top of page

privacy policy


Last updated: April 25, 2021


1. A PHE PROTECT commitment

2. Some definitions

3. Who is responsible for processing your data?

4. What is the scope of this policy?

5. For what purposes do we collect and process your personal data?

6. What personal data do we collect?

7. Who are the recipients of the data collected?

8. Is your personal data transferred outside the European Union?

9. How long is your personal data kept?

10. How is your personal data protected?

11. What are your rights regarding your personal data?

12. Modification of the privacy policy


1. A PHE PROTECT commitment


Because of its sector of activity, relating to the prevention and security of people, PHE PROTECT is deeply committed to the respect of private life and the protection of personal data and undertakes to implement adequate measures to ensure their protection, confidentiality and security.


This privacy policy defines and informs you of how PHE PROTECT undertakes to use and protect the personal information you transmit to us, in accordance with legal requirements, in particular European regulation 2016/679 on protection personal data

(GDPR) and the amended law n ° 78-17 of January 6, 1978 called the Data Protection Act.


2. Some definitions


"Personal data": any data allowing a direct or indirect identification of a natural person.

"Data processing": operations carried out on personal data, in particular the collection, recording, use, transmission or communication.

"Data controller": legal entity in charge of determining the purposes of the processing and the means implemented.


3. Who is responsible for processing your data?


The data controller mentioned in this document is the company PHE PROTECT Headquarters: 80 avenue du Général de Gaulle 91170 VIRY CHATILLON - SAS –RCS 825 136 971 EVRY


In the event of difficulties in connection with the management of your personal data, you can send a complaint by mail to the following address:



80 avenue du Général de Gaulle

91170 Viry-Châtillon


Or by email: remarks.pheprotect@gmail.com


4. What is the scope of this policy?


This confidentiality policy applies to all processing of personal data implemented by PHE PROTECT and relating to external persons (hereinafter "you"), whether they are customers, prospects, partners, candidates for recruitment. , users of our services, including those offered by this site, suppliers, service providers or Internet users.


PHE PROTECT wishes to offer you a safe and secure experience and undertakes that the information you provide to us through various channels (including but not limited to this website, written correspondence, emails and conversations) are only used for the purposes described in this policy.


5. For what purposes do we collect and process your personal data?


PHE PROTECT undertakes to collect and process your personal data in a fair, lawful and transparent manner. The treatments implemented by PHE PROTECT correspond to the following explicit, legitimate and determined purposes:


Allow you to access our services and respond to your requests: management of your request, whether by contact form, which you will find on the company's website, by telephone or by any other channel.


In this context, the legal basis for processing results:


Or the performance of a contract if the request is linked to a contractual relationship between PHE PROTECT and you.

Or the legitimate interest of PHE PROTECT and more specifically its economic and reputational interest in communicating clearly with you, understanding your needs and expectations and responding to them in the best possible way.

Either with your consent.


Manage the contractual relationship with our customers, service providers or partners: contract management, order management, invoices, deliveries, public relations, provision of services and communication with you as part of these services…

In this context, the legal basis for processing is the execution of the contract between PHE PROTECT and you.

Process of entering into relationship: management of prospects, canvassing, sending commercial information about us, integration of new customers, communication with you by any means whatsoever (including but not limited to emails, telephone, SMS, social networks, mail or in person),…


In this context, the legal basis for processing results:


Either the execution of a contract likely to bind us or the execution of measures prior to the conclusion of a contract with you.

Or the legitimate interest of PHE PROTECT, more particularly its economic interest to communicate clearly with you, to better understand your needs and to offer you adapted services.

Either with your consent.


Follow-up of your application file submitted online or directly to the office of our President.

The purpose of the processing of personal data implemented in this case is to identify the candidate for recruitment and to determine their abilities to occupy a position within our company. Our goal is both to respond to your requests and to find profiles suited to the missions available within PHE PROTECT, in order to promote the meeting of supply and demand on the job market.

In this context, the legal basis for processing your application data is your consent.

Legal proceedings: exercise and defense of legal rights.

The processing implemented is necessary to comply with a legal obligation or PHE PROTECT has a legitimate interest in the processing for the purposes of establishing, exercising or defending our legal rights.


6. What personal data do we collect?


PHE PROTECT takes care to collect and process only the relevant personal data, adequate and strictly necessary to achieve the previously determined purposes, without excess or disproportion compared to the objective pursued.


PHE PROTECT takes all the necessary measures to ensure that your data is accurate, complete and, if necessary, updated.


PHE PROTECT undertakes to collect the consent of the persons concerned when this is required and to inform them of the processing of their data.


You can choose not to communicate certain information to us, however this decision risks depriving you of certain services offered by PHE PROTECT.


Data that you provide to us directly:


You are likely to communicate this data to us during the following operations: When you want to apply for a job offer at PHE PROTECT, when you access our services or when you want to get in touch with us.


In this context, we are required to process and collect the following personal data:


Identification data: for example surname, first name, address, telephone number (s), email address, fax number, professional contact details.

Personal characteristics: date of birth, age, country of birth, marital status.

Professional information: CV, motivation letter, interview notes, job and professional history, details of training and qualifications, details of the professional profile of social network.

Identifiers issued by public bodies: for example national identity card, passport, residence permit, social security number, driver's license, professional card issued by the CNAPS, firearms license and their paper copies.

Data relating to transactions: billing address, instruction file, details relating to transactions and payment information.

Any other information that you provide to us directly, voluntarily and with consent in the context of the use of our website, our services and the contracts that we may have concluded with you.

The compulsory or optional nature of the information that you must fill in is generally indicated at the time of data collection on the corresponding forms by an asterisk. Any failure to respond, or any response deemed abnormal by PHE PROTECT is likely to result in PHE PROTECT refusing to take into account your request.


PHE PROTECT may offer to provide certain personal data for prospecting purposes. You can expressly and freely consent or not to the collection and processing of this data for these purposes by means of a check box.


Data that you provide to us indirectly


When using the PHE PROTECT website (accessible from the following URL: https://www.pheprotect.com/) the following information may be collected by our partner Wix: URL des links through which the user has accessed the PHE PROTECT website, the user's access provider and the user's IP address.


The collection and processing of this data is done anonymously, without personal reference, in order to allow the use of the website (setting up of the link) and to ensure the long-term security and stability of the system. The above information is not linked to or stored with personal data.


It is only in the event of an attack on the network infrastructure or suspicion of an illicit or abusive use of the website that the IP address is analyzed for the purpose of clarification and defense.


The PHE PROTECT website does not use cookies and does not collect personal information other than that which you provide to us directly via the contact forms. The site is therefore not declared to the CNIL.


The case of "sensitive data"


The Data Controller may in no case collect "sensitive" data, except as specified below.


The term "sensitive data" designates personal data allowing the direct or indirect disclosure of elements referred to in articles L 1132-1 et seq. Of the Labor Code and likely, in the event of misappropriation, to create a discriminatory risk. The Data Controller may in no case collect this type of data, unless specified later.


The processing of sensitive data is indeed considered lawful if it is necessary:


For the purposes of fulfilling the obligations and exercising the rights proper to the controller or the data subject in terms of labor law, security and social protection, insofar as this processing is authorized by Union law and French law, or by collective agreement.

Upon the establishment, exercise or defense of a legal claim.

When the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, you will be informed of the nature of the legitimate interest in question, with the option of opposing your interests or your freedoms and rights own fundamentals.


When the processing is based on Article 6 (1) (a) or Article 9 (2) (a) of the European Regulation, you will have the right to withdraw your consent at any time, without giving breach of the lawfulness of the processing based on consent before its withdrawal.


7. Who are the recipients of the data collected?


The personal data collected is treated confidentially and is only used by authorized and determined PHE PROTECT staff. Each PHE PROTECT service (management, human resources, development, operations) has access only to the data strictly necessary to ensure its proper functioning.


No personal data is transferred to third parties other than the recipients, without prejudice to any compulsory transmission to the bodies entrusted with a task of control, verification or regulatory tasks entrusted to them in accordance with national law. .


PHE PROTECT does not transfer any data to third parties, whether for commercial, direct marketing or any other purpose.


8. Is your personal data transferred outside the European Union?


No. PHE PROTECT stores your personal data in France, in the European Union.


9. How long is your personal data kept?


PHE PROTECT keeps your personal data as long as necessary for the fulfillment of the purposes for which it was collected and processed. PHE PROTECT may nevertheless keep this data for a longer period of time to comply with legal obligations and in particular the applicable limitation or foreclosure periods.


(1) In order to define a retention period, the following criteria are used:


The data relating to the management of commercial relationships are kept for the duration of the contractual relationship and then for a maximum of three years for prospecting purposes.

Data relating to the use of our services and the management of orders are kept for the duration of the contractual relationship and then in accordance with the applicable deadlines.

The data relating to requests and / or questions submitted via the contact form or other, are kept for the time necessary for their processing.

Data relating to solicitation operations is kept for one year from the last contact with the prospect.

Application data can be kept for up to two years from the last contact with the candidate.

The data relating to the management of orders and invoicing can be kept for 5 years (except the data relating to the means of payment which are deleted at the end of the commercial relationship).


(2) (a) Certain personal data, and in particular that concerning our employees, is kept in a form allowing identification for the duration of any limitation or foreclosure period applicable under the legislation in force. This period corresponds to any period during which a person could bring legal action against the company, whether the latter is a link with your personal data or whether the personal data are useful, relevant and or necessary for the resolution of the litigation.


(2) (b) Furthermore, due to the extremely long time taken for legal proceedings, and since referral to the court or authority does not always give rise to real-time information for the defendant, we reserve the right the right to apply an additional retention period of four months following the expiration of the applicable limitation or foreclosure period. So that, if a person takes legal action at the end of this period, we are always able to have a reasonable time to identify the relevant personal data in the context of this action.


(3) In the event of legal action, we may also continue to process your personal data during the additional periods necessary in connection with these actions.


Under the conditions described in paragraphs (2a), (2b), and (3), the processing of your personal data will be limited to their storage, to the actions necessary to ensure their security and confidentiality and to their examination in relation to a legal action or under an obligation prescribed by applicable law.


Once the periods indicated in paragraphs (1), (2) and (3) have ended, and to the extent that they apply, we undertake to permanently delete or destroy the personal data concerning you.


10. How is your personal data protected?


As the data controller, PHE PROTECT implements technical and organizational measures to protect your personal data against alteration, accidental loss, illicit use, disclosure or unauthorized access.


They understand :


Awareness of the confidentiality requirements of our employees who need to access your personal data.

Securing access to our premises and our IT platform.


11. What are your rights regarding your personal data?


In accordance with the applicable legislation on the protection of personal data, you have the following rights:


The right of access, when your personal data is processed, you have the right to obtain access to said data and a copy of it.


The Data Controller undertakes to respond to you as soon as possible and in any event within a maximum of one month from the receipt of the request. If necessary, this period may be extended by a maximum of two months, in the event of complexity or a large number of requests received. The person concerned will then be informed of this extension, of its presumed duration and of the reasons for postponement within a maximum period of one month from receipt of the request.


The right to rectify inaccurate personal data concerning you. You can also obtain the right to supplement your incomplete data, including by providing an additional declaration.

The right to erasure of personal data which has been processed in violation of the general principles of the GDPR regulation or when their processing is no longer necessary or is not or is no longer lawful, subject to legal and legitimate reasons that PHE PROTECT may have to keep your data according to the applicable retention periods (see section 9 above).

The right to object to the processing of your personal data, if necessary we will no longer process it, unless we have compelling reasons to do so (eg exercising or defending a legal claim).


Principle: You can, if you wish, object in whole or in part to the processing of your personal data for reasons that you must motivate. The Data Controller has two months to respond to such a request.


The Data Controller is entitled to accept or refuse such a request. In this case, he will send you a reasoned refusal decision.


In the event of a dispute, the employer and the employee may apply to the CNIL for a ruling.


Exception: In the event of a request for opposition or erasure of your personal data, the Data Controller is nevertheless authorized to continue processing your data when these are:


Legally mandatory.

Necessary for the performance of a contract to which the person is a party.

Necessary for the purposes of legitimate interest that we are pursuing and in particular the establishment, exercise or defense of a legal claim.


The right to the portability of your personal data which allows you to request from PHE PROTECT the transmission of your data in a structured format, commonly used and readable by a machine.

The right to lodge a complaint with the CNIL concerning the practices relating to the protection of personal data of PHE PROTECT.

Beforehand, we thank you for alerting us of any question or possible difficulty that PHE PROTECT will undertake to resolve amicably by mail to the following address:



80 avenue du Général de Gaulle



12. Modification of the privacy policy


PHE PROTECT reserves the right to modify or supplement this confidentiality policy, in particular with a view to complying with any legislative, regulatory, jurisprudential or technological development. The date of the update will then be clearly identified at the top of this policy. Since these modifications are binding on the User as soon as they are put online, the latter should regularly consult this confidentiality policy in order to be aware of these possible modifications.

bottom of page