Data protection policy
1. WHO ARE WE?
1.1 Data controller
The following information is provided to you to explain the commitments for the protection of personal data of Savencia Produits Laitiers International a company whose registered office is located at 91 rue Joseph Bertrand - 78220 Viroflay - France, acting as the data controller for the processing of personal data described in the present document and designated the “Data Controller” or “we”.
1.2 Our data protection policy
The data protection officer may be contacted at the following address: firstname.lastname@example.org.
2. THE PERSONAL DATA WE PROCESS
In the context of the processing of personal data, the Data Controller collects and processes the following data:
- Identification data: title, surname, first name(s), position, company, postal address, postal code, city, country, IP address;
- Contact data: email address, telephone number;
- Site Activity Data.
Data marked with an asterisk in our forms must be provided. Otherwise, the service associated with the application form may be provided to you.
3. THE PURPOSES AND LEGAL BASES OF OUR PROCESSING OF PERSONAL DATA
3.1 The purposes of our processing
The processing we carry out is to ensure the following purposes:
- Registration of orders reserved for professionals who also have an account
- Management of the content of a website
- Follow-up of customer relations and customer complaints
- Management of requests from the contact form
- Statistics & Reporting
3.2 The legal bases for our processing
We only carry out data processing if at least one of the following conditions is met:
- your consent to the processing operations has been obtained
- the performance of a contract between us and you require us to carry out the relevant processing of personal data; we are bound by legal and regulatory obligations that require the implementation of the relevant processing of personal data;
- the existence of our legitimate interest, or that of a third party, justifies us implementing the processing of personal data concerned. The legitimate interests pursued by the Data Controller may include enabling business continuity, improving the consumer experience, building consumer loyalty, understanding consumer expectations, managing user requests.
4. THE RECIPIENTS OF YOUR DATA
The personal data we collect, as well as the personal data collected subsequently, is intended for us in our capacity as Data Controller.
We ensure that only authorized persons have access to this data. Our subcontractors/service providers may receive this data to perform the services we entrust to them.
Your personal data may be reconciled, pooled or shared between all parent, sister and subsidiary entities of the Data Controller.
It may be communicated to these entities for the purposes referred to in this data protection policy. These operations are carried out based on instruments that comply with the applicable regulations and are able to ensure the protection and respect of your rights.
5. TRANSFER OF YOUR DATA
As part of the services offered (Google Analytics cookies), we transfer your personal data to recipients in the USA. Each of these transfers is governed by legal instruments that comply with the applicable legal framework.
6. THE PERIOD(S) FOR WITCH WE RETAIN YOUR DATA
The retention periods we apply to your personal data are proportionate to the purposes for which they were collected. As a result, we organize our data retention policy as follows:
|Processing purpose||Retention period|
|Management of requests from the contact form||The time it takes to process the request in the active database, then 1 yeat in intermediate archiving|
|Registration of orders reserved for professionals who also have an account||Until your account is deleted or inactive for 2 years from the last time you logged in to the account|
|In the event of exercising the rights of access, rectification, deletion, limitation, the data relating to identity documents and the information allowing these rights to be considered||1 year from receipt of application|
|In the event of exercising the right to object, the data relating to identity documents and the information allowing the right to object to be considered.||6 years from receipt of application|
The retention periods presented may be extended by the applicable statutory limitation periods.
7. YOUR RIGHTS
7.1 Exercise of your rights
You can exercise your rights
by e-mail at the following address: email@example.com
or by mail to the following address: Savencia Produits Laitiers International - 91 rue Joseph Bertrand - 78220 Viroflay - France
Regarding the right to information, the Data Controller will not be obliged to act on it when you already have the information you are requesting to be communicated.
The Data Controller will inform you if it is unable to comply with your requests.
These rights are not absolute and are subject to various conditions under:
- applicable local data protection or privacy law; and
- the laws and regulations that apply to you.
The Data Controller would like to inform you that failure to provide or modify your data is likely to have consequences in the processing of certain requests in the context of the execution of contractual relations and that your request for the exercise of your rights will be kept for follow-up purposes for 6 years concerning the exercise of the right to object and 1 year concerning the exercise of other rights.
All the rights you have are detailed below.
7.2 Your right to information
You acknowledge that this privacy notice informs you of the purposes, legal basis, interests, recipients, or categories of recipients with whom your personal data is shared, and the possibility of data transfer to a third country or to an international organization.
In addition to this information and to ensure fair and transparent processing of your data, you declare that you have received additional information concerning:
- how long we keep your personal data.
- the existence of the rights that are recognized for your benefit and the modalities of their exercise.
If we decide to process data for purposes other than those indicated, you will be provided with all information relating to these new purposes.
7.3 Your right of access to and rectification of your data
By exercising this right, you have confirmation as to whether or not your personal data is being processed and when it is, you have access to your data as well as information concerning:
- the purposes of the processing
- the categories of personal data concerned
- recipients or categories of recipients, in particular recipients established in third countries
- where possible, the envisaged period for which the personal data will be stored or, where this is not possible, the criteria used to determine that period
- the existence of the right to request the Controller to rectify or erase your personal data, the right to request a restriction of the processing of your personal data, the right to object to such processing
- the right to lodge a complaint with a supervisory authority
- information about the source of the data when it is not collected directly from the data subjects
- the existence of automated decision-making, including profiling, and in the latter case, meaningful information about the underlying logic, as well as the significance and intended consequences of such processing for data subjects.
You can ask us to rectify or complete your personal data, depending on the case, if it is inaccurate, incomplete, ambiguous, or out of date.
7.4 Your right to erasure of your data
You can ask us to erase your personal data where one of the following grounds applies:
- the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed
- withdraw the consent previously given
- you object to the processing of your personal data where there is no legal ground for such processing
- the processing of personal data does not comply with the provisions of applicable laws and regulations
- Your personal data was collected when you were a minor.
However, the exercise of this right will not be possible when the retention of your personal data is necessary regarding the law or regulations and, for example, for the establishment, exercise or defense of legal claims.
7.5 Your right to restrict the processing of your data
You may request the restriction of the processing of your personal data in the cases provided for by law and regulation.
7.6 Your right of opposition to the processing of your data (deregistration)
You have the right to object to the processing of personal data concerning you where the processing is based on the legitimate interest of the Data Controller. In the case of direct communication, this right may be exercised by any means, including by clicking on the unsubscribe links at the bottom of the communications sent.
7.7 Your right to data portability
You have the right to the portability of your personal data.
The data on which this right may be exercised are:
- only your personal data, which excludes anonymised personal data or data that does not concern you
- declarative personal data as well as personal operating data
- personal data that does not infringe the rights and freedoms of third parties, such as those protected by trade secrets.
This right is limited to processing based on consent or contract as well as personal data that you have personally generated.
This right does not include derived data or inferred data, which are personal data created by the Data Controller.
7.8 Your right to withdraw your consent
Where the data processing we carry out is based on your consent, you can withdraw it at any time. We will then cease to process your personal data without any further action to which you have consented.
7.9 Your right to lodge a complaint
You have the right to lodge a complaint with the competent supervisory authority, without prejudice to any other administrative or judicial remedy.
7.10 Your right to leave instructions for after your death
You have the option of defining guidelines relating to the retention, deletion, and communication of your personal data after your death with a trusted, certified third party responsible for enforcing the wishes of the deceased, in accordance with the requirements of the applicable legal framework.
8. SECURITY OF YOUR DATA
We attach great importance to the protection, integrity, and confidentiality of your data. Therefore, we have implemented technical and organisational measures to ensure a level of security appropriate to the risk and thus protect your data against loss, alteration, access or disclosure to unauthorized third parties.
However, despite our efforts, no security measures can protect against all risks of misappropriation or piracy, for which we as the data controller cannot be held liable.
In the event of a personal data breach and in accordance with the regulations in force relating to the protection of personal data, we undertake to notify them to the CNIL. If a data breach poses a high risk to your rights and freedoms, we will inform you as soon as possible and always under the conditions provided for by the regulations in force relating to the protection of personal data.