1. Homepage
  2. Privacy
  3. Data protection

Data protection

Legal informations

Update: 14/04/2025

The purpose of this global privacy policy (“Policy”) is to explain to the natural persons concerned (“You”, “Your”) the general practices of the group LACROIX (“We”, “Us”, “Our”) regarding the use and protection of Your personal data.

This Policy is supplemented by privacy notices that specify, for each of Our processing activities, the categories of personal data We process, how We collect it, why We use it, the legal basis enabling Us to process it, how long we retain it and the rights available to You.

We may modify or supplement Our Policy and privacy notices at any time, in particular in order to comply with any legislative, regulatory, jurisprudential or technological developments, or when We change Our processing. The date of update is identified at the top of Our Privacy Policy and privacy notices. These changes are applicable as soon as they are posted online. You should therefore regularly review them in order to become aware of any changes.

The group LACROIX complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”), other applicable data protection regulations and this Policy.

1. WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA?

    The group LACROIX refers to the company LACROIX Group (a French “Société Anonyme à Conseil d’Administration” located at 17 rue Océane, 44800 Saint-Herblain, France, RCS NANTES n°855 802 815) as well as all the legal entities listed here, acting as independent or joint data controllers of Your Personal Data.

    2. WHY DO WE COLLECT YOUR PERSONAL DATA?

    We may collect Your personal data to manage Our business and Our relationship with You in the context of the following processing:

    • Employees management, in particular in order to manage the internal organization, employee files, careers and skills, or to carry out mandatory formalities;
    • Management of the payroll and gratuities of Our staff, in particular in order to calculate and pay salaries, gratuities and other amounts due, or to carry out mandatory formalities;
    • Management of staff and union representatives, in particular in order to manage representative mandates, constraints, organize and to follow up meetings;
    • Management of candidates, in particular in order to carry out interviews, personality or technical tests, to send them a job offer or to put their application in a pool;
    • Management of suppliers, service providers or partners, in particular in order to select Our future co-contractors, to enter into and execute contracts and to carry out Our accounting operations;
    • Management of access to Our premises, in particular in order to physically welcome You and to ensure the security of Our premises;
    • Management of Our customers or prospects, in particular in order to manage Our customers and prospects base, to manage Our commercial prospecting activities, to send commercial offers, to enter into and execute contracts and to carry out Our accounting operations;
    • Management of users of Our websites, online services or mobile applications, in particular to ensure their security or audience measurement or to manage user accounts;
    • Contacts management, in particular in order to manage Our contact database and telephone reception, to send institutional communications, to manage participation in Our trade fairs and events;
    • Management of IT resources, in particular in order to provide You with communication equipment and access to Our information systems;
    • Managing the security of Our information systems, in particular in order to avoid or limit security incidents;
    • Management of administrators, in particular in order to select them, to manage board meetings, or to carry out mandatory formalities;
    • Management of shareholders, officers and corporate officers, in particular in order to manage general meetings, registers, or to carry out mandatory formalities;
    • Management of insiders, in particular in order to draw up insider lists, to inform them of their obligations, or to carry out mandatory formalities;
    • Management of image rights, in particular in order to carry out external or internal communication campaigns using Your image;
    • Management of whistleblowing, in particular in order to collect and investigate whistleblowing, and to ensure the protection of whistleblowers;
    • Management of inventors, in particular in order to manage registrations and the monitoring of industrial property rights and related remunerations;
    • Management of requests to exercise rights in connection with data protection regulations, in particular those relating to the rights of access, rectification, erasure, portability, objection or restriction to the processing, or in the event of consent withdrawal.

    3. WHAT DATA CONCERNING YOU DO WE COLLECT OR PROCESS?

    Depending on Our processing activities, We may collect and process the following categories of personal data:

    • Your identification data and Your personal or professional contact details such as first name, last name, email, telephone, address,  as well as image and voice;
    • Your data concerning Your applications such as CVs, cover letters, test results;
    • Your financial or economic data, such as bank details and contractual information, wages, tax rates, payments, orders, deliveries and receipts;
    • Your personal life data, such as information about Your personal circumstances or household;
    • Your data resulting from Your professional life, such as position, employer, sector of activity, place of work, career, time worked and absences, elective mandates or professional assessments;
    • Your connection or usage data of Our IT resources, websites, online services and mobile applications, such as date and time of connection, IP address and data from cookies and other trackers, activity logs and identifiers;
    • Your data relating to Your visits to Our premises, such as date and time of access.

    In specific cases, We may also collect Your national identification number, ID or sensitive data such as:

    • Your union membership when You have a mandate to represent a trade union,
    • Your criminal convictions for some of Our recruitments when We are required by law to do so,
    • Your biometric fingerprints to allow You to access sensitive premises,
    • Some of Your health problems and disabilities in order to best facilitate the recruitment processes or Your visit to Our premises.

    4. HOW DO WE COLLECT YOUR PERSONAL DATA?

    In most cases, We collect Your personal data directly from You when You provide it to Us orally or in writing, via an online or paper form, or when You use Our websites, mobile applications, online services or IT resources. Some third parties may also provide Us with Your personal data on their own initiative or because they are required to do so by law or where You have given them permission to share it with Us. From time to time, We may also collect Your personal data from publicly available online databases or social media, or when We are involved in a restructuring process such as a merger, divestiture or acquisition.

    When We process Your personal data, We may need to generate additional personal data about You such as  assigning identifiers to You or by aggregating, calculating or cross-referencing data, in particular to carry out Our various processing activities.

    Your personal data initially collected for one of Our processing activities may also be re-used by Us or by third parties for other processing activities where the subsequent processing purposes are compatible with Our original processing activities.

    5. WHAT ARE THE LEGAL BASIS ENABLING US TO PROCESS YOUR PERSONAL DATA?

    Depending on Our processing activities, We may process Your personal data on the basis of one of the following legal basis:

    • You have given consent to the processing of Your personal data for one or more specific purposes;
    • The processing of Your personal data is necessary for the performance of pre-contractual measures taken at Your request or for the performance of a contract to which You are a party;
    • The processing of Your personal data is necessary for compliance with a legal obligation to which We are subject;
    • The processing of Your personal data is necessary for the performance of a task carried out in the public interest;
    • The processing of Your personal data is necessary for the pursuit of Our legitimate interests or those of a third party.

    Regarding the processing of children’s personal data, only minors who have reached the age of majority in accordance with the regulations in force may consent to the processing of their personal data. Otherwise, consent must be given by the holder of parental authority.

    6. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

    From the time of collection, Your personal data is processed on an active basis only for the time necessary to complete Our processing activities. We apply the retention period that seems to Us to be the most appropriate in relation to the purpose of the processing in question, except when this retention period is determined by the regulations in force.

    Your personal data is then stored in archive for the longest retention period between the statute of limitations (periods during which You or We can assert claims) and the statutory retention periods (periods during which We are required by law to retain them). At the end of these periods, Your personal data is permanently deleted or anonymised.

    7. WHO HAS ACCESS TO YOUR PERSONAL DATA?

    Your personal data is accessible only to those persons who are authorised to know and process it in accordance with the processing activities carried out by Us.

    We may also share Your personal data with:

    • Any of Our legal entities where they have a need to know in the context of their relations with each other or with You;
    • Our subcontractors acting on Our instructions and other institutional or commercial partners in the context of our contractual relationships;
    • Public, administrative and judicial bodies and authorities when required under applicable regulations;
    • Trustworthy third parties, such as Our lawyers, brokers, insurers, notaries or bailiffs;
    • Other third parties, when We take part in a restructuring operation such as a merger, divestiture or acquisition.

    8. IS YOUR PERSONAL DATA TRANSFERRED OUTSIDE THE EUROPEAN UNION?

    The group LACROIX is an organization including legal entities, subcontractors and other partners located in several countries, including outside the European Union. We may transfer Your personal data to them, including by simply giving them access to it.

    When We transfer Your personal data outside the European Union, We ensure that adequate safeguards are implemented with the recipients, in particular through the use of the European Commission’s standard contractual clauses.

    9. WHAT IS OUR USE OF COOKIES AND OTHER TRACKERS?

    When You use Our websites, Our online services and mobile applications, We (or Our partners) may use cookies and other trackers to read or deposit data, including personal data, on Your equipment.

    We (or Our partners) use cookies and other trackers with or without Your consent depending on their purpose. Your consent will not be required if cookies and trackers are necessary to provide You with Our websites, online services or mobile applications, or to provide You with a service that You have expressly requested.

    You can find more information about the use of cookies and other trackers in the cookie policies available on each of Our websites, online services or mobile applications.

    Furthermore, Our marketing emails may contain a “pixel” linked to a marketing campaign to inform Us whether the emails have been opened and what Your behaviour is regarding Our emails. The pixel will be deleted if You delete the corresponding email.

    10. IS YOUR PERSONAL DATA SECURE?

      We implement technical and organizational security measures to protect Your personal data against destruction, loss, alteration, unauthorized disclosure or unauthorized access. These measures are established taking into account the state of Our knowledge, the costs of implementation, the nature, scope, context and purposes of the processing We carry out, as well as the risks.

      11. WHAT ARE YOUR RIGHTS?

        Subject to the exceptions and limitations provided for by the regulations in force, You have all or part of the following rights regarding Your personal data:

        • Right of access to Your personal data;
        • Right to rectification of Your personal data;
        • Right to erasure of Your personal data (“right to be forgotten”);
        • Right to restrict the processing of Your personal data;
        • Right to portability of Your personal data;
        • Right to object to the processing of Your personal data;
        • Right not to be subject to automated individual decision-making, including profiling;
        • Right to withdraw Your consent;
        • Right to give post-mortem directives;
        • Right to appeal.

        You can exercise Your rights by:

        • Email to compliance@lacroix.group, or
        • Postal mail to: LACROIX, To the attention of the DPO, 17 rue Océane, 44800 Saint-Herblain, France.

        If there is reasonable doubt as to Your identity, You may be asked to identify Yourself by providing a copy of an identity document or any other evidence to prove Your identity.

        When Your request is unfounded or excessive, in particular because of its repetitive nature, We reserve the right to:

        • Require payment of a reasonable fee that takes into account the administrative costs We incur in providing You with the requested information or taking the requested actions, or
        • Refuse to comply with Your request.

        If You believe that Your rights have not been respected after contacting Us, You may lodge a complaint by mail with the competent data protection authority, a list of which is available on the website of the European Commission (https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm).

        12. LINKS TO THIRD-PARTY RESOURCES

          When We make available to You hyperlinks (or redirect buttons or icons) to third-party resources such as websites, software, online services or social networks, these may collect and process Your personal data when You access or use them. This Policy does not apply to them. We do not exercise any control or supervision over the processing of personal data carried out by these third-party resources and We accept no responsibility for the content of these third-party resources and for the processing that is carried out under the sole responsibility of the third parties who hold these resources.

          We strongly recommend that You read all the information that these third parties make available to You before authorizing them to collect Your personal data and to send them any requests concerning the processing they carry out.

          13. HOW TO CONTACT US?

          If You have any further questions or comments regarding Our data protection practices, You may contact Our Data Protection Officer by:

          • Email to compliance@lacroix.group, or
          • Postal mail to: LACROIX, for the attention of the DPO, 17 rue Océane, 44800 Saint-Herblain, France.