As part of the management of our website info-rand.com (hereinafter referred to as “the Site”), we process personal data. We wish to offer users the highest level of protection for your personal data and to protect the confidentiality of the information entrusted to us.
The person responsible for processing your personal data is RAND FRÈRES, 8 rue Bellini 75116, Paris. You can contact us by writing to RAND FRÈRES – SERVICE DATA PROTECTION : 8 rue Bellini 75116, Paris, France, 01 85 73 73 85.
We have appointed a data protection delegate who ensures that your personal data is systematically used transparently, accurately and in compliance with applicable regulations, principally the French Data Protection Act of January 6, 1978 as amended and European Regulation n°2016/679/EU of April 26, 2016 (RGPD). You can contact our Data Protection Officer at dataprotection[@]rand.fr, specifying DPO in the subject line of the message.
The purpose of this privacy policy is to inform you about the processing operations carried out on your personal data and the rights you have. It contains terms with specific meanings (e.g. recipient, personal data or personal data, processing, data controller, data processor). To better understand them, you can read their definition in Article 4 of the RGPD.
We invite you to read this privacy policy regularly in order to be informed of any changes to which it may be subject. You will be informed of any substantial changes.
1. What personal data do we collect?
Categories of personal data
In the course of using the Site, we may collect the following categories of data:
Your identification data (surname, first name, e-mail, postal address, telephone number) ;
- Your connection and Internet data (information relating to the device and browser you are using, your IP address and geographical location, the date and time of your visit, the duration of your visit and the websites consulted before your visit and your interactions on the Site, tracer cookies, audience measurement).
Methods of collection
We collect your personal data when:
- you browse the Site ;
- you use the contact form.
This personal data is collected directly by a positive act on your part (e.g. via a contact form). Where applicable, we will indicate when the provision of personal data is mandatory. If you do not provide us with the “mandatory” data mentioned, we cannot assure you that we will be able to follow up your request.
2. How is your personal data protected?
We implement all applicable technical and organizational measures to ensure an optimal level of security and confidentiality of your personal data.
In this respect, we take all necessary precautions, in view of the nature of the data and the risks presented by the processing, to preserve the security of the data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorized third parties (physical protection of premises, authentication procedures with personal and secure access via confidential identifiers and passwords, logging of connections, anonymization of certain data, etc.).
3. Why do we use your personal data?
We only process your personal data if this is necessary for the purposes for which it was collected. Any data processing we carry out is founded on a legal basis justifying it.
- Purposes of processing: related legal bases
- Management of contact requests: Receipt and processing of requests received via our contact form.
- Management of requests to exercise rights, in compliance with a legal obligation.
4. What rights do you have regarding the management of your personal data and how can you exercise them?
As part of the processing we carry out, we inform you that you have the right to object to us using your data for a specific purpose.
You also have the following rights:
- Right of access: you have the right to request information about the personal data we hold about you;
- Right of rectification: you have the right to request rectification of your personal data if it is inaccurate or incomplete ;
- Right to object: you may object, on legitimate grounds, to us ceasing to process any of your personal data;
- Right of deletion: you have the right to ask us to delete all or part of your personal data;
- Right of limitation: you have the right to ask us to suspend the processing of your personal data;
- Right to define directives on the fate of your personal data after your death.
Finally, where we implement processing on the basis of your consent, you have the right to withdraw that consent at any time.
Please note: Some of these rights are subject to conditions, and are not automatic. We will therefore not necessarily be able to respond favorably to your request.
You can exercise your rights by contacting us using the contact details provided in the Preamble.
Lastly, you may lodge a complaint with the CNIL online or by post at the following address: 3 Place Fontenoy – TSA 80715 – 75334 Paris Cedex 07.
5. With whom do we share your personal data?
We take the protection of your personal data very seriously and never sell your personal data to third parties. Internally, we may pass on your personal data:
- to RAND FRÈRES team personnel, who are subject to an obligation of confidentiality, in charge of the processing identified above as part of the performance of their duties;
- to companies of our Group domiciled in the European Union, for the purposes identified in the present Privacy Policy and under the same conditions.
We may communicate your personal data to external service providers who manage a service on our behalf as part of the management of your contact.
We ensure that these service providers provide sufficient guarantees to ensure the security of processing and the confidentiality of your personal data. To this end, we have concluded the corresponding subcontracting agreements with these service providers, in order to define the rights and obligations incumbent on each party and thus ensure their compliance with regulations on the protection of personal data.
6. How long do we keep your personal data?
We keep your personal data in a form that enables it to be identified for as long as is necessary to achieve the purposes for which it was collected.
We then archive it for the duration of the applicable statute of limitations.
- The criteria used to determine retention periods are as follows:
- Existence of a legal or regulatory obligation to which we are subject;
- The length of time we talk to you.
- For example:
- We retain your data relating to your making contact before archiving it.
- We keep your data relating to the sending of commercial prospecting for the duration of our commercial relationship with you, then 3 years from our last contact with you (before archiving them).
