PRIVACY POLICY
Les Grands Chais de France SAS (hereinafter “the Company”), as data controller within the meaning of the General Data Protection Regulation No. 2016/679 of 27 April 2016 (GDPR), hereby undertakes to respect the right to privacy and, in particular, the personal data of any individual who visits the Company’s websites and social media pages and/or communicates and/or receives information on these pages, as well as by e-mail (including newsletters) and via contact forms (hereinafter “Users”).
The purpose of this Privacy Policy is to inform users about the way in which the Company processes their personal data and, in particular, regarding the ways in which this personal data is collected, used, stored and archived.
1. Why do we collect your personal data?
In its capacity as data controller, the Company collects and uses the personal data of users in accordance with the applicable legislation, in order to manage their orders on the website and newsletters (if they subscribe to them), for marketing purposes, but only with the consent of users, for the analysis of user behaviour, or to manage requests submitted by users via the contact form.
The Data collected may be processed by the Company and/or the other companies of the GCF Group and by any subcontractors for advertising purposes and, in particular, for commercial advertising.
The Company does not collect personal data from minors.
2. The legal basis for data processing
The legal basis for data processing is the user’s order with the Company or the consent given by the user of the website affected by the data processing, if such consent is required.
3. What personal data is collected?
Personal data is collected directly from users during navigation, when registering on the website or when entering delivery data when purchasing products.
In compliance with all applicable statutory obligations, the Company may use various technical devices to collect and provide information about users’ access to the Company’s websites and services and about users’ use of the websites and services. The Company may utilise demographic data concerning the users of its websites that it obtains from third parties such as Google or social networks on which the users have an account (hereinafter the “User Information”).
User Information may relate to:
– the pages that users have accessed on the website;
– the time at which the pages were accessed;
– the information about this or that product or other content that the user has accessed or provided;
– the language in which the user accessed the websites;
– as well as demographic information about the user (e.g. age, gender and, if applicable, areas of interest).
4. Recipients of your personal data
The recipients of your data are as follows:
– the Company;
– the other companies in the GCF Group;
– the Company’s subcontractors, should this be deemed necessary;
– third parties in legal disputes and security-related matters (the authorities, the courts, etc.).
The Company shall ensure that the recipients of the data offer serious security and confidentiality guarantees for the handling of the personal data transmitted by the company.
We may also disclose your personal information if required to do so by law, or if it is believed that disclosure is reasonably necessary, in order to comply with legal process, respond to claims or protect the safety or rights of the Company, its customers or the public.
5. Transfer of your personal data outside the European Union
In principle, personal data is only processed within the European Union.
Should they nevertheless be forwarded to a recipient outside the European Union, the Company shall take all necessary measures to guarantee their protection.
The Company hereby guarantees the protection of the user’s personal data during the transfer, and also guarantees that the third parties maintain a high level of protection of the user’s personal data in accordance with European requirements, in particular, through the standard contractual clauses of the European Commission.
6. Storage of your personal data
Personal data shall be stored in compliance with the applicable German and European standards.
Personal data shall be stored for 5 years from the date of the last order or, in all other cases, from the date of collection. After expiry of this period and without your renewed consent, this will be deleted by the Company.
The user may request the deletion or modification of his/her personal data at any time in accordance with the provisions of Article 7 below.
The Company shall take all necessary technical and organisational measures to protect the confidentiality and security of the user’s personal data collected via the Company’s websites.
These measures shall consist, in particular, of the storage of personal data in secure operating environments that can only be accessed by employees of the authorised company and specially authorised representatives and contractors.
7. Your rights regarding the processing of your personal data
In accordance with German and European standards for the protection of personal data and, in particular, the General Data Protection Regulation No. 2016/679 of 27 April 2016 (GDPR), which has been applicable since 25 May 2018, the user shall, with regard to their data, have the right to access, rectification, restrict its processing, request its erasure, object to its processing and request its portability.
Among other things, the user has the option of withdrawing consent to data processing for which consent is required. In this case, the data will be deleted.
Users who wish to submit requests for the portability of their personal data or to exercise any of the other rights listed above may contact the Company as follows:
- By e-mail to the following e-mail address: dpo@lgcf.fr
- Or by post to the following address:
Data Protection Officer
GCF
1, Rue de la Division Leclerc,
67290 PETERSBACH, France
Users may also submit any complaints to the data protection supervisory authority:
- In Germany, the Federal Commissioner for Data Protection and Freedom of Information (BfDI) is responsible.
Website: https://www.bfdi.bund.de/DE/Home/home_node.html
- Users in other countries can find the complete list of local authorities responsible for data protection on the following institutional website:
http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
