MCA Data Protection Policy
Within the context of its activities, and in accordance with European legislation in force, MCA undertakes to ensure the protection, confidentiality and security of your personal data.
This Data Protection Policy reflects the commitments made by the companies of the MCA Group regarding the responsible use of your data.
It is applicable to all our candidates and employees as well as to our clients, subcontractors and more generally to all users of MCA services.
Why does MCA process your data?
MCA only processes personal data for specific, explicit and legitimate purposes.
The personal data collected are strictly necessary for the intended purpose.
Example: staff management, managing customer projects, etc.
The companies of the MCA Group are committed to minimising the data we collect and keeping it accurate and up to date by facilitating the rights of those concerned.
All data are collected in compliance with the legislation in force. No data are collected without the knowledge of the people concerned or without them being informed.
Your personal data are kept for a limited time that does not exceed the duration necessary for the purposes of the collection.
The data storage periods are made known to the people concerned and vary according to the nature of the data, the purpose for which they are processed or legal or regulatory requirements.
What kind of data are processed?
MCA processes the following categories of data:
- Identification data: first name, last name, username, SIREN (French business registry number)
- Personal information: date of birth, place of birth, mobility, etc.
- Contact details: postal address, email, phone number
- Economic and financial data: means of payment, bank details
- Professional life: role, education, qualifications
- Computer data: IP addresses, cookies, etc.
Who are the recipients of your data?
The data collected are intended for the internal services of MCA.
The data can also be processed by MCA partners who act to improve the internal organisation of MCA/AXILEO (payroll software, CRM, etc.). This involves collaboration with partners for the provision of services. You may also be asked to consent to additional processing.
The data may also be transmitted to the competent authorities, at their request, as part of judicial proceedings, judicial investigations and requests for information from the authorities or in order to comply with other legal obligations.
What are your rights?
In accordance with articles 12 to 21 of the GDPR, you have a right of information, access, rectification, restriction and erasure ("right to be forgotten") of data concerning you. You have a right to request data portability.
MCA/AXILEO undertakes to facilitate the exercising of your right to object with regard to your personal data. The right to object is understood as the shall have the right to object to processing of personal data concerning him or her.
How can you exercise your rights?
You can exercise your rights at any time, as well as contacting the Personal Data Protection Officer at the following address: firstname.lastname@example.org.
Any request to exercise your rights must be accompanied by a photocopy of your proof of identity (national identity card, passport, resident card).
A response will be sent to you within one month of receiving your request.
If your exchanges with MCA/AXILEO have not been satisfactory, you have the option of filing a complaint with the CNIL (French data protection authority), the supervisory body responsible for compliance with obligations regarding personal data.
How are my data secured?
The personal data we collect are stored in a secure environment. People working for MCA/AXILEO are required to respect the confidentiality of your information.
Information Systems Protection policies are implemented and are appropriate for the nature of the data processed and the activities of the company. Appropriate physical, logistical and organisational security measures are provided to ensure the confidentiality of the data, including avoiding all unauthorised access.
The companies in the MCA Group also require any subcontractor to provide appropriate safeguards to ensure the security and confidentiality of personal data and to comply with applicable law.
Monitoring of the Data Protection Policy
This Data Protection Policy, intended for employees of MCA Group companies and external persons involved in data processing, is accessible and available internally to employees via the Intranet and externally via the websites of MCA Group companies, contracts and commercial documents.
This Policy will be updated regularly to take into account legislative and regulatory developments.
This Policy is effective from 25 May 2018.