Privacy Policy
In this Privacy Policy, 2CRSi (“we”) sets out how your personal data is processed, in our role as data controller.
Data
Controller
The data controller for your personal data is 2CRSi, a Société Anonyme (French limited company) registered with the Strasbourg RCS (Register of Companies) under no. 483 784 344, headquartered at 32 Rue Jacobi-Netter, 67200 Strasbourg, represented by its President Mr Alain Wilmouth.
Data Protection Officer
EDOS SAS has been designated data protection officer by 2CRSi. You can contact them with any questions relating to your rights, either by email at dpo@2crsi.com or by sending a letter marked for the attention of “Délégué à la protection des données” (Data Protection Officer) to our headquarters.
1. About website visitors
The purposes for which we process your personal data collected on our website via forms or cookies (for more information, please consult our cookie policy) are those detailed below. The legal basis on which we process your personal data is:
|
||||||||
|
|
2. About current and prospective clients (BtoB)
Regarding prospective clients, the following categories of personal data are collected:
-
Identity data: name, surname, signature
-
Contact and professional data: employer, role,
telephone number, email, professional address
-
Other: image, offer references
Regarding clients, the following categories of personal data are collected:
-
Identity data: name, surname, signature
-
Contact and professional data: employer, role,
telephone number, email, professional address
- Other: Badge number (visitors), image (in specific contexts), solvency references, billing information, order and invoice references and information, after-sales references and information
The purposes for which we process your personal data, and the legal basis on which we do so, are as follows:
|
Purpose of the processing activity
|
Legal basis |
| Business development |
Our legitimate interests to develop our activity |
| Contact managing |
Our legitimate interests to develop our activity |
| Managing of commercial offers |
Our legitimate interests to develop our activity |
| Managing of orders |
Our legitimate interests to develop our activity |
| Order preparation and dispatch | Our legitimate interests to develop our activity |
| Shipment and delivery follow-up | Our legitimate interests to follow-up and secure product delivery |
| Billing | Legal obligation |
| Managing of the after-sales service | Our legitimate interests to manage problems regarding our products |
| Managing of incoming paiements | Our legitimate interests to verify payments for our products |
| Communication management | Consent (videos and photos) |
| Accounting | Legal obligation |
| Statistics | Our legitimate interests to manage our business and continuous improvement |
| Security management (CCTV) (when present in our buildings) | Our legitimate interests to ensure the protection of people and property |
| Managing demands regarding GDPR rights | Legal obligation |
3. Processing activities about suppliers
Regarding suppliers, the following categories of personal data are collected:
- Identity data: name, surname, signature
- Contact and professional data: employer, role, telephone number, email, professional address
- Other: Badge number, image, billing information, order and invoice references, certificates of product compliance
|
Purpose of the processing activity
|
Legal basis |
| Managing of commercial proposals |
Our legitimate interests to analyse commercial proposals |
| Contact managing |
Our legitimate interests to be in contact with our suppliers |
| Managing of the after-sales service |
Our legitimate interests to respond to after-sales demands of our clients regarding products of supplier |
| Managing a directory for suppliers and service providers |
Our legitimate interests to be able to identify our suppliers and be in contact with them |
| Security management (badges, when applicable) |
Our legitimate interests to ensure the protection of people and property |
| Security management (CCTV) (when present in our buildings) |
Our legitimate interests to ensure the protection of people and property |
| Managing of outcoming payments |
Our legitimate interests to follow-up payments to our suppliers |
| Accounting | Legal Obligation |
| Managing demands regarding GDPR rights | Legal Obligation |
Recipients
of personal data
The personal data that we
collect is primarily intended to be used internally, by the teams that process
requests or collect data, for the relevant purpose. Although, we may
communicate your personal data to third parties, who may act as data processors,
such as our IT or marketing providers, our CCTV service provider, transport
companies.
In addition to that, we may communicate personal
data, for the relevant purpose on a need-to-know basis, to:
- Subsidiary companies of our group
- Our partners
- Our external credit investigator
- Customs
- Our Data Protection Officer
Duration
of retention of personal data
Your personal data will only be retained as long as is strictly necessary to fulfil the purpose for which it is processed.
|
Category of data subjects
|
Data retention period
|
| Prospective clients |
3 years following last contact |
| Clients |
5 years following termination of our commercial relationship |
| Suppliers and service providers | 5 years following termination of our commercial relationship |
Confidentiality and security of personal data
We take all technical and organizational measures in order to ensure that your personal data is processed securely. Security measures include using various tools, training our staff and following internal processes in order to ensure the company conforms to the provisions of the relevant laws.
Transfer of personal data outside the EU
As a general rule, we process your personal data inside the European Union. However, your personal data may be transferred outside the EU. In this case, we undertake to ensure a level of protection that meets the requirements of the Regulations.
We may for example sign standard contractual clauses combined with technical, organizational and legal measures to reinforce privacy requirements.
Exercising your rights
In accordance with data
protection regulations, you have the following rights over your personal data,
depending on the processing involved: access, rectification, erasure, restriction
of processing, portability and objection.
You can exercise your
rights via email or by letter, by contacting our Data Protection Officer.
By email : dpo@2crsi.com
By post : “Délégué à la protection des données”
(Data Protection Officer), 32 rue Jacobi Netter, 67200, Strasbourg, France
If you believe that your rights have not been respected in relation to your personal data, you may lodge a complaint with the CNIL (French data protection authority) or any other competent European data protection authority.