Specific GDPR Appendix to the DELTA LABO General Sales Conditions
(Date of update according to General Sales Conditions)
Art.1 Confidentiality rules
The general data protection regulations of 27 April 2016 (hereinafter referred to as the GDPR, which stands for General Data Protection Regulation) shall apply from 25 May 2018. It imposes strict rules and conditions on companies and traders when processing the personal data of their customers and prospects in order to protect their privacy.
Through this document, we intend to provide you with clear and precise information about the processing of your personal data.
Art.2 The data controller
The « controller » of your personal data is the controller of the site you have used and to which you have communicated data.
Art.3 Legal basis for data processing and use
We may only use your personal data for legitimate and necessary purposes (Art. 6 of the GDPR):
In practice, this means that we process your personal data, whether or not in electronic form, for legitimate purposes in the context of contractual relations, business and security/safety.
These purposes include, but are not limited to, the following:
Communication of information, offers and prospects;
Communications in the context of the fulfilment of a contract.
Art.4 What is personal data?
Personal data includes all information about you on the basis of which you can be identified. Anonymous data, which do not allow you to be identified, are therefore not considered as personal data. Your personal data may therefore include:
Data relating to your identity (surname, first name, address, VAT number, company number, etc.);
Personal status data (telephone number, personal e-mail,…);
Financial data (bank account number, billing details, etc.);
Data relating to the fulfilment of the contract concluded with us (subject of the contract, invoicing address, professional data, etc.);
Data relating to the use of electronic equipment, such as computers (password, log data, electronic identification data, billing details, etc.);
Sensitive data :
The processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, and the processing of genetic data, biometric data for the purpose of uniquely identifying a real person, data concerning the sex life or sexual orientation of a real person shall be prohibited.
We undertake to strictly comply with this prohibition.
Your personal data is used exclusively, whether or not in electronic form, for legitimate purposes in the context of a contractual relationship, business and security/safety.
Art.5 Sources and origins of personal data
In principle, the data we have comes from you. If you do not intend to provide the mandatory or necessary information, you may lose some benefits and/or we may decide to terminate our services for your benefit.
Art.6 Access to personal data
Your data is mainly for internal use. For certain legitimate reasons, your personal data may be communicated or even processed by third parties. However, we will ensure that our partners comply with the GDPR regulations. The processing of data by the latter is governed by a strict legal framework.
Art.7 Data retention period
We take the necessary measures to ensure that the storage of personal data for the purposes described above does not exceed the legal periods.
Art.8 What are your rights?
We undertake to take appropriate technical and organisational measures to ensure the security of the processing of each individual’s personal data (Art. 32 of the GDPR).
– Right of access (Art. 15 of the GDPR);
We grant everyone the right of access to their own personal data and the right to obtain or make a copy of it as far as is reasonable.
– Right of rectification (Art. 16 of the GDPR);
We acknowledge the possibility of requesting the correction of erroneous data and of requesting that what needs to be corrected be completed.
-Right to be forgotten (Art. 17 of the GDPR) and Right to limit processing (Art. 18 of the GDPR);
We undertake to grant the deletion of your personal data in particular in the following cases:
– Data is no longer necessary for the purposes for which they were collected or processed;
– You are opposed to the processing;
– The personal data has been unlawfully processed;
– Right to file a complaint (Art. 77 of the GDPR);
The customer has the right to file a complaint with the CNIL (National Commission on Informatics and Liberty ) at any time if he or she considers that the processing of his personal data constitutes a violation of the GDPR.
Art.9. Our commitment to you
Our objective is to implement security techniques to protect the stored data against unauthorized access, inappropriate use, alteration, illegal or accidental destruction and accidental loss.
Art.10. Procedure in case of violation
It is always possible that personal data processed in the context of the contractual relationship may fall into the wrong hands as a result of human error, computer error, etc.
When the violation poses a high risk to human rights and freedom, we will immediately inform the person of the facts and measures to be taken. We will ensure that the necessary steps are taken to notify the CNIL of the violation in question within 72 hours of becoming aware of it, unless the violation does not pose a high risk to human rights and freedom. (Art. 32-34 of the GDPR).
Art. 11 Consent
You give your express, informed and unambiguous consent to the processing of personal data as described in this Specific GDPR Appendix to the General Sales Conditions. You have the right to withdraw your consent at any time, upon written request. We reserve the right to modify this Specific GDPR Appendix to the General Sales Conditions.