In order for you to benefit from the various services of the Ortec Group in confidence, we explain to you how we treat your Data in compliance with your rights.

Setting my cookies


The ORTEC Group recognises the fundamental nature of the protection of individuals with regard to processing their personal data, and undertakes to respect and protect personal data (hereinafter referred to as “Data”) to which its employees have access, in any capacity whatsoever, in accordance with European Regulation 2016/679 adopted on 27 April 2016 and all the laws of the Member States of the European Union that have been adopted in application of French law no. 2018-493 of 20 June 2018.

Definitions :

“Personal Data” means any information relating to an identified or identifiable natural person, directly or indirectly, by reference to an identification number or to one or more elements specific to it (location data, online identifier, data of a physiological, genetic, cultural economic or social character, etc.)

CNIL means the Commission Informatique et Liberté (French Data Protection Authority), acting in accordance with European Regulation 2016/679 adopted on 27 April 2016 as the “Relevant Control Authority” for the ORTEC Group as defined below, whether as “Controller(s)” or as a “Processor”. The CNIL also acts as the “Relevant Control Authority” for any persons residing in France affected by Processing or likely to be affected.

“Applicable Regulations” means European Regulation 2016/679 adopted by the European Parliament on 27 April 2016 as well as all the laws of the Member States of the European Union that have been adopted pursuant to this Regulation and in particular French Law no. 2018-493 of 20 June 2018.

The terms “Processing(s)”, “Controller(s)”, “Sub-Contractor(s)”,“Transfer”, Transboundary Transfer(s), “Third Parties”, “Recipients”, “Control Authority” and “Data Protection Officer (DPO)” have the meaning given to them by European Regulation 2016/679 adopted on 27 April 2016 and which you can consult on the CNIL/fr website:

ORTEC Group means all companies owned and/or controlled by ORTEC EXPANSION SA within the meaning of article L 233.3 of the French Commercial Code.

Scope of application:

This policy and the commitments it implies apply to Data to which ORTEC Group employees have access, whether communicated by a customer, supplier, sub-contractor, partner, prospective customer or anyone outside of the ORTEC Group, who must have confidence in our ability to protect their Data and to respect the rights conferred on them by the Applicable Regulations.

2 – Categories of Data

This Data is transmitted to us as part of the business relations that the ORTEC Group maintains with its customers, suppliers, subcontractors, partners or prospective customers, or those that visitors to our sites communicate to us or those that we receive as part of our processes via our websites.

The categories of Data concerned are mainly identification data (surname, first name, photograph, etc.), professional career data (positions, email address, etc.), banking data for payment purposes.

3 – Our commitments

We undertake to ensure the protection, confidentiality, non-alteration, availability and security of the Data entrusted to us, whether physically hosted or on computerised applications or received via our communication channels (websites).


We take all necessary measures in accordance with the Applicable Regulations:

  • To provide you with clear and transparent information on how your Data will be Processed at your request,
  • Implement all the necessary technical and organisational measures to protect your Data against unauthorised Third Party disclosure, loss, alteration or access, Retain your Data only for as long as is necessary and for the sole purpose of the particular Processing, Offer you at any time, if requested, the ability to access and modify your Data.
  • To achieve these objectives, we take appropriate technical and organisational measures to ensure that when we act as a Controller, we comply with the Applicable Regulations and in particular we undertake to inform you about:
  • The existence and terms of the Data Processing that we implement,
  • Your rights regarding your Data and by implementing the operations that the exercise of these rights involves,
  • The existence of any Transboundary Transfers of your Data and transfers outside the European Union
  • as well as the identity of the Recipients of your Data,

The length of time your Data is stored for the security measures that we have put in place.

4 – The Ortec Group

When ORTEC Group Processes Data, it is GIE ORTEC SERVICES through its various departments and divisions that acts as a Controller.

GIE ORTEC SERVICES – 550 rue Pierre Berthier – 13799 Aix en Provence – CS8034 – France

Tél : + 33 4 42 12 12 12

Depending on the Processes considered, the contact person concerned will be the Communication & Marketing Department (websites, commercial prospecting, etc.), the IT Department for IT (in-house and external) developments and maintenance, for purchasing, the “Non-Production Purchases” and “Industrial Purchasing” departments, the managers of the various business units for Data inherent in the exercise of the ORTEC Group’s commercial activities, the Accounting and Finance department, etc.

ORTEC Group has appointed a Data Protection Officer whose contact details are:

  • Email :dpo(at)
  • Postal address: GIE ORTEC SERVICES – Data Protection Officer – 550 rue Pierre Berthier – 13799 Aix en Provence – CS8034 – France
  • Phone number: + 33 4 42 12 12 12

5 – The purpose of our Processing tasks

Our Processing tasks are listed and their respective purposes are determined, legitimate, explicit and compatible with the performance of our activities and missions. Here are the main ones:

  • Management of responses to calls for tender/consultation letters received by the Ortec Group,
  • Litigation management,
  • Accounting,
  • Management of referenced suppliers,
  • Customer and prospect management,
  • Commercial prospecting.

Data collected for a specific purpose is not used for other purposes, and is in compliance with the Applicable Regulations.
The legal grounds for such Processing are compliance with legal obligations, performance of contractual or pre-contractual obligations, your consent and the legitimate interests of the ORTEC Group (such as the preservation of the safety of premises and persons).

6 – Data Transfers

The defined purpose determines the relevance of the Data we collect. Only adequate Data that is strictly necessary to achieve the defined purpose is collected and processed by the duly authorised persons of the ORTEC Group. This may include the Communication & Marketing Department (websites, commercial prospecting, etc.), the IT Department for (in-house and external) IT developments and maintenance, the departments in charge of Purchasing (“Non-Production Purchases” and “Industrial Purchasing”), the employees within each business unit who participate in the group’s commercial activities at any level (costing, execution), the Accounts and Finance department, etc.

Access rights are defined in the information systems security policy implemented by the ORTEC Group, which provides for the implementation of resources necessary to protect the Processing of your Data to prevent access by an unauthorised Third Party and to prevent any unauthorised loss, alteration, deterioration or disclosure of your Data.

Where the purposes defined in this policy require, your Data may be communicated to Third Parties, partners or subcontractors (e.g. IT providers for hosting and IT maintenance of certain tools). Subcontractors act as directed by the ORTEC Group: they are required to implement appropriate measures to protect your Data.

7 – Transfers outside the European Union

As a general rule, your Data is kept within the European Union.

However, we may transfer some of your Data outside the European Union.

In this case, we ensure that this Transfer is made in accordance with Applicable Regulations and will guarantee you an adequate level of protection. If some of these countries do not offer the same level of protection as the Member States of the European Union, ORTEC Group will ensure that these Transfers are carried out in accordance with the provisions imposed by regulations, such as the implementation of contractual clauses adapted to the identified risks. Additional information and a copy of the relevant documents relating to these Transfers may be requested by post or email to the following addresses:

By email sent to dpo(at)ortec and/or by post to:

GIE ORTEC SERVICES – 550 rue Pierre Berthier – 13799 Aix en Provence – CS8034 – France

Tel : + 33 4 42 12 12 12

8 – Shelf life

Your Data is collected by ORTEC Group for the time required to complete the Processing, for example:

  • 1 month for video surveillance images,
  • 3 years for data relating to prospective customers…

9 – Information and rights of individuals

In accordance with the Applicable Regulations, on your request, each time it collects Data, the ORTEC Group will provide you with important information about the Processing task that is envisaged and, in particular, will enable you to:

  • Request access to and rectification of your Data,
  • Request limitation of the Processing of your Data,
  • Request deletion of your Data,
  • Exercise your right to object (in particular your right to object without cause to commercial prospecting actions),
  • Modify or unsubscribe newsletters that we publish,
  • Formulate specific and general post-mortem guidelines about the retention, erasure and communication of your Data (France only),
  • Exercise your right to portability,
  • Withdraw your consent to the completion of Processing tasks based on this legal basis,
  • Not be the subject of a decision based exclusively on automated processing and producing legal effects concerning you or significantly affecting you
  • At any time, to submit a complaint to the relevant Supervisory Authority.

You can find more detailed information about the exercise of these various rights on the CNIL website:

To exercise your rights, we ask you to send your request (by indicating your email address, surname, first name, postal address and a copy of your identity document) to the Protection Officer

ORTEC Group Data (DPO) by email sent to dpo(at)ortec and/or by post addressed to:
GIE ORTEC SERVICES – 550 rue Pierre Berthier – 13799 Aix en Provence – CS8034 – France
Tel: + 33 4 42 12 12

10 – Policy review and update

This policy will be updated as necessary to meet the regulatory requirements.
Applicable to data protection. It will be reviewed at least every three (3) years.


Validated by the Legal Department and the DPO of the ORTEC Group.

Do you have a project?

Our team can help you