Privacy Policy

In this Privacy Policy, 2CRSi (“we”) sets out how your personal data is processed, in our role as data controller.

Data Controller 

The data controller for your personal data is 2CRSi, a Société Anonyme (French limited company) registered with the Strasbourg RCS (Register of Companies) under no. 483 784 344, headquartered at 32 Rue Jacobi-Netter, 67200 Strasbourg, represented by its President Mr Alain Wilmouth.

Data Protection Officer

EDOS SAS has been designated data protection officer by 2CRSi. You can contact them with any questions relating to your rights, either by email at dpo@2crsi.com or by sending a letter marked for the attention of “Délégué à la protection des données” (Data Protection Officer) to our headquarters.

1. About website visitors

The purposes for which we process your personal data collected on our website via forms or cookies (for more information, please consult our cookie policy) are those detailed below. The legal basis on which we process your personal data is:


Purpose of the processing activity
Legal basis
Managing request for information and quotes
Our legitimate interests to develop our activity
Managing job applications
Potential work contract
Web site traffic analysis
Consent

2. About current and prospective clients (BtoB)

Regarding prospective clients, the following categories of personal data are collected:

  • Identity data: name, surname, signature
  • Contact and professional data: employer, role, telephone number, email, professional address
  • Other: image, offer references

Regarding clients, the following categories of personal data are collected:

  • Identity data: name, surname, signature
  • Contact and professional data: employer, role, telephone number, email, professional address
  • Other: Badge number (visitors), image (in specific contexts), solvency references, billing information, order and invoice references and information, after-sales references and information

The purposes for which we process your personal data, and the legal basis on which we do so, are as follows:

Purpose of the processing activity
Legal basis
Business development
Our legitimate interests to develop our activity
Contact managing
Our legitimate interests to develop our activity
Managing of commercial offers
Our legitimate interests to develop our activity
Managing of orders
Our legitimate interests to develop our activity
Order preparation and dispatch Our legitimate interests to develop our activity
Shipment and delivery follow-up Our legitimate interests to follow-up and secure product delivery
Billing Legal obligation
Managing of the after-sales service Our legitimate interests to manage problems regarding our products
Managing of incoming paiements Our legitimate interests to verify payments for our products
Communication management Consent (videos and photos)
Accounting Legal obligation
Statistics Our legitimate interests to manage our business and continuous improvement
Security management (CCTV) (when present in our buildings) Our legitimate interests to ensure the protection of people and property
Managing demands regarding GDPR rights Legal obligation

3. Processing activities about suppliers

Regarding suppliers, the following categories of personal data are collected:

  • Identity data: name, surname, signature
  • Contact and professional data: employer, role, telephone number, email, professional address
  • Other: Badge number, image, billing information, order and invoice references, certificates of product compliance
Purpose of the processing activity
Legal basis
Managing of commercial proposals
Our legitimate interests to analyse commercial proposals
Contact managing
Our legitimate interests to be in contact with our suppliers
Managing of the after-sales service
Our legitimate interests to respond to after-sales demands of our clients regarding products of supplier
Managing a directory for suppliers and service providers
Our legitimate interests to be able to identify our suppliers and be in contact with them
Security management (badges, when applicable)
Our legitimate interests to ensure the protection of people and property
Security management (CCTV) (when present in our buildings)
Our legitimate interests to ensure the protection of people and property
Managing of outcoming payments
Our legitimate interests to follow-up payments to our suppliers
Accounting Legal Obligation
Managing demands regarding GDPR rights Legal Obligation

Recipients of personal data 

The personal data that we collect is primarily intended to be used internally, by the teams that process requests or collect data, for the relevant purpose. Although, we may communicate your personal data to third parties, who may act as data processors, such as our IT or marketing providers, our CCTV service provider, transport companies. 

In addition to that, we may communicate personal data, for the relevant purpose on a need-to-know basis, to:

  • Subsidiary companies of our group
  • Our partners
  • Our external credit investigator
  • Customs
  • Our Data Protection Officer

Duration of retention of personal data  

Your personal data will only be retained as long as is strictly necessary to fulfil the purpose for which it is processed.

Category of data subjects
Data retention period
Prospective clients
3 years following last contact
Clients
5 years following termination of our commercial relationship
Suppliers and service providers 5 years following termination of our commercial relationship

Confidentiality and security of personal data

We take all technical and organizational measures in order to ensure that your personal data is processed securely. Security measures include using various tools, training our staff and following internal processes in order to ensure the company conforms to the provisions of the relevant laws.​  

Transfer of personal data outside the EU

As a general rule, we process your personal data inside the European Union. However, your personal data may be transferred outside the EU. In this case, we undertake to ensure a level of protection that meets the requirements of the Regulations.​

We may for example sign standard contractual clauses combined with technical, organizational and legal measures to reinforce privacy requirements.

Exercising your rights

In accordance with data protection regulations, you have the following rights over your personal data, depending on the processing involved: access, rectification, erasure, restriction of processing, portability and objection. 

You can exercise your rights via email or by letter, by contacting our Data Protection Officer. 

By email : dpo@2crsi.com

By post : “Délégué à la protection des données” (Data Protection Officer), 32 rue Jacobi Netter, 67200, Strasbourg, France

If you believe that your rights have not been respected in relation to your personal data, you may lodge a complaint with the CNIL (French data protection authority) or any other competent European data protection authority.