Privacy policy Sicame Group
(Last updated: March 2024)
Definitions
"Personal Data": any information relating to an identified or identifiable natural person as defined by Regulation (EU) 2016/679 of April 27, 2016 and any subsequent equivalent regulations.
"Applicable Data Protection Laws" or "Applicable Laws": means Law n°78-17 of January 6, 1978 relating to data processing, files and freedoms as amended by Law n°2004-801 of August 6, 2004 relating to the computerized processing of personal data, by Law for a Digital Republic n°2016-1321 of October 8, 2016, as well as the European General Data Protection Regulation (EU) 2016/679 and Law n°2018-493 of June 20, 2018 relating to the protection of personal data and any subsequent equivalent regulations, and/or any applicable law or applicable and current regulations relating to Data protection.
"Third Country": means any country outside the European Union which does not have adequate legislation concerning the processing of Personal Data as decided by the European Commission.
"Processing Manager or Groupe Sicame": Groupe Sicame GIE, RCS BRIVE 478 874 902, 19230 ARNAC-POMPADOUR.
"Processing": any operation or set of operations carried out or not using automated processes and applied to data or data sets of Personal Data, such as, for example, the collection, recording, organization, structuring, storage, communication by transmission, dissemination, extraction, consultation of Personal Data and defined by Regulation (EU) 2016/679 of April 27, 2016 and any subsequent equivalent regulations.
"Subcontractor": refers to the third party that processes Personal Data on behalf of the Data Controller.
"User": means the natural person whose Personal Data is collected for processing hereunder.
This privacy policy (hereinafter the "Policy") applies to the Processing implemented by Sicame Group on the website accessible at the following address: www.sicamegroup.com or www.sicame.com (hereinafter the "Site").
Sicame Group undertakes to comply with Applicable Data Protection Laws.
Personal Data is processed lawfully, fairly and transparently.
The Personal Data collected is adequate, relevant and limited to what is strictly necessary for the Purposes of Processing.
1. Purposes of Personal Data Processing
Sicame Group collects the User's Personal Data in order to :
- To carry out operations relating to commercial prospecting, in particular when a User contacts Sicame Group or one of its subsidiaries via the Site,
- Follow-up and manage the commercial relationship,
- Manage requests for access, rectification and opposition rights.
2. Personal data collected
The User is hereby informed that Sicame Group collects and processes his/her Personal Data and in particular :
- When the User contacts Sicame Group or one of its subsidiaries via the Site, for a request for information: e-mail address and all data transmitted by the User;
- For the follow-up and management of the commercial relationship: surname, first name, postal address, job title, email address, telephone number, possibly bank details and any data exchanged between Sicame Group and the User;
- When the User formulates a request to exercise his rights: identity data, purpose of the request, e-mail address.
3. Retention period for Personal Data
The Data Controller will retain Personal Data for as long as is necessary for the purposes for which it was collected and processed. Personal Data is subsequently archived for the purposes and retention periods defined below:
- For commercial prospecting, 3 years from the end of the commercial relationship between the Data Controller and the User or from the last contact with the User;
- For the follow-up and management of the commercial relationship: for the entire duration of the contract, plus 5 years from the end of the contract for evidentiary purposes;
- When the User subscribes to the newsletter: until unsubscribed;
- To respond to requests for access, rectification and opposition rights, i.e. the calendar year of the request plus 5 years.
4. Legal basis for the processing of personal data
Sicame Group processes Personal Data on a precisely identified legal basis, namely :
- Sicame Group's legitimate interest in processing Personal Data ;
- The execution of pre-contractual measures or of the contract that Sicame Group has concluded with the User, when he has entered into a contractual relationship;
- Compliance with legal obligations, in particular when managing invoicing or handling requests to exercise rights.
5. Commitments of the Data Controller
Sicame Group is committed to :
- process Personal Data solely for the Purposes described above,
- process Personal Data in accordance with Applicable Laws,
- in the event of transfer of Personal Data to a third country or to an international organization, inform the User in advance,
- guarantee the confidentiality of Personal Data by taking all appropriate technical and organizational measures to (i) prevent access to Personal Data by unauthorized persons, (ii) by carrying out identity and access controls via an authentication system and a password policy, (iii) by opting for an authorization management system, and (iv) by setting up processes and systems enabling all actions carried out on its information system to be traced and, in compliance with current regulations, to be reported in the event of an incident affecting Personal Data.
- ensure that persons authorized to process Personal Data undertake to respect confidentialitý or are subject to an obligation of confidentialitý and receive the necessary training in the protection of Personal Data,
- take data protection principles into account right from the design stage of its tools, applications and services,
- delete, anonymize or archive Personal Data at the end of the retention period.
Under no circumstances will the Data Controller be held responsible for security incidents linked to the use of the Internet, in particular in the event of loss, alteration, destruction, disclosure or unauthorized access to the User's data or information.
6. Subcontractors/Transfers of Personal Data
The User accepts that Personal Data concerning him/her collected by the Data Controller may be transmitted to Subcontractors/Service Providers with whom he/she has a contractual relationship for the sole purpose of carrying out the aforementioned Purposes provided that these third-party recipients of Personal Data are subject to regulations guaranteeing an appropriate and adequate level of protection as defined by EU Regulation 2016/679.
In the event of the transfer of all or part of the Personal Data subject to Processing to a Third Country, i.e. one located outside the European Union or which does not present a level of protection recognized as adequate within the meaning of the Applicable Law, or to an international organization, the Data Controller undertakes to provide the appropriate safeguards provided within the Applicable Law and to have them respected by its Subcontractors.
Under no circumstances will the Data Controller sell, rent or use the personal data it receives other than for the Purposes specified. The Data Controller will only disclose Personal Data to third parties for the purposes of fulfilling the Purposes and to third parties acting as Subcontractors under the conditions set out herein.
The User is invited to read the privacy policy of the subsidiary he/she is contacting via the e-mail address referenced on the Site, in the "contact us" tab.
7. Exercise of the User's rights
The following rights are guaranteed by the Data Controller to the User: right of access, rectification, deletion and opposition, right to data processing limitation, right to data portability, right not to be the subject of an automated individual decision (including profiling).
The User may obtain a copy of his or her Personal Data upon written request to the Data Controller.
By sending a written request, and at any time, the User may obtain a correction or deletion of his Personal Data, within the limits of the rights of the Data Controller.
All requests must be sent to Sicame Group in writing to the following address: dpo@sicamegroup.com
If the user believes that Sicame Group has not respected his or her rights with regard to the protection of Personal Data, he or she may lodge a complaint with the CNIL.
8. Privacy Policy Update
Sicame Group regularly updates this Policy, which remains available on the Site at all times.