PRIVACY POLICY
ARTICLE 1: FOREWORD
The GDPR and you…
Personal data protection is one of our major concerns. The privacy policy fits into a legal context marked by the EU General Data Protection Regulation (EU Regulation 2016/679 of 27 April 2016), applicable since 25 May 2018 and the the amended French Data Protection Act no. 78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties.
The purpose of this data protection policy is to tell you about:
- The personal data controller
- How your data is collected and processed. Personal data is any information which enables a natural person to be identified. • Your rights regarding the use of your personal data
- The recipients to whom your data is transmitted
- The recipients to whom your data is transmitted
- The website’s cookie management policy
This privacy policy supplements the legal notices on the websites.
ARTICLE 2: GLOSSARY
You’ll understand us… promise!
Personal Data is any information relating to an identified or identifiable person, i.e. enabling the person to be identified directly (e.g., surname and first name) or indirectly (e.g. cookies).
The Processing of personal data is any operation or set of operations (automated or not) which is performed on data or sets of personal data, such as collection, recording, organisation, storage, data transmission, etc.
The Data Controllerdetermines the purposes (objectives of the processing) and the means of processing.
The Data Processorprocesses personal data on behalf of the data controller and carries out its instructions.
ARTICLE 3: GENERAL PRINCIPLES
Legal obligations… we’ve got them!
In accordance with the provisions of Article 5 of the General Data Protection Regulation (GDPR), the collection and processing of your personal data shall comply with the following principles:
- Lawfulness, fairness and transparency: the collection and processing of personal data can only be based on a legal basis defined in advance (performance of a contract, legal obligation, consent, legitimate interest, preservation of vital interests)
- purpose limitation: the collection and processing of personal data is carried out to meet one or more defined objectives
- Data minimisation : only the data strictly necessary for the proper execution of the objectives pursued are collected
- Storage limitation: the data controller is under an obligation to define retention periods for the personal data processed
- Integrity and confidentiality : the data controller undertakes to guarantee the integrity and confidentiality of the data collected.
ARTICLE 4: DATA CONTROLLER
We are responsible for the data entrusted to us!
As data controller, LUMIBIRD SA undertakes to comply with the obligations resulting from the Regulation and the amended French Data Protection Act, concerning the collection and processing of personal data. In accordance with Article 32 of the GDPR, we implement all technical and organisational measures to ensure your personal data are protected.
When the LUMIBIRD SA holding is required to act as a subcontractor, it undertakes to process personal data in accordance with the requirements of Article 28 of the GDPR.
ARTICLE 5: PERSONAL DATA COLLECTED AND PROCESSED: WHAT DATA?
What do we know about you?
In accordance with the principle of minimisation, we only collect the data necessary to carry out our missions. Thus, as part of its activity, the LUMIBIRD SA holding company may collect and process the following information:
Identity
Name, surname
WORK LIFE
Qualification, occupation, work place, work e-mail address, work telephone number, diploma
Internet
IP address, login history, cookies, trackers
Personal life
Mailing address, personal phone number, personal e-mail address
FINANCIAL INFORMATION
Bank account details, banking and payment data
We do not collect sensitive data such as religion, trade union membership, racial and ethnic origins, criminal convictions or health-related data.
ARTICLE 6: PERSONAL DATA COLLECTED AND PROCESSED: WHY?
We’d like to explain!
In all of these situations, the LUMIBIRD SA holding company acts as a “Data Controller” within the meaning of the GDPR.
| DATA COLLECTED | REASONS FOR COLLECTION | LEGAL BASIS | RETENTION PERIOD |
|---|---|---|---|
| WEBSITES VISITS | |||
| – Identity – Personal life – Work life – Internet |
We use this data to : – Contact you when you fill in the contact form – Contact you when you fill in the recruitment form – Send you our quotes (if you have requested them) – Carry out audience analysis or statistics (if agreed) |
Consent | The data collected through the form are kept for 3 years from collection or the last contact from the prospect. Your browsing data on our website are kept for a maximum of 13 months |
| – Provide you with personalised services – Monitor and improve our website; – Secure our website and ensure our and your protection against fraud. |
Legitimate interest | ||
| CUSTOMER RELATIONSHIP MANAGEMENT | |||
| – Identity – Personal life – Work life – Internet – Financial information |
We use this data to : – Enter into and fulfil contracts with customers – Manage and track orders – Manage changes and order cancellations – Manage and monitor product maintenance and repairs – Manage and follow up shipment and delivery of products – Manage and monitor product compliance – Manage the necessary confidential defence clearance requests of our teams – Advise customers and manage product complaints and returns – Drawing up possible repair estimates – Answer your questions and interact with you in any other way – Manage your participation in satisfaction surveys to take into account your opinions and suggestions – Monitor our relationship and follow up with you as part of our relationship monitoring – Renewing your contracts – Manage payments, invoices, etc… |
Executing a contract | The data is kept for the duration of the contractual relationship and for 5 years thereafter. Invoices are kept for 10 years |
| – Send you commercial communications to inform you of our offers and future events (mailings, invitations to events, etc.) – Monitor and improve the quality of our products – Improve the performance of our customer service – Protect transactions against fraud. – Manage any dispute related to a purchase |
Legitimate interest | ||
| PROSPECT MANAGEMENT | |||
| – Identity – Personal life – Work life – Internet |
We use this data to : – Manage and monitor our business relationship – Update your contact details – Keep our prospect files up to date – Send you commercial communications to inform you of our offers and future events (mailings, invitations to events, etc.) – Approach you in order to offer you products adapted to your needs – Improve our management of commercial prospecting |
Legitimate interest | The data collected is kept for 3 years from the date of collection or last contact with you. |
| RECRUITMENT MANAGEMENT | |||
| – Identity – Personal life – Work life – Internet |
We use this data to : – Manage job applications – Manage interviews |
Legitimate interest | The data is kept for 2 years after the last contact with the applicant unless the applicant objects. |
ARTICLE 7: PERSONAL DATA: WHO HAS ACCESS TO YOUR PERSONAL DATA?
We don’t pass them on to just anyone!
LUMIBIRD SA undertakes to transmit your personal data only to authorized persons internally and to authorized third parties.
LUMIBIRD SA may, if necessary, transmit your personal data to subcontractors for various services such as OVH, located in France for the hosting of its website. We are committed to verifying and guaranteeing compliance with their compliance with the GDPR and the amended Data Protection Act.
Apart from the recipients mentioned above, the companies, subsidiaries and distributors of the LUMIBIRD SA Group as well as the carriers for the delivery of the products, LUMIBIRD SA undertakes not to transmit your personal data to third parties or external organizations, without your express consent.
LUMIBIRD SA does not and will not sell, transfer or communicate your personal data to unauthorized third parties.
LUMIBIRD SA does not use any automated decision based on your personal data. No profiling is implemented during processing, and the data we collect will never be used without human intervention.
ARTICLE 8: YOUR RIGHTS
You hold all the cards!
8.1 Your rights
In accordance with current regulations, you have the following rights in relation to your personal data:
RIGHT OF ACCESS
You may, at any time, access the personal data we hold about you.
RIGHT TO RECTIFICATION
You can express a request to complete or proceed to a correction or clarification of your personal information;
RIGHT TO OBJECT
You retain the right to object at any time to the use of your personal data in the activities carried out by our company with regard to the processing of your data.
RIGHT TO RESTRICTION OF PROCESSING
You may request the restriction of the future processing of your personal data under certain conditions
RIGHT TO ERASURE
You may also ask us to erase your personal data.
8.2 The DPO
LUMIBIRD SA has appointed a Data Protection Officer (DPO). In order to exercise your rights, you can contact our Data Protection Officer (DPO) at the following address:
LUMIBIRD SA
11 rue du Bois Joli
CS 40015-63808 COURNON D’AUVERGNE
CEDEX FRANCE
or send an e-mail to: rgpd@lumibird.com
8.3 Complaining to the CNIL
You may at any time lodge a complaint with the competent authority i.e. the French Data Protection Agency (CNIL) using the following link: https://www.cnil.fr/fr/plaintes.
ARTICLE 9: SECURITY MEASURES
You entrust us with your data and we look after it!
LUMIBIRD SA is concerned about the security of personal data which it undertakes to process securely and only for time necessary to achieve the intended purpose.
LUMIBIRD SA has put in place technical and organisational measures to ensure an adequate level of data protection in relation to the nature and purpose of the processing.
Therefore, in accordance with Article 32 of the GDPR on the security of processing, LUMIBIRD SA has implemented:
- Ways of guaranteeing the constant confidentiality, integrity, availability and resilience of processing systems and services
- Ways of restoring data availability and access within an appropriate timescale in the event of a physical or technical incident
- A procedure to regularly test, analyse and evaluate the effectiveness of the technical and organisational measures to ensure the processing is secure.
However, the security obligation remains an obligation of means, i.e. we do everything possible to ensure the confidentiality and integrity of your personal data.
Everyone who has access to your personal data has been made aware of best data protection practices. They are bound by a confidentiality obligation, and are liable to disciplinary action in the event of non-compliance with this provision.
ARTICLE 10: DATA TRANSFERS OUTSIDE THE EUROPEAN UNION
A well-organised trip!
As part of our activity and for the management of your requests, we may need to transfer data outside the European Union to exchange information about you with the companies and subsidiaries of the Group as well as the distributors. However, before any transmission of your personal data, we check the rules applicable to data transfers outside the European Union. In addition, we undertake that the recipients to whom we transmit personal data ensure a sufficient and appropriate level of protection of this data in accordance with the GDPR and the recommendations of the CNIL.
ARTICLE 11: COOKIES
You can choose between eating cookies and going on a diet
As with most websites, our website uses cookies that can be classified into three categories:
FUNCTIONALITIES :
These cookies remember the choices you make to improve your experience on our website and make your visit more personal and friendly. The information that these cookies collect can be anonymised and cannot be used to track your browsing activities on other websites
PERFORMANCE / ANALYTICAL :
These cookies collect anonymous information about your use of our website. The information collected by these cookies is used only to improve your browsing experience on our website and never for identifying you. Sometimes these cookies are placed by third-party providers of web traffic analysis services, such as Google Analytics
STRICTLY NECESSARY:
These cookies are essential to allow you to browse our websites and use their features.
If you wish to limit your tracking, it is recommended that you reject them by default via the cookie management banner we have set up on our website. In our cookie policy you will also find the procedure for accepting, customising or refusing cookies by expressing your choice using the banner that appears at the bottom of your screen.
ARTICLE 12: DATA PROTECTION POLICY UPDATES
Hang in there, you’ve almost finished!
This personal data protection policy may evolve. The last update was made on July 12 2022.