Your privacy is important to us and we want you to feel comfortable using our websites. The protection of your privacy and Personal Data is an important concern to which Cooperl Arc Atlantique pays special attention throughout our business processes.
Our company is committed to protecting the rights of individuals in line with the General Data Protection Regulation (reference EU2016/679) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (hereinafter referred as : ‘GDPR’) as well as each applicable national Personal Data protection laws and regulations (collectively referred as “Data Protection Laws and Regulations”).
What is Personal Data?
Personal Data is information that can be used to identify a person either directly or indirectly (hereinafter referred as : ‘Personal Data’. A ‘personal identifier’ is a piece of information that can identify an individual. This definition covers a wide range of personal identifiers to constitute Personal Data, including name, address, email address, identification number, location data or online identifier.
Which sources and what Personal Data do we use ?
When you use this Website, our company will collect, use and process any Personal Data you provide us (e.g. your name, date of birth, company name etc.) and any information generated as a result of using the Website, such as IP address, the date and length of visit to the site, the pages you view etc.
WHAT ARE THE PURPOSES OF THE PROCESSING OF YOUR PERSONAL DATA?
Website Browsers / Administration
- We use your Personal Data for administrative purposes, including to help us better understand how our customers access and use our websites and applications; to provide reports to prospective partners, service providers, regulators, and others; to implement and maintain security, anti-piracy, fraud prevention, and other services designed to protect our customers, partners and us; and to enforce our policies, directives and processes.
- To the extent permitted by law, we may use your Personal Data for marketing and promotional purposes, including communications through email or equivalent electronic means. For example, we use your Personal Data, such as your email address, to send news and newsletters, special offers, promotions and competitions, or to otherwise contact you about services or information we think will interest you.
- We use your Personal Data to communicate with you, including responding to requests for assistance. We can communicate with you in a variety of ways, including email and via your social media accounts if you have agreed, and/or text message.
- We use your Personal Data for customer service purposes, including providing services to you, for technical support or other similar purposes and to establish and maintain customer accounts.
Research and development
- We use your Personal Data for research and development purposes, including improving our websites, applications, services, and customer experience and for other research and analytical purposes dedicated to improving our products, services, businesses, operations and processes.
- We use your Personal Data to comply with applicable legal obligations, including responding to an authority or court order or discovery request.
To protect us and others
- Where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of policies, terms, and other policies.
What is the basis for processing of your Personal Data ?
As a responsible company, we need a lawful basis for collecting and/or processing your data. We generally rely on a number of grounds (reasons) for our business processing. We process your Personal Data in accordance with the provisions set out in the GDPR and the relevant applicable Data Protection Laws and Regulations. The legal basis for processing your Personal Data are :
1. To comply with contractual obligations
When you subscribe to a particular service through the Website, the purposes of processing your Personal Data are primarily determined by that service and we will process your information so that we can provide that service to you.
2. As a result of your consent
When you have consented to the processing of your Personal Data by us for certain services through the Website, you can withdraw consent at any time by following the instructions provided in the application process or by contacting us at : email@example.com.
3. Within the scope of a legitimate interest
On occasion we may not need your consent to use your data, given our legitimate interest to do so but we must inform you that we do this; examples of this are:
- For the analysis and optimisation of the Website.
- For ensuring IT security and the IT operation of our company.
- For prevention and investigation of criminal acts
4. On the basis of our Company’s legal obligations or in the public interest
Our company, as any other company, is subject to legal obligations and regulations. In some cases the processing of your Personal Data will be necessary for our company in other to fulfil these obligations.
Who will receive your Personal Data ?
- Authorised persons working for or on behalf of our Company;
- Our agents, service providers and advisers (e.g. Third party service providers and advisers providing the variety of products and services we need such as IT maintenance and support, procurement services, compliance and security services, etc.);
- Other authorised third parties in connection with a reorganisation or sale businesses and/or assets;
- Law enforcement or government authorities where necessary to comply with applicable law.
Will your Personal Data be transferred to a third country outside the European Economic Area (EEA) ?
Our company processes your Personal Data mostly in the EEA. On occasion Personal Data is transferred to affiliates of our company, on a need-to-know basis, including entities outside the EEA. This transfer is subject to appropriate safeguards, and through the legal framework.
For how long will your Personal Data be stored ?
We process and store your Personal Data as long as it is required to meet our contractual and statutory obligations. If your Personal Data is no longer required for the performance of the contractual or statutory obligations, these will be erased on a regular basis unless further processing is necessary, for instance, for preserving particular evidence under the applicable Data Protection Laws and Regulations, or in the context of legal statutes of limitation.
We use technical and organisational security measures in order to protect the data we have under our control against accidental or intentional manipulation, loss, destruction and against access by unauthorised persons.
Our security procedures are continually enhanced as new technology becomes available.
What are your rights and how to exercise them ?
You may at any time exercise your data protection rights :
- Right to access/obtain a report detailing the information held about you : You have the right to obtain confirmation as to whether or not your Personal Data is being processed by our company and if so, what specific data is being processed.
- Right to correct Personal Data : You have the right to change any inaccurate Personal Data concerning you.
- Right to be forgotten : In some cases, for instance, when the Personal Data is no longer necessary in relation to the Purposes for which they were collected, you have the right for your Personal Data to be erased.
- Right to stop the processing of your data: You have the right to restrict the processing of your Personal Data by our company, for instance when the processing is unlawful and you oppose the erasure of your Personal Data. In such cases, your Personal Data will only be processed with your consent or for the exercise or defense of legal claims.
- Right to data portability: Under some circumstances provided by law, you have the right to receive the Personal Data concerning you in a structured, commonly used and machine-readable format and/or transmit those Personal Data to another data controller.
- Right to object and to withdraw consent: may be at any time exercise.
How can I exercise my rights ?
To this effect, if you have question related to the processing of your Personal Data, please contact the Data Protection Officer (“DPO”) of Cooperl Arc Atlantique :
- by e-mail to the following address : firstname.lastname@example.org
- or by post to the following address, attaching a proof of identity :
Groupe Cooperl Arc Atlantique, Délégué à la protection des données personnelles, Siège social bât.2, 7 rue de la jeannaie, Maroué, BP 60328, 22403 Lamballe-Armor, France
Can I ask for assistance to the competent authorities ?
If you remain unsatisfied, then you have the right to apply directly to a Data Protection Supervisory Authority. In France, CNIL is the Supervisory Authority.