Data Protection Policy
Click here to read the Havas N.A. Data Protection Policy.
1. Havas is committed to protecting your privacy and personal data
HAVAS INTERNATIONAL CONSULTING is committed to protecting your privacy and personal data. This Group Policy informs you of our data processing practices and how your personal data is collected and used by HAVAS INTERNATIONAL CONSULTING. Please read it all the way through. This policy is available on our homepage and at the bottom of each page of the https://havasinternationalconsulting.com website. Havas is committed to protecting the right to privacy and data protection, as well as complying with national and international data protection laws. Havas is committed to maintaining the confidentiality of any personal data and to strictly limiting its disclosure in accordance with national laws and current regulations.
This policy is applicable to Havas subsidiaries acting in their capacity as data controller.
2. Definitions
The terms below have the following meaning, in both the singular and plural:
• “personal data” means any information relating to an identified or identifiable natural person, directly or indirectly, within the meaning of the regulations
• “data subject” means a natural person whose personal data is processed by Havas
• “regulations” means the regulations in force in France, applicable to the processing of personal data, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “GDPR”) and Law No. 78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties as amended
• “data controller” means a natural or legal person who determines the means and purposes of the processing of personal data within the meaning of the Regulations
• “processor” means a natural or legal person who processes data on behalf of the data controller in connection with a service
• Website means the HAVAS INTERNATIONAL CONSULTING website accessible at the URL: https://havasinternationalconsulting.com (the “Website”)
• “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. How do we process your personal data ?
This policy is applicable in all Havas subsidiaries in their capacity as data controller, unless national legislation provides for specific rules.
When you browse and interact with the Website and in general during your interactions or exchanges with the Havas, HAVAS INTERNATIONAL CONSULTING may collect and process your data in order to manage activities conducted on its own account, as data controller.
HAVAS INTERNATIONAL CONSULTING respects the right of each individual, employee, applicant, customer, supplier, partner, administrator, subscriber, prospect or internet user to have their personal data protected. Havas observes the principles defined by the regulations:
1. Processing your personal data fairly, lawfully and in a transparent manner.
2. Collecting your personal data for explicit, specified and legitimate purposes, and not processing them further in ways incompatible with those purposes.
3. Ensuring that the personal data collected is relevant, proportionate and not excessive with regard to the purposes for which they are collected and processed. Personal data may be anonymised when feasible and appropriate, depending on the nature of the data and the risks associated with the intended uses.
4. Keeping your personal data accurate and up-to-date if necessary. We will take reasonable steps to rectify or delete inaccurate or incomplete data.
5. Personal data will be kept for the time necessary for the purposes for which they are collected and processed.
6. Personal data will be processed in accordance with the rights of individuals.
7. Technical, physical and organisational measures are taken to secure your data and prevent unauthorised access, unlawful processing and unauthorised or accidental loss, destruction or damage of personal data.
8. Processing your personal data in accordance with the legal bases for processing, including the collection of consent when required.
4. What types of personal data are collected ?
In its capacity as data controller, Havas collects and processes your personal data after informing you accordingly. Personal data is any information relating to an identified or identifiable natural person. An identifiable person is a person who can be identified, directly or indirectly, in particular by reference to an identifier or to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity. This Policy does not cover data rendered anonymous, i.e. when individuals are no longer identifiable or are identifiable only with a disproportionately large expense in time, cost and labour. If anonymous data becomes identifiable, or if pseudonyms are used and allow individuals to be identified, then this Policy will apply. It is up to you whether or not to disclose personal data to us. However, if you choose not to do so, we reserve the right not to register you as a user or not to provide you with the requested service.
In general, your personal data is collected directly from you, but they may also be collected from third parties.
The types of personal data we process include:
• your identification data (your first name, last name, pseudonym, gender, email address, postal address, telephone number, if applicable photograph, social media profile)
• your professional data (your educational and professional background for job applicants, your job title, home company)
• your login data: your IP address, if applicable, your online ID, your HAVAS INTERNATIONAL CONSULTING online user password
• your browsing data and expressed preference: traffic and browsing history on HAVAS INTERNATIONAL CONSULTING websites, data from cookies and trackers on Havas websites
Except for specific legal obligations, we do not collect so-called “sensitive” personal data or special categories of personal data.
In general, and with some exceptions, the use of Havas websites and HAVAS INTERNATIONAL CONSULTING pages on social networks is reserved for adults.
5. What is the purpose, the legal basis for the collection of your data and the retention period?
In accordance with the regulations, the personal data we collect is used for the purposes for which they have been collected for the period of time indicated in the table below.
The processing operations carried out by HAVAS INTERNATIONAL CONSULTING have the following purposes, legal bases and retention periods:
Purposes : Customer relationship management.
Legal basis : Performance of the contract. Legal obligation (accounting/tax/administrative).
Retention period : Term of the contract plus applicable limitation periods.
Purposes : Partner and supplier relationship management
Legal basis : Performance of the contract. Legal obligation (accounting/tax/administrative).
Retention period : Term of the contract plus applicable limitation periods.
Purposes : Application management.
Legal basis : Legitimate interest of Havas.
Retention period : 2 years.
Purposes : Product and institutional communication management (website and social networks).
Legal basis : Legitimate interest of Havas.
Retention period : Duration of the communication plus applicable limitation periods.
Purposes : Administrative and legal formalities and the fight against fraud.
Legal basis : Legal and regulatory obligation.
Retention period : Duration of applicable legal requirements.
Purposes : Subscription to newsletters.
Legal basis : Consent
Retention period : Duration of subscription to the newsletter.
Purposes : Management of cookies and other website trackers.
Legal basis : Consent. Legitimate interest of Havas (technical cookies).
Retention period : Periods specified in the website cookies policy.
Purposes : Management and follow-up of contact requests.
Legal basis : Legitimate interest of Havas.
Retention period : Time required to process the request.
Purposes : Reporting and securing access to websites.
Legal basis : Legitimate interest of Havas.
Retention period : 6 months to 1 year maximum.
Purposes : Exercising your personal data rights.
Legal basis : Legal and regulatory obligation.
Retention period : 1 year or 6 years from the request to exercise the right, according to the right exercised.
In the event of litigation/proceedings, particularly legal proceedings, initiated before the end of the above periods and which require the retention of personal data, particularly with a view to the establishment, exercise or defence of rights, such personal data shall be retained for the duration of said proceedings and until the exhaustion of the legal remedies.
6. Who are the recipients of your data ?
Your personal data may be disclosed to staff in the following departments, according to their powers and authorisations and only if necessary for their activity, according to the purposes strictly pursued:
Internal recipients: General Secretariat, Communication, Legal, Finance and Accounting, Purchasing, Business Development, Digital, IT, General Services and Human Resources departments.
External recipients: The hosting providers of our websites, our auditors and statutory auditors, our legal advisers, our insurers, our duly authorised partners, service providers and subcontractors which we may use to carry out our activities, tax and social security bodies, public authorities, court officers and ministerial officers where applicable.
Please browse the Havas website www.havasgroup.fr for further information on the Havas.
7. Data transfer
HAVAS INTERNATIONAL CONSULTING prioritises the transfer of personal data within Europe. However, your personal data collected and processed for the purposes described above may in certain cases be transmitted to companies outside the European Union.
Some of these countries have an adequate level of data protection.
In other cases, please note that the transfers of your personal data to other entities outside the European Union are governed by the implementation of appropriate safeguards to ensure the confidentiality and security of the transferred data.
HAVAS INTERNATIONAL CONSULTING may, in this regard, conclude contractual clauses with the recipients of such data in accordance with the recommendations of the European Commission to ensure that appropriate safeguards are taken regarding the protection of said data. In addition, and where the legislation of the third country does not provide protection equivalent to that offered by the regulations, we shall ensure that additional measures are implemented to guarantee a level of protection of your personal data essentially equivalent to that provided for in the European Union and to ensure that this protection is effective.
You are also advised that transfers of personal data outside the European Union are lawful if in particular (i) the transfer is necessary for the performance of a contract between the data subject and the data controller or for the implementation of pre-contractual measures taken at the request of the data subject, if (ii) the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the data controller and another natural or legal person, or if (iii) the data subject has given explicit consent to the proposed transfer, after having been informed of the risks that the transfer could entail for him or her due to the absence of an adequacy decision and appropriate safeguards.
8. Security and subcontracting
HAVAS INTERNATIONAL CONSULTING places particular importance on the security of your personal data.
Therefore, HAVAS INTERNATIONAL CONSULTING has implemented technical and organisational measures tailored to the nature of the personal data, in order to ensure the integrity and confidentiality of such personal data and to protect them against malicious intrusion, loss, alteration or disclosure to unauthorised third parties.
Nevertheless, the security and confidentiality of personal data depend on everyone’s best practices and you are encouraged to remain vigilant regarding this issue.
When HAVAS INTERNATIONAL CONSULTING uses a processor, we only disclose personal data to it after having obtained a commitment and guarantees from said processor regarding its ability to meet the security and confidentiality requirements and entered into a written contractual commitment with it.
9. Third-party websites and social networks
HAVAS INTERNATIONAL CONSULTING websites or services may provide links to third-party applications, products, services or websites to facilitate your browsing and for your information. If you access these links, you will leave the Website. Havas does not control these third-party websites or their privacy and data protection practices, which may differ from ours. We do not finance or represent any of these third-party websites and accept no responsibility for their content or their practice in terms of personal data protection. Personal data you choose to provide via such websites or which are collected by such third parties are not covered by the HAVAS INTERNATIONAL CONSULTING Privacy Policy. We encourage you to review the privacy policy of any website with which you interact before allowing your personal data to be collected and used. We also provide links to social networks that allow you to share information with your own social networks and interact. When you use these links, information about you may be collected or shared. We encourage you to review the privacy policies of the social networks with which you interact, to find out the information that may be collected, used or shared by these websites. If you post, comment, indicate interests or share personal data in any public forum, social network, blog or any similar forum, please note that any personal information you post may be collected or used by other users of these forums and networks. In any event, HAVAS INTERNATIONAL CONSULTING may not be held liable for such third-party uses which are not its responsibility.
10. Cookie management
We use cookies on Havas websites. The details of the cookies used are available in the policy of each Havas website concerned.
The management of cookies on the Website is the subject of a cookie policy available here.
11. What are your personal data rights?
HAVAS INTERNATIONAL CONSULTING is particularly concerned about respecting the rights granted to you in connection with the data processing it implements, to guarantee fair and transparent processing with regard to the particular circumstances and context in which your personal data are processed.
Your right of access.
In this respect, you have the right to obtain confirmation as to whether or not your personal data is being processed and when it is being processed. You have the right to request a copy of your data and information concerning:
• the purposes of the processing
• the categories of personal data concerned
• the recipients or categories of recipients and, where applicable, if such disclosure were to be made, the international organisations to which the personal data have been or will be disclosed, in particular recipients established in third countries
• where possible, the envisaged retention period of the Personal Data or, where this is not possible, the criteria used to determine that period
• the existence of the right to request from the data controller rectification or erasure of your Personal Data, the right to request a restriction of the Processing of your personal data and the right to object to such Processing
• the right to lodge a complaint with a supervisory authority
• information relating to the source of the Data when they are not collected directly from you
• the existence, where appropriate, of automated decision-making, including profiling, and, in the latter case, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing.
Your right to have your data rectified.
You can ask us for your personal data to be corrected or completed if they are inaccurate, incomplete, ambiguous and/or outdated, as the case may be.
Your right to have your data erased.
You can ask us to erase your personal data in the cases provided for by the regulations.
Please note that the right to erasure of data is not a general right and that it can only be granted if one of the reasons provided for in the applicable regulations is present.
Your right to restrict data processing.
You may request the processing of your personal data to be restricted in the cases provided for by the regulations.
Your right to object to data processing.
You have the right to object at any time, on grounds relating to your particular situation, to a processing operation concerning your personal data whose legal basis is the legitimate interest pursued by the data controller.
If you exercise such a right to object, we will ensure that we no longer process your personal data in relation to the processing operation concerned unless we can demonstrate that we can have compelling legitimate grounds for maintaining such processing operation. These grounds must override your interests and rights and freedoms, or the processing must be justified for the establishment, exercise or defence of legal claims.
Your right to data portability.
You have the right to data portability with regard to your personal data. Please note that this is not a general right. Indeed, all the data of all processing operations are not portable and this right only concerns automated processing, excluding manual or paper processing operations.
This right is limited to processing operations whose legal basis is your consent or the performance of pre-contractual measures or a contract.
Your right to withdraw consent.
When the data processing operations we implement are based on your consent, you can withdraw it at any time. We then stop processing your personal data without the previous operations to which you had given your consent being called into question.
Your right to lodge a complaint.
You have the right to lodge a complaint with the supervisory data protection authority in your country of residence, without prejudice to any other administrative or judicial remedy.
Your right to define post-mortem instructions (France).
In accordance with the French Data Protection Act of 6 January 1978, as amended, you have the right to define instructions relating to the retention, erasure and disclosure of your personal data after your death in accordance with the procedures set out below.
How to exercise your rights
You can exercise your rights with the Havas DPO:
at the email address: dpo@havas.com
or by post to: Havas Data Protection Officer, 29/30, quai de Dion Bouton, Puteaux Cedex 92800 France.
We will reply as soon as possible and in any event within one month of receipt of the request. We may, as necessary, extend this period by two months, taking into account the complexity and number of requests, and we will specifically inform you of this.
12. Changes to the privacy policy
HAVAS INTERNATIONAL CONSULTING reserves the right to amend this policy if necessary, for example, to comply with a change in law, regulations, HAVAS INTERNATIONAL CONSULTING practices and procedures or requirements imposed by data protection authorities. The new policy will be published on the Website.
Please check it regularly.
If you have any questions or comments about this policy, please contact our Group DPO whose contact details can be found in Article 11 above.
Last updated: Mars 2023.