POLICY FOR THE PROTECTION OF THE PERSONAL DATA OF THE TEREOS CONSUMERS AND PROSPECTS
The Tereos Group of which Tereos UK&Ireland is part are very committed to the protection of personal data and to your privacy, which are two principles protected by the Charter of Fundamental Rights of the European Union.
The processing of personal data carried out within the framework of Tereos UK&Ireland activities complies with the rules on privacy, particularly the General Data Protection Regulation (EU Regulation 2016/679) known as the “GDPR”.
Therefore, within the exercise of its activities, the Tereos UK&Ireland may be required to collect and process your personal data, whatever the type of contract that binds us.
This policy (hereinafter “the Policy”) aims to inform you of the reasons why Tereos UK&Ireland may process your personal data, the way in which the Tereos UK&Ireland does this and your rights in this matter.
THE TEREOS COMMITMENTS FOR THE PROTECTION OF PERSONAL DATA
In order to ensure the best level of protection of your personal data, the Tereos UK&Ireland undertakes, in its capacity as data controller, to comply with the GDPR by setting a number of basic principles for the processing of personal data and in particular:
- Lawfulness, fairness, transparency:your personal data is processed lawfully, fairly and transparently;
- Purpose limitation:your personal data is collected for specified, explicit and legitimate purposes and is not subsequently processed in a manner incompatible with those purposes;
- Data minimisation:only the adequate and relevant data is collected and is limited to what is necessary in view of the purposes for which it is processed;
- Limitation of retention: your personal data is retained for a limited time that does not exceed the time necessary to achieve the purpose of the processing. These times comply with the legal retention periods;
- Accuracy: your personal data is accurate, kept up-to-date and all reasonable steps are taken to ensure that any inaccurate data, having regard to the purposes for which it is processed, is erased or corrected as soon as possible;
- Security: your personal data is subject to security through effective technical and organisational measures that are adapted to the risks of the processing for your right to privacy and your other rights and freedoms.
Internal procedures are planned to comply with the guiding principles of the regulations on the protection of personal data from its design and by default. If necessary, our relationships with external service providers are secured through contracts that meet a real level of security of your personal data.
The majority of our services, service providers, remote applications and servers required for the processing of your personal data are located in the territory of the European Union. When your personal data needs to be transferred outside the European Union, we adopt the appropriate guarantees provided by the applicable regulations. If necessary, you can have access to relevant documents (i.e.: standard contract clauses of the European Commission).
RIGHTS OF DATA SUBJECTS
In terms of the processing of personal data, you enjoy a number of rights in accordance with the applicable regulations:
- Right to information about processing: in order to respect the principle of fairness and transparency, the Tereos UK&Ireland, in its capacity as data controller, must inform you prior to the collection of your personal data. This information allows you to understand and, where appropriate, to consent to the processing that the Tereos UK&Ireland offers;
- Right of access to your personal data: once your data has been collected and processed by the Tereos UK&Ireland, you have the opportunity to obtain a copy of your personal data held by the Tereos UK&Ireland;
- Right of correction: to the extent that your data will not always be up-to-date, you have the right to correct data about you that is not accurate;
- Right to withdraw consent: If you have consented to processing, you can withdraw this consent at any time, without this affecting the lawfulness of the processing before this withdrawal;
- Right to object to processing: when processing is not based on your consent, but on legitimate interests that we pursue or those of a third party, you can oppose the processing given your particular situation;
- Right to limitation of processing: you have the option of limiting the processing in the following cases:
- You dispute the accuracy of the personal data for a period enabling the Tereos UK&Ireland to verify the accuracy of the personal data;
- The processing is unlawful and you want the use of the data to be limited instead of erasing it;
- Tereos UK&Ireland no longer needs the personal data for processing, but you want it to be retained for the establishment, exercise or defence of your rights in court;
- You objected to the processing under your right to object during the verification as to whether the legitimate reasons pursued by Tereos UK&Ireland prevail over your own.
- Right to erase data: you can request to erase the data we process for a legitimate reason in the following cases:
- The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
- You wish to withdraw your consent (see right to withdraw consent)
- You object to the processing of your personal data for a legitimate reason
- The personal data has been unlawfully processed;
- The personal data must be erased to comply with a legal obligation, as required by EU law or the law of the Member State to which the data controller is subject;
- Right to portability: when processing is not based on your consent, you may request the transfer of the personal data to another data controller, or receive said data in a structured, commonly used and machine-readable format;
- Right not to be subject to automated individual decisions (including profiling): save in exceptional cases, you have the right not to be subject to automated individual decisions, such as profiling, which produces legal effects, or significantly affects you.
Any request, whether relating to the exercise of your rights or relating to this Policy, must be sent by email or registered letter with acknowledgement of receipt for the attention of the GDPR contact person. The GDPR contact person will review your request and get back to you as soon as possible. He/she can be contacted at the following address:
- By email: firstname.lastname@example.org
- By post: Tereos Group – Legal and Compliance Department – GDPR Contact Person – 12-14 Rue Médéric 75017 Paris, France
To process your request, please:
- Include your family name(s) first name(s)
- If the request is regarding a right of access, specify the categories of data you want to access
- If the request is regarding another right, specify the reason for your request (which right you want to exercise and for what reason)
- Attach/enclose proof of identity
If the request is made by a representative:
- Provide a proof of mandate and identity for the agent
- Provide proof of identity of the person representing
PROCESSING CARRIED OUT BY THE TEREOS UK&IRELAND
- Identity and contact details of the data controller
Tereos UK & Ireland.Ltd.
Ripley Drive, Normanton Industrial Estate
Normanton, West Yorkshire, WF6 1RY
- Purpose of the processing of personal data
We process your data for the following purposes:
- Sending newsletters;
- Organising competitions, lotteries or any promotional operations;
- Collecting and managing opinions from people on products, services or content (consumer service);
- Responding to consumer inquiries;
- Suggesting stores near you to find our products;
- Compiling browsing statistics using cookies and other tracers;
- Getting information about the terminal (email routing);
Incidentally, the data can also be used to:
- Manage the exercise of rights by data subjects;
- If applicable, establish, exercise or defend the rights of the Tereos Group.
- Categories of data
For each purpose identified, the categories of personal data collected, processed and stored by the Tereos UK&Ireland are as follows:
- Sending newsletters: email address;
- Organising competitions, lotteries or any promotional operations:name or social media handle, email address,score, dates of participation, postal address for the delivery of the prize;
- Managing opinions from people on products, services or content (consumer service): identity data, landline phone, mobile phone, email address, subject of the message, product concerned, product format, message;
- Responding to consumer inquiries: identity data, email address
- Suggesting stores near you to find our products: georeferencing through IP or through information;
- Compiling browsing statistics using cookies and other tracers: IP address, browsing history, interaction website, socio-demographic category;
- Getting information about the terminal (email routing): IP address, operating system, internet browser, other terminal information, applications or connections;
- Managing the exercise of rights by data subjects: identity data, email address. A photocopy of your ID may be required to access your request;
- Establishing, exercising or defending the rights of the Tereos UK&Ireland: identity data, data required to establish, exercise or defend the rights of the Tereos UK&Ireland.
- Via Social Media
Depending on your settings, terms of service and relevant policies when using sites such as Twitter and other social media channels, you may give us permission to access information about you from those accounts or channels.
- Categories of persons
- BtoC Prospects
- Visitors to the website
- Partners/Service Providers;
- Sub-contractors of all Group entities;
- Authorised departments in charge of managing consumer data (e.g.: IT Department, Marketing Department, Communications Department, etc.);
- Persons authorised as authorised third parties (e.g.: supervisory authorities, statutory auditors, auditors, etc.).
The legal justifications on the basis of which we can process your personal data are:
- The need to execute a contract or pre-contractual measures for the purposes described in this Policy;
- Compliance with a legal obligation;
- Protecting the vital interests of the data subject;
- The legitimate interest of the data controller.
Your personal data is retained for the time necessary to achieve the purposes described in this Policy. It is then archived in accordance with the legal and/or regulatory requirements, and/or to enable the Tereos UK&Ireland to establish proof of a right or contract (deadlines applicable to prescription).
Security of processing of personal data is one of the Tereos UK&Ireland‘s priorities. We make every effort to implement technical and organisational measures adapted to the issues and risks associated with the protection of personal data. Training sessions on personal data protection are offered to our employees. Our employees are subject to a confidentiality obligation. Our websites are subject to technical protection and communications with your computer are encrypted by an HTTPS (TLS) stream.
CHANGES TO THIS POLICY
This Policy was published on May 25th, 2018. In case of changes to this Policy implemented by Tereos UK&Ireland, such changes will be identified by Tereos UK&Ireland on this webpage.