Protecting the personal data of customers and propects
Effective date: 01.06.2022
1. Who are we?
SOCOMEC (hereinafter "Socomec" or "we") is a SAS registered in the Strasbourg Trade and Companies Register under the number 548 500 149 and whose registered office is located at 1 rue de Westhouse, 67230 Benfeld - France.
The purpose of this policy is to inform you of the principles governing the way in which we collect, use and store your personal data in your capacity as a Socomec customer, as well as the main purposes of the processing carried out. It may be supplemented by various other information documents depending on the product/service that Socomec provides you.
We invite you to read this policy carefully and to consult it regularly in order to take note of any changes or updates.
2. What is the applicable legal and regulatory framework?
Socomec, in its capacity as data controller, is required to process some of your personal data (i.e. any information about you that makes you directly or indirectly personally identifiable) in accordance with the applicable regulations on the protection of personal data ("Applicable regulations on the protection of personal data").
The latter includes, in particular, (i) the law relating to data processing, files and freedoms no. 78-17 of 6 January 1978 as amended and any updates thereto, (ii) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter the "GDPR"), and (iii) where applicable, texts adopted within the European Union and local laws that may apply to personal data processed within the framework of our relationship.
3. How is your personal data processed?
3.1. Purposes and lawfulness of processing
The personal data we collect is used for the following purposes, on the legal basis associated with them:
Processing relating to the commercial relationship (excluding prospecting/loyalty activities):
|Purpose of processing||Legal basis|
Management, qualification and response to requests (e.g. from the website, by telephone, e-mail or from Socomec applications), in particular:
- Contact requests;
- Requests for quotations;
- Provision of technical support, etc., including from the website
|Execution of pre-contractual measures or our legitimate interest in responding to requests|
|Management of orders, deliveries and after-sales service||Performance of a contract|
|Management of commercial and legal warranties||Performance of a contract / legal obligation depending on the warranty in question|
|Management of possible pre-litigation and litigation (including collection of outstanding debts)||Legitimate interest / Performance of a contract|
|Management of accounting and tax obligations||Legal obligation|
Management of customer/prospect knowledge and subsequent analysis, including:
- Financial solvency assessment and profiling;
- Satisfaction surveys;
- Quality surveys
|Performance of a contract / legitimate interest|
Processing related to business development/prospecting activities:
|Purpose of processing||Legal basis|
Prospecting by electronic means, including for similar goods and services, such as:
- Sending of newsletter e-mails;
- Sending of commercial communications
|Consent / legitimate interest in communicating with our prospects/customers as appropriate|
|Prospecting by post (e.g. sending catalogues)|
|Management of the opposition list||Legal obligation|
Organisation/participation in customer development and loyalty events:
- Digital events (e.g. webinars);
- Physical events (e.g. factory visits, trade fairs, DemoVan, competitions, etc.)
|Provision of tools related to Socomec products (e.g. selectors, configurators, catalogues, etc.)||Performance of a contract / legitimate interest|
Other processing related to the management of our website and social networks:
|Purpose of processing||Legal basis|
|Management of our e-reputation||Legitimate interest|
|Administration of our website and its security||Performance of a contract / legitimate interest|
|Establishment of usage statistics|
|Management of user accounts|
|Management of social network accounts||Legitimate interest|
|Management of interactions with people who come into contact with Socomec accounts|
You can contact us at the address mentioned below for any clarification regarding the processing of your personal data.
We would like to draw your attention to the fact that certain processing operations, in particular those related to customer knowledge and prospecting, lead us to build up profiles of our customer-types ("profiling") by analysing your preferences, in particular in order to send personalised communications.
Furthermore, you are aware that your personal data may also be processed due to new obligations (in particular legal obligations), or to defend the interests of Socomec or a third party. We will inform you in the event of new processing on these bases.
3.2. Categories of personal data
Within the framework of our relationship, Socomec is required to process, in particular, the following categories of data, depending on the processing that is actually carried out on you:
|Identity data||Name, first name, e-mail address, telephone number, postal address|
|Professional data||Position, company name, LinkedIn account data, SIREN number|
|Commercial data||Information related to requests (contact, documentation, etc.), purchases of products/services made, quantity/amount/date of orders and related invoices, delivery address, history of purchases and possible returns, all correspondence and/or exchanges with the customer/prospect including after-sales service or on social networks (including data made accessible by the latter, messages exchanged or publications)|
|Payment data||Payments made, their terms and conditions, bank details, cheque and CB numbers (including card validity and cryptogram)|
|Connection, activity and behavioural data||Sites visited, IP address, logs, identifiers, dates and times of connection/disconnection, location, data collected by cookies deposited.|
We collect this information directly from you, from your employer, from our business partners, from our distributors or subsidiaries, and from database renters, depending on the purpose.
4. How long will your personal data be kept?
The personal data we collect is processed for no longer than is necessary for the purposes for which it was collected, taking into account the applicable limitation periods and the principle of proportionality.
- Concerning data relating to customer management: personal data relating to customers is not kept beyond the period strictly necessary for the management of the commercial relationship, extended by intermediate archiving for a legal period.
Concerning data relating to the management of prospects: customer data used for commercial prospecting purposes may be kept for a period of 3 years from the end of the commercial relationship. Personal data relating to a non-customer prospect may be kept for a period of 3 years from the date of collection or the last contact from the prospect.
At the end of this 3-year period, Socomec may contact the person concerned again to find out if he/she wish to continue receiving commercial solicitations. In the absence of a positive and explicit response from the person, the data will be deleted or archived in accordance with the provisions in force.
- Concerning connection data: We keep this data for a maximum of 1 year, except in cases where specific legal and/or regulatory provisions impose a different retention period.
For more information on the retention periods we apply, you can contact us at the address below.
5. To whom is your personal data disclosed?
Your personal data is passed on to our internal departments involved in the above-mentioned purposes, in particular to the sales and change management, marketing and communication, IT, legal or finance and accounting departments.
It is also communicated to the following recipients, strictly in consideration of the purposes sought:
- Our commercial partners and distributors, including our subsidiaries;
- Our service providers (in particular for IT, marketing and communication, including software);
- Our advisers (legal or otherwise);
- The competent authorities in the event of infringement and/or litigation.
Please note that where we use subcontractors within the meaning of the Applicable regulations on the protection of personal data, they are obliged to ensure the security and confidentiality of the personal data provided to them and must only use such data on our instructions and in accordance with the data processing agreement they have signed with us.
6. How do we protect your personal data?
We are committed to ensuring the confidentiality, integrity, availability and security of your personal data.
In accordance with Article 32 of the GDPR, we endeavour to implement all necessary and appropriate technical, logical and organisational measures to ensure the level of security best suited to the risks involved in processing such personal data.
We also put in place means to prevent, as far as possible, any loss, accidental destruction, alteration and unauthorised access to this personal data.
These measures include storing your personal data in a secure operating environment, accessible only to authorised persons who are required to respect the confidentiality of your data.
7. Is your data likely to be transferred outside the European Union?
Yes – some of our subcontractors are located outside the European Union, and some of our tools are accessible by Socomec Group employees who are also located outside the European Union (in particular in the United States, Latin America or Asia).
In this case, and in order to guarantee a sufficient level of protection for your personal data, we have put in place tools to secure these transfers.
8. Will our policy change in the future?
We invite you to regularly consult the latest version in force, accessible from the footer of our website: www.socomec.es.
9. What rights do you have?
In accordance with the applicable law, you have the following rights, depending on the processing operation in question:
9.1. Rights to information, access and portability
You have the right to access your personal data processed by us and to know why we process your data, where we get it from and who receives it.
We will provide you with the requested information, in writing or electronically, within a reasonable time and at the latest within one month, provided that your request is not excessive.
You also have the right to obtain a copy of the personal data we process about you. If you have submitted your request electronically and do not request another method of communication, this information will be provided to you in electronic form.
9.2. Right of rectification
You may request that your personal data be updated, corrected and/or completed at any time.
Depending on the circumstances, you may also be able to rectify your information yourself.
9.3. Right to erasure
You have the right to obtain the deletion of your personal data for legitimate reasons. Nevertheless, it is brought to your attention that, due to the nature of certain processing operations and, in particular, their legal basis (e.g. to meet a legal obligation), we will only be able to erase your personal data once the legal retention obligation and/or the applicable limitation periods have expired.
9.4. Right to limit processing
You may ask us to temporarily suspend the use of some of your personal data, in particular if you dispute the accuracy of all or part of the data.
9.5. Right to object
You may object to the processing of your personal data, including profiling based on these provisions. The processing must then cease, unless it is necessary, for example, to comply with social and tax legislation, to defend our interests or those of a third party or to establish, exercise or defend legal claims.
9.6. Right to withdraw your consent
You may withdraw your consent at any time, provided that we have previously required your consent for the processing in question.
You acknowledge and agree that the withdrawal of such consent does not affect the legitimacy of the processing that was carried out on the basis of the consent you gave prior to the withdrawal.
9.7. Right to information in case of data breach
In the event of a personal data breach within Socomec, we will provide you with information about such a breach, if it is likely to result in a high risk to your rights and freedoms.
You acknowledge and agree that such communication is not necessary when Socomec has implemented appropriate measures to reduce or eliminate the high risk of infringement to your rights and freedoms.
9.8. Right to lodge a complaint with the supervisory authority
You also have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), regarding the way in which we process your personal data, in particular from its website www.cnil.fr.
10. How to contact us?
- By post at the following address: EDOS STRASBOURG, To the attention of the SOCOMEC’s DPO, 10, rue Flora Tristan 67200 STRASBOURG (France)
- By e-mail to the following address: firstname.lastname@example.org
If you wish to exercise your rights, we recommend that you provide us with any information that will enable you to prove your identity (e.g. your customer number together with your identity and address, or even an identity card). If we have any doubts about your identity, we may ask you to provide us with other information enabling us to verify your identity (national identity card, passport, driving licence, etc.), in order to avoid your data being communicated to persons other than you. This information will be deleted once the verification has been completed.