This policy applies to:
SHAREWORK, a simplified joint stock company with a share capital of 194,279.60 euros, registered in the Paris Trade and Companies Register under number 793 618 729, whose registered office is located 23, rue Leconte de Lisle - 75016 Paris, in the person of its legal representatives;
Hereinafter referred to as "Sharework";
And the User of the services developed by Sharework;
Hereinafter referred to as "the User";
Hereinafter referred to together as "the Parties";
Ensuring the protection of Personal Data collected for the purposes of its business is of particular importance to Sharework.
In this context, Sharework agrees to comply with the provisions of the current regulations relative to the protection of personal data and, in particular, the Data Protection Act, in its current version on the date hereof and the EU Regulation 2016/679 of 27 April 2016, known as the "GDPR".
In doing so, Sharework offers its services within a secure and clear legal framework, after implementing a Personal Data security approach to minimize the risk of data breach and, in the event of an incident, provide an effective and timely response.
Generally, the User is a natural person, acting on behalf of his employer, his instructing party, his partner, his management company, his executive bodies.
In order to avoid any misunderstanding, and as far as he is concerned, the User informs Sharework:
(i) For Users who are legal entities :
(ii) For Users who are natural persons:
Client Company: this is the company or legal entity on behalf of which the User acts when using Sharework.
Customer Data: this is the data that the User transmits to Sharework, allowing it access to its CRM (subject to compatibility) or any other Data Source, so that the latter can analyze it in order to ensure its secure sharing with the Designated Third Party who has become a User. This Customer Data will remain the property of the Client Company.
Collected Data: Any data imported by Sharework from the Customer Data for the purpose of delivering the service,
Personal Data: Any personal data as defined by the General Data Protection Regulation (« GDPR »), including all data likely to facilitate the identification of a User but also personal data collected by the User and stored in his Data Source, of which he has authorized the transfer to Sharework for processing purposes.
Personal Data of Prospects and Customers of the Client Company: Any Personal Data from the Collected Data related to prospects and customers of the Client.
Personal Data of Employees or Collaborators of the Client Company: Any Personal Data from the Collected Data related to employees or collaborators of the Client Company.
The Designated Third Party: this is the User's target company which will be invited to share the Sharework network by the User, in order to implement an analysis of their Customer Data to extract the Relevant Data that is common to them.
Data Source: Any source of data that the user connects to Sharework with the intent to share some of this data to Designated Third Party. Data sources are usually CRM (Customer Relationship Management software) or CSV files, and Sharework regularly integrates new Data Sources.
Relevant Data: this is Customer Data whose comparative analysis between two Users has shown that sharing them between these two Users would be relevant, i.e. likely to foster the creation of a synergy between companies; this includes, for example, common customers, common prospects, etc.
Special Agreement: any contract that maybe signed between the User and Sharework. These contracts could be considered as Special Conditions of Sale and Use;
The Application developed by Sharework: this is the software developed by Sharework, in SaaS mode, to which the User will be able to connect through secure and dedicated access and through which it will be able to use Sharework services.
DPO: Responsible for the processing of collected and processed personal data (Data Protection Officer).
By purchasing or benefiting from a Sharework service, the duly authorized User acknowledges having read this Charter, and, as for the General Conditions (www.sharework.co/legal-terms/terms-of-use-en), having fully understood and accepted its content.
In order to meet its legal obligations in terms of confidentiality and to provide its Users with a secure and efficient service, Sharework reserves the right to make changes to this Policy at its discretion, in particular to ensure compliance with applicable law.
Article 5 of EU Regulation 2016/679 of 27 April 2016, known as the "DGPS", defines the principles relating to the processing of personal data.
Roughly, according to this text, the collection, processing and storage of Personal Data must comply with the following principles:
Article 6 of EU Regulation 2016/679 of 27 April 2016, known as the "DGPS", deals with the lawfulness of the processing.
In summary, for the processing to be lawful, it is necessary, as required, that:
Sharework has appointed Mr. Alexandre Sadones as the Data Protection Officer (DPO). He can be contacted for any question:
Todo this, in particular, he:
The DPO has the necessary resources and the capacity to work with Sharework teams to assist them and raise their awareness on the GDPR themes.
The technical resources implemented to protect Personal Data are the following:
Control mechanisms are simultaneously implemented in the process of developing and providing services:
Personal Data may be transmitted to the following third parties:
The User, who collects the Personal Data housed in his Data Source, remains responsible for informing the persons concerned of the transfer and processing of said data by Sharework, whose responsibility, as subcontractor of the processing, can only be engaged within this limit.
In any case, Sharework cannot not sell any personal data to third parties.
To exercise his rights as listed below, the User must contact the DPO at one of the addresses listed in Article 6.1. and provide him with any useful information to clearly identify him.
More specifically, the User must provide proof of his identity, his email address and, if need be, the reference of his Special Agreement or his customer account.
The DPO must reply to the User by email to the address provided by the User in his request within thirty (30) days of receipt of the request.
If the DPO fails to comply with this procedure, the User will be free to refer the matter to the competent authority, as designated in Article 55 of EU Regulation 2016/679 of 27 April 2016, known as the "GDPR".
The User has the right to obtain confirmation from the DPO that Personal Data concerning him/her are or are not processed and, when they are, access to said data.
Furthermore, and more particularly, the User may question the DPO about:
The User has the right to obtain from the DPO that he or she modify or complete the collected Personal Data.
The User may, with certain exceptions (article 17.3 of the DGPS), also request the deletion of Personal Data concerning him/her when:
The User may request that the processing of the Personal Data collected concerning him/her be limited if:
The User will be informed, by email, by Sharework, of the termination of the limitation, when the time comes.
The User will receive all the Personal Data collected and processed concerning him/her, in a structured format, commonly used and readable on machines, upon request.
The User may also request the portability of his Personal Data to another entity.
The User may, at any time, object to the processing of his Personal Data based on consent.
The DPO is not bound by this objection when there are legitimate and compelling reasons for processing which prevail over the interests and rights and freedom of the User, or for the establishment, exercise or defense of legal rights.
The User may also object to the processing of his Personal Data when the purpose pursued is prospecting or profiling for the purpose of prospecting.
The User, except with his consent in particular, has the right not to be the subject of a decision based exclusively on automated processing, including profiling, which produces legal effects concerning him or significantly affecting him in a similar manner.
The DPO therefore agrees to take the necessary action to guarantee the User that his right not to be the subject of a decision based exclusively on automated processing is respected.