Rules on the protection of natural persons with regard to the processing of personal data by Retraite Plus
1. Background and legal framework
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, known as the General Data Protection Regulation (GDPR), sets out the legal framework for the processing of personal data.
In this context, we present the provisions for complying with this regulation in accordance with the requirements thereof. Indeed, Retraite Plus manages personal data within the scope of its activity, which is primarily to assist elderly individuals or their relatives to search for appropriate accommodation (Retirement Home, Extra Care Home, etc.) or Domiciliary Services.
2. Elements relating to our application of the regulations
The following elements relate to the management of personal data, in accordance with the regulation:
Note on health data: Retirement Plus does not keep a medical record and does not act as an intermediary between the family and the facility or domiciliary service in terms of providing medical records.
3. General principles for collecting and processing personal data
Retraite Plus makes every effort to comply with the legislation when collecting and processing personal data:
4. Rights of individuals
Clients and contacts have the right to ask Retraite Plus to respect their rights with regard to the processing of personal data. These rights include the following:
These rights are conditional subject to compliance with the following:
In accordance with legislation governing the protection of personal data, customers and contacts are informed that this is an individual right that can only be exercised by the person concerned in relation to his or her own information. For security reasons, the service in question will therefore have to verify your identity in order to avoid discussing any confidential information about you with a third party.
Clients and contacts have the right to request a copy of their personal data being processed from Retraite Plus. However, if an additional copy is requested, Retire Plus may ask customers and contacts to pay for the service.
If customers and contacts request a copy of the data electronically, the requested information will be provided in a currently used electronic format, unless requested otherwise.
Customers and contacts are informed that this right of access may not relate to confidential information or data, or data for which communication is not permitted by law.
The right of access must not be exercised in an abusive manner, i.e. on a regular basis with the sole aim of destabilising the service concerned.
Important note on "Consent”
When a person provides information (Name, First Name, Telephone, email, location of the search, level of urgency, etc.), on one of our websites, by email or otherwise, to enable them to be assisted by Retraite Plus in their search for accommodation or domiciliary services, and request a call back, they are explicitly giving their consent to the processing of the personal data they have provided / data they will subsequently give our advisers or any other Retraite Plus employee during telephone conversations and the exchange of data via computer or telephone (email, sms, fax, etc.).
Any individual has the right, at any time, to revoke their consent to the processing of their personal data, in accordance with the legislation. Retraite Plus shall undertake to acknowledge this right as soon as possible.
Retraite Plus informs its customers and contacts that it may appoint a subcontractor of its own choice to process personal data.
In this case, Retraite Plus shall ensure that the subcontractor complies with their obligations under the GDPR, regardless of whether it is located within or outside the European Union.
Retraite Plus shall undertake to sign a written contract with all its subcontractors and imposes the same data protection obligations as Retraite Plus follows. Furthermore, Retraite Plus reserves the right to conduct subcontractor audits to ensure compliance with the provisions of the GDPR.
Retirement Plus shall define and implement any technical, physical or logical security measures that it deems appropriate in order to combat the destruction, loss, alteration or unauthorised disclosure of data in an accidental or illicit manner.
These measures mainly comprise the following:
7. Data breach
In the event of a personal data breach, Retraite Plus shall undertake to notify the CNIL (French National Data Protection Agency) under the conditions prescribed by the GDPR.
If this breach poses a significant risk to customers and contacts and the data have not been protected, Retirement Plus shall:
8. DPO - Data Protection Officer
Retraite Plus has appointed a Data Protection Officer.
The Data Protection Officer’s contact details are as follows:
The DPO (Data Protection Officer)
14, Quai de la Marne 75019 Paris
Tel.: +32 2 318 04 78
If personal data are to be reprocessed, Retraite Plus will initially refer the matter to the Data Protection Officer.
If customers and contacts wish to obtain specific information or ask a specific question, they can contact the Data Protection Officer, who will answer the question asked or provide the necessary information within a reasonable timescale.
In the event of problems relating to the processing of personal data, customers and contacts may contact the designated Data Protection Officer.
9. Processing Register and Impact Assessment
As the Data Controller, Retirement Plus shall undertake to keep an up-to-date record of all processing activities carried out.
This register is a document or application listing all of the processing operations carried out by Retraite Plus, as the Data Controller.
Retirement Plus shall also undertake to prepare an Impact Assessment of the risks associated with personal data.
Retraite Plus shall undertake to provide the supervisory authority, on receipt of the initial request, with information allowing the said authority to check the compliance of the processing in line with current data processing legislation.
10. Right to lodge a complaint with the CNIL (French National Data Protection Agency)
Customers and contacts who have concerns regarding the processing of their personal data are entitled to lodge a complaint with the supervisory authority, namely the CNIL (French National Data Protection Agency) in France, if they consider that their personal data are not being processed in accordance with European data protection regulations. Complaints should be sent to the following address:
Commission De La Protection De La Vie Privée
Rue de la Presse 35, 1000 Brussels, Belgium
Find suitable accomodation for senior citizens