Privacy Policy

As mandated by the European Union’s General Data Protection Regulation (hereinafter “RGPD”) and the amended French law no. 78-17 dated January 6, 1978 governing data protection and civil liberties, Fichet Group (hereinafter “Fichet” or “we”) – a company under the laws of France with registered head office at 7, rue Paul Dautier, 78141 Vélizy-Villacoublay (France) – formally identifies as the data controller legally responsible for all personal data it collects, uses and manages in accordance with the terms of the present Privacy Policy (hereinafter “present policy”). 

Your privacy is highly important to us. We are committed to protecting all personal data provided to Fichet Group, whether from business partners, visitors or users of our websites or other channels of communication.  

Personal data is information pertaining to an identified or identifiable natural person. The present policy sets out what personal data we collect, how we may use and process it, and what your rights are in relation to such operations. Before you provide any personal data to us or browse our websites, we recommend that you read this entire privacy policy to ensure you can give informed consent to our personal data practices.  

Please note that our websites may contain links to other websites. Such third-party websites are not subject to the terms of this policy. We therefore advise you to check the privacy and data protection policies of each website you visit. Fichet can only be held responsible for the privacy and security of the data we collect; it has no control over the actions of third-party companies regarding your data. 

For definitions of terms used in this policy, please refer to the glossary provided at the end of this document. 

How do we implement data protection? 

We comply we the following obligations:  

  • Upstream integration of personal data protection, i.e. privacy by design. 

We take into account the protection of your personal data and privacy right from the design stage of all services offered to you, thus minimizing the risks of non-compliance with the principles of the RGPD and French data protection legislation.  

Technical and organizational measures appropriate and proportionate to the processing of personal data are always taken in accordance with the precise purpose of intended processing. 

This principle therefore allows for the effective implementation of preventive measures to limit the risks to personal data.  

  • Systematic use of the highest level of personal data protection, i.e. privacy by default. 

By default, we always implement technical and organizational measures corresponding to the highest standards designed to guarantee optimal security for the processing of personal data.  

Who owns the personal data we collect? 

Within the remit of its business operations, Fichet Group collects personal data from a variety of individuals, including: 

  • representatives of our suppliers, clients or other business partners; 
  • external service providers; 
  • users of our websites; 
  • people who contact us by any means; 
  • candidates for recruitment. 

How do we collect your personal data? 

The personal data we collect is that which you voluntarily and knowingly provide to us. We collect personal data when: 

  • you visit our websites or fill out one of our online forms; 
  • contact our client support services or make any form of inquiry; 
  • physically visit one of our sites; 
  • place an order; 
  • communicate with us through networking sites, third-party applications or other similar technology; 
  • subscribe to our blogs, newsletters or mailing lists; 
  • visit our stands at professional fairs. 

We may also collect your information from third parties, e.g. data from other websites that we publish online or from third-party companies (contractors, etc.). 

What personal data do we collect? 

In the course of business operations, Fichet Group may collect various personal data about you, such as your name, gender, job title, photograph, email address, home address and other contact details; likewise, information about your activities and other interests, correspondence exchanged with us (incl. meeting notes), products and services we have provided to you or which may be of interest to you and – finally – financial and payment data. 

Whenever you access our websites, we collect certain standard information that your browser sends to our sites. This information includes technical data such as your IP address, browser type, operating system, language, time zone, access times, country and page URL (referrer). 

For what purpose do we process your personal data? 

We process your personal data for the following purposes: 

  • to provide you with the information you have requested and the products and services you have ordered; 
  • to process and fulfil your contracts; 
  • to inform you of any changes to your purchased products and services and to provide you with information about similar products and services that may be of interest to you; 
  • to inform you of market events and product launches; 
  • to communicate with you and with third parties; 
  • to administer our websites and improve our products and services; 
  • to perform analyses of the use of our websites; 
  • to meet our legal and regulatory obligations; 
  • for a variety of other business purposes such as negotiating, entering into and performing contracts, managing accounts and records, supporting corporate social responsibility activities, performing legal, regulatory and internal research, or even debt management. 

How long will your personal data be kept? 

The length of time we retain your personal data depends on the processing performed.  

We undertake not to retain your personal data beyond the period necessary for the provision of the intended service, namely the duration of your effective use of such service, plus the period of retention mandated by applicable rules on legal prescription. 

Recruitment 

When you apply for a position through our websites or by any other means, we collect additional, more specific personal data about you, such as your qualifications, work experience, references and interview notes. We may also ask you for further information such as your interests and the types of positions you are interested in. Any personal data you provide to Fichet Group as part of an application is also processed in accordance with our standard recruitment practices. 

In order to comply with current legislation on the protection of privacy, the legal basis for the processing of your Personal Data must be specified by Fichet Group. In accordance with the purposes detailed above for which we collect and use your personal data, the legal basis for the processing of your personal data by Fichet Group is generally one or a sum of the following items: 

  • your consent; 
  • the performance of a contract between us and you or other parties; 
  • the legitimate business interests of Fichet Group;  
  • compliance with our legal obligations. 

With whom do we share your personal data? 

We may disclose your personal data to third parties such as public authorities, our advisors, our IT service providers and third-party companies appointed by Fichet Group in order to respond to your request for service; to protect any intellectual property rights relating to a product or service featured on or available through our websites; to obtain legal or other advice; to respond to a legal inquiry or to comply with a legal obligation; and to ensure the effective implementation of the terms of use of our websites. 

We may disclose your personal data to third parties – including prospective sellers or buyers – in the event of a sale, acquisition or merger of any company or specific asset. 

Since Fichet Group operates worldwide, we may share the personal data you provide with any Fichet Group subsidiary worldwide. These companies shall be under the same obligation to respect the confidentiality of your data and to use it only for the purposes set out in the present policy. 

We may choose to allow users to share comments, messages, testimonials or other information. Any such information you choose to submit to us may therefore be made publicly available, in which case it will be read, collected and used by those who access it. 

We may also share non-personal data with third parties not listed above. In such cases, we may “aggregate” or “anonymize” the information so that a third party cannot relate the data to you and your personal computer or device. Aggregation means that we combine non-personal data from a large number of people so that it no longer relates to any one individual. Anonymization means that we undertake to remove or alter all details that could be used to link data to an individual. 

Transfer of personal data 

Please note that any person to whom Fichet Group may disclose your personal data in accordance with this Policy may be located in a country other than your own, and that country may have less stringent data protection legislation.  

When we transfer your personal data abroad, we take legally required measures to protect it and to ensure that it is processed in accordance with the present policy. If you reside in the European Economic Area or the United Kingdom, you can ask us for a list of the precautions we take to protect your personal data and privacy rights, using the contact form available on our website (https://www.fichetgroup.com/fr-fr/) or by writing to the following email address: dpo.fichetgroup@dposystem.fr. 

Security 

Fichet Group takes all necessary measures to ensure the security and confidentiality of your personal data and in particular to prevent it from being damaged, deleted or accessed by unauthorized third parties. Only authorized persons may access this data.  

As technologies evolve, Fichet Group remains committed to delivering permanent efforts to improve its security procedures in order to maintain the highest level of protection. Our members of staff as well as all employees of our subcontractors having access to personal data are contractually bound to confidentiality. 

Organizational security measures include limiting access to personal data to only authorized persons with a legitimate interest in knowing it. 

In addition, in the event of a security incident affecting your personal data (destruction, loss, alteration or disclosure), Fichet will comply with all legal obligations to give formal notice of such incidents, especially to France’s supervision authority CNIL (Commission Nationale de l’Informatique et des Libertés).  

Your rights 

You may at any time exercise the rights provided for in current regulations applicable to personal data, provided that you meet their preconditions and in accordance with the legal basis defined for processing of such data—namely: 

  • Right of access: you may at any time have access to your personal data being processed on the basis of your consent, the performance of a public service mission, a legal obligation, the performance of your contract or the legitimate interest of the data controller.  
  • Right to rectification: you may at any time update your personal data or have it rectified if the processing is based on your consent, the performance of a public service mission, a legal obligation, the performance of your contract or the legitimate interest of the data controller. 
  • Right to object: you may at any time express your wish that your personal data no longer be processed if the processing is based on your consent (by withdrawal of such consent) or on contractual performance (via a contractual termination clause) as well as in the case of processing carried out in the legitimate interest of the data controller. However, you may not object to processing carried out in the context of a legal obligation incumbent on the data controller, or in the context of the performance of a public service mission entailing compelling and legitimate reasons overriding your rights and freedoms. 
  • Right to erasure (‘right to be forgotten’): subject to the legal retention period, you may request the erasure of your personal data if the processing is based on your consent (by withdrawal of such consent) or on contractual performance (via a contractual termination clause) as well as in the case of processing carried out in the legitimate interest of the data controller. However, you may not request the deletion of data being processed in the context of a legal obligation or the performance of a public service mission incumbent on the data controller; 
  • Right to restriction of processing: you may request the suspension of the processing of your personal data based on your consent, a legal obligation, contractual performance or the legitimate interest of the data controller if you have a pending request for rectification, deletion or objection or if you consider the processing unlawful but the data controller objects to the deletion of personal data; 
  • Right to data portability: you may request the controller to retrieve your personal data in order to dispose of it—but only if the processing is based on your consent or contractual performance. You may not benefit from this right if the processing is carried out in the context of a legal obligation, the performance of a public service mission or the legitimate interest of the data controller. 

The e-mail address to which to send your requests to exercise any of the above rights will always be provided on collection of your personal data.  

Any request that is not made in a manner that leaves no doubt as to the identity of the applicant must be accompanied by a copy of a proof of identity.  

We undertake to respond to your requests to exercise your rights as soon as possible and at the latest within one month of receipt of your request and insofar as the exercise of such rights does not prejudice the performance of contracts or compliance with legal and regulatory obligations. If necessary, this period may be extended by two months in the event of complexity and/or a large number of requests. 

We comply with our obligations regarding the protection, security and confidentiality of personal data and have appointed a Data Protection Officer. 

You can contact our Data Protection Officer at the following address: dpo.fichetgroup@dposystem.fr. 

Furthermore, you may lodge a complaint with France’s supervision authority CNIL (Commission Nationale de l’Informatique et des Libertés) by sending your requests to the following website: www.cnil.fr/fr.plaintes/internet 

Queries and complaints 

If you have a problem or complaint about Fichet Group’s use of your personal data, please begin by contacting us in writing at the address indicated on the “Contact” page of our website (https://www.fichetgroup.com/be-fr/)nous-contacter) or by e-mail at dpo.fichetgroup@dposystem.fr. 

If you are dissatisfied with the way Fichet Group has handled your question or complaint, you may bring the matter to the attention of your national data protection authority. 

Amendments to the present policy 

We reserve the right to change or amend the present privacy policy at any time by posting of a revised version on our website. It is your responsibility to review this policy each time you submit information or place an order with us. 

Cookies 

A cookie is a small data file that a website you visit may write to your hard drive. A cookie file may contain information (such as a user ID) that the website can use to track your preferences and the pages you have visited. A cookie cannot contain any personal data other than that which you have personally provided.  A cookie cannot read data off your hard drive or read cookie files created by other Web sites. 

Fichet Group uses cookies to track users’ browsing patterns and to improve the usability of its websites. 

Users can configure their browser to notify them when they receive a cookie and allow them to accept or reject it. Users may also refuse all cookies by turning off the “Cookies” feature of their browser.  

However, the use of cookies is necessary to enable all of the features of Fichet Group websites,  

When you first visit a Fichet Group website, a banner will appear indicating that the website uses cookies.  

If you agree, these cookies will be kept for a maximum of 13 months. At the end of this period, your consent will be requested again.  

You can withdraw your consent at any time. 

Social media features

Fichetgroup.com includes social media features, such as sharing and tracking buttons. These features may collect your IP address, track the pages you visit on our sites, and may also set a cookie to enable the feature. 

Social media features are either hosted by a third party or hosted directly on our websites. However, the present privacy policy does not apply to these features. Your interactions with them are governed by the privacy policies and other rules of the companies from which they originate. 

 

  

Your comments 

Your views on our various policies are important to us. If you have any comments regarding this policy, please contact us at info.fr@fichetgroup.com. 

Last updated on June 1, 2021. 

Glossary 

Data controller: the person(s) responsible for determining the purposes of data processing and the means allocated for such purposes. 

Data protection authority: the supervisory authority responsible for matters relating to the confidentiality and protection of personal data within the territory where Fichet Group or one of its subsidiaries operates. 

European Economic Area (EEA): the European Economic Area includes all member states of the European Union as well as Iceland, Liechtenstein and Norway. 

Personal Data: information pertaining to an identified or identifiable natural person, for instance data related to Fichet Group employees, applicants, contractors and suppliers (incl. employees of such contractors or suppliers), clients and users of Fichet Group products, users of our websites and users of our hotlines and service centers. Personal data includes the individual’s name, postal address, e-mail address and user account information—together with all related applications, forms or correspondence. Personal data may also include web browsing information (e.g., data associated with a particular cookie) and IP addresses, where these can be associated with a specific individual. 

Processing: any activity relating to personal data, including the collection of data, its storage, later access, association with other data, disclosure to a third party or even deletion.