This privacy policy details SAIPOL’s (the “Company”) policy regarding personal data on the website https://www.saipol.com (the “Website”). This Policy applies to all information provided by you, or collected by us during your browsing on our Website, in accordance with the regulations in force in France regarding personal data pursuant to law No. 78-17 of 6 January 1978 relating to information technology, files and freedoms, known as the Data Protection Act and the EU Regulation 2016/679 of 25 May 2018 on data protection known as the “GDPR”.
This Privacy Policy is intended to inform individuals accessing the services offered on our Website (hereinafter “Users”) on how we collect, use and share their personal data.
You will be notified of any changes or updates to this privacy policy. Your active consent to the new privacy policy will be required in order to continue using the services offered by the Company.
1. Who is responsible for your personal data?
The data controller, who collects and manages your data, is the company SAIPOL, S.A.S. with a share capital of €6,598,960, registered in the PARIS Trade and Companies Register under no. 388 021 156, whose registered office is located at 11-13 rue de Monceau – 75008 Paris, represented by its chairman Olivier DELAMEA.
2. What personal data is collected?
We remind you that personal data is any information relating to an identified or identifiable natural person, directly or indirectly.
When you browse the Website and use the various services offered by the Company, you consent to our collecting the following categories of data:
• Civil status: Full name, Postal address, Email address, Telephone number;
(hereinafter “Personal Data”).
You agree to provide current and valid Personal Identification Data as part of the information requested on the Website and warrant that you will not make any false statement or provide any erroneous information.
3. How and why is your Personal Data collected?
3.1. Personal Data collection methods
You consent to the collection of your Personal Data by the Company when you complete the following documents:
• Contact form
3.2. Legal basis for data collection and processing
Your Personal Data is collected on the following legal grounds:
• The specific, free and informed consent of the User (in particular for the subscription to the Newsletter);
• Fulfilment of a legal obligation incumbent on the Company;
• The execution of a contract concluded between the Company and the User (in particular for the execution of the general conditions of use/sale);
• The legitimate interest of the Company (in particular to ensure the security of transactions)
4. For what purposes is your Personal Data collected?
4.1. General
Mandatory Personal Data is data that is strictly necessary for the processing or your requests. In the absence of such data, the User is informed that certain services offered by the Company may not be provided. The compulsory nature of the information requested is indicated at the time of collection.
The optional Personal Data collected by the Company is intended to get to know you better and to improve your browsing experience on the Website.
4.2. List of purposes
Your Personal Data is collected and processed for the following purposes:
• Contact and support;
• Commercial prospecting;
• Customer and stakeholder relationship management
Users are informed that, subject to their prior, specific and positive consent, the Personal Data transmitted may be transferred to commercial partners of the AVRIL Group and/or to companies belonging to the AVRIL Group, in order for the latter to inform Users about their offers and services.
5. Who has access to your Personal Data?
5.1. The Company’s staff
Your Personal Data is intended for persons duly authorised to process it within the Company, in particular, and depending on the nature of the processing and the type of data, the persons in charge of the sales department, customer service, the quality department, the communication/marketing department, the administrative department, the logistics and IT departments.
5.2. The Company’s subcontractors
In the context of carrying out its activities and providing its services, the Company uses subcontractors. Subcontractors:
• process your Personal Data on its behalf and on its instructions,
• provide sufficient guarantees that appropriate technical and organisational measures have been implemented to ensure the security and confidentiality of your data.
In cases where the Company uses subcontractors located in countries offering levels of protection that are not equivalent to the level of protection of personal data in the European Union, the Company undertakes to ensure that the said transfer is governed by the EU Data Privacy Shield or by the signature of standard contractual clauses established by the European Commission or by the establishment of internal company rules (“BCR”).
6. How long is your Personal Data stored?
The Company stores your Personal Data for the time strictly necessary to fulfil the purposes for which they are collected and processed, such as the management of the commercial relationship or payment.
Beyond this period, your Personal Data may also be archived with restricted, limited and justified access for the time necessary (i) to comply with the Company’s legal and regulatory obligations, and/or (ii) to enable it to assert a legal claim, before being permanently deleted.
7. How does the Company ensure the security and confidentiality of your personal data?
The Company is committed to processing your Personal Data in a manner that is:
• lawful,
• loyal,
• transparent,
• proportionate,
• relevant,
• within the strict framework of the aims pursued and announced,
• kept for as long as necessary for the treatments being carried out,
• secure.
The Company implements and maintains appropriate technical and organisational measures to ensure the security and confidentiality of your Personal Data by preventing it from being distorted, damaged or communicated to unauthorised third parties.
8. What are your rights to your Personal Data?
You may, upon written request, access your Personal Data, request its modification or rectification, or request that it no longer be included in the Company’s database.
Under the right of access, you are entitled, in accordance with Article 15 of the GDPR, to request from the Company (i) disclosure of your Personal Data in an accessible form, (ii) confirmation that your Personal Data is or is no longer being processed, (iii) disclosure of the purposes of the processing, the categories of Personal Data processed and the recipients to whom your Personal Data is disclosed, and (iv) the period of retention of your Personal Data, or the criteria used to determine that period.
In accordance with Article 16 of the GDPR, the right of rectification gives you the right to require the Company to rectify, complete or update your Personal Data if it is inaccurate, incomplete, ambiguous or out of date.
Under the conditions set out in Article 17 of the GDPR, you have a right to the erasure of your Personal Data, allowing you to request the Company to erase your Personal Data as soon as possible, in particular when it is no longer necessary for the purposes for which it was collected.
You also have the right to limit the processing of your Personal Data in the cases listed in Article 18 of the GDPR. You can request that your personal data be stored only for the purposes of:
• verifying the accuracy of the Personal Data you are disputing,
• assisting you in the context of establishing, exercising or defending your rights in court, even if the company no longer has any use of the data,
• verifying whether the legitimate reasons pursued by the controller prevail over yours in the event that you object to processing based on the Company’s legitimate interest,
• complying with your request to restrict the use of your data – rather than erase it – if the processing of your data is unlawful.
In the circumstances set out in Article 20 of the GDPR, you have a right to the portability of your Personal Data, allowing you to retrieve from the Company the Personal Data you have provided to it, in a structured, commonly used and machine-readable format, for the purpose of transferring it to another controller.
In accordance with Article 21 of the GDPR, you have the right to object, at any time, to the processing of your Personal Data for commercial prospecting purposes.
To exercise your rights of access, rectification, deletion, limitation, portability and opposition mentioned above, you just have to send your request by e-mail to the following address: : gdpr@groupeavril.com
The Company will provide the person exercising one of these rights with information on the measures taken as soon as possible and in any event within one (1) month of receipt of the request. This period may be extended by two (2) months, taking into account the complexity and number of requests.
If the Company does not comply with the request, it will inform the person as soon as possible, and at the latest within one (1) month of receipt of the request, of the reasons for its inaction and of the possibility of lodging a complaint with a supervisory authority and of lodging a judicial appeal.
The exercise of these rights is free of charge. However, in the event of a manifestly unfounded or excessive request, the Company reserves the right to (i) charge a fee reflecting administrative costs, or (ii) refuse to comply with such requests.
9. What remedies are available in the event of a data breach?
In the event of a breach of your Personal Data that may pose a risk to your rights and freedoms, the Company shall notify the CNIL (French Data Protection Authority) of the breach as soon as possible and, if possible, no later than 72 hours after becoming aware of it. The Company will also inform the User of such breach as soon as possible in accordance with the provisions of Article 34 of the GDPR.
Without prejudice to any other administrative or judicial remedy, the User who considers that the processing of his Personal Data constitutes a violation of the provisions of the legislation in force may lodge a complaint with a competent supervisory authority such as the CNIL.
10. Do you have any questions?
For any questions concerning the processing of their personal data and the exercise of their rights, Users may contact our dedicated service at the following address: gdpr@groupeavril.com