In order to provide a quality customer experience and to be transparent with our customers and partners, Supplyweb is committed to protecting your personal information. This document contains details of the data we may collect from you and how we use that information.
The collection and processing of personal data carried out by Supplyweb is therefore governed by Law No. 78-17 of 6 January 1978, as amended, relating to information technology, files and freedoms, as well as by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (RGPD) on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
Supplyweb is committed to taking into account the protection of your Personal Data and your privacy right from the design of the new products or services offered to you. To this end, measures to ensure the protection of your Personal Data are implemented, in particular to ensure its security and to guarantee the respect and proper exercise of your rights. When you provide us with Personal Data, you authorise us to collect, store and use it in order to fulfil our contractual obligations to you.
We respect your rights:
In accordance with the GDPR and other rules, you have the following rights:
- A right of access to your Personal Data (Article 15 of the GDPR);
- A right to rectify your Personal Data in case they are inaccurate (article 16 of the GDPR);
- A right to the erasure of your Personal Data (article 17 of the GDPR) in certain cases;
- A right to a limitation of the Processing of Your Personal Data (article 18 of the GDPR) and the right to the portability of Your Data (article 20 of the GDPR), within the limits set by the applicable regulations,
- The right to withdraw your consent at any time when the Processing is based on it (Article 13 of the GDPR);
- A right to object to the Processing of your Personal Data (Article 21 of the GDPR);
These rights can be exercised with proof of identity by contacting us at the following email address: firstname.lastname@example.org. You also have the right to make a complaint to the supervisory authorities, in particular the Commission Nationale Informatique et Liberté (French Data Protection Authority), by visiting this link: https://www.cnil.fr/fr/plaintes/
A procedure for handling complaints and requests relating to the exercise of personal rights is available by contacting the Data Controller.
COLLECTION OF YOUR PERSONAL DATA ON OUR SITE
The nature of the personal data that you provide to us in the context of the forms completed on our site:
- First name
- Type of product
- Monthly order volume
- E-mail address
- First name
- E-mail address
- Letter of motivation
PURPOSES OF THE PROCESSING OF YOUR PERSONAL DATA
This data is processed and used to monitor and carry out the contractual services agreed between the parties, i.e:
- contacting prospective clients via the contact form
- on our website contact with candidates via the recruitment form
- promotion of our services via newsletters
- the organisation of events
If you have any queries about the Data Controller’s obligations in relation to the administrative management of your data, please contact us in writing at email@example.com
The personal data we hold about you identifies you as an individual.
We collect information about you in a variety of formats: paper and electronic.
We will only collect and/or process your personal data in accordance with applicable data protection and privacy laws.
TRANSFER OF DATA
Supplyweb hereby undertakes not to transfer your data outside the European Union. In addition, where Supplyweb uses subcontractors, these subcontractors have been chosen for the sufficient security guarantees that they offer.
DURATION OF PROCESSING
Personal Data will be processed and stored for the duration of the contractual relationship between the Parties.
BREACH OF PERSONAL DATA
The Data Controller shall implement appropriate technical and organisational measures so that the Processing meets the requirements of the Data Protection Regulation. Supplyweb shall notify the Customer of any Personal Data Breach within a maximum of 48 hours of becoming aware of it. Supplyweb undertakes in particular to take all appropriate measures to ensure the preservation and integrity of the Personal Data and to prevent any misuse or fraudulent use of the Personal Data, within the limits of its scope of intervention and the means under its control under and during the contractual relationship.
CONFIDENTIALITY OF PERSONAL DATA
Supplyweb undertakes to keep the Personal Data confidential and not to disclose them in any form whatsoever, except for the purposes of performing the services, the purposes and this agreement in application of a legal or regulatory provision; to respond to requests for communications from the judicial and/or administrative authorities with the User’s prior consent or request. In this respect, Supplyweb ensures that the persons authorised to process the Personal Data (staff, partners, subcontractors, etc.) undertake to respect the confidentiality of the Personal Data or are subject to an appropriate legal obligation of confidentiality.
Supplyweb undertakes to ensure :
- the confidentiality of its identifiers and passwords for its access to services,
- to use passwords that comply with the rules of good practice,
- to ensure the security of the workstations and equipment from which its personnel and any person authorised by it access the services, in particular by authenticating users by name, by periodically reviewing authorisations, by ensuring that patches and system updates are applied, by having anti-virus and firewalls or similar systems that are kept up to date, by promoting the backup of its users’ data, by protecting its premises, in particular by having anti-intrusion systems.
In the context of this document, we understand by:
Personal Data means any information that directly or indirectly identifies a natural person.
The data controller means any person who determines the purposes and means of the processing.
The Sub-processor refers to any person who processes Personal Data on behalf of and on the instructions of a Controller. The Sub-processor must be able to present sufficient guarantees regarding the implementation of technical and organisational measures to justify the protection of Personal Data.
Processing means any operation (or set of operations) relating to Personal Data, by any means, and in particular collection, recording, organisation, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, as well as blocking, erasure or destruction.