1) PREAMBLE
Ingredia places the protection and respect for privacy among its highest priorities. The Group undertakes to comply with all obligations applicable to data protection and the respect for the rights and freedoms of individuals (in particular, the European Data Protection Regulation or “GDPR”), the French Data Protection Act No. 78-17 of 6 January 1978, as amended (LIL4), and the opinions and recommendations of CNIL and the European Data Protection Committee.
2) ROLES
For a proper understanding of this policy, it is specified that:
- The « responsible entity for data processing » is: Ingredia.
- « Subcontractor » refers to any natural or legal person who processes personal data on Ingredia´s behalf.
- « Data Subjects » refers to customers or prospective customers of services offered by The Group on its own behalf or on behalf of third parties or employees working for Ingredia.
- « Recipients » refers to the natural or legal persons who receive personal data from Ingredia.
- The data recipients may be employees of The Group or external entities (third party event organisers, partners, exhibitors, banking institutions, authorities, etc.).
3) PURPOSE
The purpose of this policy is compliance with information obligations and to formalise Ingredia´s rights and obligations towards its customers and potential customers regarding the processing of their personal data for all services offered via the website www.ingredia.fr/com
4) SCOPE
This policy applies to all processing of personal data relating to customers and/or potential customers performed from the site www.ingredia.fr/com
5) WHY DO WE PROCESS YOUR DATA?
Each operation is implemented within the framework of this protection policy and in compliance with the various regulations to which Ingredia is subject. No processing of the personal data of customers or potential customers shall be performed if it fails to comply with the general principles of the GDPRor the Data Protection Act.
The purposes are as follows:
- The collection of contact information via a contact form;
- The disclosure of information related to our products and services;
- To manage the business relationship;
- Marketing and business development;
- Compliance with legal and regulatory obligations;
- The management of registrations and participations in events or studies;
- To elaborate statistics;
- The management of rights and claims;
- The management of cancellation and unsubscribe requests.
6) THE LEGAL BASIS FOR PROCESSING YOUR DATA
The legal basis for the processing of personal data is as follows:
- Legitimate interests: processing is essential for the pursuit of the legitimate interests of the organisation processing the data or of a third party, in strict compliance with the rights and interests of the individuals whose data are being processed; in particular, this applies in the context of commercial marketing.
- Consent: This is linked to the prior authorisation obtained from individuals in the course of conducting studies.
7) TYPES OF COLLECTED DATA
The personal data collected or maintained is that which is strictly essential for the activities of the Ingredia group.
The group collects the following categories of data within this context:
- Identification data such as first name(s), last name(s), date and place of birth.
- Data which enables contact with the individual, via various communication channels, such as postal address, email address, telephone number(s).
8) DATA COLLECTED BY COOKIES AND TRACERS
We use tracking technologies, such as cookies, to collect information related to your browsing activity on our site. We invite you to visit the cookies section for detailed information on the use of cookies and to review the available options.
The use of cookies for marketing purposes is also defined in the cookie policy on our website.
9) DATA SOURCES
Data relating to our customers or prospective customers is collected from them either directly or via the contact form.
10) DATA RECIPIENTS – CLEARANCE & TRACEABILITY
Data collected by The Group may be shared entirely or partially, depending on the purpose.
(A) INTERNAL RECIPIENTS
- Authorised staff from the marketing department, the sales department, the departments in charge of customer relations and marketing, administrative departments, the logistics and IT departments and their line managers.
- Authorised staff of the departments which are responsible for the internal control procedures.
- The recipients of personal data of customers and prospective customers within the Group are subject to a duty of confidentiality.
- The Ingredia Group decides which recipient shall be able to access which data, according to an authorisation policy.
B) EXTERNAL RECIPIENTS
- Legal entities which maintain a contract with the Ingredia group (subcontractors).
- The service providers and subcontractors performing services on our behalf and for whom compliance with the commitments referenced byGPRD has been verified.
- Duly authorised judicial and/or administrative authorities, as well as regulated professions (e.g. notaries, lawyers, bailiffs).
All access related to the processing of personal data from customers and prospective customers is subject to a traceability measure.
Furthermore, personal data may be disclosed to any authority legally entitled to access it. In this case, the Group does not assume any responsibility for the conditions under which the staff of those authorities gain access to and use the data.
11) THE PERIOD OF DATA RETENTION
The period of data retention is defined by The Group with regard to respective legal and contractual constraints or, alternatively, according to its needs and in particular, according to the following principles:
- Customer data: For the duration of the contractual relationship and, in particular, of an event organised by the Group, subject to a 3 year-extension for marketing purposes, notwithstanding the duties of retention or the limitation periods.
- Data relating to members and users of the website: Until unsubscribing from the member area and 1 year following the most recent access.
- Data relating to prospective customers: 3 years from the date of collection by the Group or the last contact from the prospective customer.
After the time limits have expired, the data is either deleted or retained after having been rendered anonymous, in particular for statistical purposes. It can be retained in the case of pre-litigation and legal disputes during the entire period of litigation, which is supplemented by the legal deadlines for disputes.
12) STORAGE
The personal data is stored in our databases or in the databases of our subcontractors.
13) DATA SECURITY
It is Ingredia’s responsibility to define and implement the technical security measures, physical or logical, that it deems appropriate to protect against the accidental or unlawful destruction, loss, alteration, or unauthorised disclosure of data. The Group requires the same measures from its business partners and subcontractors.
In this respect, Ingredia takes all necessary precautions with regard to the nature of the data and the risks presented by the processing to preserve the security of the data and, in particular, by applying physical measures for the protection of the premises, authentication procedures with personal and secure access via confidential identifiers and passwords, logging of connections, and the encryption of certain data.
14) TRANSFER BEYOND THE EUROPEAN UNION
You are informed that your data will not be transmitted to countries outside of the European Union.
15) MARKETING
With your consent, given during the process of registration, Ingredia may send you newsletters and other promotional messages by email, mail, and SMS. These newsletters enable us to keep you informed with regard to Ingredia news, products, and services.
16) LEGAL RIGHTS OF INDIVIDUALS
Clients and prospects are entitled to ask the Ingredia Group for confirmation as to whether or not their data is being processed. In particular, every person has the right to be informed in a comprehensible and easily accessible way with regard to the processing of his or her data.
According to the applicable regulations, you are entitled to a number of rights which you may exercise at any time:
You have a right of access, a right of rectification, a right to erasure of data relating to yourself, as well as the right to request the portability of the data you have provided us with.
You have the right to object, on legitimate grounds, to the processing of your data, or to request the restriction of such processing.
You also have the right to object at any time, and without providing reasons, to the processing of your data for direct marketing purposes, as well as to profiling, when performed for the same purpose.
You have the right to provide instructions on how to proceed with regard to your personal data following your death.
17) EXERCISING YOUR RIGHTS
The exercise of rights is performed exclusively via email to the following address dpo@ingredia.com or by mail to:
Ingredia, DPO, 51 Avenue F. Lobbedez CS 60946 62033 Arras Cedex FRANCE
As required by law, we must be able to verify the identity of the person raising the claim. It is therefore necessary to send us a copy of your identity card or any other means by which we may reliably prove your identity.
We would like to point out that the exercise of certain of these rights may result, on an individual case basis, in the data processor being unable to provide the service in those cases as strictly provided for by the regulations in force.
We will respond to your request within one month of receipt of your complete application. We reserve the right to refuse to process requests that are clearly unfounded or excessive.
18) DATA BREACH
In the event of a personal data breach, the Group undertakes to notify CNIL in accordance with the conditions prescribed by the GPRD.
If the breach poses a high risk to customers and potential customers and the data has not been protected, The Group.
- shall notify the related customers and prospective customers;
- The necessary information and recommendations shall be reported to respective customers and prospective customers.
19) THE RIGHT TO FILE A COMPLAINT WITH THE CNIL
Customers and prospective customers whose personal data is being processed are informed of their right to lodge a complaint with a supervisory authority, namely the CNIL in France, if they consider that the processing of their personal data does not comply with the European data protection regulations, at the following address
CNIL – Service des plaintes (Complaints Department)
3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07 Tel.: 01 53 73 22 22
20) SUBCONTRACTING
The Group informs its customers and prospective customers that it may involve any subcontractor of its choice in the processing of their personal data.
In this case, The Group ensures that the subcontractor complies with his duties according to the GDPR.
The Group undertakes to sign a written contract with all its subcontractors and imposes the same data protection obligations on subcontractors as it does on itself. Additionally, the Group reserves the right to audit its subcontractors to ensure compliance with the provisions of the GDPR.
21) UPDATES
This policy may be modified or amended at any time in the event of legal or jurisprudential developments, decisions and recommendations or practices of the CNIL.
An updated version of this policy shall be brought to the attention of and made available to users of the site by any means determined by Ingredia, including electronic means (e.g., email or online).