This Charter applies to all personal data processed by the Company André Chenue S.A. (hereinafter the “Company”) in the context of the execution of a request or the provision of services to its clients (“Client(s)”). This Charter explains what data the Company is likely to collect concerning you or related Persons, their use, with whom the Company is likely to share them, the measures put in place to ensure their confidentiality and security.
For the purposes of this Charter, “Related Person” means any individual related to the Client, including, but not limited to, an officer, guarantor, legal representative, partner, employee, owner, or beneficial owner of services provided by the Company.
Definition and scope of data collected
The data that the Company collects or holds about you may come from a variety of sources. Some may have been collected directly, others may have been collected in compliance with applicable regulations in the past. The Company may also collect information about you when you interact with the Company (e.g., visiting the Company’s website, making phone calls, visiting the Company’s offices and other sites, such as storage areas).
The data you provide to the Company (including those of Related Persons) may include, for example :
- information relating to your identity, such as your name, title, date and place of birth, and information contained in your identification documents ;
- contact information such as your postal address, email address, telephone numbers;
- information you provide to the Company by filling out forms or communicating with the Company, whether by telephone, in person, by e-mail or by any other online communication.
The data collected or generated by the Company may include
- information relating to the business relationship and your instructions, the communication channels you use with the Company ;
- information that the Company uses to identify and authenticate you;
- any information contained in client documentation or forms you may complete as a prospect;
- any information of a commercial nature, such the historic of your services;
- data collected through “cookies”. The Company uses “cookies” and similar technologies on its website in order to carry out audience statistics, these data are kept in compliance with the law and regulations in force;
- records of all correspondence and communications between you and the Company, including email, instant messaging, social networking or any other type of exchange and communication; or
- any information the Company needs to meet its legal and regulatory obligations.
Data obtained by the Company from other sources may include, but is not limited to:
- communication information (e.g., information contained in e-mail messages, third party information, “chat” information, instant message via cell phone networks as well as via the Internet, media information, disputes or minutes); and
- information collected at your request.
Use of Data
The Company will only use your personal data if you have consented to such use or if such use is based on one of the legal grounds provided by law:
- The protection of our legitimate interests such as the security and accessibility of our sites;
- The performance of a contract entered into or an undertaking given by you and/or the Company;
- The respect of a legal or regulatory obligation; and/or
- Responding to any judicial or administrative request.
The Company collects and processes information about you for a variety of purposes, including
- to provide services and to validate any instructions requested or authorized;
- to meet all of its legal, regulatory or fiscal obligations and in particular to ensure its compliance with the laws and regulations in force; and/or
- to defend its rights and to comply with any of its legal, regulatory or fiscal obligations.
The Company’s legal and regulatory obligations
The Company uses your personal data to comply with its obligations, to comply with any applicable law or regulation and, where applicable, to share it with a regulator or competent authority in strict compliance with the applicable law. The purpose of such use is based on a legal obligation or on its legitimate interest.
Tracking and recording of exchanges between you and the Company
The Company may record and retain conversations you (or a Related Person) have with the Company – including letters, emails, video conversations and any other type of messaging to verify your instructions. The Company may also use this data to evaluate, analyze and improve its services and to train its employees. The Company uses video surveillance in its offices and other locations, such as storage areas, for security purposes and may collect images, photos or videos of you or record your voice through this process.
Sharing of Personal Data
The Company may transfer and disclose your data to:
- other group companies, subcontractors, agents, or service providers who work for it (which includes its employees, directors and officers);
- statutory auditors, regulators, auditors, etc;
- any other person involved in a claim; and/or
- the French government, judicial or administrative authorities/jurisdictions.
Transfers, hosting or consultation of data
Your data may be transferred to, hosted in or accessed from a country/territory outside the European Union where the data protection legislation is not equivalent to that of France or the European Union. The Company will only make such data transfers to fulfill a request between you and the Company, to fulfill a legal obligation, to protect the public interest or to defend our legitimate interests. When data about you is transferred to a country/territory outside the European Union, the Company will always ensure that it is protected. To this end, the Company will subject all transfers of your data to appropriate and relevant safeguards. You can obtain further information on how the Company will transfer your personal data outside the European Union by contacting the Company’s DPO directly (see paragraph I below).
Length of Time Personal Data is Held
The Company may retain personal data even if you decide to stop using the Company’s services, in particular to comply with applicable legislation, to defend its interests or to enforce its rights. The Company will not retain personal data longer than necessary and in accordance with applicable law.
As a Client, you have the following rights with respect to your personal data
- the right to obtain information about the data the Company holds about you and the processing carried out;
- in certain circumstances, the right to receive data in electronic form and/or to ask the Company to transmit this information to a third party where technically possible ;
- the right to modify or correct your data (see below);
- the right to ask the Company to delete or anonymize your data in certain circumstances (please note that legal or regulatory requirements may require that your data be deleted or anonymized) ;
- the right to request the Company to restrict or object to the processing of your data, in certain circumstances (please note that the Company may continue to process your personal data if the Company has a legitimate reason to do so) ;
- the right to ask the Company to restrict or object to the processing of your data, in certain circumstances (please note that the Company may continue to process your personal data if the Company has a legitimate reason to do so).
For the avoidance of doubt, these rights will only be available to authorised persons, and subject to verification of the identity and/or power of representation of such person(s). You may exercise your rights by contacting the Company as more fully described below.
You must ensure that the information provided to the Company is true, accurate and up-to-date. You must also inform the Company, without delay, of any significant change in your situation. If you have provided information about a third party to the Company, you must ensure that you have their permission.
Data Protection Measures
The Company implements technical and organizational measures to protect your data, including anonymization and physical security procedures. The Company requires its staff and all third parties working for it to adhere to strict security and information protection standards, including contractual obligations to protect all data and to implement strict data transfer measures.
Contacting the DPO
If you would like to know more about the provisions of this Charter or contact our Data Protection Officer (“DPO”), please write an email to :
You can exercise your rights by writing to the following address :
85 avenue du Président Wilson
93210 La Plaine Saint-Denis
This Charter may be modified in order to comply with applicable regulations.