Privacy policy

Introduction

Protecting your privacy and the confidentiality of your personal data is an important concern to which SOCOBATI pays particular attention in all its business processes.

Our company is committed to protecting the rights of individuals in accordance with the General Data Protection Regulation (Regulation EU 2016/679) of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”) and all applicable national laws and regulations on the protection of personal data (collectively referred to as “data protection laws and regulations”).

What is personal data?

  1. What is personal data?
    Personal data is information that can be used to identify a natural person, directly or indirectly (hereinafter referred to as “personal data”). A “personal identifier” is a piece of information that makes it possible to identify a natural person. This definition covers a wide range of personal identifiers which together constitute personal data, including name, address, email address, identification number, location data or online identifier.
  2. Special categories of personal date
    Special categories of personal data are those relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as data concerning health, sex life or sexual orientation, genetic data, biometric data when processed to uniquely identify a natural person (hereinafter referred to as “special categories of personal data”).

What sources and what personal data do we use?

When you enter into a relationship with us, for example as part of a contractual relationship or when you visit one of our websites, our company collects, uses and processes all the personal data you provide us with (for example your name, date of birth, company name, etc.) and all the information generated by the contract, the use of the website, such as the IP address, the date and duration of your visit to the site, the pages you visit.

What are the purposes of processing your personal data?

Performance of operational and contractual activities

  • Contractual performance (sales, purchasing, service)
  • Certification of procedures and products
  • Improving the organisation of business and operations
  • Project management
  • Supplies
  • Sales and customer services

Customer service

  • Customer service proposals, after-sales service
  • Technical assistance or other similar purposes
  • Creation and maintenance of customer accounts

Research and development

  • Research and development
  • Improving our websites, applications, services and user experience
  • Research and analysis to improve our products, services, activities, operations and processes

Browsers / Website administration

  • Administrative purposes
  • Understand how our customers access and use our websites and applications
  • Provide reports to potential partners, service providers, regulators or others
  • Implementing and maintaining security, hacker protection, fraud prevention and other services designed to protect our customers, our partners and ourselves and in accordance with our regulations, directives and procedures

Marketing

Communications by email or other equivalent electronic means (newsletters, special offers, promotions and competitions, or to contact you to tell you about our services or to send you information that we think may be of interest to you).

Communication​

We use your personal data to communicate with you, including in response to your requests for support. We may communicate with you in a variety of ways, including by email and through your social media accounts if you have consented, and/or by SMS.

Legal compliance

We use your personal data to comply with our legal obligations, including in response to an authority or court order or a discovery request.

Protecting ourselves and others

When we deem it necessary to investigate, prevent or take action in relation to illegal activities, suspected fraud, situations involving potential threats to personal safety or breaches of regulations, directives or other procedures.

On what basis is your personal data processed?

We need a lawful basis for collecting and/or processing your data. We generally rely on a number of grounds (reasons) for such processing in our activities. The legal bases for our processing of your personal data are:

1. The duty to comply with our contractual obligations

We need a lawful basis for collecting and/or processing your data. We generally rely on a series of grounds (reasons) for this processing in our activities. The legal bases for our processing of your personal data are :

For the performance of your Employment Contract or your Membership Contract;

For the performance of a Service, Purchase or Sales Contract: for example, when you register for a particular service via the Website, the purposes for which we process your personal data are determined primarily by that service, and we will process your information so that we can provide that service to you.

2. By your explicit consent

Where you have given your consent for us to process your personal data for certain services offered on the website, you may withdraw this consent at any time by following the instructions in the registration procedure or by contacting us at the following address: contact@hplusl.com.

3. Within the limits of legitimate interests

In some cases, we may not need your consent to use your data, given our legitimate interests in doing so, but we must inform you of this:

  • To analyse and optimise our services.
  • To ensure IT security and the smooth operation of the Group’s IT systems.
  • For the purposes of preventing and investigating unlawful conduct.

4. On the basis of legal obligations imposed on our company or in the general interest

Our company, like any other organisation, is subject to legal and regulatory obligations. In certain cases, the processing of your personal data will be necessary for our company to fulfil these obligations.

Who will receive your personal data?

Authorised persons working for our company;

Our agents, service providers and consultants (e.g. third party service providers and consultants providing a range of products and services that we require, such as IT systems maintenance and support, purchasing services, compliance and security services, etc.);

Other authorised third parties in connection with a reorganisation or sale of the company’s activities and/or assets;

Judicial or administrative authorities where necessary to comply with applicable law.

Will your personal data be transferred to a third country outside the European Economic Area (EEA)?

Our company processes your personal data mainly in the EEA (Member States of the European Union + Norway, Iceland and Liechtenstein). Your personal data may be transmitted to the Cooperl Arc Atlantique Group or to subsidiaries of the Group, on a need-to-know basis, including to entities located outside the EEA.

Your personal data may be transferred outside the European Union when services are provided by our subcontractors or subsidiaries based outside the EEA. 

In such cases, our company takes care to ensure that the contracts it enters into with them comply with legal and regulatory provisions.

In particular, these transfers are subject to appropriate safeguards to ensure their security. These transfers may be based on an adequacy decision by the European Commission relating to a country’s level of data protection. In the absence of an adequacy decision, transfers are governed by standard data protection clauses approved by the European Commission.

How long will your personal data be kept?

We process and retain your personal data for as long as is necessary to meet our contractual and regulatory obligations. The retention of your personal data is governed by data protection laws and regulations and by our procedures or processes adopted in accordance with such data protection laws and regulations.

Security

We implement technical and organisational security measures to protect the data under our control against accidental or malicious manipulation, loss or destruction, and against access to such data by unauthorised persons. 

Our safety procedures are constantly being improved as new technologies emerge.

What are your rights?

You may exercise your data protection rights at any time upon request:

  • Right of access to your personal data: You have the right to obtain confirmation as to whether or not your personal data is being processed by our company, and if so, you have the right to know which specific data is being processed.
  • Right to rectification of personal data: You have the right to request the modification of any inaccurate personal information concerning you.
  • Right to be forgotten: In certain cases, for example when personal data is no longer necessary for the purposes for which it was collected, you have the right to have your personal data erased.
  • Right to stop the processing of your data: You have the right to restrict the processing of your personal data, for example where such processing is unlawful, and to object to such processing by requesting the deletion of your personal data. In such cases, your personal data will only be processed with your consent or for the exercise or defence of legal claims.
  • Right to data portability: In certain circumstances defined by law, you have the right to receive your personal data in a structured, commonly used and machine-readable format and/or to transmit this data to another data controller.
  • Right of opposition and withdrawal of consent : May be exercised at any time.

Data controller

To exercise these rights, or if you have any questions about the processing of your data, please send an e-mail to contact@hplusl.com.

How do I request assistance from the relevant authorities?

If you are not satisfied with the answers provided, you have the right to contact a data protection supervisory authority directly. The CNIL (“Commission Nationale Informatique & Libertés”) is the supervisory authority for France.

Cookies

Cookies are small files that may be installed on your terminal when you access and use some of our web applications. They enable us to recognise your terminal and store information about your preferences or previous actions. This enables us to offer content that is better suited to your needs, and thus to improve our services. 

You can prevent cookies being stored on your terminal by setting your browser so that it does not accept them. You can delete cookies already stored on your terminal at any time. However, if you choose not to accept cookies that are strictly necessary for the provision of the services offered by our website, this may adversely affect the availability of these services.