Information on the RGPD
The Eurofeu Group, represented by AER Holding, the data controller, processes personal data for the purpose of managing and following up your requests. The processing carried out for these purposes is based on the group's legitimate interests. Data collected via this form is optional, with the exception of those marked with an asterisk. It is intended for authorized Eurofeu personnel. It will be kept for the time necessary to process your request. In accordance with the French Data Protection Act of January 6, 1978, as amended, and the General Data Protection Regulation, you have the right to access, query, limit, port, delete, modify and rectify information concerning you.
You also have the right to object to the processing of your personal data, as well as to the use of such data for commercial prospecting purposes. Finally, you have the right to define general and specific directives defining how you wish these rights to be exercised after your death. You may exercise these rights by contacting the Data Protection Officer at the following address: dpo@eurofeu.fr or by registered mail with acknowledgement of receipt
to DPO Groupe Eurofeu, 12 rue Albert Rémy, 28250 Senonches, France, accompanied by a copy of a signed identity document. Finally, you have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés, the supervisory authority responsible for ensuring compliance with obligations relating to the protection of personal data.
Personal data protection policy
I. How does the EUROFEU Group process personal data?
As part of its business activities, AER Holding, a société par actions simplifiée (simplified joint stock company) with capital of 17,188,224 euros, headquartered at 12 rue Albert Rémy, 28250 Senonches, registered with the Registre du Commerce et des Sociétés under number 353 207 707 RCS CHARTRES, and all its subsidiaries within the meaning of Article L. 233-1 of the French Commercial Code (hereinafter referred to as the " Eurofeu Group ") collect and process on their behalf the personal data of their employees, customers, prospects, subcontractors, service providers or various partners.
The Eurofeu Group is thus committed to ensuring that the collection and processing of all personal data, complies with the French Data Protection Act (Law no. 78-17 of January 6, 1978 relating to information technology, files and freedoms) and the General Regulation on the Protection of Personal Data, known as the "RGPD" (Regulation no. 2016/679). This text established a new European framework concerning the processing and circulation of personal data.
In the course of its business, the Eurofeu Group collects and processes the following data:
- the personal data of company employees,
- personal data transmitted as part of a commercial relationship with a customer or supplier.
Our Privacy Policy describes how the Eurofeu Group, through its various subsidiaries, uses, processes and protects your personal data, as well as the purposes for which we process such data. The Privacy Policy also forms an integral part of the General Terms and Conditions of Sale, Purchase and Use of our products and services.
- List of treatments
The Eurofeu Group keeps an up-to-date list of the processes that use personal data so that all data owners can be informed of the use made of their data.
This Protection Policy applies only to the processing of personal data for which the Eurofeu Group acts as data controller. In this context, the processing of personal data may be carried out directly by the Eurofeu Group or through a subcontractor specifically appointed by it.
- Security
The Eurofeu Group is responsible for defining and implementing the technical or physical security measures it deems appropriate to prevent the accidental or unlawful destruction, loss, alteration or unauthorized disclosure of data. These measures mainly include:
- The use of security measures for access to premises (locked offices, badges, etc.);
- Secure access to our computers and smartphones (passwords changed regularly);
- Setting up login and password for all our business applications;
- Data access authorization management (specific to our finance, accounting and communications departments);
- Using VPN for remote connections ;
- Use of a complex password for our Wi-Fi network, modified regularly.
In any event, the Eurofeu Group undertakes, in the event of a change in the means used to ensure the security and confidentiality of personal data, to replace them with means of superior performance. No change may lead to a reduction in the level of security.
- Your rights
In accordance with current regulations, you have the following rights as an employee, customer or supplier of the Eurofeu Group:
- right of access and rectification ;
- data updating and completeness ;
- the right to block or delete personal data that is inaccurate, incomplete, ambiguous, out of date, or whose collection, use, communication or storage is prohibited;
- right to withdraw consent at any time ;
- right to limit the processing of User data ;
- right to object to the processing of personal data ;
- the right to portability of the data supplied, where such data is processed automatically on the basis of consent or contract.
As the owner of your personal data, you can obtain further information on the data kept and processed by the Eurofeu Group concerning you by contacting the Data Protection Officer of the Eurofeu Group at the following address: dpo@eurofeu.fr or by regular mail at the following address: DPO Groupe Eurofeu, 12 rue Albert Rémy, 28250 Senonches.
Your request will be processed within 30 days. In addition to your request, we will ask you to enclose a photocopy of proof of identity so that the DPO can verify your identity.
You may object to the processing of your personal data or revoke your consent to such processing at any time. If you wish to revoke your consent, please contact the Personal Data Manager with your request.
If you have any other complaints about the processing of your personal data by Eurofeu, you can also contact the French Data Protection Authority (Commission Nationale Informatique et Liberté).
II. Management of personal data of EUROFEU Group employees
In order to comply with the requirements of European Regulation 2016/679, the management of Eurofeu Group employees' personal data is subject to the provisions below:
1 Purpose and methods of processing your personal data
1.1 As part of your employment contract, in order to ensure the administrative management of your employment, the employer may collect personal data about you for the duration of your contract.
1.2 You will find below a description of the personal data that the company will collect and process about you as well as the purpose and methods of processing such personal data.
1.3 The employer may collect and process data relating to your administrative situation (such as your surname, first name, address, social security number, date and place of birth, family situation, bank details), contractual situation (such as the start and end date of your contract, contractual terms and conditions, aptitude records, occupational medicine, sanctions, letter of dismissal or resignation and reason for dismissal, notification of illness and any other information relating to your employment and its performance within the Eurofeu group) or any other document concerning you and necessary for the management of your employment relationship with the Eurofeu group (for example : information concerning the employee's beneficiaries, optional photography for directories, organization charts and/or the group's internal and external communication).
1.4 Purposes of collecting and processing personal data :
- Ensure administrative and financial management of the employment relationship,
- Manage your personal and career development, including training (and any related courses or tests),
- Comply with the Eurofeu Group's rules of governance and internal procedures, including internal controls, occupational health and safety policy, employee satisfaction surveys and any other surveys or audits,
- Ensure internal and external communication for the Eurofeu Group (intranet, organization charts, professional social networks).
For these purposes and in compliance with legal and regulatory obligations, the Employer may in particular collect and process the following data: Surname, first name, address, social security number, photograph, title, e-mail, user names and passwords, curriculum vitae, training courses, tests, validation of professional experience and any other data required by law.
1.5 In particular, the Employer may collect and process the following personal data concerning you in order to comply with a legal requirement that the Eurofeu Group must respect as an employer: social security number, bank statement, identity card, residence permit (if relevant), notification of accident or occupational illness, driver's license or specific authorisation.
2 Confidentiality and information on the processing of your personal data
2.1 All data will be treated confidentially and will be used for the purposes of company management, in particular personnel administration. Your personal data will only be disclosed to third parties if you have given your consent or if the Employer is authorized to disclose such information under applicable law. Where applicable, special authorization may be requested from the employee for the use of photographs on internal or external communication media such as: internal website, professional social networks, intranet, internal publication, etc.
2.2 Your personal data will be stored by the Employer and may be used by other entities of the Eurofeu group (in particular AER Holding) if necessary to manage your employment contract.
2.3 The transfer of data between companies of the Eurofeu group will be carried out in accordance with the European Regulation on the protection of personal data.
2.4 The Employer may engage third party service providers who will access and process your personal data; it being specified that no transfer of your personal data will take place outside the EU, thus guaranteeing its protection through the European regulations now in force.
2.5 The Employer may retain your personal data for a period of 5 years after the end of your employment contract, except in cases where the law provides otherwise.
3 Your rights
You can obtain further information on the personal data kept and processed by the Employer concerning you by contacting the Personal Data Manager at the following address: dpo@eurofeu.fr or by RAR mail at the following address: DPO Groupe Eurofeu, 12 rue Albert Rémy, 28250 Senonches. You may also object to the processing of your personal data or revoke your consent to such processing at any time. If you wish to revoke your consent, please contact the DPO with your request. If you have any other complaints regarding the processing of your personal data by the Employer, you may also contact the French Data Protection Authority (Commission Nationale Informatique et Liberté).
III. Management of personal data in connection with the execution of contracts with customers of the EUROFEU Group
Where we are required to collect and manage personal data in the performance of contracts between us and our customers, the Eurofeu group ("Supplier") undertakes to comply with the provisions set out below, which are included in our general terms and conditions of sale or as an appendix to our current contracts:
1 Scope of Data Processing
1.1 The Supplier may be required to process personal data on behalf of the Customer in order to meet legal and regulatory obligations, as well as obligations arising from contracts entered into by customers with the Eurofeu Group and, for the following purposes:
- Execution of our services and processing of files, order follow-up, after-sales service, collection,
- Marketing management and customer relations,
- Management of events organized by the Eurofeu Group,
- Sending newsletters or information feeds,
- Improved site navigation,
- Answers to questions (by phone or online),
- Responses to public and private tenders,
- Personalized sales follow-up,
- Improved services,
- Management of requests to exercise the rights of data subjects.
1.2 The Supplier will process personal data which may be, for example: surname, first name, telephone number, e-mail address, capacity, linked to the Customer or to persons concerned by the services rendered by the Eurofeu group (visitors, service providers, deliverers, etc.). Personal data may concern the Customer's correspondents, visitors, suppliers, etc.
1.3 This data will be processed exclusively for the purposes indicated above and for a maximum period of 5 years after expiry of the contract, extended to 10 years for accounting documents (invoices, purchase and delivery orders, supporting documents, etc.). In the event of a payment incident, they may be passed on to a debt collection agency. Neither the Supplier nor the companies in the Eurofeu group profile personal data.
2 Instructions - Safety
1.1 The Supplier implements appropriate technical and organizational security measures to protect the Customer's personal data against accidental or unlawful destruction, loss or alteration and against unauthorized disclosure or processing contrary to the provisions of Data Protection legislation.
1.2 The Supplier shall comply with all reasonable and appropriate requests and instructions from the Customer enabling the latter to verify compliance with data protection legislation.
1.3 The Supplier shall ensure that employees who process personal data on its behalf are bound by an obligation of confidentiality covering all personal data processed under the Contract. The obligation of confidentiality shall continue after termination of the Contract.
1.4 As part of its security and safety equipment installation and maintenance activities, the Supplier will provide information and advice to the Customer, who is responsible for processing the data collected (legal and legitimate purposes of processing and installation, access rights to data and/or images, system security, retention period in line with the objective pursued, relationship with the Customer's data protection representative, impact analysis, obligation to enter data in the processing register, obligation to obtain prefectoral authorization in the case of premises open to the public, information for employees and visitors, etc.).).
3 Processing outsourcing
The Supplier may subcontract its activity, and consequently the data processing operations arising therefrom, to a third party. In this case, the contract concluded with the subcontractor must expressly stipulate the same obligations for the subcontractor as those incumbent on the Supplier.
4 "Personal data breach" notification
The Supplier shall notify the Customer without delay of any actual or potential breach of personal data processed under the Contract.
5 Restitution or deletion of Personal Data
At the end of the Contract, the Supplier undertakes to return all documents and media containing personal data or, at the Customer's request, to delete the personal data.
6 Provision of treatment information
The Customer may at any time withdraw his consent free of charge and without justification, exercise his rights of access, rectification and deletion of data concerning him, or obtain further information on the personal data kept and processed by the Eurofeu Group by contacting the Personal Data Manager at the address: dpo@eurofeu.fr or by registered mail addressed to the Supplier: DPO Groupe Eurofeu, 12 rue Albert Rémy, 28250 Senonches. If you have any other complaints regarding the processing of your personal data, you may also contact the French Data Protection Authority (Commission Nationale Informatique et Liberté).
IV. Management of personal data by suppliers of the EUROFEU Group
The Eurofeu group, in its capacity as "Data Controller", may subcontract processing operations involving personal data. The Eurofeu group's supplier is then referred to as the "Subcontractor" of this personal data. The management of personal data is in this case subject to the provisions below, which are recalled in our general conditions of purchase and the agreements concluded between the Eurofeu group and its suppliers:
1 Scope of application
For the duration of the contract with the Eurofeu Group, the Data Processor will process personal data on behalf of the Data Processor for the purposes specified in the purpose of the processing. The Data Processor agrees not to process any personal data for any other purpose.
2 Instructions, safety
The Subcontractor only processes personal data on behalf of the Data Processor and only on the latter's instructions.
The Subcontractor implements appropriate technical and organizational security measures to protect data against accidental or unlawful destruction, loss or alteration, as well as against unauthorized disclosure, misuse or other processing in breach of personal data protection legislation.
Without limiting the Subcontractor's obligations, the Subcontractor shall in particular ensure that it and its own subsequent subcontractors involved in the processing of personal data comply at all times with the minimum security obligations laid down by the Parties.
Upon written request from the Data Processor, the Sub-Contractor will allow the Data Processor or any third parties appointed by the Data Processor (subject to reasonable and appropriate confidentiality undertakings) to monitor the Sub-Contractor's data processing activities and will comply with all reasonable requests or instructions from the Data Processor to enable the Data Processor to verify and/or ensure that the Sub-Contractor and/or subsequent sub-contractors fully comply with their obligations under the existing contract with the Eurofeu Group and the Data Protection Legislation.
The Subcontractor shall ensure that the employees who carry out the processing of personal data on its behalf have undertaken to respect the obligation of confidentiality relating to any personal data processed within the framework of the contract concluded with the Eurofeu group. The obligation of confidentiality will remain in force after termination of the contract.
The Subcontractor will keep documentation relating to the categories of personal data and their processing. This documentation will be made available to the Data Controller on written request.
3 Subsequent subcontracting
The Subcontractor undertakes not to subcontract any processing operations carried out on behalf of the Data Controller to a subsequent subcontractor without the prior written consent of the Data Controller.
If the Subcontractor subcontracts its obligations, as described in this paragraph, it does so only by written agreement with the subsequent subcontractor imposing on the latter the same obligations as those imposed on the initial Subcontractor under the terms of the contract binding it to the Eurofeu Group. If the subsequent subcontractor fails to fulfil its data protection obligations under the said agreement, the Subcontractor will remain fully responsible for the performance of the subsequent subcontractor's obligations to the Data Controller.
4 Data breach notification
The Subcontractor will notify the Data Controller in writing without undue delay and within a maximum of twelve (12) hours in the event of an identified or potential breach of personal data processed under the terms of the contract binding it to the Eurofeu Group. The notification shall include any other information required to enable the Data Controller to comply with the Data Protection Legislation, including information on the nature of the breach and the measures taken to contain it.
5 Liability
The Subcontractor shall fully and effectively indemnify the Data Processor against any claims, charges, losses and damages or liabilities suffered by the Data Processor as a result of the Subcontractor's or subsequent subcontractors' failure to perform their obligations under the contract binding them to the Eurofeu Group.