20/11/2019 : réception d'un “spam” (une campagne avec QCM ciblé sur un milieu pro très réduit)
20/11/2019 : émail RGPD avec le modèle d'Aeris https://github.com/aeris/gdpr/blob/master/email/en.md
22/11/2019 : Réception des informations.
C'est une autre personne que moi, il semblerait que j'aie récupéré une adresse émail déjà utilisé dans le passé.
Contenu de la réponse nettoyée.
As you recently requested, I’m sending you all the personal data we have about you and an explanation about how we use this information as well as the retention time and the rights you have over it.
The purposes of the processing: The processing has two purposes: first, to identify experts in some particular knowledge domain, e.g., experts in phonic isolation in vehicles or experts in motor control systems. The second purpose is to contact those professionals to ask them some questions about one innovation in their field of expertise.
This contact has no commercial goal whatsoever but it is indeed in a legitimate interest of having an expert’s advice.
The categories of personal data concerned: The data we have is the minimum required to perform our processing. This is:
The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations: The data will be disclosed, if the subject authorizes to do so, only with our clients who drive the innovation being tested. Most of our clients are based in Europe, mostly in France.
Period for which the personal data will be stored: The data will be stored for three years counting from the las interaction i.e., message exchanges between you and us, or until you decide, and demand us to delete all of your personal data which is done in within 3 working days.
That means of course, you have the right to request a rectification or erasure (right to be forgotten) of your personal data or even restrict its processing.
The right to lodge a complaint with a supervisory authority: We are located in France, so the competent authority is the CNIL
Where the personal data are not collected from the data subject, any available information as to their source: Except for the e-mail address, we collect the data from publicly available sources like:
Professional profiles (Like LinkedIn, Viadeo, Xing)
Academic profiles (like Researchgate)
Note that the content of those sites is not stored in our database or any of our systems.
For the e-mail address, we have developed an algorithm for identifying the e-mail using the information collected before. Once we have this information is not transferred to any person or organization outside UMI unless the concerned person agrees to do so.
The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject: Today we don’t have an automated decision-making process. We validate the profiles we have found by taking a sample and validating the accuracy of the search by hand. If the accuracy is shown to be low, no data is stored.
The data we have about you is:
Last name: XXXXXX
First name: XXXXXX
E-mail address: XXXXXX
Also, as per your request, I will remove all your data from our database. please, do not hesitate to contact me if you have further questions.
Le jour même j'ai supprimé l'émail.
J'ai retrouvé la personne avec ses données personnelles.
Je l'ai informé des données dont disposait la société, et que je supprimais aussi les données de mon coté