Privacy Policy
The current privacy policy (“Privacy Policy”) provides you with information regarding the personal data we collect from you, how we use said data as well as your rights in terms of the personal data we have relating to you.
The last update dates from January 21st 2021.
The goal of the privacy policy is to inform clients, prospects and suppliers regarding the processing of personal data, carried out by companies of the ANNEXX group (“ANNEXX”) and their rights in this regard, as part of responses to quotation requests and managing their contractual relationship with their clients.
The Privacy Policy is accessible via the ANNEXX website and, in any case, is available to every client and supplier before concluding an agreement or service contract with ANNEXX.
It can be modified to include, notably, the evolution regarding implementing data processing as well as the applicable legislation. Thus, our suppliers, prospects and clients are encouraged to take note of all new versions, by any means.
1. Who are we? Annexx’s identity
For any questions relating to our Privacy Policy, you can contact us via the following information:
Annexx SAS
70 Rue Jacques Babinet- 31100 Toulouse
Tel.: 05 34 60 31 16
E-Mail: juridique@annexx.com
SIRET: 44470492800035
All of our clients can send their questions regarding problems with data protection, confidentiality and security, to our legal department.
ANNEXX is responsible for processing the Data, as a professional entity who offers a service to individuals and other professionals, that includes providing storage units, offices and a legal address. In this capacity, ANNEXX is subjected to obligations imposed by the current regulations in France and within the European Union, in terms of personal data, particularly the Regulation (EU) 2016/679 of April 27th 2016, relating to the protection of natural persons regarding the processing of their personal data and the free circulation of said data.
The persons concerned by the processing of personal data are ANNEXX’s suppliers, clients and prospects, including, notably, web users browsing the ANNEXX website (the “Users” or “You”).
2. Definitions
The term “personal data” includes any information that could potentially identify you directly, like your first or last name, your postal address, email address, telephone numbers, date of birth and your payment details; or indirectly like an IP address (“Data”).
Processing data refers to any transaction, undertaken or intended, directly or indirectly, with the Data, like collecting, registering, organising, conserving, modifying, consulting, using, transmitting, distributing, or any other form of provision, reconciliation or interconnection, limitation or destruction etc.
3. Collected and processed data
Data that you provide to us
ANNEXX collects Data directly from its prospects and clients via the forms accessible on their website, or by telephone, from your mobile devices or not, or directly when you VISIT one of our establishments. This Data is updated directly by the Users. As such, the Users commit to communicating any update of said Data to the marketing/customer service, without delay.
When you visit one of our establishments, surveillance cameras are also able to collect Data, in order to ensure the security of goods and people. Telephone conversations, in particular with our Customer Reception Centre, as well as email exchanges can potentially be recorded and kept, with the goal of improving the quality of our customer service and to train our associates.
Supplier Data is collected when contact is established and when carrying out the contract, drawn up between the supplier and ANNEXX.
ANNEXX limits the collection of personal data to data that is adequate, relevant and strictly necessary for managing the business relationship.
Not providing this data can, depending on the situation, lead to the inability of concluding the contract and/or providing the Services and/or making you commercial offers.
Data obtained by third-parties – Cookies
Data can also be provided indirectly via Google, Safari, for web users’ behavioural data collected using Cookies and/or tracers. Technology like cookies, tags and scripts is used by us and our partners, our affiliates or our analysis or service providers. This technology is used to analyse tendencies, manage our website, follow our users’ movements in regards to our website and collect demographic data on our users. We can receive reports based on the use of said technology by companies, on an aggregated basis.
For more information about the way in which we use cookies and about the information collected thanks to cookies, please consult our “Cookie Policy” below.
We are also likely to receive Data about you via banking institutions or credit establishments. In this case, we will update your Data in our database.
Data regarding third-parties which You provide to uss
In the event you would transmit Data relating to another person for emergency contact needs (like a relative…), you guarantee that you have the authority to consent to Data processing in their name, you receive all correspondence relating to this Data in their name, you consent to this Data being transferred abroad in their name.
We do not voluntarily collect Data relating to minors under 16 years old, however, if you are a parent or a legal guardian of said minor and you think that we detain Data on them, you can obtain the deletion of said Data after proving your identity and your legal authority over the minor.
Cookie Policy
4. Processing basis
When a client’s, a prospect’s or a supplier’s data is processed by ANNEXX, only the data required for processing purposes is processed.
The bases on which said processing is founded are compliance with a legal obligation, carrying out a contract, legitimate interest and your consent.
Furthermore, the Data that must be mandatorily collected is identified as such (ex: by an asterisk on the forms).
5. Summary of purposes, processed data, grounds for processing, conservation period
Hereunder you will find a summary of all Data that is processed as well as its purpose:
Data processing
PROSPECTS
Context of collection |
Type of Data |
Purpose of the processing |
Legal basis |
Persons / Departments with access to the data |
Conservation period |
Sending quotes and additional information |
- First and last name
- Email address
- Telephone number
- Browsing data (cookies)
|
|
- Analysing the prospect's needs
- Preparing a quote and sending it to the prospect
|
|
Consent |
- Sales department
- Marketing department
- Associates on relevant sites
- Regional directors
- General management
- Electronic record management solution for storing data
|
|
3 years from the date of collection or from the last contact with the prospect |
Data processing
CUSTOMERS
Context of collection |
Type of Data |
Purpose of the processing |
Legal basis |
Persons / Departments with access to the data |
Conservation period |
Providing a service: supplying a modem, an office, a legal address, letter box |
- First and last name;
- Email address;
- Telephone number;
- Mailing address
- Kbis (company registration)
- Banking information, for direct debits
|
|
- Establishing a contract
- Providing access to the storage facility
|
|
- Carrying out the contract
|
|
- Sales department
- Associates on the relevant site
- Regional directors
|
|
- Throughout the contractual relationship and an additional 5-year period
|
|
Managing litigation |
- See above
- Date of birth/ age
|
|
- Collecting and processing data relating to delays and defaults on payments by clients, in order to prepare, carry out and monitor a recovery action or a judicial remedy and, when necessary, enforce the rendered decision
|
|
- Legal obligation
- Legitimate interest
|
|
- Legal department
- Third parties (bailiffs, auctioneers, debt collecting agencies, lawyers)
- Every department at ANNEXX
|
|
- Pre-litigation: until an amicable settlement of the dispute is concluded, or, if not, until the action is filed with the relevant authorities.
- Judicial litigation: until ordinary and extraordinary procedures are no longer possible against the rendered decision
|
|
Customer relationship management |
|
- Managing contract termination (ex: refunding extra charges…)
- Recording telephone and email exchanges
- Commercial offer
- Survey regarding the quality of provided services
|
|
- Carrying out the contract
- Legitimate interest
|
|
- Sales department
- Finance and accounting department
- Exterior service providers
- Electronic record management solution for storing data
|
|
- Throughout the contractual relationship and an additional 5-year period. Except for audio files: within 6 months of recording them
|
|
Video-surveillance |
|
- Ensuring the security of people’s goods
- Ensuring that security rules are met
|
|
|
- Security department
- Legal department
- Public authority
- Lawyers
|
|
|
Credit check |
- Banking data
- Banking information from the credit institution
|
|
- Allowing for decisions to be made regarding requests about your solvency
- Preventing fraudulent transactions and money laundering
- Verifying the veracity of provided information
|
|
- Legitimate interest
- Legal obligation
|
|
- Financial department
- Legal department
- General Management
- Establishment’s director
- Public authorities
- Lawyers
- Credit institutions
|
|
- Throughout the contractual relationship and an additional 5-year period.
|
|
Data processing
PROVIDERS
Contexte of collection |
Type of Data |
Purpose of the processing |
Legal basis |
Persons / Departments with access to the data |
Conservation period |
Providing a service |
- First and last name
- Email address
- Telephone number
- Contract
- Invoice and purchase order
- Kbis
|
|
- Establishing a contract
- Providing and monitoring a service
|
|
- Carrying out the contract
|
|
- Sales department
- Marketing department
- Accounting department
|
|
- Throughout the contractual relationship and an additional 5-year period.
|
|
Managing provider litigation |
|
- Monitoring and processing disputes relating to contact with the provider
|
|
- • Legal obligation
- • Legitimate interest
|
|
- Legal department
- Third parties (bailiffs, lawyers…))
- Every department at the ANNEXX headquarters
|
|
- Pre-litigation: until an amicable settlement of the dispute is concluded, or, if not, until the action is filed with the relevant authorities.
- Judicial litigation: until ordinary and extraordinary procedures are no longer possible against the rendered decision..
|
|
6. Who can access your Data?
Personal data that is collected is accessible within ANNEXX itself, by the departments that are competent for managing the different relevant processing.
Access to personal data is strictly reserved for persons who need access to it, as part of their job within ANNEXX, see table above.
7. The recipients and the transfer of this Data
For some of the purposes identified hereunder, ANNEXX uses the services of sub-contractors or service providers (ex: those in charge of providing administrative services like record keeping) like IT service providers (ex: the provider in charge of site hosting), solution in Saas providers who need access to said Data to carry out the task entrusted to them by ANNEXX, including some that are located outside of France. As such, ANNEXX imposes, on its co-contractors, strict obligations in terms of the processing, confidentiality and security of Data to which their providers have access.
ANNEXX can also communicate Data to third-parties in certain specific cases:
- If ANNEXX is obliged to disclose or provide access to Data in order to conform to a legal obligation or a court ruling, or to uphold or enforce the service agreement or any other reason other than accepted reasons, or to protect the rights, property or security of ANNEXX, its clients or its associates;
- If the law authorises said transfer by ANNEXX,
- If ANNEXX plans to transfer an activity or assets (including transferring the business carrying out said activity or holding said assets), the Data can be communicated to the buyer and to potential buyers as part of an audit, including their advice,
- If all or a part of ANNEXX’s assets is acquired by a third-party, the Data will be part of the transfer. The Data will be processed by the buyer who will act as the new data controller and their Data protection policy will therefore govern the Data processing..
Generally, Your Data is transferred to companies that belong to the ANNEXX group.
Your Data can be shared with the person you have chosen as emergency contact in your contract. Contact with this person will lead to the exchanging of Data.
8. Actions carried out on Data
The following actions are carried out on Data:
- Collecting and saving Data
- Organising and structuring Data
- Hosting or conserving Data via third-party software,
- Consulting Data
- Sorting (via a solution edited by a third-party)
- External record keeping
- Communicating Data by transmission, distribution, or otherwise making available to the relevant services
- Modification / consultation by the customer service or marketing department
- Deletion or destruction of Data
9. The location of Data and security measures in place
All User Data is hosted within the European Union. Data is hosted at OVH.
ANNEXX takes all useful precautions to guarantee the confidentiality and security of Data and prevent alteration, corruption or access by unauthorised persons. A security policy for the IT system has been put in place. As such, as an example, access to your Data is limited and restricted only to the persons/services who need to access it, this Data is stored on secure servers, the banking Data being encrypted. Access to Data requires the use of a login and password.
However, transmitting Data via the Internet is not without risk. Consequently ANNEXX doesn’t guarantee the security of Data transmitted by the internet, as long as ANNEXX meets its commitments in terms of security.
No Data will be transferred to a third-party located outside of the European Union, except in the event where ANNEXX must have court documents served or enforced (subpoena, judgment, foreclosure…) abroad, when the User resides outside of the European Union. As such, User Data is transmitted to the authorities in charge of having court documents served or enforced. In any event, ANNEXX ensures that the transferred Data is subjected to adequate protection in order to guarantee its security, integrity and confidentiality.
10. What are your rights?
As part of Data processing carried out by ANNEXX, you have the following rights:
- Gaining access to / a copy of your processed Data,
- Rectifying your Data,
- Erasing all or part of your Data when said Data, (i) is no longer required for the purpose for which it was collected, (ii) is exclusively based on consent, (iii) is subjected to a request for objection
- Objecting to the processing of your Data,
- Requesting limited processing, temporarily, when the accuracy of the Data is questioned, when you have objected to the processing, when the Data is no longer necessary to ANNEXX but still necessary for establishing, exercising or defending legal claims
- Unsubscribing or objecting to the receipt of commercial solicitation by message at any moment by clicking on the “unsubscribe” link in any email or communication sent by ANNEXX
- Retract your consent at any time in regards to processing based on consent
- Achieving Data portability when the processing is based on consent and is carried out via automated processes
- Providing guidelines in regards to the outcome of your Data post-mortem
- Sending a claim to the Data Protection Authority
To exercise these rights or ask any question relating to the current User Privacy Policy, simply send your request to the following email address: dpo@annexx.com with a copy of your ID card.
11. How long do you we keep your personal data?
We keep your personal information in our system as long as necessary:
- Allowing us to manage the services to which you have subscribed
- Complying with our legal obligations, resolving disputes and/or enforcing our agreements.
12. Third-party Websites
The ANNEXX Website contains links towards other third-party Websites. ANNEXX’s privacy policy applies only to the personal Data that we collect via our Website and doesn’t apply to other Websites to which our Website can be linked, with or without our permission. We are not responsible for personal data that third-parties can collect, store and use via their Website. You should always read the charter regarding data protection carefully on every Website that you look at.