Privacy Policy

Introduction

ARRIVÉ SAS  is particularly attentive to the protection of your personal data. Regarding the personal data you entrust to us, we transparently inform you about our policy on the protection of personal data.

ARRIVÉ SAS  is committed to processing your personal data in accordance with the provisions of the General Data Protection Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR) and the Law No. 78-17 of January 6, 1978, as amended, relating to information technology, files, and freedoms (the « Information Technology and Freedom » Law), which define the conditions under which processing of personal data can be carried out.

Any information collected through the website that allows for your direct or indirect identification shall be considered personal data and shall be processed in accordance with this policy.

We invite you to regularly consult this section as ARRIVÉ SAS may be required to modify it at any time.

This Privacy Policy was last updated on November 30, 2023.

Data controller and data protection officer

The data controller for the data collected and processed on our website is ARRIVÉ SAS, Rue du Stade 85250 SAINT FULGENT (hereinafter referred to as the « Data Controller« ).

The Data Controller has appointed a Data Protection Officer or « DPO, » whom you can contact at the following address: dpo@ldc.fr .

Personal data

Within the meaning of the GDPR Regulation, personal data shall refer to any information relating to an identified or identifiable natural person.

The personal data collected varies depending on the purpose of the collection and the service you wish to benefit from.

You commit to providing up-to-date and valid personal data and guarantee not to make any false statements and not  to provide any incorrect information.

Processing purposes, legal bases, and retention periods

Purpose of processing: Management of job applications through the dedicated space on the website

Legal basis: Consent

Retention period: 2 years from the last contact with the applicant

Purpose of processing: Management of requests received through the contact form

Legal basis: Legitimate interest (Responding to contact requests)

Retention period: For clients: 3 years from the end of the commercial relationship / For prospects: 3 years from the collection of personal data or from the last contact initiated by the prospect

Purpose of processing: Cookie management

Legal basis: Consent

Retention period: 13 months

Your rights

In accordance with the provisions of the GDPR, you have the following rights:

  • Right of access: The right to obtain confirmation of that your personal data is or is not being processed, and to obtain communication thereof
  • Right to rectification: The right to obtain the rectification of inaccurate personal data or to be able to complete incomplete data
  • Right to erasure: The right to obtain the deletion of your personal data when possible.
  • Right to object: The right to object at any time to the processing of your personal data when it is based on our legitimate interest.
  • Right to withdraw your consent: When the processing of your data is based on your consent. You can exercise this right at any time without having to justify the reason.
  • Right to limitation: The right to request the freezing of data processing for a certain period.
  • Right to data portability: The right to receive the personal data you have provided in a structured, commonly used, and machine-readable format and to communicate it to a third party.
  • Right to file a complaint: The right to file a complaint with the CNIL if you believe that your rights are not being respected.

You can exercise these rights at any time by contacting us using the following form:

https://www.ldc.fr/rgpd/professionnels/

https://www.ldc.fr/rgpd/consommateurs/

https://www.ldc.fr/rgpd/salaries/

Right to file a complaint with the CNIL

If you believe, after contacting us, that your « Information Technology and Freedom » rights are not respected, you can file a complaint with the CNIL: https://www.cnil.fr/fr/plaintes.

Protection of your personal data

To ensure the security of your personal data, we have implemented security measures, including access controls, firewalls, and secure servers.

These measures aim to protect your personal data against any loss, misappropriation, misuse, disclosure, alteration, interference, damage, unauthorized access to data.

Access to your personal data

Your personal data is intended for the authorized personnel of the Data Controller empowered to process them, in particular the marketing, sustainable development, IT, sales, quality, and administrative departments.

Sharing of your personal data

In accordance with the regulations, when we are required to share your personal data with subcontractors for certain purposes described in this Policy, we ensure that their data security and storage system is at least as significant as that of our organization. We also ensure that they comply with data protection laws under conditions at least equivalent to those we adhere to.

Furthermore, as subcontractors may process your personal data on our behalf and following our instructions, we commit to ensuring that your personal data is not shared or disclosed for purposes other than those described in this Policy. However, we may be required to transmit your data for purposes other than those provided for in the Policy in cases where their disclosure is required by law and government authorities.

Transfer of your data outside the european economic area

In principle, we ensure your personal data is kept within the European Union. However, it is possible that your data may be occasionally transferred to subcontractors or business partners located in other countries, provided they offer a level of protection recognized as adequate by the European Commission. In the event of transfer of your data to a country whose level of protection has not been recognized as adequate, we implement Standard Contractual Clauses approved by the European Commission which ensure a sufficient level of privacy and fundamental rights protection.

Third-party websites

The Data Controller’s website may be associated with third-party websites. Websites hosted by third parties are beyond our control. When you provide personal data on a third-party website, the processing of such data is not carried out on our website but on the concerned third-party website. Any personal data you provide will be collected and processed in accordance with the data privacy policy of the concerned third party.

Therefore, we assume no responsibility for the data protection practices of said third parties.

Applicable law

This Privacy Policy is governed by and shall be interpreted in accordance with French law.