5àsec Personal Data Protection Policy

The 5àsec Group attaches great importance to protecting the personal data and privacy of its customers and of all Users of its websites or mobile applications.

This Personal Data Protection Policy describes the types of personal data that 5àsec may need to collect concerning you and the way that 5àsec and its subcontractors may need to use these data.

All operations on your personal data are carried out in compliance with the regulations in force with effect from 25 May 2018, pursuant to “Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data” (the “Regulation””).

The User of the services, websites and applications of 5àsec acknowledges that he/she has read and accepted the terms of this Policy and of the general terms and conditions of service available on the websites concerned. If the User does not consent to these terms, he/she is free not to use the services and websites or mobile applications and not to supply any personal data.

 

ARTICLE 1 - DEFINITIONS

Personal data - any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to the person.

“Processing of personal data” - any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Controller” - the natural or legal person, public authority, agency or other body which, alone or jointly with others, collects and processes personal data.

“Recipient” - the natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

“Processor” - the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

“Authorised third parties” - a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

 

ARTICLE 2 - IDENTITY OF THE CONTROLLER

The personal data are collected by the 5àsec Group - (the company Financière Hygie, 60 rte Sartrouville, 78230 LE PECQ, represented by Mr. Olivier BOCCARA, in his capacity as CEO, and its subsidiaries).

 

ARTICLE 3 - PROCESSING OF PERSONAL DATA

In providing its services and operating its websites and mobile applications 5àsec collects data concerning you. These data are processed in compliance with the purposes specified at the time of collection.

When you pay for a purchase order or service at the cash desk of a store affiliated to 5àsec, the data is collected directly by our employees in the store, in order to guarantee the confidentiality of your personally identifiable data. These employees will ask you for the information necessary to pay for your service and its performance, i.e. your name, first name, email address, mobile phone number and postal address.

 As a general rule, the items of information that are essential for carrying out the service are marked by an asterisk on the data collection forms or are verbally identified as being essential at the time of collection. If you do not fill in the compulsory fields, we will not be able to perform the service.

In particular, 5àsec may need to collect and use your personal data to access the functionalities and services proposed on our websites and mobile applications and to keep the information concerning you up-to-date, correct and relevant, especially for one or more of the following purposes:

Management of requests for information and/or documentation

Your identification data will enable us to process your request on the contact forms, for example:

  • your personal details (title, name, first name, date of birth, postal address)
  • your contact details (fixed line or mobile phone number, email address)
  • email correspondence (content of your emails, your address and any correspondence sent to you)
  • the internal processing code enabling us to identify the customer.

The recipients of the data are the 5àsec internal departments and, where applicable, the processors subcontracted by the company.

Management of job applications Your career details (educational qualifications, certifications, CV, motivation letters etc.) will enable us to process your application. The recipients of these details are exclusively the internal departments of 5àsec and its subsidiaries. Any communication of the data to third parties (e.g. recruitment firm, temporary employment agency etc.) will be conditional on prior consent by the person concerned (“data subject”).

Transmission of commercial information

5àsec complies with the regulations stipulated in articles 6 and 7 of the EU Data Protection Regulation, which specifies that the prior consent (“opt-in”) of the User must be expressly obtained for the transmission of special offers, marketing, canvassing etc.

So, subject to your rights, your data may be used to inform you by email and/or SMS of offers, services, promotions and games/competitions proposed by 5àsec and its subsidiaries.

Via the website, via our collection media or when you buy from one of our stores, 5àsec requests your prior consent by asking you to fill in your personal details. For example:

  • name, first name, address, date of birth, phone number (fixed line or mobile), email address

By way of exception, as part of our service, in your capacity as customer, without having given your consent, 5àsec may process your data to send you marketing information by electronic means if you are already a 5àsec customer and if the purpose of this prospecting is to propose similar products or services. This information is sent pursuant to the legitimate interests of 5àsec and in compliance with the balance of interests between the customer and 5àsec.

In all cases, you have the option to refuse to receive these marketing messages by carrying out the following actions:

  • In the case of email, by clicking the “unsubscribe” link provided in each mail.
  • In the case of SMS prospecting, by sending a “stop SMS” text message to the number indicated on the received SMS.

Loyalty program

Your data will enable us to manage your membership of our loyalty program, for example:

  • your personal details (title, name, first name, postal address)
  • your contact details (billing address, email address)
  •  your fixed line or mobile phone number

Website traffic statistics, for example: IP address, cookies, pages consulted by the user, date and time of visit (see details concerning cookies below). The recipients of the data are the internal departments of 5àsec and of its subsidiaries, and where applicable, the processors subcontracted by the company. Additionally, 5àsec and its subsidiaries may need to collect personal data for other purposes, while taking care to obtain the prior freely given, specific, informed and unambiguous consent of the data subjects, including by electronic means.

Geolocation and mobile applications

We use technologies that enable us to determine the current location of your mobile device. This function requires your consent and can be deactivated on installing the “app” or, after its installation, in your phone settings. Unless you give your consent, the data relating to your movements will not be saved.

Collection of banking data

A secure payment system is available to Users for all purchase orders via a 5àsec website or mobile app.

This payment system is managed by 5àsec’s payment collection partner, in compliance with regulations. The bank card details are erased after each transaction or are archived by a secure system for a maximum period of about 13 months, in case of complaints or disputes.

 

ARTICLE 4 -DATA RETENTION PERIOD

5àsec will store your personal data in a secured environment for the period necessary for the purposes for which the data were collected or for the maximum storage period laid down by the laws of your country.

The table below summarises the different maximum retention periods applicable, depending on the purposes for which 5àsec may need to process your data.

These maximum periods will apply unless you request the erasure or discontinuation of use of your data before the end of the period, for a legitimate reason that is not in infringement of the minimum period imposed on 5àsec by law.

Purpose

Retention period

Video surveillance to ensure the security of merchandise and of the persons visiting the stores of 5àsec and its subsidiaries.

8 days

Statistical metering and personalisation of websites and mobile applications, management of cookies

13 months

Management of requests for access to data and rectification of data

1 year from receipt of the requests

Management of objections to processing

3 years from acceptance of the right to objection

Replies to customer satisfaction surveys

2 years from the last contact

Promotional and loyalty operations, competitions and games, sending of offers

3 years from the end of the business relationship or the last contact initiated by the customer or prospect

 

Management and logging of purchases and services, warranties, debt recovery, complaints management

10 years from the last event, except for data concerning payment methods, which are processed by the 5àsec payment service providers - only for the prescription period of the payment operations.

 

ARTICLE 5 – RIGHTS OF DATA SUBJECTS

In compliance with (EU) Regulation 2016/679 on the protection of personal data, you have the following rights concerning your data: right of access, right to rectification, right to erasure (right to be forgotten), right to object, right to restriction of processing and right to data portability. You can also define the guidelines on the storage, erasure and communication of your personal data after your death. For legitimate reasons relating to your specific situation, you can object to the processing of the data concerning you. To exercise your rights, please address your message by email to dpo.lu@5asec.com. Please attach a copy of a valid ID document. In the event of infringement of any of the above provisions, you have the right to submit a complaint to the competent authorities.

 

ARTICLE 6 - COMMUNICATION OF PERSONAL DATA

The collected personal data are intended for the internal departments of 5àsec. If 5àsec subcontracts the data processing activities to external processors, it will only employ processors that provide adequate guarantees concerning implementation of the appropriate technical and organisational measures to ensure that the processing is in compliance with the reliability and security requirements of the applicable regulations and guarantees the rights of the data subjects. 5àsec may need to transfer data to Switzerland or the US, countries recognized by the European Commission as having an adequate data protection level.

In the case of data communication to service providers located in the US, 5àSec undertakes only to use companies registered on the Privacy Shield list for the collection, use and retention of personal data from the EU and Switzerland.

 

ARTICLE 7 – SECURITY MEASURES

In view of technological developments, implementation costs, the nature of the data to be protected and the risks to the life and liberty of persons, 5àsec implements all appropriate technical and organisational measures to guarantee the confidentiality of the collected and processed personal data and a security level adapted to the risk.

 

ARTICLE 8 - COOKIES

The 5àsec websites use cookies to adjust its websites to user preferences and to optimize its web pages. Cookies or other technologies are used to enable you to connect to the website and services and to personalise them. These cookies make browsing easier and improve the user-friendliness of the websites. A cookie records information concerning your computer’s browsing of our site (the pages you have consulted, the date and time of the visit etc.). We can then read this data on your future visits. You can refuse to accept the use of cookies by configuring the parameters of your web browser, as specified below. In this case, access to certain services and sections of the site may be altered or even impossible. The purposes of the cookies installed on the website are as follows:

  • to monitor website traffic statistics (Google Analytics)
  • in the case of a sites requiring login, to keep your session open
  • to enable or facilitate electronic communication
  • to record the user’s language choice
  • to record the user’s choice on whether cookies are accepted

To refuse cookies

You can refuse the recording of cookies by configuring the parameters of your web browser, in particular by taking the following steps:

Where applicable, the user is informed that in this case access to certain services and sections of the site may be altered or even impossible.

The storage period of cookies varies according to the type of cookies. We mainly use cookies that self-destruct after disconnection. These cookies are termed “session cookies” or “transient cookies”. A log file also enables us to log the history of all accesses to our web pages or the downloading of the various files available on our sites. This information is retained for a period of 6 months. Finally, information concerning your consent to cookies is saved for a maximum period of 13 months. Cookies are used for internal purposes and are not accessible to third parties.

Google Analytics and Privacy

We use Google Analytics to track your activity on our websites and to determine the number of users visiting our pages and the content of the pages viewed. This analysis is anonymous. The Google Analytics cookies are stored on your terminal and can be transferred to a Google server located in the USA, where they will be saved. Google will use these data to analyse your use of the website, to produce website activity reports for the website operators and to provide other services relating to the use of the website and of the Internet. Where applicable, Google will also transmit these data to third parties, if this is required by law and/or if the third parties process the data under the authority of Google.

 

ARTICLE 9 - MODIFICATIONS OF THIS POLICY

If the present 5àsec Policy is changed, or if required by law, this will be published on our websites and shall take effect on publication. Consequently, we invite you to check the Policy each time you visit the site, to see the latest available version, which is always available on our websites and mobile applications.