Right request

CORYS
44 RUE DES BERGES
38000, GRENOBLE

To obtain any information or exercise your Data Protection rights concerning the processing of personal data by CORYS, you may contact its GDPR representative via this form.

Fields marked with an asterisk * are mandatory.

Attachment to provide: To exercise your rights regarding your personal data, please attach a copy of a valid identity document (identity card or passport in the following format: JPG, PNG, PDF with a maximum size of 2MB), unless the information provided as part of your request allows for your identification with certainty.

The information collected from this form enables the processing of your request. It is recorded and transmitted to the GDPR officer of CORYS and, where applicable, to the relevant departments within CORYS to handle your request.

You may also exercise your rights by mail (with a copy of your identity document when exercising your rights, unless the information provided in your request is sufficient to identify you) to the following address: 44 RUE DES BERGES, 38000 GRENOBLE.

As a reminder, what are your rights?

The right to object

Your personal data appears in a non-mandatory file and you no longer want it included? The right to object allows you to oppose the use of your data by an organization for a specific purpose. You must demonstrate “reasons related to your particular situation,” except in the case of commercial prospecting, which you may object to without justification.

The rights of access and rectification

Exercising the right of access allows you to know whether your personal data is being processed and to obtain it in an understandable format. It also allows you to verify the accuracy of the data and, if necessary, to have it rectified or erased.

The organization to which you make your “right of access” request must provide you with a copy of the personal data it holds about you as well as the following information:

  • the purposes of using your data (what your data will be used for);
  • the categories of data collected (e.g., name, surname, address, etc.);
  • the identity of the recipients to whom your data is or will be disclosed. The organization may limit itself to indicating the categories of recipients (data reseller, other website, etc.) if identifying them is impossible (especially if the recipients are not yet known) or if the request is unfounded or excessive;
  • the retention period of your data or the criteria used to determine this duration;
  • the existence of your other rights (right of rectification, erasure, restriction, objection);
  • the possibility of lodging a complaint with the CNIL;
  • any information regarding the specific source of the data collected (i.e., where your data comes from) if it was not collected directly from you;
  • the existence of automated decision-making (including profiling), how it works, the significance and consequences for you of such a decision. The information provided must be sufficiently detailed for you to understand the reasons behind the decision;
  • any possible transfer of your data to a country outside the European Union or to an international organization.

The right of access may be exercised:

  • In writing: by postal mail, accompanied by a copy of an identity document. Ideally, by registered mail with acknowledgment of receipt;
  • On-site: with presentation of an identity document. You may be accompanied by a person of your choice. The consultation must last long enough to allow for comfortable and complete note-taking. You may request a copy of the data.

Limitations to the right of access.

The file controller may:

  • refuse the access request: in this case, they must justify their decision and inform the requester of the avenues and deadlines for appeal;
  • not respond to requests that are manifestly abusive, particularly due to their number, repetitive, or systematic nature (e.g., requesting a complete copy of a recording every week).

The right to data portability

Everyone has the right to receive the data concerning them that they have provided to a data controller, to reuse them, and to transmit them to another controller (Article 20 of the GDPR).

The right to data portability allows anyone to:

  • receive in a structured, commonly used, and machine-readable format (computer) the personal data concerning them already provided to a controller;
  • have this data directly transmitted to another controller when technically feasible.

Right to define the fate of your data after death

The new Article 40-1 of the French Data Protection Act allows individuals to give directives concerning the retention, deletion, and communication of their data after death.
A person may be designated to carry out these directives. This person is then entitled, when the data subject has died, to access the directives and request their implementation from the relevant data controllers.

These directives are:

  • general, when they cover all data concerning a person;
  • or specific, when they relate only to certain specific data processing operations.

When such directives are general and concern all of the deceased's data, they may be entrusted to a trusted third party certified by the CNIL.

In the case of specific directives, they may also be entrusted to data controllers (social networks, online messaging services) in the event of death. They are subject to the specific consent of the data subject and may not result solely from their acceptance of the general terms of use.

In the absence of directives given during their lifetime, heirs may exercise certain rights, in particular:
  • the right of access, if necessary for settling the deceased's estate;
  • the right to object to close the deceased's user accounts and oppose the processing of their data.

Right to restriction

The right to restrict the use of your data is provided for under the GDPR. If you dispute the accuracy of the data used by the organization or object to the processing of your data, the law allows the organization to verify or review your request for a certain period. During this period, you may request that the organization freeze the use of your data. In practice, it must no longer use the data but must retain them.

Conversely, you may directly request the restriction of certain data in cases where the organization wishes to delete them. This allows you to retain the data, for example, in order to exercise a right.

The right to erasure

Whether it's an embarrassing photo on a website or information collected by an organization that you consider unnecessary, you may request its erasure if at least one of the following situations applies to your case:

  • your data is used for prospecting purposes;
  • the data is not or no longer necessary for the purposes for which it was originally collected or processed;
  • you withdraw your consent to the use of your data;
  • your data is being unlawfully processed (e.g., publication of hacked data);
  • your data was collected while you were a minor in the context of the information society (blog, forum, social network, website, etc.);
  • your data must be erased to comply with a legal obligation;
  • you have objected to the processing of your data and the controller has no legitimate or compelling reason not to comply with this request.

Right to human intervention in relation to profiling or automated decisions

As a rule, you have the right not to be subject to a fully automated decision—often based on profiling—that has a legal effect or significantly affects you. An organization may nevertheless automate such a decision if one of the following conditions is met:

  • You have given your explicit consent,
  • The decision is necessary for a contract you have concluded with the organization,
  • The automated decision is authorized by specific legal provisions.

In such cases, you still have the possibility to:

  • be informed that a fully automated decision has been made about you;
  • request to know the logic and criteria used in making the decision;
  • challenge the decision and express your point of view;
  • request the intervention of a human being to review the decision.