Personal data management policy
This Personal Data Management Policy (hereinafter referred to as the “Policy”) describes how Sames (hereinafter referred to as “we,” “us,” or “our”), as Data Controller, collects, processes, uses, and protects the personal data of its users, customers, suppliers, employees, and any other stakeholders (hereinafter referred to as “you” or “your”), in accordance with applicable regulations, including the French Data Protection Act (LIL) of 1978, the General Data Protection Regulation (GDPR), and any other applicable data protection laws.
This policy does not apply to third-party websites or applications that may be mentioned on Sames’s website.
1. What is personal data?
Personal data (« Personal Data ») is information that can be used to identify a natural person (« Person » either directly (e.g., first and last name) or indirectly (e.g., phone number, email address, identification number, location data, voice, image, IP address, etc.).
2. Why we use your Personal Data?
The table below indicates the purposes (objectives) for which your Personal Data is collected and, for each of them, the legal basis for legitimizing the processing and categories of data concerned:
|
PURPOSES |
LEGAL BASIS |
TYPES OF DATA INVOLVED |
|
Comply with the social, legal, and regulatory obligations that apply to us.
|
Processing is necessary to comply with legal obligations to which we are subject (e.g., communicating or responding to legal or regulatory requests from judicial or administrative authorities).
|
• Identification data • Technical data ( e.g., IP address, browsing data, cookies, geolocation data, etc.) Any data communicated by the user in correspondence.
|
|
Respond to requests and questions you may submit through the Site, and, more broadly, manage our relationship with visitors to the Site.
|
The processing is carried out on the basis of our legitimate interest in ensuring effective communication with visitors to our Website.
|
• Identification data • Any data communicated by the user in correspondence.
|
|
Improve our services and our Site (notifications, updates, improve and personalize your user experience).
|
The processing is carried out on the basis of our legitimate interest in optimizing our tools and solutions in order to best satisfy visitors to our Site, our customers, and our prospects.
|
• Identification data • Technical data ( e.g., IP address, browsing data, cookies, geolocation data, etc.) • Any data communicated by the user in correspondence.
|
|
Manage any potential or actual disputes with you or third parties.
|
The processing is carried out on the basis of our legitimate interest in defending our interests, including through legal proceedings.
|
• Identification data • Technical data ( e.g., IP address, browsing data, cookies, geolocation data, etc.) • Any data communicated by the user in correspondence.
|
|
Customer account management (order processing, payments, invoicing, technical support and after-sales service, debt collection, etc.).
|
The processing is carried out pursuant to the performance of a contract.
|
• Identification data (last name, first name, address, phone number, email address, etc.). • Financial data: payment data, credit card information, etc. |
|
Establish statistics and audience measurements
|
Processing is carried out with your consent when required by law.
|
• Processing is carried out with your consent when required by law. |
|
Advertising mailings and user tracking for marketing purposes
|
The processing is carried out based on your consent.
|
• Identity: company, contact details • Purpose of the request (if using the contact form) |
In some cases, the provision of your Personal Data is mandatory, otherwise we will not be able to provide you with the services and information you request. For example, if you contact us via the Website, you will need to provide us with your email address so that we can respond to you.
In any case, we will inform you when the provision of your Personal Data is mandatory.
3. With whom do we share your Personal Data?
As part of our processing activities, we may disclose your Personal Data to the following recipients:
- To members of our staff or subcontracted personnel who need to process them. Depending on the purpose pursued, they will thus be communicated, in whole or in part, only to duly authorized people in the departments concerned.
- To service providers and subcontractors who play a role in providing products and services (such as payment providers, shipping services, hosting providers, our IT providers (website), and other trusted partners to facilitate our business and marketing operations).
- To financial and judicial authorities, arbitrators and mediators, public agencies and government agencies, upon request and within the scope permitted by law.
- To interested parties in the event of a dispute: lawyers, experts, insurance companies, etc.
Regardless of the recipient concerned, we only disclose your Personal Data if they strictly need to know it and only to the extent necessary to achieve the purposes identified in this Policy.
We make all our employees aware of the importance of protecting personal data and privacy, and take all necessary measures to preserve and secure the information provided to us.
We do not sell, rent, or share your Personal Data with third parties for commercial purposes, unless we have your prior consent or are legally required to do so.
4. Do we transfer data outside the European Economic Area?
As a rule, we store all Personal Data within the European Union (EU) and the European Economic Area (EEA). However, as we operate globally, we may need to transfer certain Personal Data to countries other than those in which your Personal Data was collected, for example, to enable some of our suppliers to access such data in order to fulfill the contract/order.
Some of these countries may be outside the EU and the EEA. In such cases, we will implement appropriate safeguards to ensure an adequate level of protection for Personal Data transferred outside these territories, for example by entering into EU standard contractual clauses with the data importer, or by taking other measures to ensure this level of data protection under EU law.
5. How long do we keep your Personal Data?
Your Personal Data will be retained for as long as necessary to fulfill the purposes for which it was collected, in accordance with legal and regulatory time limits.
It will be filed in accordance with legal limitations and retention periods.
In other words, this means that retention periods vary, depending on the processed data and the purposes for which it is processed. The table below indicates the retention period applied to your Personal Data for each purpose[1].
|
PURPOSES |
DATA RENTENTION PERIOD |
|
Customer account management (order processing, payments, invoicing, technical support and after-sales service, debt collection, etc.).
|
• We will retain your Personal Data for as long as necessary to fulfill the purposes for which it was collected.
|
|
Respond to requests and questions you may submit through the Site, and, more broadly, manage our relationships with customers, suppliers, and visitors to the Site.
|
• We will retain your Personal Data for a maximum period of 12 months from the last contact initiated by you. |
|
Improve our services and our Website (notifications, updates, improve and personalize your experience as a customer, supplier, or Website visitor).
|
• We will retain your Personal Data for a maximum period of 12 months, it being understood, however, that in most cases your Personal Data will be aggregated shortly after collection in the form of statistics that no longer allow you to be identified. |
|
Comply with the legal and regulatory obligations that apply to us.
|
• We retain your Personal Data for as long as we are subject to the relevant legal or regulatory obligations. |
|
Manage any potential or actual disputes with you or third parties.
|
• We will retain your Personal Data until all legal remedies have been exhausted. |
|
Compile statistics and audience measurements. |
• We retain your Personal Data for a maximum period of 25 months. • The lifespan of trackers (used to measure audience size) is a maximum of 13 months.[2] |
|
Respond to an unsolicited application you have sent us or to a job offer.
|
• We retain your Personal Data in accordance with the statutory limitation periods and retention periods and the recommendations of the CNIL (French Data Protection Authority) [3].
|
In any event, upon expiration of the applicable retention period, we will delete your Personal Data or anonymize it irrevocably so that you can no longer be identified.
6. What rights do you have?
In accordance with the applicable legal framework for data protection, and in particular the GDPR, you have the following rights: right to information, right to consent, right to object, right of access and rectification, right to restriction, right to portability[4].
7. How to exercise your rights?
To exercise your rights, please contact us using the contact details provided in Section 10 (“How can you contact us?”). In order to process your request as efficiently as possible, we may ask you for additional information to confirm your identity and/or facilitate the location of the Personal Data concerned by your request.
Please note that some of these rights are subject to specific conditions dictated by the applicable legal framework for data protection. Therefore, if your particular situation does not meet these conditions, we may not be able to comply with your request. If this is the case, we will inform you of the reasons why we are unable to comply.
In any event, please note that you may lodge a complaint with the National Commission for Information Technology and Civil Liberties (« CNIL »).
We do not engage in profiling as part of our activities.
Furthermore, when you give your consent to the processing of your Personal Data, you have the right to withdraw it at any time. Finally, when a breach of Personal Data that may pose a high risk to your rights and freedoms is detected, you will be informed of this breach as soon as possible.
8. Cookies and Similar Technologies
We use cookies and similar technologies to collect information about your use of our services. See our Cookie Policy for more information.
9. Modification of this Policy
We reserve the right to modify this Policy at any time based on business needs and legislative and regulatory developments. Changes will be posted on our website and will take effect immediately upon posting. We encourage you to review this Policy regularly.
10. How can you contact us?
If you have any questions or requests regarding the processing of your Personal Data under this Policy, including the exercise of your rights as detailed above, you may contact us by e-mail at the following address: privacy@exel-industries.com
[1] For the categories of data concerned, please refer to the table above in Section 3.
[2] « Cookies: solutions for audience measurement tools » CNIL: available here
[3] Recruitment guide sheet no. 9 « How long are data collected for recruitment purposes kept? » (in particular the table on page 52) available here
[4] in particular the table on page 52 here