This Policy is managed and implemented by the IOWater Data Protection Officer (DPO).
IOWater, as responsible for data processing, can to collect, consult, use, modify, store, transfer and delete personal information (hereafter the "Data") within the framework of its general interest, contractual and commercial activities.
IOWater collects personal information when:
- you create an account and/or use the services provided by its websites,
- you subscribe to its newsletters and other communication in digital or paper format,
- you register and/or participate in one of its training courses, webinars or other events,
- you are associated with or collaborate in a project led by IOWater.
Depending on the treatment carried out, the information collected includes at most:
- your identity data (surnames and first names, date and place of birth),
- your contact information (email, telephone, postal address),
- your professional information (function, company),
- your billing data and payment terms (IBAN, payment term),
- your identification and access information for the services and subscriptions you have subscribed to (username, identifier, IP address, log).
This data will be collected with your prior consent, within the framework of the contractual relationship, for the purposes of the legitimate interests of the data controller, in accordance with legal obligation or a public-interest mission.
Through its websites, IOWater automatically receives and records anonymous data from your computer and browser, such as your web browser and the type of equipment you use. This data is collected in order to allow you to access the website features and for statistical purposes.
The data collected by IOWater allows it to:
- provide you with products or services you buy, subscribe to or wish to participate (training courses, events, etc.),
- respond to any request,
- inform you of upcoming events, news, latest products and services as well as other various offers relating to IOWater activities exclusively, in accordance with your communication preferences,
- to compile anonymous statistics for our own use in order to improve the websites we manage.
Legal basis of the personal data processing operation
The treatments implemented by IOWater are based on:
- your consent,
- a legal obligation,
- the execution of the contract to which you are a party,
- the performance of a public-interest mission,
- the legitimate interests pursued by IOWater.
Recipient of the data – Third-party data-sharing
IOWater collects personal data for the purpose of its activities only.
IOWater does not sell your personal information to third parties.
IOWater only shares your data, and at a minimum with:
- trusted third parties (OPCA, Business France, France Compétences, financial backers) to meet its regulatory or contractual obligations,
- the service providers necessary for the realization of its face-to-face or distance learning courses,
- the subcontractors necessary to carry out certain tasks (emailing, catalogue mailing, banks, business software, audits).
If need be, IOWater ensures that these third parties undertake to keep this information confidential and to treat it in accordance with the regulations in force.
Duration of data detention
IOWater keeps the data only for as long as needed for the processing for which the data was collected, in compliance with the applicable regulations.
The purpose of processing and the duration for data detention are specified when the data is collected.
IOWater implements adequate security measures maintaining the safety of your personal information.
Only the employees who need to perform specific tasks (such as billing or customer service) have access to identifiable personal data. The computers and servers used to store identifiable personal data are installed in a secure environment: the server rooms can only be accessed by authorised personnel (IOWater IT service).
The existing security policy forbids any unauthorized attempt to use the information system, either from IOWater’s internal computer networks or from the outside.
Exercise of Data Protection and Privacy rights
In accordance with General Data Protection Regulation 2016/679 of April 27, 2016 you can at any time freely exercise your rights:
- of access, rectification, opposition to your data,
- to erase your data,
- to your data portability,
- to define general and specific guidelines regarding the way you would like your rights to be exercised after your death as for the data collected by IOWater.
Proof of your identity will be asked in order to avoid potential identity theft.
To exercise your rights, you need to contact the IOWater Data Protection Officer, enclosing a copy of an identity document with your signature on it, by mail or email to the following address:
Mailing address: Office International de l’Eau
Délégué à la Protection des Données
22 rue Edouard Chamberland
87065 LIMOGES CEDEX
Data Protection Officer commits to answer your request within the statutory deadline.
In case you would like to contest the IOWater Data Protection Officer’s response or if you feel that the data controller infringed your rights, you have the right to file a complaint with the French National Commission for Data Protection and Liberties through its website: www.cnil.fr
IOWater may have to modify the present policy at any time, in particular because:
- the introduction of new services or new technologies,
- changes in the legislative and regulatory framework.
To ensure transparency, IOWater invites the people concerned to consult this page as often as they wish to take note of possible modifications.