PRIVACY AND PERSONAL DATA PROCESSING POLICY

FrançaisEnglish

The controller of personal data is:

UGOFRESH
Marché International Saint-Charles
66000, Perpignan – France

UGOFRESH has appointed, in accordance with the regulations in force, a Data Protection Officer (DPO)which can be reached at the following email address privacy@ugo-fresh.com. The latter's task is to ensure compliance with the provisions of the regulations on the protection of personal data. It must be consulted by UGOFRESH prior to the implementation of a data processing operation. It lists in a register all the personal data processing operations of UGOFRESH as they are implemented. Data Protection Officer (DPO) ensures that the rights of individuals are respected (right of access, rectification, opposition, deletion, limitation of processing and portability). In the event of difficulties encountered in exercising these rights, data subjects may refer to the Data Protection Officer (DPO) by e-mail to privacy@ugo-fresh.com.

UGOFRESH ensures that it only collects data that is strictly necessary for the purpose of the processing carried out. Depending on the case, personal data can be collected in two ways:

Directly The Internet user, the prospect, the user and/or the client freely communicates to UGOFRESH his or her personal data, in particular via : the Platform, and more specifically through the collection forms filled in by the person concerned (request for access, creation of an Account, subscription to a service, etc);

The natural person User is informed that the information collected is subject to computer processing intended to carry out operations relating to the creation of an Account and the management of Services ordered by the Customer.

UGOFRESH indicates to the User the mandatory data to provide its Services by the following sign: "*". If the User fails to reply to the fields mentioned as compulsory, the User will not be able to benefit from the Services provided by UGOFRESH.

Indirectly/automatically : the data of the Internet user, the prospect, the User and/or the customer are collected via the software and/or technologies implemented on the Platform. Data may also be collected via other users who have a commercial relationship with the user in question. In order to enrich their mutual business relationship, one user may register another.

Who are the recipients of the data?

Internally, within UGOFRESH

Personal data are communicated within UGOFRESH in order to fulfil its contractual obligations, to comply with its legal obligations, to prevent fraud and/or to secure its services, to improve its services or after having obtained the consent of the person concerned. The recipients of the data are the persons in charge of the marketing department, the sales department, the departments in charge of customer relations and canvassing, the administrative departments, the IT and technical departments and their line managers.

Externally

In the event of restructuring, merger, acquisition by a third party, sale of a business or assets in particular, UGOFRESH may disclose the personal data to the prospective purchaser or buyer. In such cases, the personal data held about the prospects may be one of the transferred assets. The acquirer acting as the new controller will then process the data and its privacy policy will govern the processing of the personal data.

UGOFRESH does not rent or sell the personal data of its Clients. Personal data may be processed in the name and on behalf of UGOFRESH by trusted service providers. In this case, UGOFRESH ensures that all service providers with whom it works maintain the confidentiality and security of the data. UGOFRESH may, for example, request to provide services that require the processing of its Clients' personal data from :

  • service providers who assist in customer relationship management (CRM) and web analytics (audience analysis);

  • third parties who assist and help UGOFRESH to provide the Services (hosting services, maintenance and technical support services for the databases as well as for the software and applications that may contain data concerning the customers or prospects of UGOFRESH (these services may sometimes require access to data in order to perform the tasks requested);

  • service providers who provide advice to UGOFRESH (auditor, accountant, lawyer, etc.). UGOFRESH may finally disclose the data to third parties if it is required to disclose or share the data for :

  • to comply with a legal obligation,

  • to enforce or apply its general terms of use and/or services, - to protect its rights, intellectual property or security, or those of its customers or employees,

  • if it has the consent of the person concerned,

  • if the law allows it.

How long is the personal data kept?

UGOFRESH keeps personal data only for the time necessary for the operations for which they were collected and in compliance with the regulations in force.

The natural person is also informed that UGOFRESH will keep the data submitted according to the criteria and recommendations of the CNIL available in its reference standard: Simplified Standard No. 48.

What physical and logical security for your personal data?

UGOFRESH determines and implements the means necessary for the protection of personal data processing systems in order to avoid any malicious intrusion and prevent any loss, alteration or disclosure of data to unauthorised persons.

Thus, UGOFRESH has established and regularly updates its personal data processing registers which record the technical and operational security measures taken.

UGOFRESH determines and implements measures to guarantee the confidentiality of data, in particular by raising staff awareness and recommending good practice in the use of their computer workstations.

UGOFRESH requires its IT service providers to provide sufficient guarantees for the security and confidentiality of personal data.

UGOFRESH ensures that IT service providers take all measures to prevent the disclosure or alteration of data, do not carry out remote maintenance without its control and return the data at the end of the contract.

Where is the data stored? Is there a data transfer?

UGOFRESH does not transfer data outside the European Union.

What are the rights of the person concerned?

Right of access, rectification, limitation and deletion In accordance with the French Data Protection Act of 6 January 1978, as amended, and the General Data Protection Regulation, all individuals have the right to :

  • access to data (limited to two access requests per year and subject to proof of identity),

  • of rectification of data ;

  • to the deletion of information concerning him/her under the conditions set out in Article 17 of the General Data Protection Regulation;

  • to the limitation of processing ;

  • to set out general and specific guidelines as to how they intend these rights to be exercised after their death.

Right to object

The individual also has the right to object to the processing of his or her personal data and the right to object to the use of such data for commercial prospecting purposes.

Right to data portability. The data subject also has the right to have his/her data ported. In accordance with Article 20 of the RGPD, la personne concernée dispose du droit de recevoir les données à caractère personnel la concernant qu’elle a fournie à UGOFRESHThe data controller shall have the right to transmit the data to another controller in a structured, commonly used and machine-readable format without the need for any further processing. UGOFRESHto whom the personal data have been communicated, shall prevent this.

Right to file a complaint with the CNIL

Finally, the data subject may, if necessary, lodge a complaint with the CNIL.

To do so, it can turn to the CNIL by mail or telephone. They can exercise these rights by providing proof of identity and by contacting UGOFRESH by e-mail or by post to the following address

UGOFRESH, Marché International Saint-Charles, BP95007 66030 Perpignan CEDEX