Personal data policy
1. Preamble – Who we are
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, also known as the General Data Protection Regulation (hereinafter the “GDPR”) sets out, together with the other applicable texts on the subject, the legal framework applicable to the processing of personal data. Together with other applicable acts, these acts further reinforce both the rights and obligations of data controllers, processors, individuals concerned and data recipients. In particular, they require that the individuals concerned be informed of their rights in a concise, transparent, comprehensible and easily accessible manner. The company SAS “BRIDOR”, whose head office is ZA OLIVET – 35530 Servon sur Vilaine, registered with the Rennes Trade and Companies Register under no. 491 668 893 (the “Company”), publishes the website “https://www.lamibiote.com/” and implements the personal data processing described in this document. We place a great deal of importance on your personal data, and through this document, we provide all the information necessary so that you know what we do with your personal data, and so that you are aware of the rights that you can assert at any time. For a full understanding of this policy please note that:
“personal data” refers to any information that makes you directly or indirectly personally identifiable, in particular your surname, first name, address, telephone number, e-mail address, bank details, user name, password, cookies, IP address and other information that allows you to be identified and that you make available to us at any time;
“data controller” means the natural or legal person who determines the purposes and means of the processing of personal data as defined in this policy. Under the terms hereof, Bridor is responsible for processing;
“Subcontractor” means a natural or legal person who processes personal data on behalf of the data controller. In practice, this refers to the Service Providers with whom the Company works and who may be required to have access to personal data;
“individuals concerned” or “you”: refers to the individuals who can be identified, directly or indirectly: as far as the Site is concerned: Bridor’s customers and prospects.
“Recipients”: refers to the natural or legal persons who receive communication of personal data. Recipients of the data may therefore be both internal recipients and external bodies.
The purpose of this policy is to satisfy the information obligation incumbent on the Company and thus to formalise the rights and obligations of the individuals concerned by the processing of personal data. This policy only concerns processing for which the Company is responsible. The processing of personal data may be managed directly by the Company or through a subcontractor specifically designated by the Company. This policy is independent of any other document that may apply within the contractual relationship between the Company and its clients and contacts (cookies, business relationship or partnership contracts, etc.).
3. General principles and commitments
Processing is only carried out if it relates to personal data gathered by or for the services offered on the Site, or processed in connection with these services and your relationship with Amibiote. Your personal data may be collected by us when:
you visit the Site;
you make a claim, ask a question or send us any other comments;
you communicate your personal data to us on the Site or in any other way.
You will be informed of any new processing, modification or deletion of existing processing. The Company does not process sensitive data (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying an individual, data concerning health or data concerning the sexual life or sexual orientation of an individual). The Company does not make automated individual decisions.
4. Processing and types of data collected by processing
|Non-technical data||Technical data (on the Site)|
|Identification: surname / first name Contact details: telephone / e-mail address||Identification data (IP) Connection data (logs in particular)|
5. Purposes of the treatments
The Company may process your data for the following purposes, as appropriate
to manage the relationship with our customers;
processing and resolving all your claims or questions;
to monitor, develop and improve the Site or our services;
answering questions put to us (by telephone or online);
to meet our legal or administrative obligations.
6. Legal basis
The processing operations are based on legitimate interest as regards the “contact” section.
7. Recipients of the data
The Company ensures that the data is only accessible to the following internal or authorised external recipients:
as the case may be and depending on the purposes of the processing: corporate officers and employees of the Company, entities of the Le Duff Group in connection with Bridor’s business;
if necessary, employees of the Company’s technical Service Providers (subcontractors) involved in the operation of the Site, the official pages of the Company’ social networks, and who assist in the execution of your order, receive your payment, send you information and commercial offerings. At present, these are the following companies:
DIGITAL GARDEN (designer)
public bodies, exclusively to meet the Company’s legal obligations,
judicial assistants, law officers The Company ensures that its subcontractors comply with its obligations under applicable regulations.
In particular, the Company undertakes to sign a written Contract with all its subcontractors and imposes the same data protection obligations on the subcontractors. Furthermore, the Company reserves the right to audit its subcontractors to ensure compliance with the provisions of applicable regulations. Except for the communication to the persons defined above, your personal data will not be communicated, assigned, rented or exchanged for the benefit of any third party whatsoever.
8. Transfer of personal data
If it is necessary for the purposes described above, it is possible that your data may, for technical reasons, be transferred to a third country. When the country concerned does not benefit from a consistency mechanism (which means that they provide your personal data a degree of protection equivalent to that in force within the European Union), the Company ensures to the extent possible that the transfer is covered by one of the following appropriate safeguards:
standard contractual clauses approved by the CNIL,
our adherence to an approved code of conduct in effect,
compliance with a certification scheme certified by an approved body,
binding company rules approved by the CNIL.
A copy of the guarantees in question can be obtained by requesting it under the conditions set out below in Article 11.
9. Retention period
The duration of storage of your personal data is determined by the Company with regard to its legal and contractual constraints.
|Processing||Duration of storage|
|Contact / Customer service section||3 years after collection|
In general, data allowing proof of a right or a Contract to be established, which must be kept in order to comply with a legal obligation, will be kept for the duration of the Contract as provided for by the law in force. At the end of the duration of storage defined for each of the categories of personal data processed, and subject to the provisions that allow archiving of data that is strictly necessary for the exercise of a right and for proof of this right for the duration of the applicable limitation periods, or by virtue of the legal obligations to which the Company is subject, the Company:
shall destroy the personal data, or
shall store this personal data in an irreversibly anonymised form, so that it no longer constitutes personal data within the meaning of the applicable regulations. Candidates are reminded that deletion or anonymisation are irreversible, and that the Company is no longer in a position to restore this data afterwards.
10. Your rights
1° Right of access
You traditionally have the right to request confirmation as to whether or not your data is being processed. You also have a right of access. You have the right to request a copy of your personal data being processed from the Company. However, in the event of a request for an additional copy, the Company may require that this cost be borne by the Company. If a candidate submits his request for a copy of the data electronically, the information requested will be provided in a commonly used electronic format, unless otherwise requested. You are informed that this right of access may not relate to data that the law does not allow to be communicated.
2° Right of rectification
You can ask the Company to update your data or do it yourself on your customer area. However, the Company will not be held liable if you do not update your data.
3° Other rights
Under the conditions defined by the applicable texts, you also have, in certain cases, a right to erasure (article 17 of the GDPR), a right of opposition (article 21 of the GDPR), a right of limitation (article 18 of the GDPR), a right of portability (article 20 of the GDPR), the right to define directives concerning the fate of personal data after death (art. 32 of the law of 6 January 1978 as amended).
4° Right to file a claim with the CNIL (French Data Protection Authority)
Should you consider that the processing of your personal data does not comply with the regulations, you are informed of your right to lodge a complaint with a supervisory authority, i.e. the Cnil in France, at the following address: Cnil – Complaints Department: 3, place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07 Tel: 01 53 73 22 22
11. How to exercise your rights
Requests should be sent by email to firstname.lastname@example.org or by mail to DPO GROUPE LE DUFF, 52 AVENUE DU CANADA, 35200 RENNES. Individuals concerned are informed that these are rights that can only be exercised by them. To satisfy this obligation, the Company will verify their identity. If a request is manifestly unfounded or excessive, in particular due to its repetitive nature, the Company may require the payment of a reasonable fee which takes into account the administrative costs incurred in providing the information, making the communications or taking the requested action; or refuse to comply with such requests.
12. Optional or mandatory nature of replies
Each form used to collect personal data informs you of the compulsory or optional nature of the answers marked with an asterisk. If answers are compulsory and you do not provide them, you will not be able to access the services offered in the Bridor customer area.
13. Links to third party sites
The Company may provide links to other websites. However, the Company is not responsible for the content or information collection policies of these websites. If you visit third party websites, we recommend that you check their information collection and privacy policies. The Company accepts no responsibility in this regard. Please check these policies before submitting your personal data to these websites.
14. Right of use granted to the Company
The Company is granted the right to use and process personal data processed for the purposes defined above.
The Company shall apply such security measures as it considers appropriate to prevent the accidental or unlawful destruction, loss, alteration or unauthorised disclosure of data. These measures mainly include:
the use of security measures for access to the premises (closing of offices, badges, etc.);
login and password for all our business applications;
the management of data access authorisations;
VPN for remote connections;
Security audits carried out on a regular basis (intrusion tests, etc.).
To this end, the Company may be assisted by any third party of its choice to carry out vulnerability audits or intrusion tests at the frequency it deems necessary. The Company undertakes, should changes be made to the means of ensuring the security and confidentiality of personal data, to replace them with means of superior performance. No change may lead to a regression in the level of security.
16. Data breach
In the event of a breach of personal data, and unless the breach in question is not likely to create a risk for your rights and freedoms, the Company undertakes to inform the CNIL under the conditions prescribed by the applicable regulations. If the said breach involves a high risk for you and the data has not been protected, the Company:
will notify you;
will provide you with the necessary information and recommendations.
17. Register of processing operations
The Company has a processing register.
The present policy may be modified or amended at any time in the event of legal or jurisprudential developments, decisions and recommendations of the CNIL or changes in usage. Any new release of the present policy will be brought to your attention online on the Site.