CNCR Group SAS
Privacy policy for customers, suppliers and service providers
Last updated: June 23, 2020
About this Policy
This Privacy Policy (the ‘Policy’) describes how we collect, share and use, any information which, used alone or in combination with other information, relates to you (‘Personal Data’) in your capacity as a contact of our customers, suppliers or service providers (‘you’ and ‘your’) of CNCR Group SAS (‘CNCR’, ‘we’ or ‘our’). It is important to note that CNCR does not provide any service to consumers: indeed, CNCR only contracts with professionals.
This Policy also sets out the rights you have and which relate to the Personal Data that we process about you, as well as how you can exercise them.
CNCR takes its privacy obligations seriously. This is the reason why we have developed this Policy describing the standards that CNCR applies in order to protect your Personal Data.
For the purposes of this Policy, the CNCR company with which you have entered into a contract acts as the data controller of your Personal Data. In this capacity, the CNCR company is responsible for ensuring that the processing of Personal Data complies with the data protection legislation in force, and more particularly the General Data Protection Regulation (‘RGPD’).
Please take the time to read this Policy carefully. If you have any questions or comments, please contact us at contact
cncr-group.fr.
- What Personal Data is collected by CNCR and why??
- The types of Personal Data we collect, and the purposes for which we process it are as follows:
| Why do we collect them? | Types of Personal Data | Legal basis |
| For the management and processing of our customers’ orders and their monitoring (invoicing, management of receivables, complaints for example) of the transactions that we carry out with your company on a day-to-day basis | Identification data, such as name, business address, business telephone number, function and profession, etc. | The contractual necessity |
| For marketing and communication purposes to our customers, such as communication about our activities, services and products, etc. | Identification data, such as name, business address, business telephone number, function and profession, etc. | Identification data, such as name, business address, business telephone number, function and profession, etc. |
| For supplier management (procurement) | Identification data, such as name, business address, business telephone number, function and profession, etc. | Identification data, such as name, business address, business telephone number, function and profession, etc. |
| For the management of service providers (business suppliers) | Identification data, such as name, business address, business telephone number, function and profession, etc. | The contractual necessity |
If we ask you to provide other Personal Data than those described above, we will tell you which Personal Data we ask you to provide and the reasons for which we are asking you at the appropriate time.
- With whom does CNCR share your Personal Data?
- We may transmit your Personal Data to the following categories of recipients:
- to our third-party suppliers, service providers and partners who provide us with a data processing service, or who process Personal Data for the purposes described in this Policy, or who are notified to you when your Personal Data is collected. This may include communications with third party vendors as well as other service providers that we use in connection with the services they provide to us. Thus, we use the Sage platform integrated by the company Aptetude to manage customer and supplier relationships. Data can also be stored on our Outlook mailbox.
- to any relevant law enforcement agency, regulator, government agency, court, or other third party, where we believe disclosure is necessary (i) under applicable laws or regulations, (ii) in order to establish or defend our rights, or (iii) to protect your vital interests or those of any other person;
- to our auditors, advisers, legal representatives and similar agents in the context of the advisory services they provide to us for legitimate business purposes and under the guise of a contractual ban from using Personal Data for other purposes;
- to a potential buyer (and his agents and advisers), in connection with a proposed purchase, merger or acquisition of part of our business, provided that we inform the buyer that he does not must use your Personal Data only for the purposes described in this Policy;
- to any other person once you have given your prior consent to the disclosure.
- We may transmit your Personal Data to the following categories of recipients:
- How we protect your privacy
- In accordance with this Policy, we will process Personal Data as follows:
- Loyalty: We will treat your Personal Data fairly. This means that we are transparent about how we process Personal Data and that we will treat it in accordance with applicable laws.
- Limitation of purpose: We will process Personal Data for specified and lawful purposes, and we will not process it in a manner incompatible with those purposes.
- Proportionality: We will process Personal Data in a manner that is proportionate to the purposes for which the processing is intended to achieve.
- Accuracy of data: We take appropriate measures to ensure that the Personal Data we hold is accurate, complete and, if necessary, kept up to date. However, it is also your responsibility to ensure that your Personal Data is as accurate, complete and up to date as possible by informing CNCR of any changes or errors. You must inform us of any change to the Personal Data we hold about you (e.g. change of address or position).
- In accordance with this Policy, we will process Personal Data as follows:
Data security: We use appropriate technical and organizational measures to protect the Personal Data that we collect and process about you. The security measures we use include backups of the local server, individual authentication to access workstations and protection of physical access to the premises via video protection cameras.
- Sub-processors: We may engage third parties to process Personal Data on behalf of and on behalf of CNCR. We require these processors to process Personal Data and act strictly on our instructions and to take appropriate measures to ensure that Personal Data remains protected.
- International Data Transfers: Your Personal Data may be transferred and processed in countries other than the country where you reside. These countries may have data protection laws that are different from the laws applicable in France. In this case, we take the appropriate measures to protect your data.
- Data Retention: We retain the Personal Data that we collect from you when we have a legitimate business need (for example in order to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When we no longer have a legitimate business need to process your Personal Data, we delete it or make it anonymous, or if this is not possible (for example, your Personal Data has been stored in backup archives), we Store them safely and isolate them from further processing until overpressure is possible.
- Your data protection rights
- You have the following data protection rights:
- If you wish to access, correct, update or request the deletion of your Personal Data, you can do so at any time by contacting contact@cncr-group.fr.
- In addition, in certain circumstances, you can object to the processing of your Personal Data, ask us to limit the processing of your Personal Data, or request the portability of your Personal Data. Again, you can exercise these rights by contacting the address contact@cncr-group.fr.
- You have the right to opt out of marketing communications we send to you at any time. You can exercise this right by contacting us using the contact details above.
- If you have a complaint or concern about the way we process your Personal Data, we will endeavor to address those concerns. If you believe that we have not sufficiently addressed your complaint or concern, you have the right to complain to a data protection authority about our collection and use of your Personal Data. . For more information, please contact the Commission Nationale de l’Informatique et des Libertés (CNIL) whose contact details are accessible. ici.
- You have the following data protection rights:
We respond to all requests we receive from people wishing to exercise the rights relating to the protection of their Personal Data in accordance with applicable data protection laws.
- Update of this Policy
- We may update this Policy from time to time in response to changing legal, technical or business developments. When we update our Policy, we will take the appropriate steps to notify you, given the significance of the changes we will make. We will obtain your consent to any material changes to this Policy if required by applicable data protection laws.
- You can see when this Policy was last updated by referring to the ‘last updated’ date displayed at the top of this Policy.