Your right to information

The right to be informed about the use of your data

An organization that collects information about you must provide you with clear information about how your data will be used and how to exercise your rights.

What's the point?

Good information allows you to know how your data will be processed, how to exercise your rights and therefore decide whether or not to entrust your data to an organization.

It is the first barometer to determine the degree of trust to be given to an organization.
The European Data Protection Regulation has therefore provided for improved information for individuals and for making it easier to exercise their rights.

To facilitate this access to information, public and private organizations that place your data at the heart of their activity have a data protection officer (DPO), a privileged contact to exercise your rights or to report malfunctions.

How to do it concretely?

1. You have easy access to information

The information must be concise, readable and easily accessible. It must be written in the clearest, most precise and simple way possible! In concrete terms, a user does not need to be an expert to read the privacy policy of a social network or a bank. In the same way, if an organization targets children or vulnerable people, it will have to propose an adapted information,

Before collecting your data, Atlante Technologies must therefore be transparent and allow you to know :

  • Why we collect your data?
  • How we use your data?
  • How to control your data and exercise your rights.

2. One reading is enough to get a good idea of how your data will be used

Atlante Technologies must propose you an information notice on the protection of your data. This page must be accessible from the home page of the site of the organization under a clear heading.

  • Website :
  • Menu : PRIVACY

This must include information on:

  • The contact details of the organization’s data protection officer, or a point of contact on matters relating to the protection of personal data;
  • How your data will be used;
  • What the organization is authorized to process the data;
  • Who will have access to the data
  • How long your data will be kept
    How you can access your rights and how you can lodge a complaint with the regulatory authority
  • The use of your data outside of the place of storage
  • The legal basis for the data processing (i.e. what legally authorizes the processing: it can be the consent of the persons concerned, the respect of an obligation provided by a text, the execution of a contract, etc.).

As appropriate:

  • The existence of automated decision-making or profiling, information useful for understanding the algorithm and its logic, and the consequences for the data subject.
  • The fact that the data is required by regulation, by contract or for the conclusion of a contract;
  • The legitimate interests pursued by the controller or a third party (e.g. fraud prevention);
  • The right to withdraw consent at any time;
  • The right to access the documents authorizing the transfer of data outside the data storage site.

And in case of indirect collection by a business partner:

  • The categories of data collected;
  • The source of the data, including whether the source is publicly available.

3. You need to stay well-informed at all times, especially if the security of your data is compromised

This step is essential if you wish to refer the matter to the regulatory authority in the event of a refusal, unsatisfactory response or lack of response.

Are you doing this by mail? Ask for an acknowledgement of receipt that will prove the date of your request.

What should I do if I get a refusal or no response?

An organization may mistakenly or negligently suffer an accidental or unlawful breach of personal data, that is, the destruction, loss, alteration or unauthorized disclosure of data about you.

Some examples:

  • Your data has been accidentally deleted;
  • Your data has been lost (loss of an unsecured USB key);
  • A malicious person has gained access to an organization’s database to retrieve your data and that of other users;
  • Your data is temporarily inaccessible, causing you harm.

The organization must report a breach to the regulatory authority within 72 hours if the breach is likely to pose a risk to your rights and freedoms. If these risks are high, the organization must also inform you as soon as possible and give you advice on how to protect your data.

  • Changing your password
  • Privacy settings
  • Etc.

Privacy Center

Data Protection Officer

Source : CNIL
Commission Nationale de l’Informatique et des Libertés
To protect personal data, support innovation, preserve individual liberties