1. WHO ARE WE?
1.1 Data controller
The following information is provided to you to explain the commitments for the protection of personal data of Savencia Produits Laitiers International a company whose registered office is located at 91 rue Joseph Bertrand - 78220 Viroflay - France, acting as the data controller for the processing of personal data described in the present document and designated the “Data Controller” or “we”.
1.2 Our data protection policy
The Data Controller has designated a person responsible for data protection whom you may contact by email at the following address: donneespersonnelles-spli@savencia.com or by post at the following address: Savencia Produits Laitiers International - 91 rue Joseph Bertrand - 78220 Viroflay - France.
The data protection officer may be contacted at the following address: dpo@savencia.com.
2. THE PERSONAL DATA WE PROCESS
In the framework of processing of personal data, the Data Controller collects and processes the following data: Company name, title, name, forename(s), email address, telephone number, function, IP.
The data marked with an asterisk in our forms must be provided. Otherwise, the service associated with the form may be provided to you.
3. THE PURPOSES AND LEGAL BASES OF OUR PROCESSING OF PERSONAL DATA
3.1 The purposes of our processing
The data processing that we implement is to ensure the following purposes:
- Management of Website content;
- Monitoring of customer relations and customer complaints;
- Management requests from the contact form;
- Statistics and reporting.
3.2 The legal bases for our processing
We only process personal data if one at least of the following conditions is met:
- your consent to the processing operations has been obtained;
- the execution of a contract which binds us to you requires that we implement the processing of personal data concerned; we are bound by legal and regulatory obligations which require the implementation of the processing of personal data concerned;
- the existence of our legitimate interest, or that of a third party, justifies that we implement the processing of personal data concerned. The legitimate interests which are pursued by the Data Controller may in particular consist in allowing the continuity of his activity, improving the consumer experience, building consumer loyalty, understanding consumer expectations, managing user requests.
4. THE RECIPIENTS OF YOUR DATA
The personal data we collect at present or subsequently are destined for our use as the Data Controller.
We will ensure that only authorised persons may have access to that data. Our subcontractors and service-providers may receive that data for performance of the services we confer on them.
Your personal data may be compared or shared between all the Data Controller’s parent or associated companies and subsidiaries. They may be communicated to those entities for the purposes described in the present notice, in accordance with the applicable regulatory requirements and in such a manner as to ensure protection of your data and civil liberties.
5. TRANSFER OF YOUR DATA
As part of the services offered, we transfer your personal data to recipients located in the following countries:
France, South Africa, Argentina, Australia, Brazil, Cambodia, Canada, Chile, South Korea, the United Arab Emirates, Japan, Lebanon, Mexico, New Zealand, Serbia, Taiwan, Ukraine.
Each of these transfers is governed by legal instruments that comply with the applicable legal framework.
Some of the countries listed benefit from an adequacy decision, which means that they offer your personal data a degree of protection equivalent to that which is in effect in the territory of the European Union.
Data transferred to our service providers in the United States is Privacy Shield EU-US certified, ensuring a sufficient level of protection.
The Data Controller establishes binding corporate rules (BCR) with the various subsidiaries based in countries outside the European Union and whose State does not benefit from an adequacy decision.
Transfers to other countries are subject to the appropriate safeguarding measures. The binding corporate rules (BCR) have indeed been established for all data transfers mentioned in this paragraph.
6. THE PERIOD(S) FOR WHICH WE RETAIN YOUR DATA
The period(s) for which we retain your data are proportionate to the purposes for which we collected them. Our retention policy is thus organised as follows:
- Purpose of processing: Cookies.
- Prospecting: 3 years* from the time of your last contact or, where applicable, from the end of the business relationship extended by the period of legal requirements.
- Customer: in the context of signed contracts, the data is stored for the duration of the business relationship increased by the period of legal requirements.
- Retention period: Refer to the Cookie Policy
- Cookies: 13 months from their installation on your device
- In the event of the exercise of rights of access, rectification, erasure, restriction, data relating to identity documents and information enabling these rights to be taken into account: 1 year from receipt of the request.
- In the event of exercise of the right of opposition to processing, data identifying the data subject and enabling processing of the right exercised: 6 years from receipt of the request
- If the right to object is exercised, the data relating to identity documents and information making it possible to take into account the right to object: 6 years from receipt of the request.
- Requests made using the contact form: During the processing of the request plus the statutory limitation period
The retention periods presented may be increased by the applicable legal limitation periods.
7. YOUR RIGHTS
7.1 Exercise of your rights
You may exercise your rights by email sent to the following address: donneespersonnelles-spli@savencia.com
or by letter sent to the following address: Savencia Produits Laitiers International - 91 rue Joseph Bertrand - 78220 Viroflay -France
For that purpose, you must provide your surname, forename(s) and the address at which you wish to receive the reply.
In principle, you may exercise all your rights without charge, but you may be asked to pay a reasonable charge reflecting the administrative cost of providing any copies of data you may request.
With regard to the right to information, the Data Controller is not obliged to respond if you request information you already possess Le Responsable du traitement vous informera s’il ne peut donner suite à vos demandes.
The Data Controller will inform you if a response cannot be made.
The rights mentioned are not absolute and are subject to various conditions founded in:
- The law locally applicable to the protection of personal data or privacy; and
- Local legal and regulatory requirements more generally.
The Data Controller stresses that any failure to provide, or modification of, your data may have consequences for the processing of certain aspects of the performance of our contractual relationship, and that your request in exercise of your rights will be retained for 6 years in the case of your right of opposition and 1 year in the case of your other rights.
All the rights of which you have the benefit are detailed below.
7.2 Your right to information
You recognise that the present notice informs you as to the purposes, applicable legal framework and interest of collection of your personal data, and as to the recipients or categories of recipients with whom your personal data are shared, as well as to the possibility of transfer of your data towards a third country or international organisation.
In addition to that information and for the purpose of ensuring fair and transparent processing of your data, you confirm that you have received additional information concerning:
- The period of conservation of your personal data;
- The rights of which you dispose and how to exercise them.
If we decide to process your data for another purpose than that initially indicated, we will provide you with full information on that other purpose
7.3 Your right of access to and rectification of your data
By exercising this right, you may obtain confirmation that your personal data are (or are not) subject to processing and if they are so subject, you may have access to them and to information concerning:
- The purposes of the processing;
- The categories of personal data concerned;
- The recipients or categories of recipient, in particular recipients in third countries;
- Where possible, the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period;
- The existence of the right to request from the Data Controller rectification or erasure of your personal data, or restriction of processing of your personal data, or to object to such processing;
- The right to lodge a complaint with a supervisory authority;
- Where your personal data are not collected from you directly, any available information as to their source;
- The existence of automated decision-making, including profiling and, at least in that case, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the persons concerned.
You may request that your personal data be rectified or completed if they are inexact, incomplete, equivocal or out of date.
7.4 Your right to erasure of your data
You may request erasure of your personal data if:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- You withdraw your consent;
- You object to the processing and there are no overriding legitimate grounds for the processing;
- The personal data have been processed in breach of the applicable legal and regulatory requirements;
- The personal data were collected when you were a minor.
Exercise of this right is nevertheless not possible if the conservation of your personal data reflects a legal or regulatory requirement or is necessary for the establishment, exercise or defence of legal claims.
7.5 Your right to restrict the processing of your data
You may request restriction of the processing of your personal data in accordance with the applicable legal and regulatory provisions.
7.6 Your right of opposition to the processing of your data (deregistration)
You have the right to object to processing of your personal data unless such processing is justified by compelling legitimate grounds on the part of the Data Controller.
If we contact you directly, this right may be exercised by any means including, in particular, clicking on the unsubscribe link at the bottom of the message sent.
7.7 Your right to data portability
You have the right to portability of your personal data. The right is applicable to the following data:.
- Uniquely your personal data, i.e. excluding anonymised data or data not concerning you;
- Personal data declared or associated with your use of goods and services;
- Personal data not prejudicial to the rights and freedoms of third parties (such as data protected by business secrecy).
The right is limited to processing based on your consent or on a contract and to personal data you have personally generated. It does not extend to derived or inferred data which are personal data created by the Data Controller.
7.8 Your right to withdraw your consent
Where processing is based on your consent, you may withdraw your consent at any time, in which case we will no longer process your personal data but any earlier processing to which you agreed will not be affected.
7.9 Your right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority without prejudice to your other rights of administrative or legal recour.
7.10 Your right to leave instructions for after your death
You have the right to leave instructions in respect of the storage, erasure and communication of your personal data for after your death, subject to the formal designation of a trusted third party and of compliance with the applicable legal requirements.
8. SECURITY OF YOUR DATA
We attach great importance to the protection, integrity and confidentiality of your data. Therefore, we have implemented technical and organisational measures to ensure a level of security appropriate to the risk and to protect your data from loss, alteration, access or disclosure to unauthorised third parties.
However, despite our efforts, no security measure can protect against all risks of misuse or hacking, for which we, as the controller, cannot be held responsible. In the event of a personal data breach, we undertake to notify the CNIL in accordance with the regulations in force on the protection of personal data.
In the event that a data breach presents a high risk to your rights and freedoms, we will inform you as soon as possible and always in accordance with the conditions set out in the regulations in force relating to the protection of personal data.