Personal data charter
BOLLORÉ SA PERSONAL DATA PROTECTION POLICY
The purpose of this policy is to explain to you how Bolloré SA, as the entity responsible for processing personal data (hereinafter “we”), may use your personal data collected in the course of your relationship with us and/or indirectly. This policy does not apply to cases in which we have to process your data in the context of a relationship that has already caused us to provide you with information on the use of your personal data.
In this policy, the term “you” refers to any natural person who has a direct or indirect relationship with us. More specifically, it refers to natural persons who represent a legal person (employees, executives, agents, clients, prospects, service providers, etc.) as well as representatives (of a client, partner, supplier, etc.) or any other natural person who may interact with us (members of an administrative or judicial authority, journalists, etc.).
Who sees your personal data?
The data we collect is intended for use by Bolloré SA and is not intended to be shared with third parties, except in the cases provided for by the laws and regulations in force (such as right of communication of certain information to administrative authorities or courts of law) or for the purposes of its activities (including, but not limited to, sharing of contact details as part of joint communication actions with several entities of the Bolloré Group unless you state otherwise, transmission of certain data needed to perform their mission by our auditors, lawyers and other service providers tasked with defending our interests).
Finally, we may make some of your data accessible to our service providers, which are known as “subcontractors”, for the strict purpose and within the limits of the mission that they perform for us (IT service providers, professionals involved in our representation such as experts, bailiffs, etc.).
Why do we collect your personal data?
We may collect your personal data on several occasions as part of our business activity. This means that your data will be used in various ways:
– to process and respond to requests for pre-contractual measures taken at your request (such as requests for information about our company or other companies in the group, requests for rate quotes for the provision of services);
– to meet our legal, accounting and tax obligations (e.g., accounting records, general accounting ledgers and sub-ledgers, management of your requests to exercise your rights over your data, preventing money laundering and financing of terrorism and the fight against corruption);
– within the limits of your interests and rights, to meet our legitimate needs related to:
– the performance and follow-up of a contract between us and the person whom you represent (e.g., performance and follow-up of our services delivered to your employer, management and follow-up of files, management of our relationships with our suppliers and service providers, management of human resources for non-salaried employees of companies, billing, management of outstanding invoices and collection, etc.),
– unless you request otherwise, information about the people with whom we are in contact, external and internal communication, prospecting, customer relationship monitoring and customer loyalty (which require a better knowledge of the people with whom we are in contact, through the sending of messages about our latest news, organization, registration and invitation to certain events that we organize),
– The recognition, exercise or defense of rights and interests in court;
– responses to calls for tenders from potential clients;
– security management in our offices if you go there (surveillance and protection of people and property) and of our employees.
If some of your data is essential to us to perform a contract or any services relating to our various activities or meet a regulatory obligation, we will inform you during collection.
What personal data do we collect indirectly?
In addition to the personal data that you provide to us, we may collect certain personal data indirectly (e.g., through a customer representative, supplier, partner or legal person of group companies) such as:
– data relating to your identity and your contact information;
– commercial information and, if necessary (mainly if needed for the recognition, exercise or defense of rights and interests in court), certain sensitive data (including, theoretically, information about your racial or ethnic origin, opinions, religious beliefs, union activities, physical health, genetic or biometric data) or data about criminal offenses;
– profile and usage data, including passwords for password-protected platforms or services that you might have accessed at the request of a third party;
– Technical data, including information collected during your visits to our sites and applications, IP address or connection data.
How do you exercise your rights?
You have the right of access to your data, the right to correct erroneous data about you, and, under the circumstances and in accordance with the limits contemplated by the regulations in force, to challenge or delete some of your data, limit its use or request the portability thereof for transmission to a third party, and to define what is to be done with your data after your death (if you live in France).
To exercise your rights, just write to our DPO firstname.lastname@example.org or to the contact address mentioned on our institutional website and attach, if necessary, any documents that can be used to prove your identity and substantiate your request.
In the event of an unresolved difficulty related to the use of your personal data, you may refer the matter to the competent supervisory authority (such as the Commission Nationale de l’Informatique et des Libertés in France).
How long do we keep your data?
Your data will be kept for the periods necessary to satisfy the aforementioned purposes, i.e.:
Management of pre-contractual requests
three years after the end of our relationship
Management of a contract between us and the person you represent
five years after the end of said contract or of the commercial relationship with that person
Response to tender offers
two years after the reply given to us
Information about people and communication
three years after the end of your relationship with us
Security of property and personal security
six months (unless the period is shorter for specific devices such as videoprotection, which is limited to one month)
At the end of these periods, the data will, if necessary, be archived for a period not exceeding the statutory limitation periods or applicable archiving obligations or for the duration of proceedings in the case of litigation. Once these periods expire, the data will be destroyed.