DATA PROTECTION POLICY OF LUMIBIRD GROUP
ARTICLE 1: FOREWORD
The GDPR and you…
Personal data protection is one of our major concerns. The privacy policy fits into a legal context marked by the EU General Data Protection Regulation (EU Regulation 2016/679 of 27 April 2016), applicable since 25 May 2018 and the the amended French Data Protection Act no. 78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties.
The purpose of this data protection policy is to tell you about:
- The personal data controller
- How your data is collected and processed. Personal data is any information which enables a natural person to be identified. • Your rights regarding the use of your personal data
- The recipients to whom your data is transmitted
- The recipients to whom your data is transmitted
- The website’s cookie management policy
This privacy policy supplements the legal notices on the websites.
ARTICLE 2: GLOSSARY
You’ll understand us… promise!
Personal Data is any information relating to an identified or identifiable person, i.e. enabling the person to be identified directly (e.g., surname and first name) or indirectly (e.g. cookies).
The Processing of personal data is any operation or set of operations (automated or not) which is performed on data or sets of personal data, such as collection, recording, organisation, storage, data transmission, etc.
The Data Controller determines the purposes (objectives of the processing) and the means of processing.
The Data Processor processes personal data on behalf of the data controller and carries out its instructions.
ARTICLE 3: GENERAL PRINCIPLES
Legal obligations… we’ve got them!
In accordance with the provisions of Article 5 of the General Data Protection Regulation (GDPR), the collection and processing of your personal data shall comply with the following principles:
- Lawfulness, fairness and transparency: the collection and processing of personal data can only be based on a legal basis defined in advance (performance of a contract, legal obligation, consent, legitimate interest, preservation of vital interests)
- purpose limitation: the collection and processing of personal data is carried out to meet one or more defined objectives
- Data minimisation : only the data strictly necessary for the proper execution of the objectives pursued are collected
- Storage limitation: the data controller is under an obligation to define retention periods for the personal data processed
- Integrity and confidentiality : the data controller undertakes to guarantee the integrity and confidentiality of the data collected.
- Accuracy of data: the data controller undertakes to take all reasonable steps to keep the data it processes up to date, so as to update inaccurate data and delete obsolete data.
ARTICLE 4: DATA CONTROLLER
We are responsible for the data entrusted to us!
As data controller, LUMIBIRD undertakes to comply with the obligations resulting from the Regulation and the amended French Data Protection Act, concerning the collection and processing of personal data. In accordance with Article 32 of the GDPR, we implement all technical and organisational measures to ensure your personal data are protected.
As a subcontractor, LUMIBIRD undertakes to process the customer’s personal data only to the extent necessary for the performance of the contract concluded. LUMIBIRD undertakes to follow the customer’s written instructions, in accordance with article 28 of the RGPD.
ARTICLE 5: PERSONAL DATA COLLECTED AND PROCESSED: WHAT DATA?
What do we know about you?
In accordance with the principle of minimisation, we only collect the data necessary to carry out our missions. Thus, as part of its activity, LUMIBIRD may collect and process the following information:
Identity
Name, surname, gender
WORK LIFE
Business email address, business telephone number, resume, employment status, education, training, place of work, qualifications, etc.
Connection data
IP address, logs, terminal identifiers, connection identifiers, time-stamp information, etc.
Internet
Cookies, trackers, browsing data, audience measurement, etc.
Personal life
Personal mailing address, personal phone number, personal e-mail address, family status.
FINANCIAL INFORMATION
Bank account details, banking and payment data
We do not collect sensitive data such as religion, trade union membership, racial and ethnic origins, criminal convictions or health-related data.
ARTICLE 6: PERSONAL DATA COLLECTED AND PROCESSED: WHY?
We’d like to explain!
In all of these situations, LUMIBIRD acts as a “Data Controller” within the meaning of the GDPR.
| DATA COLLECTED | REASONS FOR COLLECTION | LEGAL BASIS | RETENTION PERIOD |
|---|---|---|---|
| WEBSITES VISITS | |||
| – Identity – Personal life – Work life – Connection data – Internet |
We use this data to: – Send you our quotes (if you have requested them) – Contact you when you fill in the contact form – Carry out audience analysis or statistics (if agreed) |
Consent | Your browsing data on our website are kept for a maximum of 13 months The data collected through the form are kept for 3 years from collection or the last contact from the prospect |
| – Provide you with personalised services – Monitor and improve our website; – Secure our website and ensure our and your protection against fraud. |
Legitimate interest | ||
| CUSTOMER RELATIONSHIP MANAGEMENT | |||
| – Identity – Personal life – Work life – Business information – Connection data – Location – Internet |
We use this data to:
– Manage the commercial relationship |
Executing a contract | Retention for the duration of the commercial relationship and 5 years after the end of the relationship Invoices are kept for 10 yearStorage of data used for commercial prospecting purposes: – until consent is withdrawn or the right to object is exercised – up to 3 years from the end of the commercial relationship |
| – To send you commercial communications unrelated to similar services or products (if you have asked us to do so) | Consent | ||
| – To send you commercial communications unrelated to similar services or products (if you have asked us to do so- Offer you personalised services – Handle any dispute relating to a purchase – Send you information about similar products and services |
Legitimate interest | ||
| PROSPECT MANAGEMENT | |||
| – Identity – Personal life – Work life – Internet |
We use this data to: – Manage your data as a prospect – Send you our newsletter – Update your contact details – Keep our prospect files up to date – Send you commercial communications to inform you of our offers and future events (mailings, invitations to events, etc.) – Approach you in order to offer you products tailored to your needs – Improve our commercial prospecting management |
Legitimate interest | Storage of data used for commercial prospecting purposes: – until consent is withdrawn or the right to object is exercised – up to 3 years from the end of the commercial relationship |
| ONLINE RECRUITMENT MANAGEMENT | |||
| – Identity – Personal life – Work life – Internet |
– Search for relevant profiles via an online platform on the LUMIBIRD website – Creation of a CV library |
Consent | 2 years after the last contact with the candidate, with the candidate’s consent |
| – Search for relevant profiles via an online platform on the LUMIBIRD website – Creation of a CV library |
Consent | Maximum 3 months after completion of the recruitment process or 2 years from the last contact if the candidate consents | |
| AFTER-SALES SERVICE MANAGEMENT | |||
| – Identity – Work life |
– Management of returns under warranty – Management of customer complaints – Management of signed customer requirements – Management of product conformity requests – Customer satisfaction surveys – Improvement of customer service quality – Traceability of customer relations – Management of customer complaints in the event of product quality problems (e-mail exchanges) – Management and conclusion of maintenance contracts – Monitoring product maintenance – Technical support hotline – Management and issuing of repair estimates |
Executing a contract | 5 years from the end of the contractual relationship |
In the course of our business, LUMIBIRD acts as a ‘subcontractor’ on behalf of its subsidiaries:
| CUSTOMER MANAGEMENT ON BEHALF OF SUBSIDIARIES | |||
| – Identity – Personal life – Work life – Business information – Internet |
We use this information to: – Manage the commercial relationship – Manage your orders – Manage payments, invoicing, etc. – Process and track your order, including delivery – Answer your questions and interact with you in any other way – Answering the contact form for after-sales or quality purposes – Manage the After Sales Service |
Executing a contract | Storage for the duration of the commercial relationship and 5 years after the end of the relationship Invoices are kept for 10 yearsStorage of data used for commercial prospecting purposes: – until withdrawal of consent or exercise of the right to object – up to 3 years from the end of the commercial relationship |
| – Send you commercial communications unrelated to similar services or products (if you have asked us to do so). | Consent | ||
| — Offer you personalised services – Manage any dispute related to a purchase – Send you information on similar products and services |
Legitimate interest | ||
| PROSPECT MANAGEMENT ON BEHALF OF SUBSIDIARIES | |||
| – Identity – Personal life – Work life |
We use this data to: – Manage your data as a prospect – Send you our newsletter – Update your contact details – Keep our prospect files up to date – Send you commercial communications to inform you of our offers and future events (mailings, invitations to events, etc.) – Approach you in order to offer you products tailored to your needs – Improve our commercial prospecting management |
Legitimate interest | Storage of data used for commercial prospecting purposes: – until withdrawal of consent or exercise of the right to object – up to 3 years from the end of the commercial relationship |
| MANAGE EXTERNAL COMMUNICATIONS ON BEHALF OF SUBSIDIARIES | |||
| – Identity – Personal life – Work life |
We use this data to: – Distribute information via social networks – Recording and distributing photos and videos – Organising events for third parties – Participation in trade fairs – Sending e-mailings to customers |
Legitimate interest | Storage of data used for commercial prospecting purposes: – until withdrawal of consent or exercise of the right to object – up to 3 years from the end of the commercial relationship |
As a subcontractor, LUMIBIRD complies with its subcontracting obligations insofar as a subcontracting appendix has been concluded between LUMIBIRD and its subsidiaries.
ARTICLE 7: PERSONAL DATA: WHO HAS ACCESS TO YOUR PERSONAL DATA?
We don’t pass them on to just anyone!
LUMIBIRD undertakes to transmit your personal data only to authorized persons internally and to authorized third parties such as the tax, customs or economic authorities, the administration of justice, the police and the police force or the administration of social action and health authorities.
LUMIBIRD may, if necessary, transmit your personal data to subcontractors for various services such as:
- SAGE X3: repair and maintenance estimates
- SYLOB: customer intervention sheet
- SALESFORCES: CRM
- Factorial: recruitment
- OVH: website hosting
The use of these service providers is necessary for the proper provision of our services. We undertake to check and guarantee that they comply with the GDPR and the amended Data Protection Act.
Apart from the recipients mentioned above LUMIBIRD undertakes not to transmit your personal data to third parties or external organizations, without your express consent.
LUMIBIRD does not and will not sell, transfer or communicate your personal data to unauthorized third parties.
LUMIBIRD does not use any automated decision based on your personal data. No profiling is implemented during processing, and the data we collect will never be used without human intervention.
ARTICLE 8: YOUR RIGHTS
You hold all the cards!
8.1 Your rights
In accordance with current regulations, you have the following rights in relation to your personal data:
RIGHT OF ACCESS
You may, at any time, access the personal data we hold about you.
RIGHT TO RECTIFICATION
You can express a request to complete or proceed to a correction or clarification of your personal information;
RIGHT TO OBJECT
You retain the right to object at any time to the use of your personal data in the activities carried out by our company with regard to the processing of your data.
RIGHT TO RESTRICTION OF PROCESSING
You may request the restriction of the future processing of your personal data under certain conditions
RIGHT TO ERASURE
You may also ask us to erase your personal data.
RIGHT TO PORTABILITY
You have the right to receive your data in a structured, commonly used and machine-readable format. You can also request that we transfer your personal data to another organisation.
DIGITAL DEATH
You can decide what happens to your personal digital data after your death.
8.2 The DPO
LUMIBIRD has appointed a Data Protection Officer (DPO). In order to exercise your rights, you can contact our Data Protection Officer (DPO) at the following address:
LUMIBIRD SA
2 rue Paul Sabatier
22300 Lannion, FRANCE
Tel: + 33 2 96 05 08 00
or send an e-mail to: privacy@lumibird.com
8.3 Complaining to the CNIL
You may at any time lodge a complaint with the competent authority i.e. the French Data Protection Agency (CNIL) using the following link: https://www.cnil.fr/fr/plaintes.
ARTICLE 9: SECURITY MEASURES
You entrust us with your data and we look after it!
LUMIBIRD is concerned about the security of personal data which it undertakes to process securely and only for time necessary to achieve the intended purpose.
LUMIBIRD has put in place technical and organisational measures to ensure an adequate level of data protection in relation to the nature and purpose of the processing.
Therefore, in accordance with Article 32 of the GDPR on the security of processing, LUMIBIRD SA has implemented ways of guaranteeing the constant confidentiality, integrity, availability and resilience of processing systems and services.
However, the security obligation remains an obligation of means, i.e. we do everything possible to ensure the confidentiality and integrity of your personal data.
Everyone who has access to your personal data has been made aware of best data protection practices. They are bound by a confidentiality obligation, and are liable to disciplinary action in the event of non-compliance with this provision.
ARTICLE 10: DATA TRANSFERS OUTSIDE THE EUROPEAN UNION
A well-organised trip!
As part of our activity and for the management of your requests, we may need to transfer data outside the European Union. However, before any transmission of your personal data, we check the rules applicable to data transfers outside the European Union.
ARTICLE 11: COOKIES
You can choose between eating cookies and going on a diet
As with most websites, our website uses cookies that can be classified into three categories:
SOCIAL NETWORKS
These cookies allow you to share your activity on our site with social network companies. Please consult the privacy policies of these companies to find out how their cookies work.
PERFORMANCE / ANALYTICAL :
These cookies collect anonymous information about your use of our website. The information collected by these cookies is used only to improve your browsing experience on our website and never for identifying you. Sometimes these cookies are placed by third-party providers of web traffic analysis services.
STRICTLY NECESSARY:
These cookies are essential to allow you to browse our websites and use their features.
If you wish to limit your tracking, it is recommended that you reject them by default via the cookie management banner we have set up on our website. In our cookie policy you will also find the procedure for accepting, customising or refusing cookies by expressing your choice using the banner that appears at the bottom of your screen.
ARTICLE 12: DATA PROTECTION POLICY UPDATES
Hang in there, you’ve almost finished!
This personal data protection policy may evolve. The last update was made on 16, september 2024.
LUMIBIRD