The present confidentiality policy specifies the policy of LA COMPAGNIE DES SAVEURS (hereinafter referred to as ‘the Company’) relative to personal data on the Huiles Guenard website -https://www.huiles-guenard.com/fr/ (hereinafter referred to as ‘the Website’). This Policy applies to all the data which you yourself have provided, or which we have collected during your visit to our Website, in accordance with the regulation in force in France relative to personal data, computers and files under the French Data Protection Act n°78-17 of 6 January 1978 and the European Regulation EU 2016/679 of 25 May 2018 relative to data protection, known as the ‘GDPR’.
The purpose of the present confidentiality policy is to inform users of the services provided on our Site (hereinafter referred to as ‘the Users’) on the way we collect, use and share their personal data.
You will be informed of any modification or update to the present confidentiality policy. Your active agreement to the new confidentiality policy is required in order to continue availing of the services provided by the Company.
1. Who is responsible for your personal data?
The party responsible for data processing, which collects and handles your data, is the company LA COMPAGNIE DES SAVEURS, SAS, with a capital of €6,533,800, registered under the Blois Trade and Companies Register under registration number n°B 340 623 396, headquartered at ZA Les Plantes - 2 Rue André Boulle - BP N°17 - 41140 NOYERS-SUR-CHER, represented by Mr. Roland Villain.
2. Which personal data is collected?
You are reminded that personal data constitutes all information relative to an identified or a directly or indirectly identifiable physical person.
When you browse the Website or use the various services provided by the Company, you agree to the collection of the following categories of data:
- Legal status: Last name, first name, date of birth, postal address, email address, telephone number;
- Business identification data (optional): Company name, VAT number;
- Connection data: IP address, password specific to the Website;
- Banking details (optional): Credit card number, expiry date, cryptogram.
(Hereinafter referred to as ‘Personal Data’).
You agree to provide current and valid personal identification Data, in the framework of information required by the Website, and undertake not to make any false declaration or provide erroneous information.
3. How and why is your Personal Data collected?
3.1. Means for collection of Personal Data
You agree to the collection of your Personal Data by the Company when you complete the following documents:
- Online registration form (creation of an account);
- Identification form (connection to your account);
- Subscription to our Newsletter;
- Payment form;
- Contact form.
3.2. Legal grounds for the collection and processing of data
Your Personal Data is collected on the basis of the following legal grounds:
- The specific, free and informed consent of the User (in particular for subscription to the Newsletter);
- Legal obligation(s) required of the Company;
- The execution of the agreement concluded between the Company and the User (in particular for the execution of the General Terms & Conditions for Use/Sale);
- The legitimate interest of the Company (in particular to ensure transaction security)
4. For what purpose is your Personal Data collected?
Mandatory Personal Data is data which is strictly necessary for data processing or to process your requests. In the event of failure to provide such data, the User is hereby informed that certain services provided by the Company will not be accessible. The mandatory nature of requested information is specified upon data collection.
Optional Personal Data collected by the Company is intended to improve our knowledge of you and enhance your experience on our Website.
4.2. List of purposes
Your Personal Data is collected and processed for the following purposes:
- The creation of your User Account;
- Access to your personal space on the Website (accessible via log in and password)
- Subscription to our Newsletter;
- Customer relations management;
- Commercial prospecting;
- Other purposes: specify the name of the processing.
Users are informed that, subject to their prior, specific and affirmative consent, Personal Data transmitted may be transferred to business partners of the AVRIL Group and/or companies within the AVRIL Group, to enable said parties to inform Users of their products and services.
5. Who has access to your personal data?
5.1. Company staff
Your Personal Data is intended for persons duly qualified for its processing within the Company, in particular, and according to the type of processing and data, officers in sales, customer service, marketing, administration, logistics and IT.
5.2. Subcontractors to the Company
In the framework of its business dealings and the provision of services, the Company calls on subcontractors. The latter parties:
- Handle your Personal Data on their behalf and on their instructions,
- Present adequate assurance relative to the implementation of appropriate technical and organizational measures, in order to ensure the security and confidentiality of your data.
In the event where the Company requires the services of subcontractors located in countries providing levels of personal data protection non-equivalent to that of the European Union, the Company undertakes to ensure said transfer is guaranteed by the Privacy Shield implemented by the EU and USA, or by the signature of standard contractual clauses established by the European Commission, or by the implementation of internal business regulations (BCR).
6. How long is your Personal Data stored for?
The Company stores your Personal Data for the period strictly necessary to accomplish the purposes for which it is collected and processed, such as customer relations management or payment.
After this period, your Personal Data may also be subject to storage in the framework of a managed, restricted and justified access, for the period necessary (i) in order to comply with the legal obligations and regulations of the Company, and/or (ii) to assert a legal right, before being permanently deleted.
7. How does the Company ensure the security and confidentiality of your Personal Data?
The Company undertakes to process your Personal Data:
- Strictly within the framework of the specified and stated purposes,
- For the duration necessary for the processing implemented,
The Company implements and updates technical and organizational measures to ensure the security and confidentiality of your Personal Data, by preventing the distortion, damage or transmission to a non-authorized third party of said data.
8. What are your rights relative to your Personal Data?
You have the right, upon written request, to access your Personal Data and to request its modification, rectification or removal from the Company’s database.
Your right of access entitles you, in accordance with Article 15 of the GDPR, to contact the Company in order to obtain (i) the transmission of your Personal Data in an accessible format, (ii) confirmation that your Personal Data is not, or no longer is, subject to processing, (iii) information on the purposes of processing, the categories of Personal Data processed and the recipients of your transmitted Personal Data, and (iv) the duration of storage of your Personal Data or the criteria used to determine this duration.
Pursuant to Article 16 of the GDPR, the right of rectification entitles you to request that the Company rectifies, completes or updates your Personal Data when such data is incorrect, incomplete, ambiguous or no longer valid.
Under the provisions of Article 17 of the GDPR, the right of deletion of your Personal Data entitles you to request that the Company deletes your Personal Data as soon as possible, in particular when such data is no longer required for the purposes for which it was collected.
You also have the right of limitation of the processing of your Personal Data under the provisions specified in Article 18 of the GDPR. In addition, you may request that your Personal Data is stored solely for the purposes of:
- Checking the accuracy of Personal Data in the event of a dispute,
- Your use in ascertaining, exercising or defending your legal rights, even if the Company no longer has a use for your data.
- Checking whether the legal grounds upheld by the data officer prevail over your grounds in the event of your objection to processing on the grounds of the legitimate interest of the Company,
- Satisfying your request for the limitation of use of your data - rather than its deletion - in the event of illicit processing of your data.
Under the circumstances provided for in Article 20 of the GDPR, you have the right of portability relative to your Personal Data, enabling you to retrieve from the Company the Personal Data you have provided, and as such in a structured, commonly used and machine-readable format, in order to transmit this data to another data processing officer.
In accordance with Article 21 of the GDPR, you have the right to oppose, at any time, the processing of your Personal Data for commercial purposes.
To exercise your above-mentioned rights of access, rectification, deletion, limitation, portability and opposition, you simply need to send your request via email to the following address: email@example.com
The Company will provide the person exercising one of these rights with information on the measures taken, within a rapid timeframe and in all cases no later than one (1) month from receipt of the request. This period may be extended to two (2) months depending on the complexity and number of requests.
If the Company fails to respond, it will inform the person, without undue delay and no later than (1) month from the receipt of their request, of the reasons for its inaction and the possibility of filing a complaint with an inspection authority and lodging a legal appeal.
The exercise of these rights is free of charge. Nevertheless, in the event of a request which proves to be unfounded or excessive, the Company reserves the right to (i) request the payment of administrative costs incurred, or (ii) refuse to take any further action.
9. What should you do in the event of a breach of your data?
In the event of a breach of your Personal Data which could threaten your rights and freedom, the Company will notify the CNIL (French IT & Liberties Protection Body) as soon as possible of this breach and, where feasible, no more than 72 hours after learning of said breach. The Company will also notify the User without delay, in accordance with the provisions of Article 34 of the GDPR.
Without prejudice to any other form of administrative or legal recourse, the User, who deems that the processing of their Personal Data constitutes a violation of the legal provisions in effect, may file a complaint with a competent inspection body, such as the CNIL (French IT & Liberties Protection Body).
10. Who can you contact?
For all queries regarding the processing of their Personal Data and the exercise of their rights, Users may contact our dedicated department at the following address: firstname.lastname@example.org