APPLICABLE FROM SETPTEMBER 2020
We value your privacy and the protection of your personal data.
This policy informs you about how your data are collected and used in connection with the site accessible at www.phosphea.com (the “Site”) and/or in connection with any contact with our Company, in accordance with the “Information Technology and Freedoms” Act No. 78-17 of January 6, 1978 and the European regulation in force resulting from the General Data Protection Regulation 2016/679 of April 27, 2016 (“GDPR”).
on the protection of your personal data
- Data controller and recipients of personal data
The personal data collected (“Data”) in connection with the use of our Site and more generally, in connection with contacts you may have with our Company, are processed by [name + address of the data controller], as the data controller (“Data Controller”).
Data means any information relating to an identifiable natural person, directly or indirectly, including by reference to an identifier such as a name, an identification number, location data or an online identifier.
Depending on the processing purpose, the Data collected and/or transferred are intended to be used by the Data Controller; the Data Controller’s support services (purchasing/sales administration, sales, logistics, credit management, HR, IT accounting and marketing) shall have access to them. They will also be made available to the following service providers (“data processors” or “third party recipients” as defined in the regulation) for the strict needs of their mission, in particular:
- technical service providers: communication agency, website hosting company of our Site (legal notices available HERE);
- financial/accounting service providers: auditors, banks;
- logistics service providers: carriers;
Access is strictly governed by the existing security policies so that human intervention on the Data is very exceptional. The Data Controller may be required to disclose your Data to third parties in cases where such communication is permitted and required by law or a court decision, or if such communication is necessary to protect and defend its rights.
Otherwise, your Data shall not be transferred or made available to any third party without your prior consent.
The Data Controller does not transfer your Data to a third country outside the EEA. In the event of a transfer outside the EEA, such transfers shall be governed by appropriate guarantees, such as the standard clauses required by the European Commission.
- Data collection purposes
The Data that is required to respond to your contact, to conduct commercial relationships with our Company, in particular the contract of sale of the products and/or services presented on the Site, or to meet a regulatory obligation, shall be reported to you as such when collected.
The following Data are processed:
- For the needs of the performance of your contract or a contract entered into by the company that you represent (execution of the obligations, invoicing, monitoring of the performance of the contract, delivery, after-sales services and claims, management of the client file, debt management and litigation, organization of contests, lotteries or any promotional operation based on your participation);
- In order to take steps at requests prior to entering into a contract (management of the candidates’ applications, request for information on our group or the drawing up of estimates);
- To meet our legal, accounting and tax obligations (in particular keeping accounting reports, managing of the exercise of your rights as a data subject, keeping a list of the persons who object to direct marketing);
The Data shall be used in different ways, depending on why you visited the Site:
- On the basis of your consent, which you may withdraw at any time without calling into question the initial legality of the use of your Data ( infra, Art. 3 “Your Rights”), for sending newsletters;
- For the purposes of the performance of the commercial relationship and in particular the sale or provision of services contract you have entered into or that of the supply contract (creation of customer or supplier accounts, fulfillment of orders, invoicing, monitoring of the performance of the contract, delivery, after-sales and complaints, organization of satisfaction surveys, customer or supplier file management, unpaid invoices and litigation management);
- To process and respond to requests that may give rise, where appropriate, to the conclusion of a contract (request for information);
- To meet legal, accounting and tax obligations (in particular the retention of accounting supporting documents; management of rights, rectification and objection requests; maintenance of a list of objections to canvassing), or to establish, exercise and defend legal rights.
Unless you object, and within the limits of your interests and rights, to meet the legitimate needs of the Data Controller, in particular:
- Canvassing, customer relationship monitoring and customer loyalty (which in particular involve sending commercial messages or news about products, services and offers presented on the Site or off the Site);
- Creation of customer/supplier accounts by performing all due diligence necessary to protect the Data Controller’s interests and to prevent conflicts of interest;
- Site optimization (analysis of the navigation route, identification of mass connections, determination of search trends so that the offers made can be adjusted to the demand)
- Carrying out reach-out operations to develop sales;
- Management of people’s opinions about products, services or content in the interest of improving the products and services offered on the Site or off the Site;
- Personalization of the customer experience on the Site;
- Preparation of statistics (sales in particular), in order to analyze the sales activity;
- Management of the prospects file in order to develop sales;
- Completion of satisfaction surveys;
- To combat payment fraud.
- About cookies
Various cookies are used on the Site to improve interactivity between you, the Site and the services offered.
- Your rights regarding the Data
The persons whose Data are processed by the Data Controller have a right of access, rectification of erroneous personal Data, and, in the cases and according to the limits laid down in the regulation, objection, erasure of some of their Data and a right to withdraw their consent, restrict use thereof, define their fate after their death, or request their portability for transmission to a third party.
To exercise your rights, simply write to one of the two addresses stated in Article 6 below and enclose, if necessary, any document which proves your identity and justifies your request.
- Length of retention of the Data
Your Data shall be retained for a period not exceeding that required for the purposes for which they are collected, and in particular for the following periods:
- For a period of 3 years following the last contact, and then kept in intermediate archives for the duration of the applicable legal requirement (5 years) for all data except banking data and cookies;
- For a period of 13 months from their storage/creation for cookies.
At the end of these periods, the Data shall be erased from the active databases and, if necessary, archived for a period not exceeding the applicable statutory limitation periods or archiving obligations. Once these periods have expired, the Data will be destroyed.
- Contact the data protection officer (DPO)
For any further information or difficulty relating to the use of your Data, you can contact the data protection officer by email at firstname.lastname@example.org or by postal letter at the following address Phosphea, 57 Boulevard Jules Verger 358000 Dinard. In the event of an unresolved difficulty or any complaint relating to the processing of your data, you can refer the matter to the CNIL, by email at: https://www.cnil.fr/fr/agir or by postal letter at the following address:
Commission Nationale de l’Informatique et des Libertés,
3 Place de Fontenoy – TSA
75334 PARIS CEDEX 07.
on the PROTECTION of your HR data (COLLECTION FOR AN UNSOLICITED APPLICATION OR IN RESPONSE TO A JOB OFFER)
We are committed to privacy and the protection of personal data in accordance with the applicable laws and our commitment to ethics and compliance.
Your Data are processed on the basis of your consent. By making an unsolicited application, you permit the Data Controller to process and collect your Data.
All of your Data shall be processed for recruitment purposes, in particular to determine the suitability of your experience and qualifications for the positions available on the date you submit your application.
With your agreement, after the time required to review your application, your Data may be retained within the pool of applications of the Data Controller and its affiliates and for the purpose of sending alerts, for the maximum duration specified below.
The information collected is stored in the territory of the European Union and shall not, without your consent, be transferred to a third country. Only people involved in recruitment processes (recruitment department, human resources department, Management) shall have access to your Data.
Your Data shall be kept, in an active and then in an intermediate archive, for a maximum period of 2 years from your application or until you ask the Data Controller to erase them.
In accordance with applicable national and European provisions, you have a right of access to your personal Data, the right to request rectification, erasure or portability of the Data, as well as the right to request limitation of the processing of your Data and to withdraw your consent. You may also object to alerts sent to you by email at any time.
To exercise your rights or for any further information or difficulty relating to the use of your Data, you can contact the data protection officer by email at [contact address/dpo] or by postal letter at the following address [postal address] In the event of an unresolved difficulty or any complaint relating to the processing of your data, you can refer the matter to the CNIL, by email at: https://www.cnil.fr/fr/agir or by postal letter at the following address:
Commission Nationale de l’Informatique et des Libertés,
3 Place de Fontenoy – TSA
75334 PARIS CEDEX 07.
You must ensure that the documents submitted as part of your application (information entered directly or attachments) do not contain any sensitive information.
Information that directly or indirectly reveals belonging or non-belonging, whether true or assumed, to an ethnic or alleged race; morals; sexual orientation or life; political, religious or philosophical opinions; health condition; union or mutualist activity; any criminal convictions or offenses; your social security number; is considered sensitive.