DRESCO Personal data protection policy

 

Concerned about the protection of the personal data of its customers and prospects, DRESCO undertakes to comply with the provisions of Law No. 78-17 of 6 January 1978 as amended, relating to information technology, files and freedoms as well as those of Regulation (EU) No. 2016/679 of 27 April 2016.

This Personal Data Policy informs you about the conditions under which DRESCO Company, as data controller, collects and uses personal data that may be collected on this website.

This policy applies to data that may be collected on our website.

Who is responsible for processing your personal data?

The company DRESCO SAS with a capital of 1 064 910,00 euros, whose head office is located at 6, route des GORRES – C.S. 80004 – 94387 Bonneuil-sur-Marne, registered in the Créteil Trade and Companies Register under the number 612 045 864, hereinafter referred to as “DRESCO”.

What personal data do we collect?

The data collected by DRESCO are the following:

Personal data Data relating to your identity Civil status*, surname*, first name*
Contact details telephone number*, e-mail address*
Technical data Acceptance data Clicks

*Mandatory data

DRESCO undertakes not to collect personal data from any person under the age of 16.

DRESCO also undertakes to respect the principle of data minimization and purpose limitation, which consists in collecting only the data necessary for their processing. The data collected must not be reused at a later date in a way that is incompatible with the purpose for which it was collected.

How is this data collected?

This data may be collected when you contact our service or when using our website.
The information marked with an asterisk is mandatory and must be provided. This information is necessary for the provision of a service.

Why is this data collected?

Your personal data is collected, used and processed to:

  • To manage customer and prospective customer relationships (“Purpose 1”);
  • To browse the Site and consult our services (“Purpose 2”);
  • To answer questions (“Purpose 3”);
  • To carry out statistics and studies in order to personalize, evaluate and improve the services and contents (“Purpose 4”);

On what legal basis?

Personal Data is only used insofar as it is strictly necessary to achieve the Purposes.

The processing does not meet any regulatory requirement and is based, depending on the Purpose, on the legal bases detailed below:

  • Processing necessary for the pursuit of the legitimate interests of the Brand: Purposes n°1 and 2
  • Processing based on prior and express consent to be informed about our Services: Purposes n°3 and 4

Where processing is based on consent, the User may withdraw it at any time.

The same processing may be based on several legal grounds.
All the information collected by DRESCO is necessary, according to the Purposes, to allow you to navigate on the Site and to subscribe to Services. Failure to answer or inaccuracy of their content may lead to the suspension of access to the Site as well as to the non-performance or poor performance of the Services and other benefits. The Personal Data must therefore be transmitted to the Data Controller, unless they are indicated as optional.

To whom is your data destined?

DRESCO may communicate some of the Personal Data:

  • to the internal departments of the Company strictly authorised in the context of their missions;
  • to our service providers, namely :
    • IT outsourcing providers and Cloud solutions providers.
  • à l’administration fiscale lorsque cela est requis par les obligations fiscales applicables à l’Enseigne.

The subcontractors and service providers are obliged to respect the confidentiality and security of the Personal Data that may be communicated to them and to use them only in the context of the execution of their subcontracting or service provision mission.

DRESCO guarantees that the User’s Personal Data will not be disclosed to any unauthorized third party without his consent.

DRESCO does not sell or rent the User’s Data to third parties.

In particular circumstances, DRESCO may be required to disclose Personal Data when requested by the judicial authorities.

What are your rights and how can you exercise them?

In accordance with the Regulations in force concerning the protection of Personal Data, you have the rights listed below:

  • a right of access, i.e. to obtain from the Data Controller confirmation as to whether or not Personal Data concerning you are being processed and, where they are, access to the said Personal Data, as well as various information including the purposes of the processing, the category of Personal Data concerning you, the recipient(s) of the Data etc.;
  • a right to rectify, as soon as possible, Personal Data concerning you that are inaccurate, incomplete, outdated or equivocal, or whose collection and processing is prohibited;
  • a right to object to the processing of Personal Data by the data controller or to a transfer of Personal Data, unless there are compelling legitimate reasons which override the interests of the User
  • a right to erasure of your Personal Data for the following reasons:
    • The Personal Data is no longer necessary for the purposes for which it was collected or processed;
    • You have withdrawn your consent on which the processing was based, and there is no other legal ground for processing the Personal Data;
    • You have objected to the processing of the Personal Data and there is no overriding interest that justifies the processing;
    • Your Personal Data has been processed unlawfully;
    • Your Personal Data must be erased in order to comply with any legal obligation DRESCO may have;
    • Your Personal Data was collected when the data subject was under 16 years of age.
  • a right to organize in advance and during your lifetime the conditions under which you wish the Personal Data that DRESCO has collected and processed to be kept and communicated after your death
  • a right to the portability and recovery of Personal Data allowing you to receive the Personal Data you have transmitted to DRESCO in a structured, commonly used and machine-readable format, and to transmit them to another data controller, without DRESCO, to whom the Personal Data was initially communicated, being able to prevent this;
  • the right not to be subject to a decision based exclusively on automated processing, including profiling, which produces legal effects concerning you or which affects you in a similar significant way
  • the right to lodge a complaint with the CNIL, if you consider that the processing of Personal Data concerning you constitutes a violation of the laws and regulations in force.

If you wish to exercise any of the above rights, you may send your request either:

*by e-mail to the following address: dpo@www-dresco-fr.dresco-prod-gen-1.pulsation.fr

*by post to the following address: 6, route des GORRES – C.S. 80004 – 94387 BONNEUIL-sur-Marne cedex

In the event that you exercise any of these rights electronically, the Personal Data will be provided, where possible, electronically by DRESCO, unless you have specifically requested otherwise.

How long will your data be kept?

Personal Data are kept by DRESCO for a period not exceeding the time strictly necessary to achieve the purposes for which they were collected and, in any case, cannot be kept longer than the period indicated in the table below:

Purpose of processing Possible sub-purposes Retention period
Customer and prospect relationship management Management and processing of requests, follow-up of requests, informative follow-up The time necessary to process the request, then 3 years from the end of the relationship
Prevention and fight against fraud For the time strictly necessary to achieve this purpose
Management of the exercise of rights The fate of your data after your death,
Management of requests to exercise rights
Management of accounting 10 years from the end of the financial year

 

At the end of the retention periods set by DRESCO, the data are either deleted or anonymized for statistical purposes. Intermediate archiving data may be used for litigation or pre-litigation purposes.
Once data are deleted or anonymized, DRESCO is no longer able to retrieve them.

Will you receive commercial offers?

You will only receive commercial offers if you have accepted them.
Without consent, no communication or solicitation will be sent to you.

Is your data processed outside the EU / Data transfers outside the EU

Your personal data is hosted in France. Wherever possible, DRESCO makes every effort to ensure that personal data transferred to partners or subcontractors is transferred within the European Union, or to countries deemed “adequate” by the CNIL.

In the event that DRESCO communicates personal data outside the European Union, measures are taken to ensure that such data will benefit from the same level of protection as that imposed by the European Union in terms of data protection.

In this respect, DRESCO will ensure that the processing is carried out in accordance with this policy and that it is governed by the European Commission’s standard contractual clauses, which guarantee an adequate level of protection for the privacy and fundamental rights of individuals.

Is your data shared with other companies?

DRESCO will not sell your personal data to other companies for commercial purposes.
Your personal data may be shared with some of our partners and subcontractors in order to

  • carry out advertising campaigns (send campaigns, optimize mailings, improve campaign targets, etc.),
  • improve the knowledge of Users from a statistical and geomarketing point of view,
  • carry out satisfaction surveys,
  • improve navigation on the site if you accept the use of cookies,
  • invite you to events,

How do we secure your personal data?

In its capacity as Data Controller, DRESCO undertakes to implement and maintain, at its own expense, appropriate technical and organizational measures for the processing and security of Personal Data, in accordance with Articles 32 to 34 of the GDPR.

DRESCO adopts sufficient, appropriate, and relevant security measures in order to preserve the security of Personal Data and in particular, to prevent them from being distorted, damaged or accessed by unauthorized third parties:

These measures include the establishment of procedures:

  • identification ;
  • authentication with control of the strength of the password,
  • management of authorizations: use of rights limited to the strict needs of the account,
  • Anonymization of Personal Data,
  • encryption of Personal Data via an SSL protocol;

As a reminder, DRESCO will never ask you, via e-mail, for your login, your password or your bank details. If you receive such a request from us, please do not answer it and delete the e-mail immediately.

Data Protection Officer

DRESCO has a Data Protection Officer (DPO) who can be contacted at the following address: dpo@www-dresco-fr.dresco-prod-gen-1.pulsation.fr

Right to lodge a complaint with the CNIL

Any User has the right to lodge a complaint with the competent authority.

If, after contacting our company, you find that your “Informatiques et Libertés” rights have not been respected, you may submit a complaint to the Commission Nationale de l’Informatique et des Libertés or CNIL, 3 Places de Fontenoy, 75007 Paris.

Data breach

DRESCO undertakes to notify the CNIL of any personal data breach in accordance with the relevant regulations.

The Customer/prospect will be informed of any data breach that could have a significant impact on him/her, for example, infringing his/her rights or involving a risk for him/her or his/her relatives.

How do we use cookies?

Browsing data (cookies) are small computer files that are sent to the browser and stored on the hard disk of the website User’s computer, tablet, smartphone, etc.

Cookies only store the identification code, to the exclusion of any other personal information concerning the User. Thus, the deposit of Cookies carried out within the framework of the use of the Website does not make it possible to identify the User personally but it records information relating to the navigation of his terminal within the Website (pages consulted, dates and times of consultation etc.).
Cookies are kept for a maximum of thirteen (13) months from the date of their first deposit in the User’s terminal.

There are several types of Cookies that may be implemented in the User’s browser by DRESCO in order to collect information.

Cookies record and/or read files in order to obtain information relating to your interaction with the Site, and in particular to your navigation and behavior: the pages visited, the type of device used for navigation, etc.

Thus, we only use the following category of cookies:

  • Certain so-called “technical/functional cookies” are automatically deposited because they are necessary for the provision of the service and therefore essential for navigation. These cookies are not subject to any prior consent, as they allow the site to be displayed and to function correctly. In particular, they enable us to memorize data relating to Users’ accounts, to record shopping baskets, and to ensure the security of accounts or baskets;

Changes and updates to our policy

This policy is available on our website and accessible to all.

It may be modified or completed by us at any time, according to the evolution of the legal framework, jurisprudential decisions, or recommendations of the CNIL.

The most important updates may be notified on DRESCO’s institutional website at the latest at the time of the entry into force of the said amendments.

What is the applicable law? What are the competent jurisdictions?

The privacy policy is governed by French law.

Any dispute concerning it shall be brought before the competent French courts.