5àsec Personal Data Protection Policy

The 5àsec Group attaches great importance to protecting the personal data and privacy of its customers and of all Users of its websites or mobile applications.

This Personal Data Protection Policy describes the types of personal data that 5àsec may need to collect concerning you and the way that 5àsec and its subcontractors may need to use these data.

All operations on your personal data are carried out in compliance with the regulations in force with effect from 25 May 2018, pursuant to “Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data” (the “Regulation””).

The User of the services, websites and applications of 5àsec acknowledges that he/she has read and accepted the terms of this Policy and of the general terms and conditions of service available on the websites concerned. If the User does not consent to these terms, he/she is free not to use the services and websites or mobile applications and not to supply any personal data.

 

ARTICLE 1 - DEFINITIONS

“Personal data” - any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to the person.

“Processing of personal data” - any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Controller” - the natural or legal person, public authority, agency or other body which, alone or jointly with others, collects and processes personal data.

“Recipient” - the natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

“Processor” - the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

“Authorised third parties” - a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

 

ARTICLE 2 - IDENTITY OF THE CONTROLLER

The personal data are collected by the 5àsec Group - (the company Financière Hygie, 8 rue du Sentier, 75 002 PARIS, represented by Mr. Olivier BOCCARA in his capacity as CEO, and its subsidiaries).

 

ARTICLE 3 - LEGAL BASIS FOR DATA PROCESSING

Data is processed on the basis of at least one of the following principles:

-             Establishment and implementation of a contract or taking pre-contractual steps requested by the person concerned

-             The need to comply with the applicable legal or regulatory obligations

-             The consent of the persons concerned

-             The need to satisfy the legitimate interests of 5àsec

 

ARTICLE 4 - PROCESSING OF PERSONAL DATA

In providing its services and operating its websites and mobile applications 5àsec collects data concerning you. These data are processed in compliance with the purposes specified at the time of collection.

As a general rule, the items of information that are essential for carrying out the service are marked by an asterisk on the data collection forms or are verbally identified as being essential at the time of collection. If you do not fill in the compulsory fields, we will not be able to perform the service.

In particular, 5àsec may need to collect and use your personal data to access the functionalities and services proposed on our websites and mobile applications and to keep the information concerning you up-to-date, correct and relevant, especially for one or more of the following purposes:

 

  • Management of orders and in-store services

When you place an order or purchase services in a 5àsec-affiliated store, our sales staff at the cash registers will collect, directly from you, any of your personal data that is necessary for the following purposes: performance, payment, and invoicing of the service you require and notification by SMS or email when the service is complete.

In the case of in-store services, the personal data that 5àsec will be most likely to require are:

-             your surname and first name

-             your contact details (postal address, mobile or landline phone number, email address)

-             your instructions, as communicated to the sales staff

 

  • Management of requests for information and/or documentation

Your identification data will enable us to process your request on the contact forms, for example:

  • your personal details (title, name, first name, date of birth, postal address)
  • your contact details (fixed line or mobile phone number, email address)
  • email correspondence (content of your emails, your address and any correspondence sent to you)
  • the internal processing code enabling us to identify the customer.

 

  • Management of job applications

Your career details (educational qualifications, certifications, CV, motivation letters etc.) will enable us to process your application. The recipients of these details are exclusively the internal departments of 5àsec and its subsidiaries. Any communication of the data to third parties (e.g. recruitment firm, temporary employment agency etc.) will be conditional on prior consent by the person concerned (“data subject”).

 

  • Transmission of commercial information

5àsec complies with the regulations stipulated in articles 6 and 7 of the EU Data Protection Regulation, which specifies that the prior consent (“opt-in”) of the User must be expressly obtained for the transmission of special offers, marketing, canvassing etc.

So, subject to your rights, your data may be used to inform you by email and/or SMS of offers, services, promotions and games/competitions proposed by 5àsec and its subsidiaries.

Via the website, via our collection media or when you buy from one of our stores, 5àsec requests your prior consent by asking you to fill in your personal details. For example:

  • name, first name, address, date of birth, phone number (fixed line or mobile), email address

By way of exception, as part of our service, in your capacity as customer, without having given your consent, 5àsec may process your data to send you marketing information by electronic means if you are already a 5àsec customer and if the purpose of this prospecting is to propose similar products or services. This information is sent pursuant to the legitimate interests of 5àsec and in compliance with the balance of interests between the customer and 5àsec.

In all cases, you have the option to refuse to receive these marketing messages by carrying out the following actions:

  • In the case of email, by clicking the “unsubscribe” link provided in each mail.
  • In the case of SMS prospecting, by sending a “stop SMS” text message to the number indicated on the received SMS.

 

  • Loyalty program

Your data will enable us to manage your membership of our loyalty program, for example:

  • your personal details (title, name, first name, postal address)
  • your contact details (billing address, email address)
  •  your fixed line or mobile phone number

 

  • Website traffic statistics on 5àsec websites:

Cookies and other trackers may be stored and/or retrieved on your device when you browse the websites of 5àsec and its subsidiaries. The data that may be processed using these technologies are: IP address, pages consulted by the user, date and time of visit (see details concerning cookies below).

 

  • Geolocation and mobile applications

We use technologies that enable us to determine the current location of your mobile device. This function requires your consent and can be deactivated on installing the “app” or, after its installation, in your phone settings. Unless you give your consent, the data relating to your movements will not be saved.

 

  • Collection of banking data

A secure payment system is available to Users for all purchase orders via a 5àsec website or mobile app.

This payment system is managed by 5àsec’s payment collection partner, in compliance with regulations. The bank card details are erased after each transaction or are archived by a secure system for a maximum period of about 13 months, in case of complaints or disputes.

Additionally, 5àsec and its subsidiaries may need to collect personal data for other purposes, on the basis of legal obligations or legitimate interests of 5àsec or after taking care to obtain the prior freely given, specific, informed and unambiguous consent of the persons concerned (“data subjects”), including by electronic means.

 

ARTICLE 5 -DATA RETENTION PERIOD

5àsec will store your personal data in a secured environment for the period necessary for the purposes for which the data were collected or for the maximum storage period laid down by the laws of your country.

The table below summarises the different maximum retention periods applicable, depending on the purposes for which 5àsec may need to process your data.

These maximum periods will apply unless you request the erasure or discontinuation of use of your data before the end of the period, for a legitimate reason that is not in infringement of the minimum period imposed on 5àsec by law.

Purpose

Retention period

Video surveillance to ensure the security of merchandise and of the persons visiting the stores of 5àsec and its subsidiaries.

30 days

Statistical metering and personalisation of websites and mobile applications, management of cookies

13 months

Management of requests for access to data and rectification of data

1 year from receipt of the requests

Replies to customer satisfaction surveys

2 years from the last contact

Promotional and loyalty operations, competitions and games, sending of offers

3 years from the end of the business relationship or the last contact initiated by the customer or prospect

 

Management and logging of purchases and services, warranties, debt recovery, complaints management

10 years from the last event, except for data concerning payment methods, which are processed by the 5àsec payment service providers - only for the prescription period of the payment operations.

 

 

ARTICLE 6 – SECURITY MEASURES

In view of technological developments, implementation costs, the nature of the data to be protected and the risks to the life and liberty of persons, 5àsec implements all appropriate technical and organisational measures to guarantee the confidentiality of the collected and processed personal data and a security level adapted to the risk.

 

ARTICLE 7 - COMMUNICATION OF PERSONAL DATA

The collected personal data are intended for the internal departments of 5àsec. If 5àsec subcontracts the data processing activities to external processors, it will only employ processors that provide adequate guarantees concerning implementation of the appropriate technical and organisational measures to ensure that the processing is in compliance with the reliability and security requirements of the applicable regulations and guarantees the rights of the data subjects.

Your data can also be transmitted to the commercial partners of 5àsec, with your prior consent, for marketing purposes.

If you subsequently wish to stop receiving this marketing information from our partners, you can do so as follows:

•            In the case of email, by clicking on the unsubscribe link provided in each email

•            In the case of SMS, by sending a “stop SMS” text message to the number indicated on the received SMS

•            By sending an email to dpo.fr@5asec.com

 

The list of commercial partners of 5àsec that may receive your personal data is as follows:

No partner for the moment

 

ARTICLE 8 – TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION

For the most part, 5àsec processes personal data on the territory of the European Union.

In the case of data transfer to subsidiaries or partners outside the European Union and to countries not yet recognized by the European Union as having an adequate data protection level, 5àsec shall put in place tools or mechanisms to supervise and control these data transfers in compliance with EU regulations.

 

ARTICLE 9 – RIGHTS OF DATA SUBJECTS

In compliance with (EU) Regulation 2016/679 on the protection of personal data, you have the following rights concerning your data: right of access, right to rectification, right to erasure (right to be forgotten), right to object, right to restriction of processing and right to data portability.

For legitimate reasons, you can also object to the processing of data concerning you.

The right to object and the right to erasure (“right to be forgotten”) does not apply to certain forms of data processing governed by the laws and regulations in force.

You also have additional rights laid down by French law, such as the directives on the storage, erasure and communication of your personal data after your death.

5àsec has a Data Protection Officer (DPO), whom you may contact in case of difficulty.

To exercise your rights, you can address your request:

-             By post to the Data Protection Officer: DPO 5àsec – Avenue Vibert 38 – 1212 Grand-Lancy - Geneva - Switzerland

-             Email to: dpo.fr@5asec.com  

 

When submitting these requests, to prevent fraudulent use of identity, please provide evidence of your identity by suitable means (e.g. valid ID card). 

If, after contacting us, you consider that your rights concerning your personal data are not being respected, you can address a complaint to the French Data Protection Authority (CNIL) or to the data protection authority of your own country.

 

ARTICLE 10 – COOKIES: Uses and settings

5àsec websites use cookies to ensure the correct operation and optimization of the website and services proposed and to establish website traffic statistics.

A cookie records information concerning your computer’s browsing of our site (the pages you have consulted, the date and time of the visit etc.). We can then read this data on your future visits. You can refuse to accept the use of cookies by configuring the parameters of your web browser, as specified below. In this case, access to certain services and sections of the site may be altered or even impossible.

to monitor website traffic statistics (Google Analytics)

  • in the case of a sites requiring login, to keep your session open
  • to enable or facilitate electronic communication
  • to record the user’s choice on whether cookies are accepted

 

To refuse cookies

You can refuse the recording of cookies by configuring the parameters of your web browser, in particular by taking the following steps:

              Microsoft Edge:  https://support.microsoft.com/fr-fr/microsoft-edge/supprimer-les-cookies-dans-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09

 

Where applicable, the user is informed that in this case access to certain services and sections of the site may be altered or even impossible.

The storage period of cookies varies according to the type of cookies. We mainly use cookies that self-destruct after disconnection. These cookies are termed “session cookies” or “transient cookies”. Finally, information concerning your consent to cookies is saved for a maximum period of 13 months.

Google Analytics and Privacy

We use Google Analytics to track your activity on our websites and to determine the number of users visiting our pages and the content of the pages viewed. This analysis is anonymous. The Google Analytics cookies are stored on your terminal and can be transferred to a Google server located in the USA, where they will be saved. Google will use these data to analyse your use of the website, to produce website activity reports for the website operators and to provide other services relating to the use of the website and of the Internet. Where applicable, Google will also transmit these data to third parties, if this is required by law and/or if the third parties process the data under the authority of Google.

 

ARTICLE 11 - MODIFICATIONS OF THIS POLICY

If the present 5àsec Policy is changed, or if required by law, this will be published on our websites and shall take effect on publication. Consequently, we invite you to check the Policy each time you visit the site, to see the latest available version, which is always available on our websites and mobile applications.