Identity and contact details of the Data Controller

LACROIX Group
8, impasse du Bourrelier
BP 30004
44801 Saint-Herblain cedex
Tel.: +33(0)2 40 92 37 30

Identity and contact details of the Data Protection Officer

Franck Legrand
Tel.: +33(0)2 40 92 37 30
compliance@lacroix-group.com

Data collected and processed, method of data collection and categories of recipients

In accordance with the provisions of Article 5 of European Regulation 2016/679, the collection and processing of website user data complies with the following principles:
• Legality, fairness and transparency: data may only be collected and processed with the consent of the user who owns the data. Every time data of a personal nature is collected, the user must be informed that it is being collected and of the reasons for this;
• Limited purposes: the collection and processing of data are carried out for one or more objectives determined in these General Terms of Use;
• Minimisation of the collection and processing of data: only data necessary for the good execution of the objectives pursued by the website is collected;
• Retention of data reduced over time: the data are kept for a determined period, of which the user is informed. If the length of time for which data is to be kept cannot be communicated to the user;
• Integrity and confidentiality of data collected and processed: the data processing manager undertakes to guarantee the integrity and confidentiality of the data collected.

In order to be legal, and thus in conformity with the requirements of Article 6 of European Regulation 2016/679, the collection and processing of Personal Data cannot take place unless at least one of the following conditions is respected:
• The user has expressly consented to the processing;
• The processing is necessary for the proper performance of a contract;
• The processing responds to a legal obligation;
• The processing may be justified as necessary for the protection of the vital interests of the person concerned or another natural person;
• The processing may be justified as necessary for the performance of a task carried out in the public interest or in the exercise of official authority;
• The processing and collection of personal data are necessary for the purposes of legitimate private interests pursued by the controller or by a third party.

The following personal data is collected on the www.lacroix-group.com website:

> “Contact” page:

– Surname
– Name
– Email
– Telephone
– Company name

Purpose: to receive requests from data subjects and respond to these;
Legal basis: legitimate interest of the DC. It is in the interests of the company to respond to questions from customers/prospects/visitors. The data subject may reasonably expect that their data is processed when they send a message using the contact form;
Data retention period: the time for processing the request.

> “Job Offers” Page:

– Surname
– Name
– Email
– CV
– Covering letter

Purpose: to receive applications and assess the skills of a candidate for a position;
Legal basis: legitimate interest of the DC. It is in the legitimate interests of the company to recruit persons who correspond to its requirements The Data Subject may reasonably expect that their data is processed when they send a message using the contact form;
Data retention period: 2 years from the last contact with the candidate, subject to prior notification.

> “Subscribe to the newsletter” Section:
– E-mail

Purpose: to communicate information about the LACROIX Group to its subscribers;
Legal basis: consent;
Data retention period: until withdrawal of consent by the Data Subject.

This data is collected when the user carries out one of the following operations on the site:
>When a user completes and sends the contact form on the “Contact us” page.
>When a user replies to a job offer.
>When a user registers for the newsletter.
When personal data is recorded, the user is informed of the period for which it is to be kept and, when this period cannot be specified, the publisher of the website will inform them of the criteria used in determining it.
The collection and processing of data is performed for the following reasons:
The user is informed of and has consented to the personal information (Surname, First name, Telephone number and Email address) and data collected being subject to automatic processing when strictly necessary for the business of LACROIX Electronics (the “Company”), such as for shareholder relations and applications.
No personal information will be shared and no data consolidation will be carried out with companies outside of the Company.
In accordance with the French Law “Data Processing and Civil Liberties” of 6 January 1978, as modified on 20 June 2018 and with the General Regulation on Data Protection no. 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data and to the free circulation of such data, which has been in force since 25 May 2018, the user has, in relation to personal information concerning them, a right of access, correction, deletion, and restriction of processing, as well as a right to the portability of their data. The user also has, subject to legitimate reasons, a right to oppose the processing of their data and the right of recourse to the CNIL (Commission Nationale de l’Informatique et des Libertés [National Commission on Information Technology and Civil Liberties]).
The user may exercise the aforementioned rights by sending an email accompanied by proof of identity to the personal data controller: dataprotection@lacroix-group.com
The user undertakes to communicate only accurate information and not to prejudice any rights of third parties. In accordance with CNIL recommendations, the retention of information collected is, in particular, subject to the requirements laid down in Article 34 of the French Law of 6 January 1978, as modified on 20 June 2018, and to Article 5 of the General Data Protection Regulation no. 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
The Company endeavours to ensure the security of data it collects and to process it in accordance with the laws in force. However, the Company declines all responsibility for damages resulting from a fraudulent third-party intrusion, including those leading to the misuse of the data collected.
Where there is a data breach, or a suspected data breach, please inform us as soon as possible so that the necessary security measures can be taken by the Company to avoid any further Personal Data breaches.

> Categories of Recipients:

LACROIX Group

Data hosting

The www.lacroix-group.com website is hosted by: Images Créations, whose registered office is at the following address: 67 rue Nicolas Appert – 44100 Nantes – France.
The host may be contacted on the following telephone number: +33 2 40 50 77 66
The data collected and processed by the website is hosted and processed exclusively in France.

Personal Data of minors

In accordance with the terms of Article 8 of European Regulation 2016/679 and the French Data Protection Act, only minors aged 15 or over may consent to the processing of their personal information.

Transfer of data outside the European Union

No transfer.

User rights and procedures for their implementation

In accordance with the law on the processing of personal data, the user has the rights set out below.
For the controller to grant their request, the user must provide: first names and surname as well as email address.
The data processing manager must respond to the user within 30 (thirty) days maximum.
a. Right of access, correction, and right to be forgotten
The user may review, update, modify or request the deletion of data concerning them, by complying with the following procedure:
Send an email with proof of identity to the Personal Data processing manager at: dataprotection@lacroix-group.com
b. Right to Data Portability
The user has the right to request the portability of their Personal Data, held by the website, to another website, by complying with the following procedure:
Send an email with proof of identity to the Personal Data processing manager at: dataprotection@lacroix-group.com
c. Right to restriction and to object to the processing of data
Finally, the user has the right to request restriction of, or to object to processing of their data by the website, which cannot refuse, except by demonstrating legitimate and imperative reasons, which can prevail over the interests and rights and liberties of the user.
d. Right to determine what happens to data after death
The user is reminded that they may arrange what happens to their data in the event of their death, in accordance with French Law no. 2016-1321 of 7 October 2016.
e. Right to appeal to the competent supervisory authority
Where the data processing manager decides not to respond to the user’s request, and the user wishes to contest this decision, they may contact the CNIL (National Commission on Information Technology and Civil Liberties), (https://www.cnil.fr) or any competent judge.

 

Obligations of the data controller

The data controller undertakes to protect the Personal Data collected, not to transmit it to any third parties without the user having been informed and to respect the objectives for which the data was collected.
In addition, the data processing manager undertakes to notify the user in the case of rectification or deletion of data, provided that this does not incur disproportionate procedures, costs or actions.
Where the integrity, confidentiality or security of the Personal Data of the user is compromised, the data processing manager undertakes to inform the user by any means.

Consent of the user to the use of “cookies” by the website

The website may use cookies that allow it to gather statistics and information about the website’s traffic, to facilitate navigation and to improve the service for the user’s comfort. To use “cookies” involving the retention and analysis of Personal Data, the user’s consent must be requested.
The user’s consent is considered valid for a period of up to 13 (thirteen) months. At the end of this period, the website will again request the user’s authorisation to save “cookies” onto their hard drive.

 

Objection of the user to the use of “cookies” by the website

The user is informed that they may reject the saving of “cookies” by configuring their web browser.
If the user decides to deactivate cookies, they may continue browsing the website. However, any website malfunction resulting from this operation may not be considered as being caused by the website’s publisher.

 

Description of the “cookies” used by the website

The publisher of the website draws the user’s attention to the fact that “Google Tag Manager” cookies are used during navigation. These record the following data:
– Surname
– Name
– Email
– Telephone
– Company name
By browsing the website, the user is informed that third-party “cookies” may be saved.
In addition, the website includes links to social networks, allowing the user to share their activity on the website. The “cookies” employed by these social networks may consequently be saved to a user’s computer when they use such functions.
The user is informed that these websites have their own confidentiality policies and general terms of use and that they may differ from the terms presented here. The publisher of the website invites users to consult the confidentiality policies of these websites.

Glossary:
  1. ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  2. ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  3. ‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
  4. ‘filing system’ means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;
  5. ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  6. ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  7. ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
  8. ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
  9. ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
  10. ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
  11. ‘representative’ means a natural or legal person established in the Union who, designated by the controller or processor in writing pursuant to Article 27, represents the controller or processor with regard to their respective obligations under this Regulation;
  12. ‘enterprise’ means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity;
  13. ‘group of undertakings’ means a controlling undertaking and its controlled undertakings;
  14. ‘binding corporate rules’ means personal data protection policies which are adhered to by a controller or processor established on the territory of a Member State for transfers or a set of transfers of personal data to a controller or processor in one or more third countries within a group of undertakings, or group of enterprises engaged in a joint economic activity;
  15. ‘supervisory authority’ means an independent public authority which is established by a Member State pursuant to Article 51;
  16. ‘supervisory authority concerned’ means a supervisory authority which is concerned by the processing of personal data because: | (a) | the controller or processor is established on the territory of the Member State of that supervisory authority; | (b) | data subjects residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or | (c) | a complaint has been lodged with that supervisory authority;