Privacy and Data Protection Policy
The website www.pierrot-gourmand.com is published by ANDROS and GER’SON companies.
In order to observe rules related to data protection and privacy, ANDROS and GER’SON have developed this web site in accordance with the European general rule about Data Protection and Privacy no. 2016/679 (hereby called « RGPD ») and the French law about information technology, data files and civil liberties dated January 6th 1978 in its latest version.
ANDROS and GER’SON are committed to collecting your personal information in a legal, fair and transparent way.
1. WHO IS RESPONSIBLE FOR PROCESSING OF YOUR INFORMATION ON THE WEBSITE?
The entities responsible for processing of your personal information are ANDROS, a “Société en nom collectif” (general partnership) registered with the French corporate and trade register in Cahors under the number 428 682 447 and located Zone Industrielle, 46130 Biars-sur-Cère (France) and GER’SON, a “Société en nom collectif” (general partnership) registered with the French corporate and trade register in Brive under the number 701.650.145 of which head office is located Les Escures – 19120 Altillac (France).
2. WHAT PERSONAL INFORMATION IS PROCESSED?
Personal information processed is as follows:
Personal information that identifies you: title, first name, family name, invoicing address, delivery address, email address, phone number.
Some personal information is mandatory (fields with an asterisk). Without this information, ANDROS and GER’SON will not be able to provide the sevice.
Information linked to your purchases (including list of purchases done, purchasing date, bank information for purchases and /or refunds ),
Information linked to your participation in sweepstakes,
Information linked to geographical position of an order’s delivery place in order to identify the closest parcel pick-up point ,
Information linked to visited pages.
3. WHY IS YOUR PERSONAL INFORMATION COLLECTED?
Processing of personal information is legally based on a contract, legal obligations that are incumbent upon ANDROS and GER’SON companies, legitimate interests of ANDROS and GER’SON companies, and, if applicable, your consent. When its processing is based on your consent, you have the right to withdraw your consent at any time.
If you don’t fill in fields with an asterisk, you may not be able to access some services of the website and ANDROS and/or GER’SON may not be able to fulfill your request.
|Contract execution||- Customer relationship management - Order execution - Order cancelations - Deliveries - Claims - Invoicing - Accounting - Sweepstakes|
|Consent||- Subscription to our newsletter - Email commercial prospecting including targeted commercial prospection - Personal information transmission to commercial partners - Participation in sweepstakes or lotteries - Reply to satisfaction surveys - Collection and publication of feedbacks - Product testing|
|Legitimate interests of ANDROS and GER’SON: - To know better our customers and propose them offers adapted to their interests, as far as we know; - To develop our customer base; - To secure our website and protect our brand||- Commercial surveys, statistics and analyses - Technical prospecting operations (including technical operations like standardization, enrichment and deduplication) - Commercial surveys, statistics and analyses - Technical prospecting operations (including technical operations like standardization, enrichment and deduplication) - People selection to carry out customer loyalty, prospecting, survey, product testing and promotion actions - Fraud prevention and account security measures - Management of feedbacks on our products - Outstanding payment and claim management|
|Legal obligations||- Requests for right exercise (right of access, right of objection, right of use limitation…) - Recording of obtained consent proofs - Update of prospecting files by the organization in charge of managing the cold calling opposition list|
4. WHO WILL HAVE ACCESS TO YOUR INFORMATION?
Personal information is managed by, within the limit of their duties:
- E-commerce, marketing, legal, customer relationship and accounting departments of ANDROS and GER’SON companies.
- External service providers in charge of processing personal information or within consulting and support missions of ANDROS and GER’SON. In this case, ANDROS and GER’SON have made sure to set guidelines to subcontracts, in accordance with legal and regulatory provisions;
- judicial and ministerial officers within their mission of legal support and justice representation in case of disputes;
- judicial authorities;
- any physical or legal person authorized by a court decision having legal enforceability;
- the organization in charge of managing the cold calling opposition list;
- commercial partners of ANDROS and GER’SON companies if you have expressly agreed it;
- the organization in charge of managing the cold calling opposition list when the phone number is collected for commercial prospecting purposes;
5. HOW LONG WILL YOUR PERSONAL INFORMATION BE STORED?
Your personal information will be stored for a duration that does not exceed what is necessary in accordance with the purposes for which they are collected, then are deleted.
The main storage durations are as follows:
|Deliveries, cancellations, order execution||5 years from contract’s beginning|
|Invoicing||10 years as accounting document|
|Commercial prospecting||3 years from your consent or your last contact|
|Claims||Duration of legal prescription acquisition. In case of legal proceedings, information is stored for a maximum of 5 years after the end of legal proceedings (when a decision is final)|
6. HOW DO TARGETED OFFERS PROPOSED TO YOU WORK?
You are informed that ANDROS and/or GER’SON companies may propose you personalized offers and information that, we think, may interest you, according to products you have purchased or looked at.
You have the possibility to contest this processing at any time in accordance with article 8 of this policy.
7. IS YOUR INFORMATION TRANSFERRED OUTSIDE EUROPEAN UNION?
Your personal information may be transferred outside European Union within the framework of services provided by our subcontractors. In this case, ANDROS and GER’SON companies have made sure to frame contracts that bind them to subcontractors, in accordance with legal and regulatory provisions .
These transfers are particularly framed by appropriate guarantees in order to ensure their safety. They are thus based on an adequacy decision of the European Commission related to the data protection level of a country.
In the absence of adequacy decision, transfers are framed in accordance with typical provisions of data protection approved by the European Commission.
8. WHAT ARE YOUR RIGHTS?
In accordance with applicable regulation related to personal data protection, you have a right of access, modification, deletion of your personal information as well as a right to limit its processing and a right of objection to its processing, a right of your information’s portability, a right to define instructions related to storage, deletion and communication of your personal information after your death. You may exercise your rights by writing to ANDROS, DPO - Zone Industrielle 46130 Biars-sur-Cère (France) or by contacting the data protection delegate at the following email address: DPO-Andros@andros.fr.
An identity proof may be required.
The exercise of one of your rights may be denied if your request does not satisfy the conditions specified by this policy or the applicable regulation. In that case, you will be duly informed.
Moreover, you are informed of the existence of a cold calling opposition list "Bloctel”, on which you may be recorded: https://conso.bloctel.fr/.
In case of claim, you have the right to refer to CNIL at the following address: 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX (France), if you think that processing of your personal information does not comply with applicable legal and regulatory provisions.
9. HOW ARE YOUR PERSONAL INFORMATION’S SAFETY AND CONFIDENTIALITY GUARANTEED?
Andros and GER’SON companies commit themselves to implement all physical safety measures (premises access safety, authorization management, equipment safety, etc.…) and logical safety measures (antivirus software, password safety, flow safety, anonymization, encryption, data traceability, etc.) necessary to guarantee safety and confidentiality of processed personal information.