![Show Menu](styles/mobile-menu.png)
![Page Background](./../common/page-substrates/page0324.jpg)
A
Corporate and social responsibility report
Annex III -
Being an ethical and fair good player in business
322
Worldline
2016 Registration Document
personal data a high level of protection.
legal regime. The business opportunities created by the
their employer compliance with the strictest applicable local
data is a key topic for Worldline’s employees who expect from
First of all, as a fundamental right, the protection of personal
commitments as well as to implement strong organizational and
processing of personal data requires Worldline to adopt formal
big data demonstrates. For these very important reasons, the
processing of personal data are tremendous, as the debate on
security measures to guarantee to employees’ and customers’
protection approach based on three pillars:
Worldline has implemented a comprehensive personal data
Data protection policy;
●
Data protection procedures;
●
Raising employee awareness of personal data protection
●
issues.
internally as externally.
on the highest European standards of regulations, deployed
Worldline’ comprehensive approach to data protection based
data). This approval constitutes an official recognition of
and as a data processor (i.e. for the processing of its customers’
personal data both as a data controller (i.e. for its own purposes)
Atos group Binding Corporate Rules for the processing of
European data protection authorities in coordination with the
This approach has been strengthened by the approval of
Binding Corporate Rules: the first IT
A.4.1.2.2
clients’ personal data
company certified for the processing of
located in.
same obligations and processes, whatever the country they are
Directive. All Atos group entities worldwide are bound by the
high level of protection as defined in the European Union
that the personal data processed by Worldline benefits from a
data processing on behalf of its clients and for itself. This means
authorities of its Binding Corporate Rules (BCR) for personal
obtained the approval of the European data protection
On November
4, 2014, the Atos group, including Worldline,
European personal data protection authorities have recognized
The approval of the Binding Corporate Rules means that the
personal data protection, as further explained in Chapter
6.9.5 of
and validated Atos group’s global and stringent approach to
the Registration Document on personal data protection.
same level of protection when acting as a data processor for all
employees’ personal data only, Worldline is able to ensure the
More than offering such highest level of protection to its
employees.
regarding personal data of end users, customers and
customer requirements in terms of security and compliance
its customers’ personal data. Consequently, Worldline meets
Data protectionPolicy
A.4.1.2.3
The first pillar is the Worldline Data Protection Policy. It sets up
the most stringent personal data protection principles.
95/46 on personal data protection; these are considered to be
protection principles based on the provisions of EU Directive
amendment having been adopted through law no.
2004-801 of
information technology, data files and civil rights, with the main
amendments to law no.
78-17 of January 6, 1978, which relates to
the Data Protection Directive was implemented through various
August 6, 2004.
Directive 95/46/EC of October
24, 1995 (the “Data Protection
European Union, Iceland, Norway and Liechtenstein). In France,
European Economic Area (the “EEA,” which includes the
Directive”) is the point of reference on the matter within the
established by the directive itself. In order to guarantee
entities and their employees, founded on three key elements:
adopted a consistent policy which is obligatory for all of its
compliance with all applicable national laws, the Atos group has
Directive by the EEA member states has given rise to a certain
throughout the EEA, the implementation of the Data Protection
Although personal data legislation has to be harmonized
been established, some of which are more restrictive than those
degree of variation among the regulatory regimes that have
A set of principles based on the Data Protection Directive;
(i)
implemented; and
A set of procedures that ensure that such principles are
(ii)
positions and responsibilities.
A training program for all Group employees, tailored to their
(iii)
payment value chain to reduce risks, facilitate competition and
the entire payment ecosystem to define and improve the
for the benefit of the consumer and the merchant.
transparency while encouraging innovation and standardization
Worldline is working closely with the European Commission and
Governance
A.4.1.2.4
management of the topic.
Security, significant resources have been allocated to the
close cooperation by the Group LCM department and Group
The Atos group Chief Data Protection Officer, who reports
Personal Data & Privacy Protection Organization, established in
Management (“LCM”) department and an 80-member strong
executives of the Group Legal, Compliance and Contract
directly to the Group Head of compliance – one of the key
policies, practices and tools is a fundamental element in the
improve its efficiency and the reach of personal data protection
cooperation with the Group Security Organization in order to
This organization, which has been restructured in close
continued implementation and extension of this strategy.