SUPPLIERS PRIVACY POLICY

Last Updated: 3rd October, 2022

Introduction

NEMERA and its subisidiaries (together, “ NEMERA ”, “ we ”, “ us ”, or “ our ”) respect the privacy of its Suppliers. We are strongly committed to protecting your personal data.

Nemera Headquarter

Nemera
63-65 Av. Tony Garnier
69007 Lyon
FRANCE

This Privacy Policy explains how and why we processes personal data of our Supplier Employees and is provided pursuant to the European Union General Data Protection Regulation (or GDPR) and other applicable privacy laws. Reading it will help you understand your privacy rights and choices.

How do we use your personal Data ? 

We process your personal data as necessary in order to take steps at your request prior to entering into a contract (“Contractual Necessity”). Your personal data are indeed necessary to:

  • Have the contact information of suppliers;
  • Issue tenders;
  • Hold our contract library.

We also process your personal data as necessary for our legitimate business purposes (“Legitimate Interests”). Your personal data are indeed necessary to:

  • Control the payment orders transmitted to our accounting software (ERP?);
  • Compile a payment log (send invoices);
  • Participate in supplier evaluations;
  • Participate to improvement plans.

How do we collect your personal Data?

We have provided below an overview of the information we collect when you interact with us. These information may be collected at your choice either by filling our form or by using your Indeed Profile (Please refer to Indeed Privacy Policy for further information https://hrtechprivacy.com/fr/brands/about-indeed#PrivacyPolicy)

Identification data: We may collect for instance your last and first name, professional contact details (email, phone number, company postmail address).

Professional life data: We may collect for instance your job position in your company.

Automatically Collected Data: When you visit our procurement tool, we may also collect technical information such as your browser, your IP, a broad geographical information, your operation system. Please notice that this information are not individual-related data, so that we can’t directly link these with other nominative information.

How has access to your personal data? 

Your personal data are shared with:

  • Any employees in charge of managing the Supplier relationship and transactions (Procurement, Quality, Engineering, Accounting, Legal …);
  • Our partners providing us technical services requiring the process of your data insofar as they have to know about them: It may be service suppliers, including hosting and other information technology services, such as our SaaS Procurement Management system.
  • Any other third party if required to do so by law or in the good faith belief that such action is necessary to (i) comply with legal or regulatory obligations, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv) act in urgent circumstances to protect the personal safety of users of the Site, or the public, or (v) protect against legal liability.

How long do we retain your personal data?

We erase your personal data within 5 years after the end of the last cooperation with your company.

We may nevertheless store your personal data to have evidence in case of litigation and administrative control as long as the prescription period provided by local legislation has not been reached. Meanwhile, only the services in charge of litigation may have access to it.

 (For UE residents) Are my personal data transferred outside UE?

All your personal data are stored on servers located in the UE.

In connection with our operating model, your personal data may be consulted outside UE by our US subsidiaries. We have taken measures to protect the confidentiality and security of your personal data, and your rights as a data subject (Use of Standard Contractual Clauses).

How do you secure my personal data?

We have implemented physical, technical, and administrative security measures designed to protect the confidentiality of personal data we process both online and offline from loss, misuse, and unauthorized access, disclosure, alteration or destruction.

(For EU residents) What are my rights regarding my personal data?

The GDPR grants EU residents the following rights:

  • Access. You can request a copy of the personal data that we maintain about you. If you require additional copies, we may need to charge a reasonable fee.
  • Deletion and Correction. If required to do so, you can ask us to delete or correct the personal data that we hold about you.
  • Objection. You may have the right to object to how we use your personal data if this use is based on our legitimate interest
  • Restrict Processing. If required to do so, you may ask us to suspend our processing of your personal data, for example, if you want us to establish its accuracy or the reason for processing it.
  • Data Portability. If required to do so, we will give you your personal data in a structured, commonly used, and machine-readable format.
  • Withdraw Consent: Where we rely on your consent to process personal data about you, you have the right to later withdraw your consent in the manner indicated when you consent or by contacting us as described in this Privacy Policy  (ie Job Alert and Emailing, data storage once the position has been filled).

To exercise your rights and ask more info, please can contact us:

Nemera (DPO)
63-65 Av. Tony Garnier
69007 Lyon
France
dataprivacy@nemera.net 

If, despite our efforts and commitments, you feel that your rights concerning your personal data have not been respected, you may submit a complaint to the French GDPR authority “Commission Nationale Informatique et Libertés” (or any other closer European data protection authorities) :

CNIL 3 Place de Fontenoy
TSA 80715
75334 Paris Cedex 07
www.cnil.fr

May I have a look regularly on this privacy policy? 

Yes. We reserve indeed the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on our corporate website www.nemera.net. If required by law, we will also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via email or another manner through the corporate website. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting).