Personal data protection policy

The protection of personal data is ruled in France by the General Data Protection Regulation, dated 27 April 2016, more often referred to as the GDPR, and by the Data Protection Act (“Loi Informatiques et Libertés”) dated 6 January 1978 modified.
The CASINO GLOBAL PARTNERSHIPS company is a simplified joint-stock company incorporated under French law, with a capital of 1000  Euro, whose head office is located at 1 Cours Antoine Guichard – 42 000 Saint Etienne (France), identified under the number 824 152 128 in the Company and Trade Registry of Saint Etienne (France), hereunder referred to as “we”
Acting as Data Controller, we are committed to the protection of our customers’ and prospective customers’ data (hereunder referred to as “you”), that we process for our business needs. This is why we undertake to enforce the main principles relating to the protection of personal data.
For these reasons, we are explaining in this policy the way in which we collect, process and use your personal data (hereunder referred to as “Data”) to provide you regularly with new services whilst respecting your rights.
  1.      Which data do we collect?
In our commercial relationship, we especially collect the following Data: your surname, first names, E mail address.
When you visit our web site, we also collect Data such as identification, connection and sometimes location data.
We collect your Data directly when you have provided us with it yourself. Your Data may also be supplied to us on an indirect basis, through partners or providers.
  1.      When do we collect your Data?
Your Data may be collected if you are among our customers or if you are not yet a customer.
2.1 If you are a customer:
Your Data may be processed when you:
  •          Access your customer account on our web site;
  •          Visit our web sites that may use cookies;
  •          Subscribe to our newsletter and receive offers;
  •          Take part in satisfaction surveys or if you subscribe to an event we have organised (commercial operations…) ;
  •          Interact with us especially on social networks.
To process this Data we use your consent. Please note that prospecting by SMS / E mail, is part of our legitimate interest, if it concerns products or services similar to those for which your Data was collected. If you wish to withdraw your consent or oppose the processing of your Data, please consult the following section "How to exercise your rights “.
Your Data may also be processed when you:
  •            Place orders and request deliveries on line;
  •            Contact our After-Sales service;
This processing is necessary for us to provide our services.  
Your Data may also be processed when we:
  •                 Carry out statistical studies;
  •                 Send you offers tailored to your activities;
  •                 Defend our interests (prevention and fighting fraud, litigations);
  •                 Work to improve our services;
This processing is in our legitimate interest.
Finally, your Data may be processed when you exercise your rights on your Data or to allow us to respect our legal obligations.
 
2.2 If you are not yet a customer (prospect):
Your Data may be processed when you visit our web sites that may use cookies;
To process this Data we use your consent. If you wish to withdraw your consent for the processing of your Data, please consult the following section "How to exercise your rights “.
Your Data may also be processed when:
  •        We carry out statistical studies, which are in our legitimate interest.
  •        You exercise your rights on your Data or to allow us to respect our legal obligations.
3.      Who receives your data?
We ensure that only approved persons who have committed to a confidentiality obligation may access your Data.
These recipients may be approved personnel of the marketing department, the departments in charge of customer relations and prospects, logistics and I.T. for the processing and follow-up of your account and/or your orders.
Your Data may also be communicated to third parties in the following circumstances:
For the processing and tracking of your orders, your Data may be transmitted to certain specialised providers in the payment and transaction services (e.g.: banks, payment service providers), for the delivery of products (e.g.: transport companies), After-Sales  service (e.g: the supplier for the recall of products), and I.T. support.
Operations with a provider that is the recipient of your Data is covered by a contract to ensure your Data is protected and your rights are respected.
No processing of Data by a partner will lead to any transfers outside of the European Union if the country of transfer is not recognised as having an adequate level of protection or if suitable guarantees are not implemented. These guarantees may include concluding a transfer agreement based on standard contractual clauses adopted by the European Commission and/or any other mechanism approved by the controlling authorities.
We may be obliged to provide your Data if requested to do so legitimately by public authorities, especially to comply with requirements of national security, combating fraud or in application of the law. In such a situation, we are not responsible for the conditions in which the personnel of these Authorities process your Data.
4. How long is your data conserved?
The length of time your Data is conserved respect the legal and statutory obligations:

Categories of personal data

Conservation rules

Prospect data

3 years after the last contact

Data from your customer account

3 years after the last contact

Order data

5 years from the date of the invoice

Cookies

Consult our Cookies Policy (link)

 
At the end of these periods, we may archive your Data, especially to comply with the prescription periods for legal action. Your Data is then either deleted or made anonymous, and it is pointed out that these operations are irreversible and that we we will no longer be able to restore them.
5.   Our security and confidentiality commitments
Preserving the confidentiality and security of your Data is our priority.
We make every effort to implement technical and organisational security measures that are adapted to the level of sensitivity of your Data to protect against any malicious intrusion, any loss, alteration or disclosure to unauthorised third parties.
The implementation of such measures may justify the assistance of any third parties we choose to possibly carry out vulnerability audits or intrusion tests. These measures will be re-examined and updated as required.
In the design, creation, selection and use of our services, we take into account personal data protection principles from the design stage. For example, we may pseudonymise or anonymise your Data whenever possible or required.
We constantly consider security and protection, and we encourage you to take precautions to prevent any unauthorised access to your Data and to protect your terminals (computer, smart phone, tablet) against any undesired or even malicious access.
We recommend that you choose a password that:
  • Is “complex”: containing several characters of different types (lower case, upper case, numbers, special characters);
  • “Reveals nothing about you”: no one should be able to guess your password from your preferences or habits;
  • Is “unique”: to avoid multiple hacking, each of your on line accounts should be locked using a specific and unique password.
6.   How to exercise your rights
To allow you to control how we use your Data, you have the right:
  • To be informed on the use that we make of your Data. This is the purpose of this document ;
  • To obtain confirmation that your Data has been processed and where applicable, to request a copy, whilst pointing out that we will be rightfully allowed to cover the financial cost of any copies; 
  • to obtain the rectification of your Data if it is inexact, obsolete or incomplete;
  • To oppose the processing of your Data for reasons related to your personal situation and when this processing is based on our legitimate interest or on your consent. Consequently, for commercial prospection by E mail, you can unsubscribe by clicking on “Unsubscribe” in each newsletter.
  •  
  • To request limitation of the processing of your Data. This right only applies under certain conditions (contesting the  accuracy of your Data, questioning the legality of the processing, exercising your rights in justice).
  •          Of exercising your portability rights of your Data. This right only applies under certain conditions (you have provided your Data yourself to our on line service and for the purposes based solely on the consents of the persons or fulfilment of a contract).
  •  
  •          To request the deletion of your Data. This right only applies under certain conditions (withdrawal of the consent on which the processing is based, your Data is no longer required for the initial purposes of the processing, opposing the processing of your Data, questioning the legality of the processing.
  •  
  •           Formulating specific and general post-mortem directives on the conservation and communication of your Data. Without directives, your heirs can send us any requests.

In general, to exercise your rights, you can send us your request,
GROUPE CASINO
DIRECTION DES PARTENARIATS COMMERCIAUX - Service marketing
Request to exercise your rights
1 cours Antoine Guichard – BP 306 – 42008 Saint Etienne Cedex 2
 
Proof of identity may be requested if there is a doubt as to the identity of the applicant.
We will provide you with the replies to your requests as soon as possible and in compliance with our legal obligations.
You may register a complaint with a controlling authority, in France it is the Cnil.
7.   Contacts
You can also contact our data protection officer (DPO) at the following address: informatique-et-libertes@groupe-casino.fr
 
This policy will be updated as required.


Cookies policy
 
The protection of personal data is rules in France by the General Data Protection Regulations, dated 27 April 2016, more often referred to as the GDPRD and by the Data Protection Act (Loi Informatique et Libertés) dated 6 January 1978 modified.
The CASINO GLOBAL PARTNERSHIPS company is a simplified joint-stock company incorporated under French law, with a capital of 1000  Euro, whose head office is located at 1 Cours Antoine Guichard – 42 000 Saint Etienne (France), identified under the number 824 152 128 in the commercial and Company Register of Saint Etienne (France), hereunder referred to together as “we”,
Acting as Data Controller, we are committed to the protection of our customers’ and prospective customers’ data  (hereunder referred to as “you”), that we process for our business needs. This is the reason why we undertake to respect the essential principles that apply to the protection of personal data.
For these reasons, we are explaining in this policy the way in which we store and use cookies on the site /fr/. We also inform you on how you can manage your preferences for these cookies.
 
1.     What is a cookie?
A cookie may be qualified as a tracker or proof of connection, that is stored, recorded and/or read by the browser of the visitor when they visit a web site, installs an application, uses software or a mobile application.
There are 4 types of cookies:
-       Technical cookies (“essentials”), that are required to use a service or access content on the site; the user’s consent is therefore not required for these to be stored.
-       Analysis and performance cookies, that allow us to measure certain things, especially the number of visitors or the pages that they visit. In principle, storing these cookies requires your consent to be given other than for exceptions.
-       Advertising or targeting cookies, that record data in order to control the advertising or information displayed to the different visitors. Depositing these cookies requires your consent to be given.
-       Third-party cookies that allow to improve site interactivity, facilitate content sharing and user-friendliness. This includes cookies offered by third party sites such as social networks (sharing buttons). The deposit of these cookies requires the collection of your consent.
 
  1.      Which cookies are stored?
The names of the cookies that are likely to be stored or read on your terminal, their purposes and the length of time they are conserved are summarised in the table below:
2.1   Technical cookies (“essentials”)



2.2 Analysis and performance cookies



2.3 Advertising or targeting cookies

1.1   Third-party cookies
 
  1.      When are these cookies stored
You are informed, when you visit our web site, that cookies may be stored on your equipment (computer, tablet or smart phone). In the same way, cookies may be stored on your terminal via the E mails you are sent or when installing software or a mobile. 
We may install these cookies as the publisher of the digital spaces mentioned above, or be installed by third parties, who may act on our behalf as sub-contractors or for their own purposes.
          4.     How can I set the use of cookies?
We enable you to set the use of cookies, to accept or refuse them all or some of the cookies installed in our digital spaces by setting your browser parameters. Each browser has its own methods for setting parameters, however this is quite accessible via their respective help menus. For example:

We cannot guarantee how long these URLs will remain valid, nor the quality of the information they provide.
As concerns mobile applications, E mails and social networks, we invite you to check the parameter options for your account, which differ depending on the platforms and operators, but which allow you to control your personal data that is stored.
We draw your attention to the fact that deactivating certain types of cookies may have consequences on the use of our services. Indeed, the refusal or restriction of certain cookies may limit or restrict access to a service, a page or a content or, in general, limit the customer experience, which for example may be characterised by the obligation to enter the same information several times in the fields that need to be completed.
          5. Contacts
For more information and to exercise your rights, you can consult our Data Protection Policy on our web site.
You may register a complaint with a controlling authority, in France it is the Cnil.
You can also contact our data protection officer (DPO) at the following address: informatique-et-libertes@groupe-casino.fr
This policy will be updated as required.                              
 
November 2019 version