Jean Hénaff SAS undertakes to ensure that the collection and processing of data from any Customer / User / Visitor (hereinafter referred to as “you”), carried out from the Site www.henaff.com (hereinafter referred to as “the Site”), complies with the General Data Protection Regulation (RGPD) and the French Data Protection Act (Loi Informatique et Libertés). You will find below details of the privacy policy of Jean Hénaff SAS, (hereinafter referred to as “we” or “us”) in compliance with the General Data Protection Regulation (RGPD) which came into force on May 25, 2018. This European regulatory text frames data processing equally throughout the European Union.
PURPOSE OF THIS POLICY
The RGPD follows on from the French Data Protection Act of 1978 establishing rules on the collection and use of data on French territory. It has been designed around 3 objectives:
The Commission Nationale de l’Informatique et des Libertés (CNIL) describes personal data as “any information relating to an identified or identifiable natural person”. There are 2 types of identification:
When an operation or set of operations involving personal data is carried out, it is considered to be the processing of personal data. The CNIL gives the following actions as examples of data processing:
This policy describes :
Note that the RGPD also concerns subcontractors, i.e. any structure that would process or collect personal data on behalf of another entity.
IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
The person responsible for processing personal data is: Jean Hénaff SAS, KER HASTELL, 29710 POULDREUZIC
infos@henaff.fr, 02 98 51 53 53, Loïc Hénaff.
COLLECTION & ORIGIN OF PERSONAL DATA
We may collect your Personal Data directly (in particular via the collection forms available on our Site) or indirectly (in particular via our service providers and/or our Site’s technologies), and where applicable, those of the recipient of the Order. We undertake to obtain your consent and/or to allow you to oppose the use of your data for certain purposes, as soon as this is necessary. In all cases, you will be informed of the purposes for which your data is collected via the various online data collection forms and via the Cookie Management Policy. You have the option of entering a third party’s contact details as part of a request via a form. In this case, the third party’s data will only be used to process the request. In this case, you guarantee that the third party whose data you provide is informed that you have provided us with data concerning him or her.
Types of personal data collected and used
In particular, we may collect and process the following types of Personal Data:
Personal data identified as non-optional in the collection forms are mandatory, as they are required to process the request. Failure to provide this mandatory information will prevent us from processing your request.
Personal data collected automatically
We collect certain information automatically when you visit the Site in order to personalize and improve your experience. We collect this information in a variety of ways:
Cookies
A “cookie” is a small data file sent to your browser when you visit our Site and stored on your terminal. This file contains information such as the domain name, the Internet service provider, the operating system and the date and time of the user’s access. Cookies are in no way likely to damage your terminal. Cookies are not used to determine the identity of an individual visiting our Site. Cookies enable us in particular to determine your geographical location and also to process information concerning your visit to the Site, such as the pages consulted and searches carried out, in order to improve the content of the Site, follow your centers of interest and offer you the most suitable content. You can choose to accept or refuse cookies from our Site and manage your preferences via your browser, which you can configure. Your browser can be set to notify you when cookies are placed on your computer and ask you to accept them or not. It is then up to you to accept or refuse cookies on a case-by-case basis, or to refuse them systematically once and for all. To manage your choices, the configuration of each browser is different. This is described in your browser’s help menu, which will tell you how to modify your cookie preferences. We recommend that you do not disable our cookies. Please note that if you block, turn off or reject our cookies, some pages of our Site may no longer display correctly or you may no longer be able to use some of the services we offer. In this case, we decline all responsibility for the consequences linked to the degraded operation of our services resulting from the impossibility for us to record or consult the cookies necessary for their operation and which you would have refused or deleted. Finally, by clicking on the icons dedicated to the social networks Twitter, Facebook, etc., which may appear on our Site, and if you have accepted the deposit of cookies by continuing your browsing on the Site, the social networks concerned may also deposit cookies on your terminals (computer, tablet, cell phone). These types of cookies are deposited on your terminals only if you consent to them by continuing to browse the Site. However, you can withdraw your consent at any time. You can also express your choices online to inter-professional platforms.
IP addresses
An IP address is a unique identifier that certain electronic devices use to identify themselves and communicate with each other on the Internet. When you visit the Site, we may use the IP address of the device you use to connect to it. We use this information to determine the general physical location of the device and to understand the geographic region from which visitors to the Site come. If you refuse the use of cookies, your IP address will not be recorded. Your browsing data will therefore be recorded anonymously.
Statistics
The Site uses Google Analytics to generate statistical reports. These reports tell us, for example, how many users have visited the Site, which pages have been visited, and from which geographical area the Site’s users originate. Information collected through the use of statistics may include, for example, your IP address, the website from which you arrived at our Site and the type of device you are using. Your IP address is masked on our systems and will only be used where necessary to resolve technical problems, to administer the Site and to understand visitor preferences. Information relating to traffic on the Site is only available to authorized personnel. We do not use any of this information to identify visitors, nor do we share it with third parties.
Social networking
You can click on the icons dedicated to the social networks Twitter, Facebook, Linkedin, Youtube etc. on our Site. Social networks improve the user-friendliness of the Site and help to promote it through sharing. Video sharing services enrich our Site with video content and increase its visibility. When you click on these buttons, we may have access to the personal information you have indicated as public and accessible from your profiles on the social networks concerned. However, we do not create or use any database independent of these social networks based on the personal information you may post on them, and we will not process any data relating to your private life in this way. If you do not want us to have access to the personal information published in the public area of your social profiles or accounts, you must use the means made available to you by the social networks concerned to restrict access to this data.
HOW PERSONAL DATA IS USED
We use your personal data for the following purposes:
LEGAL BASIS FOR PROCESSING PERSONAL DATA
We process your personal data as part of the performance and management of our contractual relationship with you, our legitimate interest in improving the quality and operational excellence of the services we offer you, and compliance with certain regulatory obligations. The processing of your data may also be carried out on the basis of your prior consent, should this be requested in certain situations.
DISCLOSURE OF PERSONAL DATA
The security and confidentiality of your data is of great importance to us. This is why we restrict access to your personal data only to those members of our staff who need to know in order to process your request or provide you with the requested service. We do not disclose your personal data to unauthorized third parties. We never sell your personal data for any purpose whatsoever. We may, however, share your data with Jean Hénaff Group entities and authorized service providers (e.g. technical service providers (hosting, maintenance), consultants, etc.) that we use to provide our services. We do not authorize these service providers to use or disclose your data, except to the extent necessary to perform services on our behalf or to comply with legal obligations. In addition, we may share personal data about you (i) if we are required to do so by law or legal process, (ii) in response to a request from public authorities or other officials, or (iii) if we consider that the transmission of such data is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation into suspected or actual unlawful activity.
PERSONALDATA RETENTION PERIOD We will retain your personal data for a period that complies with CNIL recommendations and legal obligations. This retention period does not exceed the period necessary for the purposes for which the data was collected and processed, and is extended, where applicable, by the duration of legal or regulatory requirements.
| Category of personal data | Retention rules |
| Customer account and prospect data | Respectively 5 and 3 years after the end of the commercial relationship with the customer. The end date of the commercial relationship is the most recent date among the following choices: last connection to the site, last connection to the customer account, last addition of a product to a basket, date of last opening of an email, or of the last communication between the customer and henaff.com. |
| Identification or proof of address | 1 year from date of receipt. |
| Bank details (RIB/IBAN) | 10 years from the end of the commercial relationship. |
| Cookies | 26 months for Google Analytics cookies, and 15 days for all other cookies, from the date the cookie is deposited on the computer terminal. |
| Purchasing data and accounting records | 10 years. |
| Data linked to your credit card by the payment service provider | 13 months in order to process any complaints and 15 months in the event of deferred payment. |
| IP address and log data | 12 months following collection to respond to legal requests. |
| Statistical audience measurement data | 13 months |
| IP address and log data | 12 months following collection to respond to legal requests. |
At the end of the above-mentioned periods, data may be rendered anonymous or archived to comply with legal or tax statutes of limitation.
Sensitive personal data
We do not collect Sensitive Personal Information through our Site. Sensitive Personal Data” means any information concerning a natural person’s racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, health data, or data concerning sex life or sexual orientation. This definition also includes Personal Data relating to criminal convictions and offences.
Personal information and minors
The Site is intended for adults who are capable of entering into obligations in accordance with the legislation of the country in which you are located. Users under the age of 16 who are not emancipated or incapacitated must obtain the prior consent of their legal guardian before entering their data on the Site. The age of 16 may be lowered to 13 depending on the local legislation of your habitual residence.
Data transfer
Your Personal Data may be transferred to internal or external recipients authorized to perform services on our behalf. Recipients located in countries outside the European Union or the European Economic Area may not offer the same level of protection for Personal Data. In order to guarantee the security and confidentiality of Personal Data transferred in this way, we take all necessary measures to ensure that such data enjoys adequate protection, such as signing the European Commission’s Standard Contractual Clauses or any other equivalent mechanism.
YOUR RIGHTS
In accordance with applicable law, you have certain rights with respect to the processing of your Personal Data.
Right of access
You may request access to your Personal Data. You also have the right to know the sources of your Personal Data.
Right of rectification
You may request that inaccurate Personal Data be corrected or that incomplete data be completed.
Right of deletion
Your right to be forgotten entitles you to request the deletion of Personal Data when :
Right to limitation
You may also request a restriction on the processing of your Personal Data if :
Right to object to direct marketing messages
At any time, you may ask us not to send you any further advertising or prospecting by contacting us directly and free of charge, or by using the unsubscribe link included in any prospecting that we may send you by e-mail, or by sending an e-mail to the address given below. This opposition is without prejudice to the legality of mailings carried out prior to its implementation. In accordance with article L.223-2 of the French Consumer Code, the User is informed of his or her right to register, free of charge, on the “Liste d’opposition au démarchage téléphonique”(www.bloctel.gouv.fr).
Right not to be subject to a decision based exclusively on automated data processing
You have the right not to be subject to a decision based exclusively on automated Processing that produces legal effects concerning you or significantly affects you.
Right to portability
You may ask us to provide you with your Personal Data in a structured, commonly used, machine-readable format, or you may request that it be “ported” directly to another Data Controller provided that:
Right to issue advance directives on the processing of your Personal Data after your death
In accordance with French law on the protection of personal data, you may also define directives concerning the exercise of your rights under this section after your death, (in particular concerning their retention period, deletion and/or communication) as well as designate a person responsible for exercising these rights.
Right to lodge a complaint with a supervisory authority
If you have any concerns or complaints regarding the protection of your Personal Data, you have the right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés via the following link: www.cnil.fr. To exercise these rights, please contact us by e-mail at infos@henaff.fr, or write to us at the following address: Jean Hénaff SAS, KER HASTELL, 29710 POULDREUZIC, stating your surname, first name, telephone number and the subject of your request. We may ask you for additional information in order to identify you and process your request. In all circumstances, we prefer any approach that enables us to find an amicable solution.
One-stop appeals service
In the event of material or non-material damage arising from a breach of the RGPD, you have a right of recourse. You can lodge an appeal with the Commission Nationale Informatique et Libertés (CNIL) or take collective action, in particular by calling on approved national consumer protection associations.
SAFETY
We implement all technical and organizational measures to ensure the security and confidentiality of personal data processing. In this respect, we take all necessary precautions, in view of the nature of the Personal Data and the risks presented by the processing, to preserve the security of the data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorized third parties (physical protection of premises, authentication procedures with secure personal access via confidential identifiers and passwords, logging of connections, encryption of certain data, etc.).
CUSTOMER RELATIONSHIP MANAGEMENT (“CRM”) DATABASE
We use a database to manage and track our relationships with existing and potential customers.
LINKS TO OTHER SITES
We occasionally provide links to other websites for your convenience and information. Some of these sites operate independently of our sites and are not under our control. These sites operated by third parties may have their own privacy notices or terms of use, which we strongly suggest you review. We accept no responsibility for the content of these sites, for any products or services that may be offered on them, or for any other use to which they may be put.
UPDATE OF OUR PRIVACY POLICY
We may update or modify this Privacy Policy from time to time. In this case, the modifications will only be applicable after 30 working days have elapsed since the modification was made. Please check this page periodically for changes.
DESCRIPTION
If you have subscribed to certain services via our Site and do not wish to receive e-mail in the future, please visit the unsubscribe page for the subscription you have subscribed to.
HOW TO CONTACT US
If you have any questions or comments regarding this policy, please do not hesitate to contact us at infos@henaff.fr.
Last update date: 09/02/2021