Personal data information
Version valid as from 15 May 2019
The protection of personal data and privacy is a core concern of our company.
The protection of data is the duty of all, we therefore consider it important to inform you of steps we have taken, those that you should follow and your rights under data privacy laws.
This document may be amended at any time as a result of changes in laws or regulations. In such a case, you will be informed via a notice on our Website.
- ATELIER PERCEVAL, data processing manager, and their Personal Data Advisor.
- What is personal data and what does personal data processing involve?
- Which data are collected and for what purpose?
- Who can access my personal data?
- What steps are taken to ensure the security and privacy of my personal data?
- How long does the company keep my personal data?
- Are my personal data shared outside the European Union?
- What are my rights?
- How can I exercise my rights?
The data processing manager is SARL ATELIER PERCEVAL, listed in the Clermont-Ferrand RCS under number 408 463 990, having its head office at 2O AVENUE DES ETATS UNIS - 63300 THIERS.
Our company is not required to designate a Data Protection Officer (DPO) insofar as:
- it is neither a public authority nor a public organisation,
- it does not carry out any data processing operations that, by their nature, their scope and/or their outcomes, require large-scale regular and systematic follow-up of the people involved; and
- its core business activities do not involve the large-scale processing of special categories of sensitive data or personal data concerning criminal convictions or offences.
Despite this, our company has chosen to designate a Personal Data Advisor that you can contact if you have any queries on this regulation:
20 avenue des Etats-Unis, 63300 Thiers
+33 (0)4 73 80 19 19
As you are already aware, personal data protection is governed by:
- The Data Protection Act No. 78-17 of 6 January 1978 amended by the acts of 6 August 2004, 16 October 2016, 20 June 2018 and, lastly, by the order of 12 December 2018 (Data Protection Act)
- The EU General Data Protection Regulation No. 2016/679 of 27 April 2016, came into force on 25th May 2018 (GDPR)
Management of customers and prospects
Perform customer management operations concerning contracts, orders, invoices, accounting and, in particular, customer account management; CRM monitoring (customer satisfaction surveys, claims management); Sales prospecting for our company’s products and services (selecting who will be tasked with activities such as customer loyalty, prospecting, studies, surveys, solicitation, development of sales statistics, sale, rental or exchange of the company’s files on customers and prospects, updating of prospecting files by the organisation responsible for managing the Do Not Call list, or any other organisation; organisation of promotional campaigns); management of debts and disputes; management of feedback on our products or our company; management of consumer arbitration.
Implementation of pre-contractual and contractual measures
Management of the Customer area; placing of orders and online invoicing of products offered for sale on the website; monitoring of customer relations management
Mailing of newsletters
Mailing of newsletters on the products and services offered by Atelier Perceval
Consent of the persons involved entered via the website
v What is personal data?
Personal data is any data that relates directly or indirectly to a private individual. Examples of personal data include login, name, ID number, IP address, photograph, telephone number (etc.).
v What is sensitive data?
Among personal data, the following is considered sensitive data. Racial or ethnic origins, political opinion, philosophical or religious beliefs, trade union membership, and data concerning the health or sex life of an individual. In theory, sensitive data may not be collected and used without the express consent of the private individual involved.
v What does data processing involve?
Data processing is defined as any operation involving personal data: the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by supply, dissemination or otherwise making available, alignment, combination, limitation, erasure or destruction of data.
In short, any operation that uses and/or views your personal data.
When dealing with our company, you have already and/or may be required to send us personal data for the following purposes:
Our company agrees to share and/or make your personal data available solely to persons on a “need to know” basis, i.e.:
- The relevant managers (Yves Charles, General Manager, Sonia Genest, Administrative Manager, Barbara Mandon, Export Manager, Claire Roch, eCommerce Manager)
- Persons in charge of customer management, given that this involves customer data,
- The sales and IT department, given that this involves sales prospecting and the mailing of newsletters,
- Legal entities responsible for implementing the above-mentioned activities: banks, insurance agencies,
- Partners and service providers that we have chosen and identified to carry out, jointly or on our behalf, some or all of our business activities (carriers in particular), and also our consultants, chartered accountants and technical providers,
- Public authorities when so required by law.
Please note that the security and privacy of personal data is the duty of all within our organisation.
The premises where such data is stored are kept locked and can only be accessed by authorised staff.
All computers and IT tools are password protected. In accordance with ATELIER PERCEVAL instructions, these passwords are changed on a regular basis.
All the collected data is hosted on secure servers. Encrypted backups of this data are stored on physical secure servers.
All staff who work on this data have signed a non-disclosure agreement.
Our providers have all signed contracts that include security and privacy commitments and/or are in the process of signing up to such commitments.
Your personal data is stored throughout the contract period, after which they are archived for the statutory period. These statutory periods vary depending on the nature of the data; please contact us if you would like further information on this issue.
For instance, unless the Customer uses their right of opposition, data on their personal contact details are kept for prospecting purposes for a period of three (3) years as from the date of the last contact with the prospect or on termination of business relations.
Other data are only stored for the time required to perform the services, after which they are archived for the statutory periods (5 years for contracts, 10 years for contracts signed electronically and 10 years as from the end of the financial year for accounting documents).
If you have any questions concerning the storage period of your personal data please contact our Data Protection Advisor - contact details given at the top of these GTCS.
As a matter of principle, data are not shared outside the European Union and are stored internally on our company’s servers.
In cases where a technical provider or subcontractor processes data on our behalf, we make sure that:
- Either they do not share this data outside the European Union
- Or, the data is shared with a country that has received a favourable adequacy decision
- Or, the data is shared after having implemented the appropriate guarantees, such as:
- Establishing binding corporate rules
- Establishing standard data protection terms
No automated decision (i.e. profiling) is taken on the basis of the collected personal data.
You may exercise the rights listed below concerning your personal data, under the conditions and within the limits of the European Data Protection Regulation:
- right of access by the data subject,
- right to object,
- right to withdraw your consent at any time when the data processing operation requires your consent. This withdrawal of consent will not be effective retroactively; it shall only become effective once we have been able to confirm as from the date on which we have confirmed the legality of your request.
- right to query,
- right to rectification,
- right to erasure “right to be forgotten”,
- right to restriction of processing,
- right to data portability,
- right to define general and special instructions on how they wish these rights to be used following their death.
When you receive newsletters, you may, at any time, object free of charge to the sales prospection by clicking on the relevant link in the accompanying email or by writing or emailing to the following addresses.
You are also entitled to lodge a claim with the CNIL https://www.cnil.fr/fr/plaintes (Copy/paste this address in the URL entry bar)
Please note that data collected for the purposes or contract performance and/or precontractual measures are mandatory. Failure to supply such data will result in exclusion of the right for which the data were collected.
You can contact our personal data advisor at the address shown in Article 1 to exercise your rights and request information on your rights, your data and/or any other question relating to your personal data.
To allow us to deal with your request as quickly as possible, please state the reason for your request, together with your first and last names.