99 GROUP’S CHARTER FOR PERSONAL DATA PROTECTION
As part of its activities, 99 Group may collect and process your personal data.
99 Group is committed to personal data protection. The processing of personal data carried out in the context of our activities complies with the rules relating to privacy, in particular the General Data Protection Regulation (EU Regulation 2016/679) known as “GDPR”, and the amended 6 January 1978 law for the digital sector, files and freedoms, known as the “loi informatique et liberté” law.
99 99 Group acts as data controller in the context of the usage of the trademarks it owns.
99 99 Group has set up a dedicated personal data protection department, which ensures the effective implementation of specific procedures and processes in order to raise awareness among its employees, involve its partners and subcontractors in the protection of personal data, and ensure the compliance of the personal data processing for which it is responsible.
The purpose of this charter (hereinafter referred to as “the Charter”) is to inform you of the reasons why 99 Group is required to process your personal data, how 99 Group does so, and your associated rights.
99 GROUP’S COMMITMENTS FOR PERSONAL DATA PROTECTION
99 Group is committed to ensuring the protection of your personal data.
As data controller, 99 Group must respect a number of basic principles in the processing of personal data:
– Legality, loyalty, transparency: your personal data is processed in a lawful, fair and transparent manner
– Purpose limitation: your personal data is collected for specific, explicit and legitimate purposes and is not processed in a way that is incompatible with those purposes
– Minimisation of data: only adequate, relevant data is collected, and this is limited to what is necessary regarding the purposes for which it is processed
– Limitation of storage: your personal data is stored for a limited period of time, which will not exceed the period necessary to achieve the purpose of data processing. These terms respect the retention periods as defined by the law;
– Accuracy: your personal data is accurate, kept up to date and every reasonable step is taken to ensure that inaccurate data, with regard to the purposes for which it is processed, is deleted or rectified as quickly as possible
– Security: your personal data is secured by effective technical and organisational measures adapted to the risks that the processing presents to your right to respect of your private life and your other rights and freedoms.
Internal procedures are in place to ensure compliance with the guiding principles of the personal data protection regulations from their conception and by default. Employees of 99 Group are subject to a confidentiality agreement. Our relationships with external service providers are secured by contracts ensure the security for your personal data.
All our services, providers, remote applications and servers required to process your personal data are located within the European Union. If your personal data was transferred outside the European Union, we undertake to adopt appropriate safeguards in accordance with the applicable regulations.
RIGHTS OF CONCERNED PARTIES
You have various rights in terms of your personal data:
– The right to information about processing: in order to respect the principle of fairness and transparency, 99 Group, in its capacity as data controller, is required to inform you before collecting your personal data. This information allows you to understand and, where necessary, consent to the processing that 99 Group offers you;
– The right of access to your personal data: once your data has been collected and processed by 99 Group, you have the right to a copy of your personal data held by 99 Group
– The right of rectification: insofar as your data will not always be up to date, you have the right to correct any inaccurate data
– The right to withdraw your consent at any time: If you have given your consent to processing, you may withdraw it without prejudice to the prior lawful processing
– The right to object to processing: when the processing is not based on your consent but on the pursuit of legitimate interests by ourselves or a third party, you may object to data processing in view of your personal situation
– The right to limitation of processing: you have the right to limit data processing when one of the elements provided for in Article 18 of the GDPR law applies
– The right to erase data: you may request the deletion of the data we process for a legitimate reason covered by Article 17 of the GDPR law
– The right to portability: in the case of data processing being based on your consent, you may request the transfer of personal data to another data controller, or receive said data in a structured, commonly used and machine-readable format
– The right not to be the subject of an automated individual decision (including profiling): with some exceptions, you have the right not to be the subject of an automated individual decision, such as profiling, which has legal effects, or affects you significantly
You also have the right to file a complaint with the CNIL (National Commission on Informatics and Liberty). For more information, we invite you to visit the CNIL website.
You may exercise your rights via the following media by providing all the information necessary to identify yourself (surname, first name, email):
Write to our GDPR manager with any queries or for additional information:
DATA PROCESSING CARRIED OUT BY THE 99 GROUP
- Identity and contact details of the data controller
99 99 GROUP
92 Avenue Charles de Gaulle
- Purpose of the processing of personal data
We process your data for the following purposes:
- Sending newsletters
- Email marketing
- Sending emails
- Sending invitations to events organised by 99 Group
- Collecting and managing people’s opinions on products, services or content.
If you no longer consent to receiving the newsletter, you can click on the “unsubscribe” link in the newsletter email.
In addition, data may also be used for the following purposes:
- Management of the rights exercised by concerned parties
- Where applicable, the recognition, exercise or defence of 99 Group’s rights.
- Data categories
For each identified purpose, the categories of personal data collected, processed and stored by 99 Group are as follows:
- Sending newsletters: email address
- Email marketing: identity data, email address
- Sending emails: identity data, email address
- Sending invitations to events organised by 99 Group: identity data, email address
- Collecting and managing people’s opinions on products, services or content: identity data, email address
- Management of the rights exercised by concerned parties: identity data, email address A photocopy of your ID may be required to access your request;
- Recognition, exercise or defence of 99 Group’s rights: identity data, data necessary for the recognition, exercise or defence of 99 Group’s rights.
- Categories of people
The categories of concerned parties are as follows:
The recipients are as follows:
- Partners / Suppliers of any 99 Group entity
- Subcontractors of any entity of 99 Groups
- Authorised services in charge of client data management
- Persons authorised on behalf of third parties.
The legal grounds on the basis of which we may process your personal data are:
- The need to create a contract or carry out pre-contractual measures for the purposes described in this Charter
- Compliance with a legal obligation
- The protection of the vital interests of the concerned party
- The legitimate interest of the data controller
Your personal data is kept for as long as necessary to fulfil the purposes described in this Charter. They are then archived in accordance with legal and/or regulatory obligations, and/or to enable 99 Group to establish proof of a right or of a contract (applicable limitation periods).
The security of processing and of personal data is a priority for 99 Group. We implement technical and organisational measures adapted to the challenges and risks associated with personal data protection. Our employees are trained in the protection of personal data and are subject to a confidentiality agreement. Our websites are digitally protected, and communication with your computer is encrypted by a HTTPS (TLS) stream.