DATA PROTECTION POLICY

Ensuring the protection of personal data is a top priority for our organization. This policy outlines the principles we follow when collecting, processing, storing, and deleting personal data in accordance with applicable laws.

The SNEF Group is committed to protecting the personal data of its employees and to ensuring that we process it appropriately.

The purpose of this policy is to provide data subjects with important information on how the SNEF Group processes its employees’ personal data, and on how data subjects can exercise their rights. It also aims to meet the requirements of the new General Data Protection Regulation (Regulation No. 2016/679), which entered into force on May 25, 2018.

Scope

Apply this policy to all activities involving the processing of personal data of our customers, employees, suppliers, and partners. Comply with the provisions of the General Data Protection Regulation (GDPR) and any other applicable local regulations.

Limit the collection of personal data to information that is strictly necessary to achieve specific, explicit, and legitimate purposes. Inform data subjects of the purposes of the collection and the underlying legal bases.

Use of Data

Ensure that personal data is used only for the intended purposes, such as the provision of services, the management of contractual relationships, or compliance with legal obligations.

• Establish clear retention periods for each category of data, based on its intended purpose.

• Do not retain data longer than necessary for the stated purposes, unless a longer retention period is required by law.

• Apply the following principles:

• Protect data against unauthorized access, loss, or destruction through technical and organizational security measures.

• Enable data subjects to exercise their rights, such as the right to access, rectify, erase, and transfer their data.

• Delete or anonymize personal data once its retention period has expired.

Individual Rights

Under the GDPR, you have the right to access your personal data, to rectify it, to object to its processing when such processing is not based on a legal obligation, or to obtain its restriction, erasure, or portability where applicable. Furthermore, you may withdraw your consent at any time for processing based on such consent.

You may file a complaint with the CNIL if you believe your rights have not been respected. For more details on your rights, please refer to the sections below.

Depending on the processing activities, you have the following rights:

• Right to object: You have the right to object at any time to the processing of your personal data unless the processing is required by law or is necessary for the performance of your contract,

• Right of access: You have the right to obtain confirmation as to whether or not your personal data is being processed by the SNEF Group,

• Right to rectification: You have the right to have inaccurate or incomplete information about you corrected.

• Right to withdraw consent: For processing based on consent, you may withdraw the consent you have given for such processing at any time.

• Right to erasure or right to be forgotten: You have the right to have your personal data erased by the SNEF Group when one of the following grounds applies:

  • the data is no longer necessary for the purposes for which it was collected;

  • You withdraw your consent to the processing and there is no other legal basis for the processing;

  • you object to the processing of your personal data and there is no overriding legitimate ground for the processing;

  • the data is being processed unlawfully;

  • the data must be erased to comply with a legal obligation.

• Right to data portability: You have the right to receive the personal data you have provided to the SNEF Group in a structured, commonly used, and machine-readable format so that you can transmit it to another data controller. This right applies when the processing is based on your consent or on the performance of a contract, and is carried out using automated means.

• Right to file a complaint with the French Data Protection Authority (CNIL).

Security

• The SNEF Group implements all technical and organizational measures to ensure the security of the processing of your personal data as well as its confidentiality.

• To ensure the security of your personal data, particularly to prevent it from being distorted, damaged, or accessed by unauthorized third parties, the SNEF Group takes all necessary precautions, taking into account the nature of the data and the risks associated with its processing (including physical security of premises, the implementation of authentication procedures with personal and secure access via confidential usernames and passwords, and data encryption).

Exercising Your Rights Regarding Your Personal Data

In general, to exercise your rights or for any questions or issues regarding the processing of your personal data and your rights, you may contact the SNEF Group:

• By mail: Snef - 87 avenue des Aygalades – CS 50197 – 13344 Marseille Cedex 15 - France

• By email: contact@snef.fr

This policy is updated to reflect changes in legislation, technology, or organizational structure. The relevant parties are notified of significant changes via the intranet or a memo.

If you have any questions or requests regarding data protection, please contact our Data Protection Officer (DPO) at the following email address: contact@snef.fr