The company Les Grands Chais de France, acting in the name and on behalf of all its subsidiaries (hereinafter "GCF"), undertakes as Data Controller, within the meaning of the General Data Protection Regulation (EU) No. 2016/679 of 27 April 2016 (known as the "GDPR"), to respect the right to privacy, and in particular personal data, of any person communicating information by any means (contract, email, mail, its websites, social networks,...).
Personal data (hereinafter referred to as "Personal Data") is any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject").
An "identifiable natural person" is someone who can be identified, directly or indirectly, in particular by reference to a name, an identification number, location data, an online identifier, or one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
● To determine the purpose and legal basis for the processing of Personal Data;
● To inform about the way GCF processes Personal Data. In most cases, this includes first name, last name, postal address, e-mail address, telephone number, and information relating to professional life, such as the name of the company and the position held within it;
● To indicate the rights that data subjects have with respect to their Personal Data.
1. Purpose of the processing
We collect Personal Data about you for the purposes of:
● Responding to your queries: dealing with any communication, request, message, complaint or claim you make about our products and/or services;
● The signing and execution of a contract: in order to be able to indicate the signatory of the contract, and to be able to execute all contractual obligations resulting from a commitment between our relevant company and its Interlocutor;
● Complying with our legal and fiscal obligations;
● To meet GCF's legitimate interest:
- For anti-corruption, anti-fraud, anti-money laundering and anti-terrorist financing procedures (AML/CFT);
- For the proper management of commercial, business or administrative relations with the Interlocutors of our relevant company;
- For legal claims, as well as debt collection via extrajudicial procedures
- To ensure the safety of goods and people, the security of IT systems and networks.
We strive to ensure the accuracy of your Personal Data and to avoid duplication in our database. We do this by updating our database with the information you have provided to us. Therefore, you should ensure that the information you provide to us remains accurate and up-to-date.
2. Legal basis for the processing
We only use your Personal Data in the cases provided for by the regulations in force:
● The performance of a contract that a person has entered into with GCF;
● The compliance with a legal obligation;
● The consent of the data subject;
● The existence of a legitimate interest in using the Personal Data. Legitimate interest is a set of commercial or business reasons that justify GCF's use of your data.
3. Recipients of personal data
The recipients of this data are GCF and GCF's subcontractors if necessary.
GCF ensures that the recipients of the data offer serious guarantees of security and confidentiality regarding to the Personal Data transmitted to them by GCF.
4. Data transfer outside the European Union
In principle, Personal Data is processed exclusively within the European Union.
In the event that it is transferred outside the European Union, GCF will take all necessary steps to ensure its protection.
Thus, GCF will ensure that Personal Data is protected during the transfer, and that third parties respect a high level of protection of Personal Data, in accordance with European requirements (such as the European Commission's Standard Contractual Clauses, and/or technical and organisational measures to attest the existence of appropriate safeguards).
5. Retention of personal data
The active Personal Data are kept and used for a period of time in accordance with the legislation in force or for a reasonable period of time defined by GCF in accordance with the type of data processed and the purpose of the processing.
Inactive Personal Data is either destroyed immediately or archived and kept within the legal deadlines.
Unless otherwise required by law, any data subject may request the erasure or modification of his or her Personal Data at any time.
GCF will implement all technical and organisational measures necessary to protect the confidentiality and security of Personal Data processed by GCF.
These measures include keeping Personal Data in secure operating environments, which are not accessible to the public and which are only accessible to authorized GCF personnel and specially authorized agents and contractors.
6. Rights of data subjects
In accordance with French and European standards relating to the protection of Personal Data, and particularly the GDPR, any person concerned has a right of access, rectification, limitation of processing, erasure, opposition to processing and portability.
Furthermore, any data subject has the possibility to withdraw his or her consent for processing operations requiring it. In this way, the data will be deleted.
These rights apply subject to compliance with legal or contractual obligations or legitimate interests to the contrary.
7. Contact details of the Data Protection Officer
We inform you that a Data Protection Officer has been appointed for GCF. The role of the Data Protection Officer is to ensure the proper implementation of national and supranational provisions relating to the processing of Personal Data.
A data subject who wishes to exercise his or her rights under the GDPR may contact the Data Protection Officer of GCF :
● By email to: email@example.com
● Or by post to the following address:
Les Grands Chais de France
Data Protection Officer
1, rue de la Division Leclerc
67290 PETERSBACH - France
8. Right to lodge a complaint with the supervisory authority
Data subjects also have the possibility to submit their complaints to the Personal Data Control Authority.
In France, any person may contact the Commission Nationale de l'Informatique et des Libertés (the "CNIL"), whose website can be accessed here: https://www.cnil.fr/.
For other states, a full list of local data protection authorities can be found on the following institutional website: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
Updated on 30/06/2022