Table of Contents Table of Contents
Previous Page  322 / 354 Next Page
Information
Show Menu
Previous Page 322 / 354 Next Page
Page Background

A

Corporate and social responsibility report

Annex III -

Being an ethical and fair good player in business

322

Worldline

2016 Registration Document

personal data a high level of protection.

legal regime. The business opportunities created by the

their employer compliance with the strictest applicable local

data is a key topic for Worldline’s employees who expect from

First of all, as a fundamental right, the protection of personal

commitments as well as to implement strong organizational and

processing of personal data requires Worldline to adopt formal

big data demonstrates. For these very important reasons, the

processing of personal data are tremendous, as the debate on

security measures to guarantee to employees’ and customers’

protection approach based on three pillars:

Worldline has implemented a comprehensive personal data

Data protection policy;

Data protection procedures;

Raising employee awareness of personal data protection

issues.

internally as externally.

on the highest European standards of regulations, deployed

Worldline’ comprehensive approach to data protection based

data). This approval constitutes an official recognition of

and as a data processor (i.e. for the processing of its customers’

personal data both as a data controller (i.e. for its own purposes)

Atos group Binding Corporate Rules for the processing of

European data protection authorities in coordination with the

This approach has been strengthened by the approval of

Binding Corporate Rules: the first IT

A.4.1.2.2

clients’ personal data

company certified for the processing of

located in.

same obligations and processes, whatever the country they are

Directive. All Atos group entities worldwide are bound by the

high level of protection as defined in the European Union

that the personal data processed by Worldline benefits from a

data processing on behalf of its clients and for itself. This means

authorities of its Binding Corporate Rules (BCR) for personal

obtained the approval of the European data protection

On November

4, 2014, the Atos group, including Worldline,

European personal data protection authorities have recognized

The approval of the Binding Corporate Rules means that the

personal data protection, as further explained in Chapter

6.9.5 of

and validated Atos group’s global and stringent approach to

the Registration Document on personal data protection.

same level of protection when acting as a data processor for all

employees’ personal data only, Worldline is able to ensure the

More than offering such highest level of protection to its

employees.

regarding personal data of end users, customers and

customer requirements in terms of security and compliance

its customers’ personal data. Consequently, Worldline meets

Data protectionPolicy

A.4.1.2.3

The first pillar is the Worldline Data Protection Policy. It sets up

the most stringent personal data protection principles.

95/46 on personal data protection; these are considered to be

protection principles based on the provisions of EU Directive

amendment having been adopted through law no.

2004-801 of

information technology, data files and civil rights, with the main

amendments to law no.

78-17 of January 6, 1978, which relates to

the Data Protection Directive was implemented through various

August 6, 2004.

Directive 95/46/EC of October

24, 1995 (the “Data Protection

European Union, Iceland, Norway and Liechtenstein). In France,

European Economic Area (the “EEA,” which includes the

Directive”) is the point of reference on the matter within the

established by the directive itself. In order to guarantee

entities and their employees, founded on three key elements:

adopted a consistent policy which is obligatory for all of its

compliance with all applicable national laws, the Atos group has

Directive by the EEA member states has given rise to a certain

throughout the EEA, the implementation of the Data Protection

Although personal data legislation has to be harmonized

been established, some of which are more restrictive than those

degree of variation among the regulatory regimes that have

A set of principles based on the Data Protection Directive;

(i)

implemented; and

A set of procedures that ensure that such principles are

(ii)

positions and responsibilities.

A training program for all Group employees, tailored to their

(iii)

payment value chain to reduce risks, facilitate competition and

the entire payment ecosystem to define and improve the

for the benefit of the consumer and the merchant.

transparency while encouraging innovation and standardization

Worldline is working closely with the European Commission and

Governance

A.4.1.2.4

management of the topic.

Security, significant resources have been allocated to the

close cooperation by the Group LCM department and Group

The Atos group Chief Data Protection Officer, who reports

Personal Data & Privacy Protection Organization, established in

Management (“LCM”) department and an 80-member strong

executives of the Group Legal, Compliance and Contract

directly to the Group Head of compliance – one of the key

policies, practices and tools is a fundamental element in the

improve its efficiency and the reach of personal data protection

cooperation with the Group Security Organization in order to

This organization, which has been restructured in close

continued implementation and extension of this strategy.

I 317 318 319 320 321 322 323 324 325 326 327 328 IV