Samifi France SASU with registered office in 2 Impasse de la Zone Artisanale – 61230 Croisilees, as controller of the processing of personal data (hereinafter “Controller”), is issuing this information notice to the Data Subject in compliance with European (in particular EU Regulation 679/2016 or “GDPR”) and French regulations on the protection of personal data.
Legal basis and purpose of processing
The Controller only processes the data communicated through this form in order to respond to requests sent; for example, to obtain information on products or services (including sending brochures, catalogues or other company information material), to receive an estimate, etc.
The legal basis arises from the need to process the personal data to perform pre-contractual measures adopted at the request of the data subject. [art. 6, paragraph1, letter c) GDPR].
Data storage period
If there has been a request for information, the data will be retained for the time needed to reply. If the request was for an estimate, the data will be processed for the time needed to prepare the commercial proposal. And without prejudice to further storage for the time needed to settle (in any way) any disputes that could have arisen.
Nature of data provision and consequences of refusal to provide data
Providing data is strictly linked to use of the contact form so it is needed to forward the request for information. Not communicating that data makes it impossible to provide the information required.
Data communication area and recipient categories
The Controller will not circulate the data, but will communicate them to internal persons authorised to process data for their jobs; and to the entrepreneurial Group that the Controller belongs to when that is needed to manage the commercial offer, to professional or service companies and Public and private Bodies, also following inspections and audits.
If they should process data on the Controller’s behalf, those recipients will be appointed as processors through a specific agreement or legal deed.
Transfer of data to a third country and/or international organisation
As a rule, personal data will not be transferred to any third countries outside the European Union or to international organisations. The Data Controller may, however, need to transfer data within the scope of relations with business partners established outside the European Economic Area, as well as due to the use of IT services (cloud, back-up, etc.): in all these cases, data transfers shall be made in accordance with the specific requirements set out in the data protection regulations.
Rights of Data Subjects
The data subject has the right to ask the Controller for access to his/her personal data and to rectify them if not correct, to erase them or limit processing if conditions are applicable, and to obtain the portability of data communicated personally.
To exercise those rights, the data subject can use the form available here and send it to the Controller at the following address:firstname.lastname@example.org. The Data Subject also has the right to lodge a complaint with the competent Privacy Authority (https://www.cnil.fr).
We remind you that in accordance with the provisions of article 40-1 of law 78-17 of January 6, 1978, you have the right to formulate general directives (with a digital trusted third party certified by the CNIL) or specific (with the Controller) relating to the storage, erasure and communication of your personal data after your death.