Data Protection Policy
1. Who is the data controller?
As the data controller for the processing of your personal data, SCREWFIX, SASU registered with the LILLE Trade and Companies Register under number 539 527 556, ensures the protection of your personal data. The purpose of our data protection policy is to inform you about the collection, processing and use of personal data that you may provide to us. We are committed to complying with this policy as well as with the recommendations and standards established by the relevant Data Protection Authority located in your jurisdiction. The applicable version of this policy will be the one available on the website, which we invite you to consult regularly.
As part of your use of the www.screwfix.eu website and our relationship, we collect and process personal data about you. This personal data is any information that allows us to identify you as an individual, such as, for example, your name, email or contact details.
We are committed to protecting your privacy. We use your personal data in accordance with applicable data protection and privacy laws and regulations, including the European General Data Protection Regulation (GDPR).
2. How do we use your personal data? (For the chart below, if you are in: Austria, please refer to Appendix 1; Belgium, please refer to Appendix 2; Netherlands, please refer to Appendix 3; Poland, please refer to Appendix 4; Spain, please refer to Appendix 5; Sweden, please refer to Appendix 6)
We process your personal data for the purposes set out in the table below.
With regard to the improvement of our services, monitoring of your browsing and marketing actions based on the cookies/trackers to which you consent (Article 6.1 a) of the GDPR), the details are available in our cookies policy.
The website is not intended for minors and we do not knowingly collect data about them.
Your personal data is kept only for as long as is necessary for the purpose for which it is collected. The length of time your personal data is retained will be determined by several criteria, including the purposes for which we use the data, the amount and sensitivity or insensitivity of the information, the risk of fraudulent use or disclosure of the information, and our legal and regulatory obligations.
| Purposes of the processing | Legal basis | Retention period |
| Contracts, including loyalty program | ||
| Management and delivery of orders, delivery, after-sales service and product returns | Performance of the contract (Article 6.1 (b) GDPR) | Duration of the contractual relationship. We remove the security code from your credit card as soon as the payment for the purchase has been made. |
| Contractual communication (card expiration, product reminder) | Performance of the contract (Article 6.1 (b) GDPR) | Duration of the contractual relationship |
| Accounting and tax obligations | Legal obligation (Article 6.1 c) GDPR) | Legal retention period (e.g. 10-year accounting obligation in France) |
| Pre-litigation and litigation | Legitimate interest in safeguarding our interests and proof of a contract or legal claim (Article 6.1(f) GDPR) | Duration of the applicable statute of limitations (e.g. 5-year statute of limitations in France) |
| Your reviews | ||
| Collect and/or study your reviews following a purchase or contact with our services | Legitimate interest in improving our offers and services based on your feedback (Article 6.1 f) GDPR) | Until opposition or 3 years after last contact |
| Our Interactions | ||
| Customer Service Management: Respond to any request from you | Legitimate interest in providing a response to your requests (Article 6.1(f) GDPR) | 3 years from the last contact (excluding call center audio recording) |
| Evaluate and improve the quality of the information provided by the call centre | Legitimate interest in evaluating and improving the relevance of the answers provided and to carry out training and statistics (Article 6.1 f) of the GDPR) | Audio recording: 2 months from call |
| Respond to your requests to enforce data protection rights | Legal obligation (Article 6.1 c) GDPR) | 1 year from the closing of the application |
| Manage pre-litigation and contentious situations (not arising from the contract) | Legitimate interest in safeguarding our interests and proof of a contract or legal claim (Article 6.1(f) GDPR) | Duration of the applicable statute of limitations (e.g. 5-year statute of limitations in France) |
| Notify you of major changes to our business (business transfer, etc.) | Legitimate interest in informing you about the situation of the controller of your data | As long as you are customers and/or prospects |
| Social media | ||
| Social Media Page Administration | Legitimate interest in administering our social media pages (Article 6.1 (f) GDPR) | Refer to the data protection policy on the social network |
| Realization and measurement of campaigns / sponsored publications* | Legitimate interest in communicating on social media to promote our brands and activities (Article 6.1 f) GDPR) | Refer to the data protection policy on the social network |
| Analysis and customer knowledge | ||
| Carrying out analysis and reporting (e.g. consumption habits, reactions to campaigns, etc.), group segmentation and profile creation based on our relationships, your activities at the point of sale and online* | Legitimate interest in improving our offers and services based on our interactions (Article 6.1 f) GDPR) | 3 years from the last contact or refer to the applicable cookie policy for trackers |
| Prospecting (commercial information on news, product or service offers and surveys) | ||
| Targeting campaigns (e.g. based on previous interactions) * | Legitimate interest in communicating effectively by sending you relevant information (Article 6.1 f) GDPR) | 3 years from last contact |
| Lead Acquisition | Legitimate interest (Article 6.1(f) GDPR) | 3 years from last contact |
| Communicate electronically (non-professional) | Consent (Article 6.1 a) GDPR) | Until withdrawal of consent or 3 years after last contact |
| Communicate by post and telephone | Legitimate interest in promoting our brands and business (Article 6.1(f) GDPR) | Until opposition or 3 years after last contact |
| Similar goods and services | Legitimate interest in promoting our brands and business (Article 6.1(f) GDPR) | Until opposition or 3 years after last contact |
| Communicating with the professionals | Legitimate interest in promoting our brands and business (Article 6.1(f) GDPR) | Until opposition or 3 years after last contact |
| Game contest | ||
| Manage your participation in competitions | Performance of the contract (game rules) (Article 6.1 b) GDPR) | Duration mentioned in each regulation |
| Security | ||
| Preventing and combating fraud, including managing the consequences of such fraud* | Legitimate interest in protecting our property and transactions (Article 6.1 f) GDPR) | 1 year if the alert is not deemed relevant 5 years from the closure of the fraud file In the event of legal proceedings, 5 years after the closure of the file |
| Security of the tools that enable our interactions, including domain, network and authentication | Legitimate interest in ensuring the security of exchanges and processed data (Article 6.1 f) of the GDPR) | Duration of the connection or duration applicable to the processed data |
| Controls and requests for authority information | ||
| Respond to official and well-founded requests for the transmission of your data (judicial requisition, control, etc.) | Legal obligation (Article 6.1 c) GDPR) | 1 year from the date of application unless otherwise provided |
| Manage our internal controls (which may include your personal data as evidence of control) | Legitimate interest in monitoring the effectiveness of our internal procedures (Article 6.1 f) GDPR) | 3 years from the date of the inspection |
| Collect and process reports as part of the whistleblowing system | Legal obligation (Article 6.1(c) of the GDPR) and legitimate interest in investigating allegations of violations of our Code of Conduct (Article 6(1)(f) of the GDPR) | If the alert is unfounded, 2 months from the end of the investigations. In the event of disciplinary or judicial proceedings, 5 years after the conclusion of such proceedings. |
| Digital activities | ||
| To enable the operation of the website including the selection of products in the shopping cart, to ensure security, etc. | Legitimate interest (Article 6.1(f) GDPR) | Refer to the applicable cookie policy |
| Offer specific navigation features | Consent (Article 6.1 a) GDPR) | Refer to the applicable cookie policy |
| Understand the use of our website by measuring our users' traffic and navigation | Consent (Article 6.1 a) GDPR) | Refer to the applicable cookie policy |
| To offer personalised content and advertising, to measure its effectiveness and to adapt it according to your browsing and your profile | Consent (Article 6.1 a) GDPR) | Refer to the applicable cookie policy |
| To offer personalised content and advertising, to measure the effectiveness of campaigns and to adapt them according to your browsing and your profile through partners who may be recipients of your personal data | Consent (Article 6.1 a) GDPR) | Refer to the applicable cookie policy |
| Manage the e-commerce and digital strategy, including the provision of additional services | Legitimate interest in driving the e-commerce and digital strategy (Article 6.1 f) of the GDPR) | Refer to the applicable cookie policy or the Links to External Sites section |
3. What type of data do we collect?
Your personal data is collected in the following situations:
- Opening an account online on the website;
- Obtain your consent to send you marketing and promotional materials by email and SMS, to allow us to send you gifts, coupons, invitations to events, special offers and other marketing materials that may be of interest to you, to solicit your feedback on our products and services.
- When you shop online, browse our sites or other companies' websites on which our advertisements appear;
- Responses or interactions on our forums and/or communities, on our products, customer satisfaction surveys, responses to our surveys or participation in contests;
- Interaction with our services, including customer support (e.g. telephone support);
- By partners that you have authorized to share information about you.
We may collect the following data indicated below. Please note that that such data may be necessary to provide you with the services referred above (e.g. opening account online, provide you with support). Provision of such data is voluntary, but failure to provide it may prevent the performance of a certain activity or service (e.g., creating an account, making a delivery).You will be informed of the mandatory or optional nature of the information requested at the moment of their collection.
It is not possible to use the website without server logs being created. Consent in the cookie banner is not required to use the website.
We may process the following categories of your personal data:
- Identification data including surname, first name, title, date of birth;;
- Contact data including postal address, email address (personal/professional), telephone number (personal/professional);
- Usage data including purchases made (date, product, amount, transaction number, etc.), activities on the website (purchases, pages visited, product selection, click on advertisements);
- Financial data including terms and conditions of payment, credit card number, expiry date, CVV code (limited to payment);
- Digital data including devices used (including IP address, browser type and mobile device ID);
- Other information when you "share" the product review via Facebook, Twitter, LinkedIn, Instagram, Pinterest, Reddit and other social media channels.
4. Data processing with an automated consequence
Processing operations marked with a star (*) in Section 2 are achieved through automated decision-making through technological means in accordance with the following logic [ ] without significant human involvement, including:
- generating commercial profile based on your experiences/reviews;
- segmentation based on appetite with our brands based in particular on the volume and frequency of purchases, or reactions to past marketing campaigns, resulting in the creation of predictions and the targeting of our communications and commercial actions so that they are as relevant as possible;
- the detection of anomalies or unusual purchasing behaviours based in particular on the frequency of purchase, the amount, which will then be studied by our teams, resulting in allowing us to identify fraudulent behaviour. If these anomalies or fraudulent behaviour are confirmed by our teams, we may take the necessary measures to protect our interests and seek compensation for the damage, which may lead to litigation situations.
5. Who do we share your personal data with?
We are part of the Kingfisher Group, which includes B&Q, Screwfix, Castorama and Brico Dépôt (for more information on the Kingfisher Group: www.kingfisher.com). Your personal data is processed by other entities within the Kingfisher Group to enable the provision of our offers and services by aggregating technological means, to improve websites and other digital services, for analytical purposes as well as to offer you products and services that may be of interest to you.
Your personal data is also processed by third parties, processors, joint data controllers who need to know it or data controllers on their behalf. The sharing of data with these actors is contractually regulated. We may share your personal data to:
- third parties acting as data processors that carry out activities on our behalf that involve the processing of your personal data. These subcontractors have access to the personal data necessary to carry out their tasks, but may not use them for other purposes. We use service providers to fulfill orders, deliver packages, send SMS and emails, manage or update our customer databases (e.g., deletion), analyze data to help us develop, provide and improve our services, provide marketing assistance, process payment, conduct surveys, provide customer service and manage complaints.
- As joint controllers, we carry out joint operations with partners such as third party logistics carriers who deliver your order and contractually determine the conditions under which your personal data is processed (e.g. to offer you additional services).
- To the Administration and public authorities when we are obliged to disclose or share your personal data in order to comply with any legal obligation (e.g. judicial requisition).
- We may share your data as part of a corporate transaction, as well as in the event that we sell or buy a business or assets, we may disclose the personal information we hold to the prospective seller or buyer of such business or assets. If a third party acquires the group or substantially all of our assets (or if we undergo a reorganisation within the group), the personal data we hold will be one of the transferred assets.
6. How Long Do We Keep Your Personal Data?
Your personal data shall be retained for the time required to fulfil the purposes in section 2 above and in accordance with the applicable law.
We will retain your information only for the duration necessary for the purposes identified in this Privacy policy or as required to meet our legal requirements. Once your personal data is no longer necessary for these purposes, data will be blocked. During the blocking period, your data will be only unblocked and processed again exclusively to comply with legal retention periods, for the purpose of the exercise or the defence against administrative or legal claims and, beyond that, until the statute of limitation for any legal actions for which such data may be relevant. Once this period is over, your personal data will be erased.
7. Links to external sites
We may provide links to sites owned by other companies in the Kingfisher group from our website or from mobile applications. Your use of these sites is subject to the terms and policies of use available on those websites.
From time to time, we may enter into relationships with third parties that allow you to access the websites or applications (such as video players) of those third parties directly from our own websites. Each third party operates according to its own policy regarding the processing of personal data and the use of cookies on its website(s) or through its applications and we recommend that you read their privacy and cookie policies.
8. Where is your personal data processed?
Your personal data is processed by preference within the European Economic Area and in the United-Kingdom.
Depending on the purposes (e.g. to enable the provision of our offers and services, call centre), your personal data may also be processed in one or more countries outside the European Economic Area, namely the United Kingdom, the United States and India, subject to protection mechanisms.
Under these conditions, we pay particular attention to securing appropriate safeguards for the protection of your personal data in accordance with the law, in particular by choosing countries that are considered to offer an adequate level of protection (the United Kingdom and the USA for recipients that are certified under the EU-US Data Privacy Framework) and through the formalization of the European Commission's standard contractual clauses.
Please contact us using the contact details set out below in Section 10 if you would like further information about the adequate safeguards we use when transferring your personal data outside the European Economic Area or to receive a copy of the applicable standard contractual clauses for this data transfer
9. Your rights
You have the following rights:
- Access the personal data we process about you,
- Correct any erroneous personal data,
- Delete your personal data in the absence of a legitimate or legal reason to retain it,
- Restrict the processing of your data;
- Object to the use of your personal data, including automated decision-making or profiling,
- Regarding automated decision making, you also have the right to human intervention, the right to express your point of view and the right to challenge an automated decision,
- Withdraw your consent at any time,
- Right to the portability of your personal data, communicated in a structured manner and in a commonly used electronic format,
- If applicable, define guidelines for the fate of your personal data after your death. As such, you have the option of defining specific directives relating to the retention, deletion and communication of your personal data after your death.
In the event of reasonable doubt as to the identity of the requester or depending on the nature of the request, prior checks may be carried out to ensure the security of your data.
If, after contacting us, you believe that your data protection rights have not been respected, you can send a complaint to the French Supervisory authority “CNIL” electronically or to the address 3 Place de Fontenoy - TSA 80715- 75334 PARIS CEDEX 07. Visit the cnil.fr website for more information about your rights.
You may also send a complaint to the authority in the country where you accessed the website, as listed below:
AUSTRIA
Österreichische Datenschutz Behörde
Barichgasse 40-42, 1030 Vienna
https://www.dsb.gv.at/
dsb@dsb.gv.at
+43 1 52 152-0
BELGIUM
Gegevensbeschermingsautoriteit / Autorité de protection des données
Rue de la Presse 35, 1000 Brussels https://www.gegevensbeschermingsautoriteit.be/
contact@apd-gba.be
+32 (0)2 274 48 00
NETHERLANDS
Autoriteit Persoonsgegevens
de klachtencoördinator, 93374, 2509 AJ DEN HAAG https://autoriteitpersoonsgegevens.nl
idpc.info@idpc.org.mt
088-180525
POLAND
Urząd Ochrony Danych Osobowych (UODO)
ul. Stawki 2, 00-193 Warszawa
https://uodo.gov.pl/pl/p/kontakt
kancelaria@uodo.gov.pl
22 531-03-00
SPAIN
Agencia Española de Protección de Datos | AEPD
C/ Jorge Juan, 6, 28001-Madrid
www.aepd.es
900 293 183
SWEDEN
Integritetsskyddsmyndigheten
Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm, Sweden
https://www.imy.se/
imy@imy.se
+46 (0)8 657 61 00
10. How to contact us?
To implement your data protection rights, we invite you to specify the scope of your request (web or mobile application, screwfix.eu, country of residence) in order to process your request efficiently. To do this, you can:
- Unsubscribe from commercial offers received by email or SMS: at the bottom of each advertising email sent, we display a mention of a link to manage your subscriptions,
- Unsubscribe from commercial offers by SMS: return "STOP" from the SMS received (non-surcharged number),
- Proceed directly to update your personal data and preferences in the "My Account” section of the screwfix.eu website,
- Determine your Cookie preferences on the dedicated page, by clicking on this link,
- Fill out in one of the languages in which our website is available (French, English, Spanish and Polish), and submit the dedicated form by clicking on this link "Data Access Request Form”,
- Write to us in one of the languages in which our website is available (French, English, Spanish and Polish), at the following postal address: Customer Correspondence [FAO Screwfix.eu], Screwfix Direct Limited, Trade House, Mead Avenue, Yeovil, BA22 8RT, United Kingdom
11. Protecting your personal data
We implement all necessary technical and organisational measures to protect your personal data. However, the transmission of data via the internet is not completely secure. This risk is common on the internet and is not specific to our services.
It is important to protect yourself against unauthorized access to your password and computer equipment. Be sure to log out and close your browser when you have finished your session. This will help prevent third parties from accessing your personal information if you share your computer equipment or use a device in a public space such as a library or internet café.
Last Updated Version of 17/10/2023
Appendix 1 – Austria
|
Purposes of the processing |
Legal basis |
Retention period |
|
Contracts, including loyalty program |
||
|
Management and delivery of orders, delivery, after-sales service and product returns. |
Performance of the contract (Article 6.1 (b) GDPR) |
Duration of the contractual relationship. We remove the security code from your credit card as soon as the payment for the purchase has been made. |
|
Contractual communication (card expiration, product reminder) |
Performance of the contract (Article 6.1 (b) GDPR) |
Duration of the contractual relationship |
|
Accounting and tax obligations |
Legal obligation (Article 6.1 c) GDPR) |
Legal retention period (e.g. 10-year accounting obligation in France) |
|
Pre-litigation and litigation |
Legitimate interest in safeguarding our interests and proof of a contract or legal claim (Article 6.1(f) GDPR) |
Duration of the applicable statute of limitations (e.g. 5-year statute of limitations in France) |
|
Your reviews |
||
|
Collect, study and/or publish your reviews following a purchase or contact with our services |
Legitimate interest in improving our offers and services based on your feedback and showing your reviews to other users (Article 6.1 f) GDPR) |
Until opposition or 3 years after last contact |
|
Our Interactions |
||
|
Customer Service Management: Respond to any request from you |
Legitimate interest in providing a response to your requests (Article 6.1(f) GDPR) |
3 years from the last contact (excluding call center audio recording) |
|
Evaluate and improve the quality of the information provided by the call centre |
Legitimate interest in evaluating and improving the relevance of the answers provided and to carry out training and statistics (Article 6.1 f) of the GDPR) |
Audio recording: 2 months from call |
|
Respond to your requests to enforce data protection rights |
Legal obligation (Article 6.1 c) GDPR) |
1 year from the closing of the application |
|
Manage pre-litigation and contentious situations (not arising from the contract) |
Legitimate interest in safeguarding our interests and proof of a contract or legal claim (Article 6.1(f) GDPR) |
Duration of the applicable statute of limitations (e.g. 5-year statute of limitations in France) |
|
Notify you of major changes to our business (business transfer, etc.) |
Legitimate interest in informing you about the situation of the controller of your data (Article 6.1(f) GDPR) |
As long as you are customers and/or prospects |
|
Social media |
||
|
Social Media Page Administration |
Legitimate interest in administering our social media pages (Article 6.1 (f) GDPR) |
Refer to the data protection policy on the social network |
|
Realization and measurement of campaigns / sponsored publications* |
Legitimate interest in communicating on social media to promote our brands and activities (Article 6.1 f) GDPR) |
Refer to the data protection policy on the social network |
|
Analysis and customer knowledge |
||
|
Carrying out analysis and reporting (e.g. consumption habits, reactions to campaigns, etc.), group segmentation and profile creation based on our relationships, your activities at the point of sale and online* |
Legitimate interest in improving our offers and services based on our interactions (Article 6.1 f) GDPR); Consent insofar as we collect the data via cookies or trackers (Article 6.1 a) GDPR), refer to the applicable cookie policy |
3 years from the last contact or refer to the applicable cookie policy for trackers |
|
Prospecting (commercial information on news, product or service offers and surveys) |
||
|
Targeting campaigns (e.g. based on previous interactions) * |
Legitimate interest in communicating effectively by sending you relevant information (Article 6.1 f) GDPR) |
3 years from last contact |
|
Lead Acquisition |
Legitimate interest (Article 6.1(f) GDPR) in promoting our brands and business |
3 years from last contact |
|
Communicate electronically (non-professional) |
Consent (Article 6.1 a) GDPR) |
Until withdrawal of consent or 3 years after last contact |
|
Communicate by post and telephone |
Legitimate interest in promoting our brands and business (Article 6.1(f) GDPR); Consent (Article 6.1 a) GDPR) for marketing calls |
Until opposition/withdrawal of consent or 3 years after last contact |
|
Promoting similar goods and services |
Legitimate interest in promoting our brands and business (Article 6.1(f) GDPR) |
Until opposition or 3 years after last contact |
|
Communicating with contacts of our professional clients |
Legitimate interest in promoting our brands and business (Article 6.1(f) GDPR) |
Until opposition or 3 years after last contact |
|
Game contest |
||
|
Manage your participation in competitions |
Performance of the contract (game rules) (Article 6.1 b) GDPR) |
Duration mentioned in each regulation |
|
Security |
||
|
Preventing and combating fraud, including managing the consequences of such fraud* |
Legitimate interest in protecting our property and transactions (Article 6.1 f) GDPR) |
1 year if the alert is not deemed relevant
5 years from the closure of the fraud file
In the event of legal proceedings, 5 years after the closure of the file |
|
Security of the tools that enable our interactions, including domain, network and authentication |
Legitimate interest in ensuring the security of exchanges and processed data (Article 6.1 f) of the GDPR) |
Duration of the connection or duration applicable to the processed data |
|
Controls and requests for authority information |
||
|
Respond to official and well-founded requests for the transmission of your data (judicial requisition, control, etc.) |
Legal obligation (Article 6.1 c) GDPR) |
1 year from the date of application unless otherwise provided |
|
Manage our internal controls (which may include your personal data as evidence of control) |
Legitimate interest in monitoring the effectiveness of our internal procedures (Article 6.1 f) GDPR) |
3 years from the date of the inspection |
|
Collect and process reports as part of the whistleblowing system |
Legal obligation (Article 6.1(c) of the GDPR) and legitimate interest in investigating allegations of violations of our Code of Conduct (Article 6(1)(f) of the GDPR) |
If the alert is unfounded, 2 months from the end of the investigations.
In the event of disciplinary or judicial proceedings, 5 years after the conclusion of such proceedings. |
|
Digital activities |
||
|
To enable the operation of the website including the selection of products in the shopping cart, to ensure security, etc. |
Legitimate interest (Article 6.1(f) GDPR) in ensuring the correct and user-friendly operation of our website |
Refer to the applicable cookie policy |
|
Offer specific navigation features |
Consent (Article 6.1 a) GDPR) |
Refer to the applicable cookie policy |
|
Understand the use of our website by measuring our users' traffic and navigation |
Consent (Article 6.1 a) GDPR) |
Refer to the applicable cookie policy |
|
To offer personalised content and advertising, to measure its effectiveness and to adapt it according to your browsing and your profile |
Consent (Article 6.1 a) GDPR) |
Refer to the applicable cookie policy |
|
To offer personalised content and advertising, to measure the effectiveness of campaigns and to adapt them according to your browsing and your profile through partners who may be recipients of your personal data |
Consent (Article 6.1 a) GDPR) |
Refer to the applicable cookie policy |
|
Manage the e-commerce and digital strategy, including the provision of additional services |
Legitimate interest in driving the e-commerce and digital strategy (Article 6.1 f) of the GDPR) |
Refer to the applicable cookie policy or the Links to External Sites section |
Appendix 2 – Belgium
|
Purposes of the processing |
Legal basis |
Retention period |
|
Contracts, including loyalty program |
||
|
Management and delivery of orders, delivery, after-sales service and product returns. |
Performance of the contract (Article 6.1 (b) GDPR) |
Duration of the contractual relationship. We remove the security code from your credit card as soon as the payment for the purchase has been made. |
|
Contractual communication (card expiration, product reminder) |
Performance of the contract (Article 6.1 (b) GDPR) |
Duration of the contractual relationship |
|
Accounting and tax obligations |
Legal obligation (Article 6.1 c) GDPR) |
Legal retention period (e.g. 10-year accounting obligation in France) |
|
Pre-litigation and litigation |
Legitimate interest in safeguarding our interests and proof of a contract or legal claim (Article 6.1(f) GDPR) |
Duration of the applicable statute of limitations (e.g. 5-year statute of limitations in France, up to 10-years statute of limitations in Belgium) |
|
Your reviews |
||
|
Collect and/or study your reviews following a purchase or contact with our services |
Legitimate interest in improving our offers and services based on your feedback (Article 6.1 f) GDPR) |
Until opposition or 3 years after last contact |
|
Our Interactions |
||
|
Customer Service Management: Respond to any request from you |
Legitimate interest in providing a response to your requests (Article 6.1(f) GDPR) |
3 years from the last contact (excluding call center audio recording) |
|
Evaluate and improve the quality of the information provided by the call centre |
Legitimate interest in evaluating and improving the relevance of the answers provided and to carry out training and statistics (Article 6.1 f) of the GDPR) |
Audio recording: 2 months from call |
|
Respond to your requests to enforce data protection rights |
Legal obligation (Article 6.1 c) GDPR) |
1 year from the closing of the application |
|
Manage pre-litigation and contentious situations (not arising from the contract) |
Legitimate interest in safeguarding our interests and proof of a contract or legal claim (Article 6.1(f) GDPR) |
Duration of the applicable statute of limitations (e.g. 5-year statute of limitations in France) |
|
Notify you of major changes to our business (business transfer, etc.) |
Legitimate interest in informing you about the situation of the controller of your data |
As long as you are customers and/or prospects |
|
Social media |
||
|
Social Media Page Administration |
Legitimate interest in administering our social media pages (Article 6.1 (f) GDPR) |
Refer to the data protection policy on the social network |
|
Realization and measurement of campaigns / sponsored publications* |
Legitimate interest in communicating on social media to promote our brands and activities (Article 6.1 f) GDPR) |
Refer to the data protection policy on the social network |
|
Analysis and customer knowledge |
||
|
Carrying out analysis and reporting (e.g. consumption habits, reactions to campaigns, etc.), group segmentation and profile creation based on our relationships, your activities at the point of sale and online* |
Legitimate interest in improving our offers and services based on our interactions (Article 6.1 f) GDPR) |
3 years from the last contact or refer to the applicable cookie policy for trackers |
|
Prospecting (commercial information on news, product or service offers and surveys) |
||
|
Targeting campaigns (e.g. based on previous interactions) * |
Legitimate interest in communicating effectively by sending you relevant information (Article 6.1 f) GDPR) |
3 years from last contact |
|
Lead Acquisition |
Legitimate interest (Article 6.1(f) GDPR) |
3 years from last contact |
|
Communicate electronically (non-professional) |
Consent (Article 6.1 a) GDPR) |
Until withdrawal of consent or 3 years after last contact |
|
Communicate by post and telephone |
Legitimate interest in promoting our brands and business (Article 6.1(f) GDPR) or consent (Article 6.1 a) GDPR) |
Until opposition or 3 years after last contact |
|
Similar goods and services |
Legitimate interest in promoting our brands and business (Article 6.1(f) GDPR) |
Until opposition or 3 years after last contact |
|
Communicating with professionals |
Legitimate interest in promoting our brands and business (Article 6.1(f) GDPR) or consent (Article 6.1 a) GDPR) |
Until opposition or 3 years after last contact |
|
Game contest |
||
|
Manage your participation in competitions |
Performance of the contract (game rules) (Article 6.1 b) GDPR) |
Duration mentioned in the applicable game rules |
|
Security |
||
|
Preventing and combating fraud, including managing the consequences of such fraud* |
Legitimate interest in protecting our property and transactions (Article 6.1 f) GDPR) |
1 year if the alert is not deemed relevant
5 years from the closure of the fraud file
In the event of legal proceedings, 5 years after the closure of the file |
|
Security of the tools that enable our interactions, including domain, network and authentication |
Legitimate interest in ensuring the security of exchanges and processed data (Article 6.1 f) of the GDPR) |
Duration of the connection or duration applicable to the processed data |
|
Controls and requests for authority information |
||
|
Respond to official and well-founded requests for the transmission of your data (judicial requisition, control, etc.) |
Legal obligation (Article 6.1 c) GDPR) |
1 year from the date of application unless otherwise provided |
|
Manage our internal controls (which may include your personal data as evidence of control) |
Legitimate interest in monitoring the effectiveness of our internal procedures (Article 6.1 f) GDPR) |
3 years from the date of the inspection |
|
Collect and process reports as part of the whistleblowing system |
Legal obligation (Article 6.1(c) of the GDPR) and legitimate interest in investigating allegations of violations of our Code of Conduct (Article 6(1)(f) of the GDPR) |
If the alert is unfounded, 2 months from the end of the investigations.
In the event of disciplinary or judicial proceedings, 5 years after the conclusion of such proceedings. |
|
Digital activities |
||
|
To enable the operation of the website including the selection of products in the shopping cart, to ensure security, etc. |
Legitimate interest (Article 6.1(f) GDPR) |
Refer to the applicable cookie policy |
|
Offer specific navigation features |
Consent (Article 6.1 a) GDPR) |
Refer to the applicable cookie policy |
|
Understand the use of our website by measuring our users' traffic and navigation |
Consent (Article 6.1 a) GDPR) |
Refer to the applicable cookie policy |
|
To offer personalised content and advertising, to measure its effectiveness and to adapt it according to your browsing and your profile |
Consent (Article 6.1 a) GDPR) |
Refer to the applicable cookie policy |
|
To offer personalised content and advertising, to measure the effectiveness of campaigns and to adapt them according to your browsing and your profile through partners who may be recipients of your personal data |
Consent (Article 6.1 a) GDPR) |
Refer to the applicable cookie policy |
|
Manage the e-commerce and digital strategy, including the provision of additional services |
Legitimate interest in driving the e-commerce and digital strategy (Article 6.1 f) of the GDPR) |
Refer to the applicable cookie policy or the Links to External Sites section |
Appendix 3 – Netherlands
|
Purposes of the processing |
Legal basis |
Retention period |
|
Contracts, including loyalty program |
||
|
Management and delivery of orders, delivery, after-sales service and product returns |
Performance of the contract (Article 6.1 (b) GDPR) |
Duration of the contractual relationship. We remove the security code from your credit card as soon as the payment for the purchase has been made. |
|
Contractual communication (card expiration, product reminder) |
Performance of the contract (Article 6.1 (b) GDPR) |
Duration of the contractual relationship |
|
Accounting and tax obligations |
Legal obligation (Article 6.1 c) GDPR) |
Legal retention period (e.g. 7-year accounting obligation in the Netherlands) |
|
Pre-litigation and litigation |
Legitimate interest in safeguarding our interests and proof of a contract or legal claim (Article 6.1(f) GDPR) |
Duration of the applicable statute of limitations (e.g. 5-year statute of limitations in the Netherlands) |
|
Your reviews |
||
|
Collect and/or study your reviews following a purchase or contact with our services |
Legitimate interest in improving our offers and services based on your feedback (Article 6.1 f) GDPR) |
Until opposition or 3 years after last contact |
|
Our Interactions |
||
|
Customer Service Management: Respond to any request from you |
Legitimate interest in providing a response to your requests (Article 6.1(f) GDPR) |
3 years from the last contact (excluding call center audio recording) |
|
Evaluate and improve the quality of the information provided by the call centre |
Legitimate interest in evaluating and improving the relevance of the answers provided and to carry out training and statistics (Article 6.1 f) of the GDPR) |
Audio recording: 2 months from call |
|
Respond to your requests to enforce data protection rights |
Legal obligation (Article 6.1 c) GDPR) |
1 year from the closing of the application |
|
Manage business related pre-litigation and contentious situations (not arising from the contract) |
Legitimate interest in safeguarding our interests and proof of a contract or legal claim (Article 6.1(f) GDPR) |
Duration of the applicable statute of limitations (e.g. 7-year statute of limitations in the Netherlands) |
|
Notify you of major changes to our business (business transfer, etc.) |
Legitimate interest in informing you about the situation of the controller of your data |
As long as you are customers and/or prospects |
|
Social media |
||
|
Social Media Page Administration |
Legitimate interest in administering our social media pages (Article 6.1 (f) GDPR) |
Refer to the data protection policy on the social network |
|
Realization and measurement of campaigns / sponsored publications* |
Legitimate interest in communicating on social media to promote our brands and activities (Article 6.1 f) GDPR) |
Refer to the data protection policy on the social network |
|
Analysis and customer knowledge |
||
|
Carrying out analysis and reporting (e.g. consumption habits, reactions to campaigns, etc.), group segmentation and profile creation based on our relationships, your activities at the point of sale and online* |
Legitimate interest in improving our offers and services based on our interactions (Article 6.1 f) GDPR) |
3 years from the last contact or refer to the applicable cookie policy for trackers |
|
Prospecting (commercial information on news, product or service offers and surveys) |
||
|
Targeting campaigns (e.g. based on previous interactions) * |
Consent (Article 6.1 (a) GDPR) |
3 years from last contact |
|
Lead Acquisition |
Legitimate interest (Article 6.1(f) GDPR) |
3 years from last contact |
|
Communicate electronically (non-professional) |
Consent (Article 6.1 a) GDPR) |
Until withdrawal of consent or 3 years after last contact |
|
Communicate by post and telephone with our customers |
Legitimate interest in promoting our brands and business (Article 6.1(f) GDPR) |
Until opposition or 3 years after last contact |
|
Similar goods and services |
Consent (Article 6.1 (a) GDPR) or Legitimate interest in promoting our brands and business (Article 6.1(f) GDPR) |
Until opposition or 3 years after last contact |
|
Communicating with the professionals |
Consent (Article 6.1 (a) GDPR) or legitimate interest in promoting our brands and business (Article 6.1(f) GDPR) |
Until opposition or 3 years after last contact |
|
Game contest |
||
|
Manage your participation in competitions |
Performance of the contract (game rules) (Article 6.1 b) GDPR) |
Duration mentioned in each regulation |
|
Security |
||
|
Preventing and combating fraud, including managing the consequences of such fraud* |
Legitimate interest in protecting our property and transactions (Article 6.1 f) GDPR) |
1 year if the alert is not deemed relevant
5 years from the closure of the fraud file
In the event of legal proceedings, 5 years after the closure of the file |
|
Security of the tools that enable our interactions, including domain, network and authentication |
Legitimate interest in ensuring the security of exchanges and processed data (Article 6.1 f) of the GDPR) |
Duration of the connection or duration applicable to the processed data |
|
Controls and requests for authority information |
||
|
Respond to official and well-founded requests for the transmission of your data (judicial requisition, control, etc.) |
Legal obligation (Article 6.1 c) GDPR) |
1 year from the date of application unless otherwise provided |
|
Manage our internal controls (which may include your personal data as evidence of control) |
Legitimate interest in monitoring the effectiveness of our internal procedures (Article 6.1 f) GDPR) |
3 years from the date of the inspection |
|
Collect and process reports as part of the whistleblowing system |
Legal obligation (Article 6.1(c) of the GDPR) and legitimate interest in investigating allegations of violations of our Code of Conduct (Article 6(1)(f) of the GDPR) |
If the alert is unfounded, 2 months from the end of the investigations.
In the event of disciplinary or judicial proceedings, 5 years after the conclusion of such proceedings. |
|
Digital activities |
||
|
To enable the operation of the website including the selection of products in the shopping cart, to ensure security, etc. |
Legitimate interest (Article 6.1(f) GDPR) |
Refer to the applicable cookie policy |
|
Offer specific navigation features |
Consent (Article 6.1 a) GDPR) |
Refer to the applicable cookie policy |
|
Understand the use of our website by measuring our users' traffic and navigation |
Consent (Article 6.1 a) GDPR) |
Refer to the applicable cookie policy |
|
To offer personalised content and advertising, to measure its effectiveness and to adapt it according to your browsing and your profile |
Consent (Article 6.1 a) GDPR) |
Refer to the applicable cookie policy |
|
To offer personalised content and advertising, to measure the effectiveness of campaigns and to adapt them according to your browsing and your profile through partners who may be recipients of your personal data |
Consent (Article 6.1 a) GDPR) |
Refer to the applicable cookie policy |
|
Manage the e-commerce and digital strategy, including the provision of additional services |
Legitimate interest in driving the e-commerce and digital strategy (Article 6.1 f) of the GDPR) |
Refer to the applicable cookie policy or the Links to External Sites section |
Appendix 4 – Poland
|
Purposes of the processing |
Legal basis |
Retention period |
|
Contracts |
||
|
Management and delivery of orders, delivery, after-sales service and product returns |
Performance of the contract (Article 6.1 (b) GDPR) |
Duration of the contractual relationship. We remove the security code from your credit card as soon as the payment for the purchase has been made. |
|
Contractual communication (card expiration, product reminder) |
Performance of the contract (Article 6.1 (b) GDPR) |
Duration of the contractual relationship. |
|
Accounting and tax obligations |
Legal obligation (Article 6.1 c) GDPR) |
Legal retention period resulting from applicable tax or accounting law (e.g. 10-year accounting obligation in France) |
|
Pre-litigation and litigation |
Legitimate interest in safeguarding our interests and proof of a contract or legal claim (Article 6.1(f) GDPR) |
Duration of the applicable statute of limitations (e.g. 5-year statute of limitations in France) |
|
Your reviews |
||
|
Collect and/or study your reviews following a purchase or contact with our services |
Legitimate interest in improving our offers and services based on your feedback (Article 6.1 f) GDPR) |
3 years after last contact |
|
Our Interactions |
||
|
Customer Service Management: Respond to any request from you |
Legitimate interest in providing a response to your requests (Article 6.1(f) GDPR) |
3 years from the last contact (excluding call center audio recording) |
|
Evaluate and improve the quality of the information provided by the call centre |
Legitimate interest in evaluating and improving the relevance of the answers provided and to carry out training and statistics (Article 6.1 f) of the GDPR) |
Audio recording: 2 months from call |
|
Respond to your requests to enforce data protection rights |
Legal obligation (Article 6.1 c) GDPR) |
1 year from the closing of the application |
|
Manage pre-litigation and contentious situations (not arising from the contract) |
Legitimate interest in safeguarding our interests and proof of a contract or legal claim (Article 6.1(f) GDPR) |
Duration of the applicable statute of limitations (e.g. 5-year statute of limitations in France) |
|
Notify you of major changes to our business (business transfer, etc.) |
Legitimate interest in informing you about the situation of the controller of your data |
As long as you are customers and/or prospects |
|
Social media |
||
|
Social Media Page Administration |
Legitimate interest in administering our social media pages (Article 6.1 (f) GDPR) |
Refer to the data protection policy on the social network |
|
Realization and measurement of campaigns / sponsored publications* |
Legitimate interest in communicating on social media to promote our brands and activities (Article 6.1 f) GDPR) |
Refer to the data protection policy on the social network |
|
Analysis and customer knowledge |
||
|
Carrying out analysis and reporting (e.g. consumption habits, reactions to campaigns, etc.), group segmentation and profile creation based on our relationships, your activities at the point of sale and online* |
Legitimate interest in improving our offers and services based on our interactions (Article 6.1 f) GDPR) |
3 years from the last contact or refer to the applicable cookie policy for trackers |
|
Prospecting (commercial information on news, product or service offers and surveys) |
||
|
Targeting campaigns (e.g. based on previous interactions) * |
Legitimate interest in communicating effectively by sending you relevant information (Article 6.1 f) GDPR) |
3 years from last contact |
|
Lead Acquisition |
Legitimate interest (Article 6.1(f) GDPR) |
3 years from last contact |
|
Communicate electronically (non-professional) |
Consent (Article 6.1 a) GDPR) |
Until withdrawal of consent or 3 years after last contact |
|
Communicate by post and telephone |
Legitimate interest in promoting our brands and business (Article 6.1(f) GDPR) |
Until opposition or 3 years after last contact |
|
Similar goods and services |
Legitimate interest in promoting our brands and business (Article 6.1(f) GDPR) |
Until opposition or 3 years after last contact |
|
Communicating with the professionals |
Legitimate interest in promoting our brands and business (Article 6.1(f) GDPR) |
Until opposition or 3 years after last contact |
|
Game contest |
||
|
Manage your participation in competitions |
Performance of the contract (game rules) (Article 6.1 b) GDPR) |
Duration mentioned in each regulation |
|
Security |
||
|
Preventing and combating fraud, including managing the consequences of such fraud* |
Legitimate interest in protecting our property and transactions (Article 6.1 f) GDPR) |
1 year if the alert is not deemed relevant
5 years from the closure of the fraud file
In the event of legal proceedings, 5 years after the closure of the file |
|
Security of the tools that enable our interactions, including domain, network and authentication |
Legitimate interest in ensuring the security of exchanges and processed data (Article 6.1 f) of the GDPR) |
Duration of the connection or duration applicable to the processed data |
|
Controls and requests for authority information |
||
|
Respond to official and well-founded requests for the transmission of your data (judicial requisition, control, etc.) |
Legal obligation (Article 6.1 c) GDPR) |
1 year from the date of application unless otherwise provided |
|
Manage our internal controls (which may include your personal data as evidence of control) |
Legitimate interest in monitoring the effectiveness of our internal procedures (Article 6.1 f) GDPR) |
3 years from the date of the inspection |
|
Collect and process reports as part of the whistleblowing system |
Legal obligation (Article 6.1(c) of the GDPR) and legitimate interest in investigating allegations of violations of our Code of Conduct (Article 6(1)(f) of the GDPR) |
If the alert is unfounded, 2 months from the end of the investigations.
In the event of disciplinary or judicial proceedings, 5 years after the conclusion of such proceedings. |
|
Digital activities |
||
|
To enable the operation of the website including the selection of products in the shopping cart, to ensure security, etc. |
Legitimate interest (Article 6.1(f) GDPR) |
Refer to the applicable cookie policy |
|
Offer specific navigation features |
Consent (Article 6.1 a) GDPR) |
Refer to the applicable cookie policy |
|
Understand the use of our website by measuring our users' traffic and navigation |
Consent (Article 6.1 a) GDPR) |
Refer to the applicable cookie policy |
|
To offer personalised content and advertising, to measure its effectiveness and to adapt it according to your browsing and your profile |
Consent (Article 6.1 a) GDPR) |
Refer to the applicable cookie policy |
|
To offer personalised content and advertising, to measure the effectiveness of campaigns and to adapt them according to your browsing and your profile through partners who may be recipients of your personal data |
Consent (Article 6.1 a) GDPR) |
Refer to the applicable cookie policy |
|
Manage the e-commerce and digital strategy, including the provision of additional services |
Legitimate interest in driving the e-commerce and digital strategy (Article 6.1 f) of the GDPR) |
Refer to the applicable cookie policy or the Links to External Sites section |
Appendix 5 – Spain
|
Purposes of the processing |
Legal basis
|
|
Contracts, including loyalty program |
|
|
Management and delivery of orders, delivery, after-sales service and product returns. |
Performance of the contract (Article 6.1 (b) GDPR) |
|
Contractual communication (card expiration, product reminder) |
Performance of the contract (Article 6.1 (b) GDPR) |
|
Accounting and tax obligations |
Legal obligation (Article 6.1 c) GDPR) |
|
Pre-litigation and litigation |
Legitimate interest in safeguarding our interests and proof of a contract or legal claim (Article 6.1(f) GDPR) |
|
Your reviews |
|
|
Collect and/or study your reviews following a purchase or contact with our services |
Legitimate interest in improving our offers and services based on your feedback (Article 6.1 f) GDPR) |
|
Our Interactions |
|
|
Customer Service Management: Respond to any request from you |
Legitimate interest in providing a response to your requests (Article 6.1(f) GDPR) |
|
Evaluate and improve the quality of the information provided by the call centre |
Legitimate interest in evaluating and improving the relevance of the answers provided and to carry out training and statistics (Article 6.1 f) of the GDPR) |
|
Respond to your requests to enforce data protection rights |
Legal obligation (Article 6.1 c) GDPR) |
|
Manage pre-litigation and contentious situations (not arising from the contract) |
Legitimate interest in safeguarding our interests and proof of a contract or legal claim (Article 6.1(f) GDPR) |
|
Notify you of major changes to our business (business transfer, etc.) |
Legitimate interest in informing you about the situation of the controller of your data |
|
Social media |
|
|
Social Media Page Administration |
Legitimate interest in administering our social media pages (Article 6.1 (f) GDPR) |
|
Realization and measurement of campaigns / sponsored publications* |
Legitimate interest in communicating on social media to promote our brands and activities (Article 6.1 f) GDPR) |
|
Analysis and customer knowledge |
|
|
Carrying out analysis and reporting (e.g. consumption habits, reactions to campaigns, etc.), group segmentation and profile creation based on our relationships, your activities at the point of sale and online* |
Legitimate interest in improving our offers and services based on our interactions (Article 6.1 f) GDPR) |
|
Prospecting (commercial information on news, product or service offers and surveys) |
|
|
Targeting campaigns (e.g. based on previous interactions) * |
Legitimate interest in communicating effectively by sending you relevant information (Article 6.1 f) GDPR) |
|
Lead Acquisition |
Legitimate interest (Article 6.1(f) GDPR) |
|
Communicate electronically (non-professional) |
Consent (Article 6.1 a) GDPR) |
|
Communicate by post and telephone |
Legitimate interest in promoting our brands and business (Article 6.1(f) GDPR) |
|
Similar goods and services |
Legitimate interest in promoting our brands and business (Article 6.1(f) GDPR) |
|
Communicating with the professionals |
Legitimate interest in promoting our brands and business (Article 6.1(f) GDPR) |
|
Game contest |
|
|
Manage your participation in competitions |
Performance of the contract (game rules) (Article 6.1 b) GDPR) |
|
Security |
|
|
Preventing and combating fraud, including managing the consequences of such fraud* |
Legitimate interest in protecting our property and transactions (Article 6.1 f) GDPR) |
|
Security of the tools that enable our interactions, including domain, network and authentication |
Legitimate interest in ensuring the security of exchanges and processed data (Article 6.1 f) of the GDPR) |
|
Controls and requests for authority information |
|
|
Respond to official and well-founded requests for the transmission of your data (judicial requisition, control, etc.) |
Legal obligation (Article 6.1 c) GDPR) |
|
Manage our internal controls (which may include your personal data as evidence of control) |
Legitimate interest in monitoring the effectiveness of our internal procedures (Article 6.1 f) GDPR) |
|
Collect and process reports as part of the whistleblowing system |
Legal obligation (Article 6.1(c) of the GDPR) and legitimate interest in investigating allegations of violations of our Code of Conduct (Article 6(1)(f) of the GDPR) |
|
Digital activities |
|
|
To enable the operation of the website including the selection of products in the shopping cart, to ensure security, etc. |
Legitimate interest (Article 6.1(f) GDPR) |
|
Offer specific navigation features |
Consent (Article 6.1 a) GDPR) |
|
Understand the use of our website by measuring our users' traffic and navigation |
Consent (Article 6.1 a) GDPR) |
|
To offer personalised content and advertising, to measure its effectiveness and to adapt it according to your browsing and your profile |
Consent (Article 6.1 a) GDPR) |
|
To offer personalised content and advertising, to measure the effectiveness of campaigns and to adapt them according to your browsing and your profile through partners who may be recipients of your personal data |
Consent (Article 6.1 a) GDPR) |
|
Manage the e-commerce and digital strategy, including the provision of additional services |
Legitimate interest in driving the e-commerce and digital strategy (Article 6.1 f) of the GDPR) |
Appendix 6 – Sweden
|
Purposes of the processing |
Legal basis |
Retention period |
|
Contracts, including loyalty program |
||
|
Management and delivery of orders, delivery, after-sales service and product returns. |
Performance of the contract (Article 6.1 (b) GDPR) |
Duration of the contractual relationship. We remove the security code from your credit card as soon as the payment for the purchase has been made. |
|
Contractual communication (card expiration, product reminder) |
Performance of the contract (Article 6.1 (b) GDPR) |
Duration of the contractual relationship |
|
Accounting and tax obligations |
Legal obligation (Article 6.1 c) GDPR) |
Legal retention period (e.g. 10-year accounting obligation in France) |
|
Pre-litigation and litigation |
Legitimate interest in safeguarding our interests and proof of a contract or legal claim (Article 6.1(f) GDPR) |
Duration of the applicable statute of limitations (e.g. 5-year statute of limitations in France) |
|
Your reviews |
||
|
Collect and/or study your reviews following a purchase or contact with our services |
Legitimate interest in improving our offers and services based on your feedback (Article 6.1 f) GDPR) |
Until opposition or 3 years after last contact |
|
Our Interactions |
||
|
Customer Service Management: Respond to any request from you |
Legitimate interest in providing a response to your requests (Article 6.1(f) GDPR) |
3 years from the last contact (excluding call center audio recording) |
|
Evaluate and improve the quality of the information provided by the call centre |
Legitimate interest in evaluating and improving the relevance of the answers provided and to carry out training and statistics (Article 6.1 f) of the GDPR) |
Audio recording: 2 months from call |
|
Respond to your requests to enforce data protection rights |
Legal obligation (Article 6.1 c) GDPR) |
1 year from the closing of the application |
|
Manage pre-litigation and contentious situations (not arising from the contract) |
Legitimate interest in safeguarding our interests and proof of a contract or legal claim (Article 6.1(f) GDPR) |
Duration of the applicable statute of limitations (e.g. 5-year statute of limitations in France) |
|
Notify you of major changes to our business (business transfer, etc.) |
Legitimate interest in informing you about the situation of the controller of your data |
As long as you are customers and/or prospects |
|
Social media |
||
|
Social Media Page Administration |
Legitimate interest in administering our social media pages (Article 6.1 (f) GDPR) |
Refer to the data protection policy on the social network |
|
Realization and measurement of campaigns / sponsored publications* |
Legitimate interest in communicating on social media to promote our brands and activities (Article 6.1 f) GDPR) |
Refer to the data protection policy on the social network |
|
Analysis and customer knowledge |
||
|
Carrying out analysis and reporting (e.g. consumption habits, reactions to campaigns, etc.), group segmentation and profile creation based on our relationships, your activities at the point of sale and online* |
Legitimate interest in improving our offers and services based on our interactions (Article 6.1 f) GDPR) |
3 years from the last contact or refer to the applicable cookie policy for trackers |
|
Prospecting (commercial information on news, product or service offers and surveys) |
||
|
Targeting campaigns (e.g. based on previous interactions) * |
Legitimate interest in communicating effectively by sending you relevant information (Article 6.1 f) GDPR) |
3 years from last contact |
|
Lead Acquisition |
Before first contact: Legitimate interest (Article 6.1(f) GDPR)
After first contact: Consent (Article 6.1 a) GDPR) |
Before first contact: 1 month (or earlier if contact is made before 1 month of lead acquisition).
After first contact: Until withdrawal of consent or earlier at the company’s initiative |
|
Communicate electronically (non-professional) |
Consent (Article 6.1 a) GDPR) |
Until withdrawal of consent or earlier at the company’s initiative |
|
Communicate by post and telephone |
Legitimate interest in promoting our brands and business (Article 6.1(f) GDPR) |
Until opposition or 3 years after last contact |
|
Similar goods and services |
Legitimate interest in promoting our brands and business (Article 6.1(f) GDPR) |
Until opposition or 3 years after last contact |
|
Communicating with the professionals |
Legitimate interest in promoting our brands and business (Article 6.1(f) GDPR) |
Until opposition or 3 years after last contact |
|
Game contest |
||
|
Manage your participation in competitions |
Performance of the contract (game rules) (Article 6.1 b) GDPR) |
Duration mentioned in each regulation |
|
Security |
||
|
Preventing and combating fraud, including managing the consequences of such fraud* |
Legitimate interest in protecting our property and transactions (Article 6.1 f) GDPR) |
1 year if the alert is not deemed relevant
5 years from the closure of the fraud file
In the event of legal proceedings, 5 years after the closure of the file |
|
Security of the tools that enable our interactions, including domain, network and authentication |
Legitimate interest in ensuring the security of exchanges and processed data (Article 6.1 f) of the GDPR) |
Duration of the connection or duration applicable to the processed data |
|
Controls and requests for authority information |
||
|
Respond to official and well-founded requests for the transmission of your data (judicial requisition, control, etc.) |
Legal obligation (Article 6.1 c) GDPR) |
1 year from the date of application unless otherwise provided |
|
Manage our internal controls (which may include your personal data as evidence of control) |
Legitimate interest in monitoring the effectiveness of our internal procedures (Article 6.1 f) GDPR) |
3 years from the date of the inspection |
|
Collect and process reports as part of the whistleblowing system |
Legal obligation (Article 6.1(c) of the GDPR) and legitimate interest in investigating allegations of violations of our Code of Conduct (Article 6(1)(f) of the GDPR) |
If the alert is unfounded, 2 months from the end of the investigations.
In the event of disciplinary or judicial proceedings, 5 years after the conclusion of such proceedings. |
|
Digital activities |
||
|
To enable the operation of the website including the selection of products in the shopping cart, to ensure security, etc. |
Legitimate interest (Article 6.1(f) GDPR) |
Refer to the applicable cookie policy |
|
Offer specific navigation features |
Consent (Article 6.1 a) GDPR) |
Refer to the applicable cookie policy |
|
Understand the use of our website by measuring our users' traffic and navigation |
Consent (Article 6.1 a) GDPR) |
Refer to the applicable cookie policy |
|
To offer personalised content and advertising, to measure its effectiveness and to adapt it according to your browsing and your profile |
Consent (Article 6.1 a) GDPR) |
Refer to the applicable cookie policy |
|
To offer personalised content and advertising, to measure the effectiveness of campaigns and to adapt them according to your browsing and your profile through partners who may be recipients of your personal data |
Consent (Article 6.1 a) GDPR) |
Refer to the applicable cookie policy |
|
Manage the e-commerce and digital strategy, including the provision of additional services |
Legitimate interest in driving the e-commerce and digital strategy (Article 6.1 f) of the GDPR) |
Refer to the applicable cookie policy or the Links to External Sites section |