ePrivacy and GPDR Cookie Consent by Cookie Consent Privacy and personal data protection policy | Sofrigam

Privacy and personal data protection policy

Last updated: 8 September 2020
 

We aim to protect your personal data as fully as possible in accordance with the rules, procedures, recommendations and good practice set out in relevant legal and regulatory provisions at both the European and local levels, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on personal data protection (known as the “GDPR”), which came into force on 25 May 2018.
 
This Privacy and Personal Data Protection Policy (hereinafter, the “Personal Data Policy”) explains what we do to protect personal data. It describes how your data is processed and the precautions taken to protect it, as well as reminding you of your rights and how you can assert them.
 

1. WHO IS THE DATA CONTROLLER? 

The Data Controller is: Sofrigam, 1 rue de l'Union, CS20137, 92565 Rueil-Malmaison Cedex, France.

Hereinafter, the company will be referred to as “Sofrigam” or “Us” or “Our Company”. 
 

2. READING THE DOCUMENT BASED ON YOUR RELATIONSHIP WITH SOFRIGAM

To be as transparent as possible about how we manage personal data, we have decided to produce a single document summarising all the personal data processing carried out by Our Company.
 

3. WHAT DATA PROCESSING DO WE CARRY OUT?

We collect both identifying and non-identifying personal data, as well as electronic identification data about the device used to access the Sofrigam.com website (hereinafter, the “Website”).

A. DATA COLLECTED WHEN YOU INTERACT WITH SOFRIGAM

Subject to the choices you have made, we may collect the data you provide when you visit our cookie-using Website, contact Us by any means (email, telephone, contact form, etc.), fill in a form or questionnaire, create a customer account in “My Account”, review one of our products, subscribe to the newsletter, request a callback, or share a product page with friends.

We may collect your first name, surname, email address, postal address, company name and, if necessary, your telephone number, IP address, connection and browsing data, order history, preferences and interests, products viewed, delivery issues or complaints. This list is non-exhaustive as what we collect depends on your interaction with Us.

Regarding payment and processing for product orders, user banking data is collected and stored by Sofrigam’s payment provider (name of provider).

Sofrigam and the Sofrigam Group use personal data to market and promote products and services. Data is only used within the strict limits defined by current legislation.

No sensitive personal data is collected or used. This includes details about racial or ethnic origins; political, philosophical or religion beliefs; union membership; health or sex life.

To ensure your data is managed as scrupulously as possible, only share information that is complete, correct, up to date and does not prejudice the interests or rights of third parties.

B. DATA COLLECTED WHEN YOU BROWSE OUR WEBSITE

Certain data is also collected when users (hereinafter, the “User(s)”) browse the Website through the use of “cookies”. Details about cookies and how to remove them can be found in the “Use of Cookies” section below and in the Cookie Policy on this Website.

This data allows Us to identify the device used to access the Website. It is generally not enough to identify an individual User.

Please see the “Cookies” section below for more information. You can also find more details using this link (HYPERLINK) to our Cookie Policy.

C. WHAT IS YOUR PERSONAL DATA USED FOR?

Personal data collected by Sofrigam is treated as confidential. It is only used for the purposes of ensuring our systems and management processes are properly administered, facilitating our relationship with you, and possibly marketing activities.
 
The purposes of the processing we carry out are summarised in the table below:

Purposes Data retention period Details
Managing the customer relationship (customer account, sending emails)

3 years after the most recent contact 

We process the data needed to create your customer account and give you information following contact with our management service or a complaint. 
Subscribing to our newsletter and issuing digital communications 3 years after the most recent contact

If you subscribe to our newsletter, we can send you communications about our latest news.

You can object to receiving our communications at any time by following the instructions in any of our messages.

Analysing Website User behaviour and targeted advertising

3 years after the most recent contactt

Except for cookies and other trackers: 13 months

Certain information about how you browse our Website, the sections you visit and your order history may be collected to determine your preferences. The aim is to send you communications that suit your profile and interests.
Browsing the Website and optimising the User experience   The maximum browsing session is 13 months

We use cookies and similar technologies to collect data when you browse online. This allows Us to ensure our Website works properly and give you the best possible experience of our services including creating and securing your connection. 

Some cookies also indicate how the Website is being used and performing so that we make our services more intuitive.  

For more information, please see our Cookie Policy.

Preventing fraud 3 years after an incident or report  We are obliged to use the relevant protocols to prevent any fraud attempts and ensure that payments are secure. 


D. WHAT ARE THE LEGAL GROUNDS FOR PROCESSING YOUR PERSONAL DATA?

We use the legal basis set out below to be able to process personal data:

  • Our legal obligations  

To manage purchases, customer personal data processing is based on Sofrigam’s legal obligations in the context of our relationship with customers.

  • Your consent  

For creating customer accounts, sending newsletters and communications tailored to Users, and analysing Website performance and User behaviour, personal data processing is based on your consent. 

You can inform Us that you no longer want Us to process your personal data at any time. You can withdraw your consent by contacting Sofrigam’s Data Protection Officer (DPO):
By email: privacy@sofrigam.com
By post: SOFRIGAM, 1 rue de l'Union, CS20137, 92565 Rueil-Malmaison Cedex, France

We will then delete your personal data as soon as possible, unless a legal obligation forces Us to do otherwise. We will inform you if this is the case.

  • Our legitimate interest 

To prevent fraud, detect bugs and optimise the online browsing experience, our personal data processing is based on Sofrigam’s legitimate interest.

E. PERSONAL DATA POLICY FOR VULNERABLE INDIVIDUALS

Some of our services may be used by minors without Us being aware. If information is collected about a minor or someone who is unauthorised in the eyes of the law, the minor/unauthorised person’s legal representative can contact Sofrigam to have this personal data immediately erased, rectified or amended in accordance with Article 8 of the Personal Data Policy. 

F. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

Your personal data may be shared with the following recipient categories:

  • Internal Sofrigam services including the IT, logistics, accounting and marketing departments. 
  • Technical and operational service providers outside Sofrigam who provide support and tool management, such as our online payment services, IT and hosting providers. These are mostly “Data Processors” within the meaning of the GDPR. They have agreements with Sofrigam that determine how personal data is managed and guarantee that all the provisions needed to keep data secure are in place. This means the entire data processing chain is controlled and managed.
  • Legal or administrative authorities legally entitled to request data in accordance with current legal and regulatory provisions.
  • Your data may be shared with certain Sofrigam partners for specific purposes. This only happens if expressly permitted by law and with your prior consent, including for purposes naturally arising from your relationship with Sofrigam. If other kinds of processing are envisaged, they can only take place after you are informed and have submitted your choice clearly and unambiguously, and, if needed, with your formal consent.
  • To collect information for the purposes of analysing the Website’s audience and improving its content, your personal data may be shared and stored by Google on its servers within the context of Google Analytics tool usage. Google may forward this data to third parties if legally required to do so or they have a partnership in place. You can stop this tool being used by changing the relevant settings in your browser or on the Website settings banner. However, this may prevent some features working correctly. For more information about the confidentiality rules surrounding the use of Google Analytics, or if you want to deactivate the tool by installing the appropriate additional Google module, click the following link:: https://policies.google.com/technologies/partner-sites?hl=en-GB.
     

4. THE SPECIAL CASE OF COOKIES AND OTHER TRACKERS 

USE OF COOKIES AND TRACKERS

Website cookies

Every Website page uses “cookies” or trackers. These are now used universally by websites and enable companies to collect certain (mostly technical) information and identify users. Cookies are generally described as files generated by a website and stored on your browser to record your browsing activity. Most cookies store the cookie’s domain name of origin, lifespan and a random unique number.

Sofrigam may use cookies generated as standard by its web tools when a User accesses the Website. 
You are told when you visit the Website that a cookie may be installed on your browser (either automatically for functional cookies needed for the Website to work or based on your choices). The cookie is stored on your device’s hard drive. It can be accessed by our tool when you next visit our Website. The maximum period Sofrigam will store this information for is thirteen (13) months, in accordance with recommendations from France’s data protection authority, the CNIL.

You can reject cookies by changing your browser settings. Details about how to reject cookies can be found in our Cookie policy and on the CNIL website: https://www.cnil.fr/en/home.

Please note that if your browser is set up to reject all cookies, you may have technical issues and find your browsing experience impaired. You may not be able to carry out all the operations available, including accessing some of the features designed to facilitate your browsing experience on our Website. 

You will find all the necessary information about how we use cookies in our “Cookie Policy”. This policy is also available via the hyperlink in our cookie banner, which is the text that appears on your screen when you visit our Website until you click the link and indicate that you are aware of and accept our Cookie policy. Our Cookie Policy can also be accessed at the bottom of our Website pages.

Audience analysis tool

We use Google audience analysis tools which themselves use cookies. More information is available in the Cookie policy mentioned above.
 

5. PERSONAL DATA RETENTION PERIOD

Your personal data is retained for the period required for processing, and, unless there is an explicit or legally permitted exclusion, for a maximum of three (3) years after it is collected or our most recent contact with you. Electronic identifying data (cookies) is retained for thirteen (13) months after it is collected. Any personal data relating to a request to exercise your rights under the GDPR is retained for one (1) year as proof.

In accordance with the above legal exceptions, your personal data may be retained as proof in line with current legal and regulatory provisions (including those in France's Civil Code, Consumer Code and Social Security Code).
 

6. PERSONAL DATA SECURITY

Sofrigam is scrupulously vigilant and takes appropriate technical measures, including those recommended by the CNIL, to reduce the risk of security incidents involving personal data and their consequences for data subjects. These consequences may involve anything from mere inconvenience to misappropriation, intrusion, disclosure or tampering, which can cause serious harm. Sofrigam has therefore introduced various mechanisms to minimise these risks, including best-practice technical tools, to keep information secure. Information about these technical measures can be provided on request to correspondents and contacts with a legitimate interest, subject to the usual confidentiality and security rules. The measures envisaged include information barriers, firewalls, access control protocols, cryptography, etc. Sofrigam guarantees that, at the very least, data access is controlled and restricted to individuals who are authorised to know about or access it because of their role and who have been specially trained in data protection issues. If processing poses a risk, extra security measures are introduced.

However, the User recognises and accepts that although Sofrigam uses these mechanisms and professionals who are experts in these measures, it cannot eliminate all the risks surrounding Website functioning, such as malicious attacks on it by particularly well-equipped units. Sofrigam must therefore draw your attention to any risks that may arise in extreme circumstances, despite the precautions taken, regarding a one-off loss or a breach of confidentiality affecting data travelling across networks. Sofrigam has set up a specialist monitoring team of its technicians and representatives from internal services that may be exposed to these risks, plus qualified external consultants. This team stays abreast of developments, particularly regarding recommendations from the CNIL, the new European Data Protection Board (EDPB) and the National Cybersecurity Agency of France (ANSSI). Sofrigam also has a Crisis Management Committee ready to take all the necessary technical and legal measures and issue the notifications legally required as quickly as possible and within the timeframes required by law to protect data subjects’ interests.
 

7. WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?

In accordance with the General Data Protection Regulation, you have the following specific rights: 

Right of access (Art. 15 of the GDPR): you have the right to access the personal data about you collected by Sofrigam and to check:
- that processing carried out is in line with the purposes set out in this Personal Data Policy, 
- that the categories of personal data concerned by processing are limited to those expressly mentioned in the Personal Data Policy, 
- that the recipients to whom the data is disclosed are those mentioned in the Personal Data Policy. 

Right to rectification (Art. 16 of the GDPR): you have the right to obtain from Sofrigam without undue delay the rectification of inaccurate personal data we hold and complete personal data that is incomplete. 

Right to erasure (Art. 17 of the GDPR): you can require the erasure of personal data about you that is inaccurate, incomplete, vague, or out of date, or where its collection, use, sharing or storage are unnecessary or illegal. 
We will look into your request and respond within one (1) month. If it is especially complex or we are receiving more requests than usual, we may inform you that your request will be delayed for two (2) months and provide justification. We will always respond within three (3) months. 

Right to restriction of processing (Art. 18 of the GDPR): you can ask Sofrigam to restrict the processing of your personal data where permitted by applicable texts:  - You contest the accuracy of the personal data we hold about you; or
- You believe our processing of your personal data is unlawful; or
- We must retain your personal data for the establishment, exercise or defence of legal claims.

Right to portability (Art. 20 of the GDPR): you have the right to receive personal data about you in a structured, commonly used and machine-readable format, and to transmit the data to another Data Controller where processing is based on consent or a contract and is carried out by automated means.

Right to object (Art. 21 of the GDPR): you have the right to object to the processing of personal data about you in certain situations, such as the deletion of a customer account. However, if your request does not concern processing for marketing purposes, Sofrigam can block it with compelling legitimate grounds to retain the data.

Automated individual decision-making (Art. 22 of the GDPR): you have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you and can complain to supervisory authorities (the CNIL for France; remember that you may eventually have to take your complaint to the authority in the Member State where your habitual residence or place of work are located, or where the violation occurred). 

You can exercise all the rights and prerogatives set out in the above texts at any time by emailing privacy@sofrigam.com or writing to Sofrigam, 1 rue de l’Union, 92565 Rueil-Malmaison Cedex - France with your full name, email address and, if possible, your customer reference. 

Please note that rights are strictly individual and can only be exercised by the data subject regarding their own information. In accordance with current legislation, your request should include an address for the response to be sent to and a photocopy of proof of identity. 
 

8. CHANGES TO THE PERSONAL DATA POLICY AND FURTHER INFORMATION

Sofrigam reserves the right to amend this Personal Data Policy at any time. 
Changes come into force when they are uploaded and will be highlighted at the top of the page.
If our Personal Data Policy changes significantly (e.g. data collection purposes are amended), you will be informed. You will be asked to consent to the change so that we can continue to carry out the processing to which you have consented.
The User should therefore check the Personal Data Policy frequently to become aware of any changes.  

If you have any questions about this Privacy and Personal Data Protection Policy, you can contact Us at any time by emailing privacy@sofrigam.com or writing to: Sofrigam 1 rue de l’Union, 92565 Rueil-Malmaison Cedex - France. 

For more information about personal data protection in general, or you believe that Sofrigam has not followed up sufficiently on your questions or rights, please visit the CNIL website: www.cnil.fr.