Complying with personal data protection is not only about avoiding financial sanctions.

The attack on data, which even taken one by one may seem insignificant, can result in serious impacts for the persons concerned.

This topic must not be just a constraint, it is a progress for society, just like the steps of corporate social responsibility (CSR).

Responsible treatment gives the people concerned confidence.

It constitutes a differentiating element within the framework of our services and makes it possible to accompany the deployment of innovations.

The purpose of this site is not to force you to comply with the regulations, but to make you understand the stakes and the importance of this subject!

We are all responsible for the processing of data in which we are involved. In short, don't do to others what you wouldn't want them to do to you.

Concerned about the protection of personal data, the Elior group has organized itself:

• to comply with the legislation,
• To establish a culture of privacy protection closer to employees.

The protection of personal data is everyone's business, without exception.

Any project manager who defines the processing of personal data has a role to play, but also the Data Protection Officer appointed by the Group in accordance with the law.

Several members of the Group are responsible for implementing the personal data protection programme and ensuring compliance with the associated legislation for the entire Elior Group.

This Group team is made up of representatives from compliance, legal and IT departments. It relies on decentralized actors within the Group: The GDPR ambassadors.

The ambassadors are your relays within your perimeter and contribute in particular:

• to be the privileged contact points for any question relating to personal data;
• to ensure compliance with Group policy, in particular with regard to the exercise of rights and the keeping of the processing register*;
• the construction of associated policies and procedures.

Thus, everyone in the Group can count on a local reference for all questions related to personal data:​​​​​​​ gdpr-contact@eliorgroup.com

Ressources :

MOOC CNIL : https://www.cnil.fr/fr/la-cnil-lance-sa-formation-en-ligne-sur-le-rgpd-ouverte-tous
MOOC ANSSI : https://www.cnil.fr/fr/securite-des-donnees

Glossary : 

"Elior Group" means the company Elior Group and all companies that, within the meaning of Article L233-3 of the French Commercial Code,
(i) are under the direct or indirect control of the company Elior Group, or, (ii) are, directly or indirectly, under common control with the company Elior Group;

"Data of a personal nature", "Personal data" or "PD"means any information relating to an identified or identifiable natural person (hereinafter “data subject”); An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

"Controller " means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; 

"Processor" means the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

"Business needs manager" means the employee within the Elior Group, who defines the business needs and the processing objectives (project management), for each data processing task identified within the Elior Group;

"Recipient" means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether or not this recipient is outside the Elior Group (third party). However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

"Personal data breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

"Data protection impact assessment" or "DPIA" means that the controller shall, prior to any processing task that may give rise to a high risk to the rights and freedoms of natural persons, in particular through the use of new technologies, perform an assessment of the impact of the envisaged processing operations on the protection of personal data. A single assessment may relate to a set of similar high risk treatment operations.