of such Data in the following cases:

- When Personal Data are no longer necessary for the purposes for which they were collected or otherwise processed;

- Where the data subject has withdrawn the consent on which the Processing was based and there is no other legal basis for the Processing;

- In the event that the Processing is based on the legitimate interest of the controller, where the data subject has objected to the Processing there is no compelling legitimate reason for the Processing,

- In the event that the purpose of the Processing is canvassing or profiling in connection with such canvassing, where the data subject has objected to the Processing ;

- Where Personal Data have been Unlawfully Processed ;

- Where Personal Data must be erased in order to comply with a legal obligation under Union law or the law of the Member State to which the controller is subject;

However, the data controller may refuse to erase the Data in the following cases:

- to comply with a legal obligation that requires the Processing under EU or French law;

- where the sole purpose of the Processing is statistical ;

- when the Processing is necessary for the establishment, exercise or defence of legal claims.

7.4. RIGHT TO LIMITATION

Any person whose Personal Data is processed may request the controller to restrict the Processing in the following cases:

- Where he/she disputes the accuracy of his/her Personal Data, for a period of time allowing the controller to verify the accuracy of the said Data;

- Where the Processing does not comply with the Regulation but the Data Controller does not wish to delete the Data;

- When the controller no longer needs the Personal Data for the purposes of the Processing but it is still necessary for the data subject to establish, exercise or defend legal claims;

- Where the data subject has objected to the Processing, during the verification as to whether the legitimate grounds pursued by the controller prevail over those of the data subject.

- Where Processing has been restricted, with the exception of retention, Data may only be processed in the following cases:

• with the consent of the person concerned,
• for the establishment, exercise or defence of legal claims,
• for the protection of the rights of another natural or legal person, or for important reasons of public interest of the Union or of a Member State.

If the restriction is subsequently lifted, the controller will inform the data subject in advance.

7.5. RIGHT TO PORTABILITY

Any person whose Personal Data is being Processed may request the Controller to disclose the Data to him or her or to another Controller in the following cases:

• where the Processing has been carried out with the consent of the data subject
• where the Processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures taken at the request of the data subject
• where the Processing is carried out by means of automated processes

7.6. RIGHT OF OBJECTION

Any person whose Personal Data is processed has the right to object to the Processing under the following conditions:

• where the processing is based on the satisfaction of legitimate interests pursued by the controller or by a third party, on grounds relating to his or her particular situation and if the controller does not demonstrate compelling legitimate grounds for the processing which override the interests and rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims
• where the Processing is carried out for the purpose of canvassing or profiling in connection with such canvassing, may object to such Processing, without condition
• where the Processing is carried out for statistical purposes, for reasons relating to his or her particular situation

8. PROTECTION OF PRIVACY

AFNOR INTERNATIONAL has appropriate physical, electronic and administrative security measures designed to protect the personal information obtained from data subjects, customers and prospects in accordance with this Privacy Policy. Despite reasonable efforts to protect such information, no transmission over the Internet is completely secure and AFNOR INTERNATIONAL cannot guarantee the confidentiality of Data transmitted to it over the Internet.

AFNOR INTERNATIONAL takes measures to limit the intrusive actions of third parties (spam...) and informs about electronic attacks (phishing, viruses, information theft...)

AFNOR INTERNATIONAL's various websites may contain hyperlinks to other third party websites or online spaces for the convenience and information of those concerned. These linked third party websites may be operated by non-affiliated entities and may have their own privacy policies or notices. Therefore, AFNOR INTERNATIONAL advises individuals to consult the privacy policies on these third party websites to understand how they may collect and use Personal Data. AFNOR INTERNATIONAL is not responsible for the content or the privacy practices of third party websites that AFNOR INTERNATIONAL does not control.

AFNOR INTERNATIONAL's various websites may also include features designed to allow data subjects to initiate interactions with third party websites or third party services, including third party social networks. When using third party websites, third party services or third party social networks, AFNOR INTERNATIONAL invites data subjects to consult their privacy and Personal Data protection policies.

9. COOKIES

The AFNOR INTERNATIONAL websites use cookies to facilitate navigation on the said websites, to measure the site's audience or to enable the sharing of website pages. Cookies are deposited on the terminal of the persons concerned for a maximum period of 13 months from the date of consent of the person concerned. After this period, consent will be sought again.

9.1. TYPES OF COOKIES USED

The cookies necessary for navigation on AFNOR INTERNATIONAL websites. These cookies are strictly necessary for the operation of AFNOR INTERNATIONAL websites. Their deletion may lead to navigation difficulties.

Four types of Cookies, meeting the purposes described below, may be recorded in the terminal of persons when they visit one of the AFNOR INTERNATIONAL websites.

• Technical cookies are necessary for browsing our websites and for accessing the various products and services. In particular, technical cookies enable the presentation of websites to be adapted to the display preferences of the person's terminal (language used, display resolution), to memorise passwords and other information relating to a form filled in on the websites (registration or access to the members' area) and to implement security measures. These cookies cannot be deactivated or set, otherwise you will no longer be able to access the website and/or the services of the websites.

• Audience measurement cookies are issued by AFNOR INTERNATIONAL or by its technical service providers for the purpose of measuring the audience for the various contents and sections of the websites, in order to evaluate and better organise them. These Cookies also make it possible, if necessary, to detect navigation problems and consequently to improve the ergonomics of AFNOR INTERNATIONAL's services. These Cookies only produce anonymous statistics and traffic volumes, to the exclusion of any individual information.

• Advertising Cookies are issued by our advertising partners, in the advertising spaces of our websites, the exploitation of these spaces contributing to the financing of the contents and services that AFNOR INTERNATIONAL makes available to people free of charge. These Cookies are deposited by our partners within the framework of advertising partnerships under the terms of which the advertising companies may be required to collect data concerning the content consulted on our site.

• The "Social Network" cookies make it possible to share the content of the AFNOR INTERNATIONAL websites with other people or to inform these other people of the consultation or opinion of the person concerning the content of the AFNOR INTERNATIONAL website(s). This is, in particular, the case of the "share" buttons from the social networks "twitter". The social network providing such an application button is likely to identify the person thanks to this button, even if the person has not used this button when consulting one or more AFNOR INTERNATIONAL websites. AFNOR INTERNATIONAL invites you to consult the privacy protection policies of these social networks in order to learn about the purposes of use, particularly advertising, of the browsing information that they may collect thanks to these application buttons.

9.2. COOKIE MANAGEMENT

Individuals have the option of accepting or refusing cookies on a case-by-case basis or refusing them once and for all by configuring their browser. If the person chooses to refuse all cookies, navigation to certain pages of the various AFNOR INTERNATIONAL websites will be reduced.

Depending on the browser used by individuals, the ways of deleting cookies are as follows:

• On Internet Explorer: Click on the Tools button, then on Internet Options

On the General tab, under Browsing History, click on Settings

Click on the View Files button

Select the cookies to be refused and click on delete

• On Firefox: Click on the browser's Tools icon, select the Options menu

In the window that appears, choose "Privacy" and click on "Show cookies".

Select the cookies to be refused and click on delete

• On Safari: Click on the Edit icon, select the Preferences menu

Click on Security and then on Show Cookies

Select the cookies to be refused and click on delete

• On Google Chrome: Click on the Tools icon, select the Options menu, then click the Advanced Options tab and access the Privacy section

Click on the "Show Cookies" button

Select the cookies to be refused and click on delete

For any support concerning the different browsers, AFNOR INTERNATIONAL recommends to refer to the official documentation.

10. UPDATE OF THE CHARTER

AFNOR INTERNATIONAL may have to modify this charter at any time, in particular because of :

- the introduction of new services or technologies

- changes in the legislative and regulatory framework

In the interests of transparency, AFNOR INTERNATIONAL invites the persons concerned to consult this page as often as they wish to take note of any changes.

Page updated on 7 June 2022.