Privacy
Policy

Updated on 21/05/2019



General Privacy and DMPP Policy



At Henri SELMER Paris, we take the confidentiality of your personal data seriously. In accordance with recent changes in European data protection regulations, we have updated our privacy policy; to make it easier for you to access it, we have added it as an attachment.

This policy is also available on our website, we invite you to consult it regularly as it may change over time.

We would like to inform you that, subject to applicable laws and regulations, you have the right to access, modify or request the deletion of your personal data at any time, simply by sending an email to our Data Protection Officer (DPO): dpo[at]selmer.fr.

If you do not agree with our attached privacy policy and/or no longer wish to be on our mailing lists, please inform us by writing to the same address dpo@selmer.fr.

Without any feedback from you, we will assume that you are satisfied with our policy and the mailings we send you.

Thank you for your attention and we look forward to continuing to communicate with you.



The Data Protection Officer (DPO)

Henri SELMER Paris

25 rue Maurice BERTEAUX

78711 Mantes-La-Ville

www.selmer.fr



The GDPR Directive



The European General Regulation on Data Protection came into force on 25 May 2018. The General Data Protection Regulation covers the protection of privacy for all individuals in the European Union. Its main purpose is to transfer the control of personal data to individuals. This unified regulation also means a simplified regulatory environment for international companies. The DPMR also covers the export of personal data outside the EU, which impacts businesses in Europe and worldwide.



This is the biggest change to data protection legislation in the last 20 years. Regulators have the power to impose fines and demand changes in privacy management on a large scale across organisations. However, it also represents a major opportunity for :

  • transform our approach to privacy,
  • exploit the value of our data,
  • ensure that our organization is adapted to the digital economy.


Henri SELMER Paris and the GDPR



Henri SELMER Paris, SAS with a capital of €4,200,000, registered in the Paris Trade and Companies Register under number 572 018 281, having its registered office at 59 rue Marcadet 75018 Paris (hereinafter referred to as "Henri Selmer Paris") acts as the data controller of the personal data collected.



At Henri SELMER Paris, we believe that this new approach represents a significant step forward towards individual privacy rights. This regulatory change in the collection and processing of personal data will undoubtedly be an opportunity to set the bar high for data security.



We are firmly committed to implementing the DPMR, both for our customers and within our company. We see the DPSR as an opportunity, not a threat: it fully reflects our responsibility. 1In all our departments, we are working to implement the requirements of these new regulations, further strengthening our standards for data privacy and security.



This data policy applies as of May 25, 2018 to personal data collected by Henri SELMER Paris and its entities. This policy will be regularly updated, we invite you to visit our website (www.selmer.fr) regularly to be aware of the latest developments. You may use your right to withdraw your consent if you do not agree with our policy.



A specific data privacy policy applies to personal data concerning our employees, the terms of which may differ from the general policy.



What personal data do we process?



We may collect different categories of personal data, including :

  • identification data - name, date of birth, photo, address, passport or identity card, etc.
  • data relating to your position or activity - instruments, dealers and contact details, curriculum vitae, etc.
  • data about our exchanges - our e-mails, meetings, calls, agreements with quotations, etc.
  • If you are a trading partner as an individual - all documentation shared prior to your registration, your bank details and all financial transactions made with you
  • data relating to the proper fulfilment of our legal, tax, etc. obligations.
  • Your consent to our privacy policy.

We do not collect or process any personal data concerning religion, ethnic or racial origin, political opinions, sex life or genetic information.



For what purposes do we collect and use personal data?



We collect and use your personal data in order to :

  • to comply with our legal or regulatory obligations;
  • to be able to fulfil our obligations and benefit from our rights under agreements or contracts with you;
  • to interact with you commercially or for the purpose of analysing or drawing up a contract with you;
  • if you are a partner to interact with you;
  • if you are a supplier, to be able to verify the adequacy of your profile with our needs, or to contact you;
  • to serve our legitimate interests within the framework of the DPMR Directive, including as evidence of interactions or transactions, to manage our databases and information systems, to safeguard these databases and systems, to prevent fraud or abuse, to compile anonymous statistics, to analyse and prepare transactions, etc.
  • Production of internal or external videos/photographs for legitimate needs such as staff training or communication.


To whom may we disclose your personal data?



We do not sell or rent your personal information to third parties.


  • In the case of the IT department: because of their function, administrators may have access to personal data - a trace management policy has been established to regulate this activity.
  • Case of the personnel department or the human resources (HR) department: this function manages data that is sometimes private - in this case special attention is paid to this data.
  • In the case of the communication department: we make a distinction between customers and prospects - if the person is already a customer of the company, a commercial offer can be made concerning services or products similar to those already provided. - In the case of a prospect, consent will be requested.
  • Case of the commercial service: in this case we are in the execution of a contract that will not require prior consent.
  • Case of the purchasing department: we are in the case of BtoB relations. For example, business e-mail addresses are personal data - in this case we will consider that we are in the execution of a contract provided that the object is related to the recipient's profession.
  • In general we do not share your personal data with third parties unless :
    • we have a legitimate reason for doing so, e.g. sharing with our lawyers to prepare a contract with you, or with a bank to prepare a payment for you, etc. ;
    • we have your explicit consent;
    • an applicable law or regulation requires us to do so.

In the event of a transfer outside the European Union, it will be specified for each processing operation the basis for authorising this transfer as set out in Article 44 and following articles of the GDR. This will vary according to the country:

  • for the USA the Privacy Shield;
  • for the third countries concerned, the existence of a decision of adequacy to the GDMP;
  • for other countries the existence of appropriate safeguards:
    • ECB rules;
    • standard contractual clauses adopted by the European Commission;
    • standard data protection clauses adopted by the CNIL;
    • code of conduct approved by the CNIL;
    • certification mechanism approved by the CNIL;
  • for rarer cases the existence of binding corporate rules.


Data retention period



Your personal data is not kept indefinitely in our computer files: the retention period is determined according to the purpose for which the data was collected. Once this purpose has been achieved, this data is archived, deleted or made anonymous (in particular in order to produce statistics).


  • The retention cycle of your personal data may follow three distinct successive phases:
  • The active database;
  • Intermediate archiving - these data are only kept for legal purposes and are only accessible on a restricted basis;
  • Final archiving - these data are of historical, scientific or statistical interest and are only accessible on a restricted basis.

In terms of retention period, we comply with the recommendations of the CNIL, in particular those recommended in the simplified standards.



Security



To prevent unauthorized disclosure or access to your personal information, we have implemented physical and electronic security measures.


We also follow procedures to ensure that we work with all personal data in line with data protection laws.



If, despite our efforts, we become aware of any unauthorised data leakage regarding your data, we will inform you as soon as possible.



Cookies



Cookies are data stored in the Internet User's terminal equipment. They are used by the Website to send information to the browser to enable the browser to send information back to the original site (for example a session identifier, choice of language or date).


You are informed when you visit our websites, cookies (cookies) may be installed on your browser software.


To learn more about cookies, please consult the "Cookies" section.




Your rights and how to contact us



The GDPR Directive establishes a number of rights in your favour:

  • the right to access your personal data;
  • the right to have your personal data rectified if it is inaccurate;
  • the right to delete your personal data if it is no longer retained for legitimate purposes;
  • the right to oppose the use of your personal data for commercial prospecting purposes;
  • the right to withdraw your consent;
  • the right to limit processing;
  • the right to portability of the data collected;
  • the right to lodge a complaint with the CNIL.

Within the framework of the exercise of the right of access, you have the right to obtain information concerning :

  • the origin of the personal data;
  • the purpose and method of processing;
  • the logic applied in case of processing carried out with the help of electronic tools;
  • the identification data of the owner, of the persons in charge and of the appointed representative;
  • the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representative in the State's territory, managers or agents.

The data subjects have the right to obtain :

  • the updating, rectification or, if it is in their interest, the integration of their personal data;
  • the cancellation, transformation into anonymous form or blocking of data processed in violation of the laws in force, including those whose retention is not necessary for the purposes for which the data were collected or subsequently processed ;
  • certification to the effect that the above operations have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, unless this operation proves impossible or involves the use of means that are manifestly disproportionate to the right being defended.

On the other hand, the right of opposition can only be exercised in the following two cases:

  • on legitimate grounds, if the data are relevant to the purpose of collection ;
  • when the purpose of the processing is the sending of advertising material or direct sales or for carrying out market research or commercial communications (commercial prospecting).

Consent for the processing may be withdrawn at any time, without prejudice to the lawfulness of the processing based on the consent given prior to the withdrawal of consent.


Please note that certain legal restrictions limit these rights, for example with regard to our ability to disclose information used in our anti-fraud or anti-money laundering processes.


In accordance with the general principles of the law, we are not responsible for the disclosure of information that was previously publicly available, nor for the storage and backup of data that we received without having requested it (e.g. a CV that was sent to us spontaneously). To use these rights, or more generally to inform you, you can contact our Data Protection Officer (DPO) at the following e-mail address: dpo@selmer.fr, or by registered mail sent to :


The Data Protection Officer (DPO)

Henri SELMER Paris,

25 rue Maurice Berteaux

78711 - Mantes-La-Ville / France


This policy is available in English. Only the French version is authentic.