Last update 11/2024
This page is subject to change, so please consult it regularly.
1/ PREAMBLE
Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter the “RGPD”) sets out, together with the other texts applicable in this area, the legal framework applicable to the processing of personal data.
These texts strengthen the rights and obligations of data controllers, processors, data subjects and data recipients. In particular, they require that data subjects be informed of their rights in a concise, transparent, comprehensible and easily accessible manner.
We, SAS “FRIAL”, whose registered office is at 66 avenue du Maine – Immeuble Heron Building 75014 PARIS, registered with the Paris Trade and Companies Register under number 319 805 974 (the “Company”), publish the “frial.com” website (the “Site”).
2/ PURPOSE
The Company attaches great importance to the protection of your personal data and privacy.
The purpose of this Policy is to :
- to bring together in a concise, transparent, understandable and easily accessible format information concerning the uses made of your personal data by the Company;
- understand how your data is used;
- to inform you of your rights and how to exercise them.
This Policy relates only to the processing operations for which the Company is responsible. The processing of personal data may be managed directly by the Company or through a subcontractor specifically appointed by it. This Policy is independent of any other document that may apply within the contractual relationship between the Company and you (cookies, commercial contracts, partnership agreements, etc.).
3/ DATA PROTECTION OFFICER
The Company has appointed a Data Protection Officer to ensure compliance with personal data regulations.
He can be contacted at dpo@frial.fr or by post at :
LE DUFF Group
Compliance Department – Data Protection Officer
52, avenue du CANADA
35 200 RENNES
4/ GENERAL PRINCIPLES
When the Company collects and uses your data, it does so for a specific purpose, of which you have been informed. In accordance with regulations, the purposes for which your data is collected are listed in a data processing register. They are also set out in the information notices brought to your attention, as well as in article 10 of the present Policy
5/ CATEGORIES OF PERSONAL DATA PROCESSED
The Company undertakes to collect and use only the personal data it needs to carry out its missions. The categories of personal data collected by the Company vary according to the use that will be made of them. The list of data is given in article 10 of this Policy.
The Company does not process sensitive data within the meaning of Article 9 of the RGPD (i.e. any data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation).
6/ ORIGIN OF PERSONAL DATA PROCESSED
Processing is only carried out by the Company if it concerns personal data collected by or for the services offered on the Site or on the FRIAL mobile applications, or for the branches and franchisees of the FRIAL brands – who sell you the products you purchase on the Site or on the FRIAL mobile applications – or processed in connection with these services.
The Company may collect your personal data when: list to be adapted according to the specific features of the Site
- you visit the Site
- you place an order on the Site;
- you subscribe to our newsletter;
- you download a discount coupon via the Site or the Company’s Facebook page;
- you send a complaint, ask a question or make any other comment;
- you take part in a competition on the Site or on the Company’s application, or on the Company’s official social network pages;
- communicate your personal data on the Site.
7/ RECIPIENTS OF PERSONAL DATA
The Company ensures that only authorized persons and organizations have access to your data, and only for the purposes related to their missions. These may include, in particular:
- corporate officers and employees of the Company, LE DUFF Group entities, franchisees ;
- the Company’s service providers involved in the operation of the site, the official pages of social networks, the execution of your order, the collection of online payments, the management of online reservations, the management and dispatch of newsletters and commercial offers, etc.
- public bodies, exclusively to meet the Company’s legal obligations;
- judicial and legal officers.
The Company ensures that its subcontractors comply with their obligations under applicable regulations. In addition, the Company reserves the right to audit its subcontractors to ensure compliance with applicable regulations.
Details of recipients by purpose are given in article 10 of this Policy.
With the exception of communication to the persons defined above and in article 10 of the present Policy, your personal data will not be communicated, transferred, rented or exchanged for the benefit of any third party whatsoever.
8/ TRANSFER OF PERSONAL DATA
If necessary for the purposes described in this Policy, your data may, for technical reasons, be transferred to a third country. Where the country concerned does not benefit from an adequacy decision (which means that it offers your personal data a degree of protection equivalent to that in force on the territory of the European Union), the Company ensures that the transfer is governed by one of the following appropriate measures:
- standard contractual clauses approved by the CNIL ;
- the Company’s adherence to an approved code of conduct;
- compliance with a certification mechanism certified by an approved body;
- binding corporate rules approved by the CNIL.
In the event that a franchise applicant wishes to fill in an application form for a franchised establishment located in a country outside the European Union, the applicant is informed that the Company may be required, if necessary for the purposes of examining the application, to transfer the personal data collected to recipients located in the said country.
9/ DATA RETENTION PERIODS
Data retention periods are defined by the Company in the light of its legal and contractual obligations. Data is kept only for as long as is strictly necessary for the purposes for which it is to be used.
As a general rule, data enabling proof of a right or contract to be established will be kept for the period stipulated by the regulations in force.
At the end of the retention period defined for each category of personal data processed, and subject to the provisions allowing archiving strictly necessary for the exercise of a right and proof of that right for the duration of the applicable limitation periods or by virtue of the legal obligations to which the Company is subject, the Company :
- destroys personal data or ;
- irreversibly stores personal data in an anonymized form, so that it no longer constitutes personal data within the meaning of the applicable regulations.
You are reminded that deletion or anonymization are irreversible operations and that the Company is not subsequently able to restore them.
10/ TABLE SUMMARIZING THE PURPOSES OF PROCESSING YOUR PERSONAL DATA, DATA COLLECTED, DATA RECIPIENTS, RETENTION PERIODS AND LEGAL BASIS
The Company uses your personal data for defined purposes (why your data is used) and on legal grounds (why the Company has the right to use your data), as provided for by regulations. The table below shows the main purposes for which the Company processes personal data. For further information concerning the processing of your personal data, please contact the Data Protection Officer. This list is subject to change.
| Purpose of processing | Collected data | Legal basis | Shelf life | Internal and external recipients |
| Comments and questions to customer service. | Identification (surname, first name), contact details (telephone, email address), technical data (identification, connection, consent) | Legitimate interest | 3 years from the last connection to the site | – if necessary, employees of the Company’s technical service providers involved in the operation of the site,
– inspection services, – public bodies, exclusively to meet the Company’s legal obligations, legal auxiliaries, ministerial officers, – customer service, – the Company’s IT department.
|
11/ YOUR RIGHTS REGARDING YOUR PERSONAL DATA
You are informed that all the rights listed below are individual rights that can only be exercised by you or by a person authorized to act on your behalf.
Right of access
You have the right to request confirmation from the Company as to whether or not your personal data is being processed. You also have a right of access, and the right to request a copy of your personal data being processed from the Company.
Customers and contacts also have a right of access.
If you submit your request for a copy of the data electronically, the information requested will be provided in a commonly used electronic form, unless you request otherwise.
You are informed that this right of access may not relate to data whose communication is not authorized by law.
Right to limit the processing of your data
You may ask the Company to limit the processing of your data in the cases provided for by law.
Right to object to the processing of your data
You may object at any time, for reasons relating to your particular situation, to the processing of your data for which the legal basis is the Company’s legitimate interest. If you exercise this right, the Company will ensure that it no longer processes your personal data, unless it can demonstrate that it has compelling legitimate grounds for continuing to do so. These grounds must outweigh your interests and your rights and freedoms, or the processing must be justified for the establishment, exercise or defense of legal claims.
Once you have agreed to receive offers (newsletter and/or commercial offers) from the Company, you may unsubscribe at any time by clicking on the link provided or by any other means offered to you.
Right of rectification
You may ask the Company to rectify or complete your personal data if it is inaccurate, incomplete, ambiguous or out of date. The Company will not be held responsible if the customer or contact does not update his/her data.
Droit de retirer votre consentement
Lorsque la Société utilise vos données personnelles sur la base de votre consentement, vous pouvez le retirer à n’importe quel moment. La Société cessera alors d’utiliser vos données personnelles, sans que les opérations antérieures pour lesquelles vous aviez consenti ne soient remises en cause.
Right to erasure
You may ask the Company to delete your personal data when one of the following reasons applies:
- the data is no longer necessary for the purpose for which it was originally collected or processed;
- you withdraw your consent;
- you object to the processing of your data and there is no compelling legitimate reason for its use;
- the use of your data does not comply with the law or regulations.
Please note that this is not a general right, and can only be exercised if one of the grounds set out in the applicable regulations is present. If none of these grounds is present, the Company will not be able to respond favorably to your request. For example, if the Company must retain your data for legal or regulatory purposes, or for the establishment, exercise or defense of legal claims.
Right to portability of your data
You have the right to retrieve part of your data in a machine-readable format for personal use or for transmission to a third party of your choice. This right does not apply to paper files, and only applies on the basis of your prior consent or the performance of the contract. The exercise of this right must not infringe the rights and freedoms of third parties whose data may be included in the transmitted data.
Right to define post-mortem directives
You have the right to define specific directives concerning the conservation, deletion and communication of your personal data after your death. These specific directives will only concern the processing carried out by the Company and will be limited to this scope.
Right to lodge a complaint with the CNIL
If you feel that your rights under the Data Protection Act have not been respected, you may lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL):
CNIL – Service des plaintes : 3, place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07
Tel: 01 53 73 22 22
12/ HOW TO EXERCISE YOUR RIGHTS
You may exercise your rights by sending an e-mail to the following address
dpo@frial.fr or by post to
LE DUFF Group
Compliance Department – Data Protection Officer
52, avenue du CANADA
35 200 RENNES
The Company will acknowledge receipt of your request to exercise your rights and will respond to your request as soon as possible and no later than one (1) month from receipt of your request. This period may be extended by two (2) months if the request is complex, for a total of three (3) months from receipt of your initial request. In the latter case, the Company will inform you of the extension and explain the reasons for it.
If there is any doubt about your identity, the Company may ask you to provide additional information necessary for identification.
If you wish to prove your identity by sending a piece of identification, please ensure that you send only the front side in black and white, with a watermark (https://filigrane.beta.gouv.fr/).
Exercising your rights is free of charge. However, if your requests are repetitive, excessive or abusive, you may be charged a fee.
In accordance with regulations, the Company retains data relating to the exercise of your rights for a maximum period of three (3) years, after which it is rendered anonymous.
If you have provided proof of identity, this will be kept for one (1) year after receipt of the request, if proof is required. Otherwise, the proof will be deleted immediately.
13/ OBLIGATORY OR OPTIONAL ANSWERS
On each personal data collection form, you are informed of the compulsory or optional nature of the answers by the presence of an asterisk.
14/ LINKS TO THIRD-PARTY SITES
The Company may also provide links to other websites. This is particularly true of the “Careers” section at the foot of the page. However, the Company is not responsible for the content or information collection policies of these websites. If you visit the websites of third parties, please check their information collection and privacy protection policies before providing them with your personal data. The Company accepts no liability in this respect.
15/ RIGHTS OF USE GRANTED TO THE COMPANY
The Company is granted by the persons concerned the right to use and process their personal data for the purposes defined above.
16/ DATA SECURITY
The Company attaches particular importance to the security of your personal data. Appropriate technical and organizational measures are implemented to ensure that your data is processed in such a way as to guarantee its protection against loss, destruction or accidental damage that could undermine its confidentiality or integrity.
When creating or selecting a new tool for the use of your personal data, the Company ensures that it offers an adequate level of protection. The Company concludes contracts with its subcontractors and partners clearly defining the terms and conditions of use of your data. In the event of an incident involving your personal data, the Company has set up a specific procedure. In the event of a serious risk to your privacy, rights and freedoms, the Company will inform you of the incident, in accordance with its obligations in this respect.