Personal data protection policy
Preamble
In the course of its business, and for the provision of the Application and Services, GROUPE BENETEAU is required to collect and process the personal data of its Users.
This personal data protection policy (hereinafter the “Policy”), drawn up by GROUPE BENETEAU, is intended to provide Users with concise and comprehensive information on the collection and processing of personal data by:
in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (the “GDPR”).
This applicable Policy shall be the one in force on the date of connection and use of the Application and shall remain in force until it has been replaced by a new version.
This Policy may be modified by GROUPE BENETEAU at any time without notice.
By accessing the Application, the User acknowledges having read this Policy and fully agree to comply with it.
Article 1 – Definitions
The terms used in this Policy that begin with a capital letter, if not defined in this section, shall have the meaning given to them in the Application’s ToS.
“Personal Data”: denotes any information relating to an identified or identifiable natural person; an “identifiable natural person” is deemed to be a natural person who may be identified, directly or indirectly, including by reference to an identifier, such as a name, identification number, location data, online identifier, or one or more specific elements of their physical, physiological, genetic, psychic, economic, cultural or social identity.
“Policy”: denotes this Privacy Policy applicable to the processing of personal data by Users of the Application.
“Processing”: denotes any operation or group of operations which relates to such data, regardless of the process used (collection, recording, organisation, storage, adaptation, modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction etc.).
“Controller”: denotes the person who determines the purposes and means of the Processing of Personal Data.
Article 2 – Joint Controllers
The Joint Controllers for the Processing carried out via the Application are:
Article 3 – Collection and origin of Personal Data
GROUPE BENETEAU may collect the User’s Personal Data directly (specifically via the collection forms available on the Application and/or when purchasing a Connected Boat) or indirectly (specifically via GROUPE BENETEAU’s service providers and/or technologies of the Application as well as via Appointed Dealers).
GROUPE BENETEAU undertakes to obtain the User’s consent and/or where necessary to allow the User to object to the use of Personal Data for certain purposes.
In all cases, the User is notified of the purposes for which their Personal Data is collected via the various Personal Data collection forms.
Article 4 – Personal data collected
The User’s Personal Data that may be collected on the Application and processed by the Joint Controllers is as follows:
The personal data identified by an asterisk in the collection forms is compulsory because it is required in order to process the request made. If you do not fill in this mandatory information, these operations cannot be taken into account.
Personal Data relating to Users made available on the Application may not be collected and processed without the prior written consent of the person concerned, in accordance with this document.
Article 5 – Purposes of the Processing of Personal Data
GROUPE BENETEAU uses the personal data of the Users of the Application, specifically for the following purposes:
Article 6 – Legal basis for the Processing of Personal Data
GROUPE BENETEAU processes the Personal Data of its Users pursuant to the performance and management of their contractual relationship, its legitimate interest in improving the quality and operational excellence of the Services offered, or in compliance with certain regulatory obligations.
Personal Data may also be processed on the basis of the User’s prior consent in the event that this is requested in certain situations.
Article 7 – Communication of Personal Data
GROUPE BENETEAU restricts access to Personal Data solely to members of its staff on a need-to-know basis in order to process the User’s request or to provide the requested Service.
GROUPE BENETEAU does not disclose Personal Data to unauthorised third parties.
However, GROUPE BENETEAU may share Personal Data with authorised service providers (e.g. technical service providers (publishing, hosting, maintenance of the Application, consultants etc.) that GROUPE BENETEAU uses for the sole purpose of providing the Application and performing the Services.
GROUPE BENETEAU does not authorise these service providers to use or disclose Personal Data, except to the extent necessary to perform the Services on behalf of the User, or to comply with legal obligations. Furthermore, GROUPE BENETEAU may share Personal Data (I) if the law or legal process requires it to do so, (II) in response to a request from public authorities or other officials, or (III) if GROUPE BENETEAU considers the transmission of such Personal Data necessary or appropriate for preventing physical harm or financial loss, or in connection with an investigation into suspected or actual unlawful activity.
Article 8 – Transfer of personal data
Due to the global nature of our organisation and Services, Personal Data may be stored and/or processed in a country other than that in which the User resides.
Some of the non-EEA countries are recognised by the European Commission as offering an adequate level of data protection according to EEA standards (the full list of these countries is available here).
For transfers from the EEA to countries that are not considered suitable by the European Commission, GROUPE BENETEAU has implemented appropriate measures, in particular through contractual agreements with third parties.
Article 9 – Period of storage of Personal Data
GROUPE BENETEAU shall keep Personal Data for a period not exceeding that necessary for the purposes for which it is collected and processed, which shall be extended, where applicable, by any periods of applicable legal or regulatory requirements.
As such, GROUPE BENETEAU retains the User’s Personal Data for the entire term of the Account and for three (3) years from the deletion of said Account.
Retention periods may be interrupted in the event that rights are exercised, as provided for in this Policy.
Article 9 – Users’ rights in respect of their Personal Data
In accordance with the GDPR, the User has certain rights relating to the processing of their Personal Data. In the event that one or more rights relating to the processing of their Personal Data is exercised, the User is notified that they may lose access to the Application and use of the Services
Right of access: the User may request access to their Personal Data and that inaccurate Personal Data be rectified, or for incomplete data to be completed.
The User is also entitled to know the sources of such Personal Data.
Right of deletion: the right to be forgotten allows the User to request the deletion of their Personal Data when:
- (I) the Personal Data is no longer necessary for the purposes for which it was collected and processed;
- (II) the User chooses to withdraw their consent (where consent has been granted as the legal basis for processing), though such withdrawal does not affect the lawful nature of the processing prior to its implementation;
- (III) the User objects to the Processing;
- (IV) the Personal Data has been processed unlawfully;
- (V) the Personal Data shall be deleted to comply with a legal obligation; or
- (VI) its deletion is required to ensure compliance with the GDPR.
Right to limitation: the User may also request the limitation of the processing of their Personal Data if:
Right to opt out of direct marketing messages: the User may at any time ask GROUPE BENETEAU not to receive any further advertising or marketing by contacting the Group directly at no cost, or by means of the Unsubscribe link included in all marketing material that GROUPE BENETEAU may send Users by email, or by sending an email to the address given below. This opposition is without prejudice to the legality of any communications sent prior to its implementation.
Right not to be subject to a decision based solely on automated Processing of Personal Data: the User has the option of not being subject to a decision based solely on automated Processing that produces legal effects concerning them or significantly affecting them.
Right to portability: the User may ask GROUPE BENETEAU to provide its Personal Data in a structured, commonly used, machine-readable format.
Right to issue advance directives on the processing of Personal Data after death: the User may define directives on the use of their Personal Data after their death (in particular regarding their period of retention, deletion and/or communication) as well as designate a person responsible for exercising these rights.
Right to lodge a complaint with a supervisory authority: if the User has any concerns or complaints regarding the protection of their Personal Data, they have the right to lodge a complaint with the French Commission on Informatics and Liberty (Commission Nationale de l’Informatique et des Libertés) via the following link: www.cnil.fr.
However, the User is asked to send any requests to GROUPE BENETEAU in advance using the address given below, so that it can process the User’s request and find an amicable solution.
In order to exercise these rights, the User may send a request by email to the following address: contact.rgpd@beneteau-group.com. Each request shall be accompanied by a photocopy of an identity document bearing the User’s signature and shall specify the address to which GROUPE BENETEAU should reply. The reply to the request will be sent to the User within a maximum period of two (2) months from receipt of the request by GROUPE BENETEAU.
Article 12 – Security
GROUPE BENETEAU implements all technical and organisational measures to ensure the security and confidentiality of the Processing of Users’ Personal Data.
To this end, GROUPE BENETEAU takes all viable precautions, in view of the nature of the Personal Data and the risks posed by its Processing, in order to preserve the security of the data and, in particular, to prevent it from being deformed, damaged or accessed by unauthorised third parties (physical protection of the premises, authentication procedures with personal and secure access via confidential identifiers and passwords, logging of connections, encryption of certain data etc.).
Article 13 – Contacting GROUPE BENETEAU
Should they have any questions or require information regarding this policy, Users may contact GROUPE BENETEAU at the following address: contact.rgpd@beneteau-group.com.