The French companies of the ARMOR GROUP inform you that your personal data is collected and processed in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or “GDPR”) and the French Data Protection Act no. 78-17 (the “Regulations”).
The purpose of this policy is to provide you with information on the processing your Personal Data undergoes and on the conditions under which it is protected by the ARMOR GROUP.
The following definitions will help you to understand all of the concepts used in this document concerning the protection of your Personal Data.
Personal Data
All information that relates to an identified or identifiable natural person, in particular a name, an identification number, location data, an online identifier, or one or more factors that are specific to the physical, economic, cultural or social identity of that natural person.
Recipient
A person who is authorised to receive Personal Data that is stored in a file or undergoing Processing, on account of their position.
DPO
Data protection officer
Sensitive Data
The personal data of a natural person concerning their racial or ethnic origin, their political, philosophical or religious opinions, their trade union membership, their health, their sex life or their sexual orientation, their criminal convictions and offences, or their social security number.
Data Subject
A natural person who is directly or indirectly identified or identifiable and whose Personal Data undergoes Processing.
Controller
The French company of the ARMOR GROUP that determines the Processing purposes and means.
Processing
A natural or legal person (undertaking or public body) that processes the Personal Data on behalf of a Controller, in the form of a service or provision of services.
Processing
An operation which is performed on Personal Data, regardless of the means used (collection, recording, organisation, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, or alignment).
The French companies of the ARMOR GROUP collect your Personal Data for the following purposes:
2.1.1. Management of recruitments
Purposes of the Processing
Management of recruitments (assessment of applicants for the position offered, verification of application information)
Lawful basis for the Processing
Employer’s legal obligation
Legitimate interest: for required Data marked with an asterisk that is needed in order to get to know the applicant
Consent: for optional Data
Personal data collected
Identification: surname, first name, identity photo, gender, date and place of birth, nationality, telephone number, email and personal addresses
Personal information: family situation
Professional information: professional situation, training, references, business experience and email address
Sensitive Data
Health: disability recognised by the Local Authorities
Criminal convictions and offences: legal obligation for AEO (Authorised Economic Operator) certification
Recipients
Authorised persons from the human resources departments, the support services that are involved in negotiations, the line manager or other companies in the ARMOR Group that are involved, state bodies and recruitment firms
Source of collection
Directly from the Data Subject or indirectly via another person (recruitment firms, professional references, business social media and websites)
Retention period
12 to 24 months as from the last contact
2.2.1. Management of prospective and current customers
Purposes of the Processing
Direct marketing (compilation and management of a file of prospective customers)
Customer relationship management (management of the customer data file, management of sales contracts, management of orders, after-sales service, management of customer accounting and invoicing, management of the customer account and sales follow-up)
Lawful basis for the Processing
Consent of prospective customers in order to establish a business relationship
Consent of customers for optional Data
Legitimate interest of the commercial management and marketing of the sale
Personal data collected
Identification and professional information: surname, first name, employer’s name, position, telephone number, business address and email address
Online activity: IP address, browsing time, date and data, login name
Recipients
Authorised persons from the marketing and sales, IT and accounting departments, or other companies of the Group ARMOR that are concerned, and other Processors
Source of collection
Directly from the Data Subject via a contact form, trade fairs, visits, telephone calls or indirectly via another person (referral, the customer’s sales representative, trade fair organisers, service providers, business social media and websites)
Retention period
Until the end of the business relationship
2.3.1. Management of procurements and of deliveries
Purposes of the Processing
Management of the procurements of the French companies in the Group
Management of deliveries to customers and between Group sites
Lawful basis for the Processing
Legitimate interest: ensure the communication that is necessary for the procurements of the companies in the Group ARMOR, for deliveries to customers and for transfers of products between sites
Personal data collected
Identification and professional information: surname, first name, address, telephone number, business address and email address
Online activity: login name
Recipients
Authorised persons from the transportation and IT departments, storekeepers, customers, suppliers, carriers and other Processors
Source of collection
Directly from the Data Subject or by the customer, the supplier or the carrier via an exchange of emails or telephone call
Retention period
Duration of the contractual relationship
2.4.1. Approaching suppliers and management of relationships with suppliers
Purposes of the Processing
Approaching and selection of suppliers (compilation and management of a data file of potential suppliers)*
Management of the supplier relationship (compilation and management of the supplier data file, management of orders and deliveries, management of invoices and payments, and of supplier accounting, management of procurement contracts)
Lawful basis for the Processing
Legitimate interest in compiling and maintaining a list of suppliers and managing procurements
Personal data collected
Identification and professional information: surname, first name, employer’s name, place of invoicing, profession, business telephone number and address, date of birth, gender and position
Recipients
Authorised persons in the purchasing, accounting, logistics, legal, quality, HSE and IT departments, or other companies of the Group ARMOR that are concerned, and other Processors
Source of collection
Directly from the Data Subject or through online research and trade fairs or business contacts
Storage period
Duration of the contractual relationship
2.5.1. Management of contracts and legal documents
Purposes of the Processing
Management of contracts and legal documents
Lawful basis for the Processing
Legitimate interest: managing legal documents and contracts
Personal data collected
Identification and professional information: surname, first name, date of birth, gender, email address, postal address, telephone number and position
Online activity and access: IP address, browsing time, date and data, login name and password
Recipients
Authorised persons from the IT, legal, procurements, financial control, industrial monitoring and property departments, corporate officers of the ARMOR GROUP companies concerned, authorised persons from the co-contracting entity and other Processors
Source of collection
Directly from the Data Subject
Storage period
Duration of the contractual relationship
2.6.1. Fight against corruption
Purposes of the Processing
Avoiding fraud
Lawful basis for the Processing
Legal obligation pursuant to the “Sapin 2” Act
Personal data collected
Identification: surname and first name of the corporate officer
Professional information: position, politically exposed person status
Criminal convictions and offences: corporate officer convictions on grounds of corruption
Recipients
Authorised persons from the consolidation and internal control, purchasing, finance and sales departments of the ARMOR GROUP companies
In the event of an audit: French Anti-Corruption Agency
Source of collection
Directly from the Data Subject and via the Office Forms questionnaire for post-training evaluations or indirectly via the report on the risk of corruption of a service provider for the data on external third parties
Storage period
5 years after the end of the business relationship for reports on partners
10 years to justify actions to raise awareness of exposed employees or after the employee leaves the company in question
2.7.1. Access control and video surveillance
Purposes of the Processing
Access control for visitors and external partners
Video surveillance of the La Chevrolière, Les Sorinières and Cordon Bleu sites
Lawful basis for the Processing
Legitimate interest: visitor reception and access control, number of people present on the site, safety of persons and property, protection of industrial property, contributes to Authorised Economic Operator certification
Personal data collected
Identification and professional information: surname, first name and copy of ID document, depending on the site
Location: dates and times of the visit and movement of visitors inside and outside the buildings
Online activity: IP addresses and login names
Recipients
Employees who are responsible for evacuation and safety or Authorised Persons from the corporate services, IT and human resources departments, corporate officers or the external emergency or investigative services in the event of an incident, and other Processors
Source of collection
Access: directly from the Data Subject
Video surveillance: indirectly via recording of images
Storage period
Access: 1 year maximum
Video surveillance of the La Chevrolière site: 30 days for the exterior and 5 days for the interior, 6 days for access to the server
Video surveillance of the Les Sorinières site: 0 days
Video surveillance of the Cordon Bleu site: 15 days
Your Personal Data is not stored any longer than is necessary for the purpose of the Processing and the archiving requirements defined by law in the event of litigation or for legal obligations. When data is archived, the necessary access is restricted to authorised persons.
In principle, your Personal Data is not transferred outside of the EU. The only Personal Data that may be transferred outside of the EU to the ARMOR GROUP companies and certain Processors (suppliers, clients and carriers) concerns the management of contracts and the management of procurements, deliveries and orders outside of the EU.
If Personal Data is transferred outside of the EU to a country that does not have an adequate level of protection within the meaning of the Regulations, the Group company concerned or the Processor undertakes to implement all appropriate safeguards, such as, in particular, Standard Contractual Clauses, a code of conduct or a certification mechanism.
You have a right of access, rectification, objection, portability and erasure concerning your Personal Data and a right to request restriction of the processing thereof. You can exercise these rights by contacting the Data Protection Officer (“DPO”) via email: dpo@armor-group.com or by sending a letter to the following address: ARMOR GROUP, For the attention of the DPO, 20 rue Chevreul, CS 90508, 44105 NANTES Cedex 4, France stating:
Your legitimate request will be processed within one month of receipt. If necessary, this time-limit may be extended by 2 months, before the initial 1-month time-limit expires, depending on the complexity and the number of requests. Absent a satisfactory response from ARMOR, you also have the right to file a claim with the supervisory authority: CNIL, 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07 or online www.cnil.fr/fr/plaintes.
The Controller is one of the following French companies of the Group ARMOR, which determines the purposes and means of the Personal Data Processing and is identified when the Personal Data is collected:
ARMOR GROUP
A French société par actions simplifiée (simplified joint-stock company) with capital of €10,299,450
20 rue Chevreul, 44100 Nantes, France
Nantes Trade and Companies Register no. 857 800 692
ARMOR PRINT SOLUTIONS
A French société par actions simplifiée (simplified joint-stock company) with capital of €8,005,000
17 Boulevard de Chantenay, 44100 Nantes, France
Nantes Trade and Companies Register no. 892 312 067
ARMOR BATTERY FILMS
A French société par actions simplifiée (simplified joint-stock company) with capital of €5,296,317
20 rue Chevreul, 44100 Nantes, France
Nantes Trade and Companies Register no. 892 311 937
ASCA
A French société par actions simplifiée (simplified joint-stock company) with capital of €29,039,609
20 Rue Chevreul, 44100 Nantes, France
Nantes Trade and Companies Register no. 844 766 170
KIMYA
A French société par actions simplifiée (simplified joint-stock company) with capital of €3,165,439
20 Rue Chevreul, 44100 Nantes, France
Nantes Trade and Companies Register no. 892 311 887
Several companies in the ARMOR GROUP are joint Processors when they determine jointly the Personal Data Processing purposes and means. ARMOR is the joint Processor for the following types of Processing, along with all the other subsidiaries mentioned above:
The French companies in the ARMOR GROUP retain the right to update these provisions at any time.