GDPR

The company processes employees’ personal data—including information related to recruitment, performance, health, and video surveillance—with strict adherence to principles of fairness, transparency, and security. Employees are duly informed of their data protection rights (such as access, rectification, erasure, and objection) and may exercise these rights by contacting the designated Data Protection Officer (DPO). Mandatory data protection training is provided to all staff, with enhanced instruction for roles involving the handling of sensitive data. The Group has implemented rigorous measures to ensure data minimisation, secure retention, and the lawful limitation of processing purposes. Any breach of data protection must be reported without delay, and disciplinary consequences may apply in cases of non-compliance. The policy is underpinned by clear legal frameworks and reinforced by an internal charter that ensures ongoing transparency and protection.

Furthermore, Amarenco has established a formal procedure to manage data subject requests and potential data breaches in compliance with GDPR standards. Employees are expected to follow good practices, such as avoiding the storage of data on local drives, locking workstations, and securing company-issued mobile devices. Requests for access or rectification of personal data must be submitted via a dedicated email address or by post to the head office. Designated personnel, such as Human Resources or project managers, are responsible for responding within one month, providing a secure, password-protected file accessible for a limited duration. In the event of a data breach—such as loss, theft, or cyberattack—passwords must be changed immediately, the impact assessed, the CNIL notified within 72 hours, and affected individuals duly informed. Where applicable, appropriate remedial actions must be taken to mitigate any risk.