Information notice on processing of personal data of customers
Dear Valued Customer,
In order to provide you with the information you might request concerning Technis’ products, to perform the contracts we conclude with you, and to comply with laws and regulations, we need to acquire and process some of your personal data.
The processing of the personal data of our Customers will, in any event, be based on the principles of fairness, lawfulness, transparency and protection of confidentiality and of the rights of the data subject, in accordance with the provisions of the LPD, the LPrD and the GDPR as well as any applicable national legislation and the prescriptions of the Swiss, Canton de Vaud and EU Member States authorities for the protection of personal data.
One of our primary obligations is to inform you (the “Data Subject”) on the processing of your personal data we carry out or might carry out in the future. Therefore, in accordance with Regulation (EU) 675/2016 (GDPR), the Swiss Loi fédérale sur la protection des données (LPD) of the 19 June 1992, and the Loi sur la protection des données personnelles (LPrD) du Canton de Vaud of the 11 September 2007, we provide you with this information notice.
This notice refers to personal data we might acquire from you or from third parties due to precontractual request you might address to us or due to a contract entered between you and Technis Ltd or Technis s.a.s.
This includes, for instance, the processing of personal data we might acquire due to your request for a quotation for our products, the execution of a contract with you, the use of the Technis app which works in combination with our smart flooring systems, while providing installation and customer care services, etc.
DATA CONTROLLER AND CONTACT INFORMATION
The joint Data Controllers are Technis Ltd, a Swiss company having its registered office in Place de la Gare 10, 1003 Lausanne, Switzerland and Technis s.a.s., a French company having its registered office at 242, boulevard Voltaire, 75011 Paris, France. (hereinafter jointly referred to as “Data Controller” or “Technis”).
The Data Controller can be contacted regarding any question relating to the processing of personal data at the e-mail address: email@example.com or by registered letter addressed to:
Data Protection Office
Place de la Gare 10
The appointed Data Protection Officer is:
Your personal data is, or could be, disclosed to the following recipients (possibly designated as Data Processors):
- The personnel of Technis.
- Third parties which are entrusted with the maintenance and repair of the Data Processor’s software, electronic databases, and apps, to the extent that such disclosure is necessary for the performance of their activities.
- Commercial agents, retailers, distributors, etc. entrusted by the Data Controller to reply to your requests or to assist the Data Controller in the execution of contracts concluded between you and the Data Controller.
- Third parties entrusted with the delivery and/or installation of the Data Controller’s products (logistic services, shipping companies, specialized workforce, etc.).
- Third parties entrusted with technical operations required for providing the quotations, feasibility studies, measurements, etc. in relation to Data Controller’s products.
- Third parties entrusted with administrative tasks of the Data Controller (issuing invoices, preparing mandatory documentation to be submitted to tax and fiscal authorities, etc.).
- Third parties which provide communication, data storage, data sharing, newsletter services, cloud data storage, etc.
- External lawyers and consultants, only in the event their assistance might be requested for the conclusion of contracts or in case of disputes arising out of the contracts between the Data Controller and the Data Subject.
- Other categories of subjects to whom the Data Controller must communicate personal data in order to perform its obligations towards you or in order to comply with legal obligations or requests of the authority.
CATEGORIES OF PERSONAL DATA PROCESSED
The Data Controller might acquire and process the following categories of personal data in order to pursue the lawful purposes referred to into the following section:
- Common data: names, company names, addresses, e-mail addresses, telephone numbers, fax numbers, data related to invoices and payments, etc.
The Data Processor will not, in principle, collect and process special categories of data (“sensitive data”) such as those revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
PURPOSES AND LAWFULNESS OF THE PROCESSING
The Personal Data are processed by the Data Controller and/or by the Data Processors appointed by the Data Controller on the following legal basis:
- the data subject has given consent to the processing of the personal data for one or more specific purposes (e.g. the user consents to the processing of its personal data for the purpose of receiving the newsletter or targeted advertising, or to participate into commercial enquiries, etc.).
- processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract (e.g. for replying to your requests of information on products or other precontractual requests). Personal data processed through the Data Controller’s apps are necessary to ensure the correct functioning of the products supplied by the Data Controller or its distributors or retailers.
- processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. issuing and keeping record of invoices).
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
MODALITIES OF THE PROCESSING
Personal data is processed by automated and non-automated means for the time strictly necessary to achieve the purposes for which they were collected.
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
It is important to remember that anything that the data subject transmits or provides online may be collected and used by third parties or illegally intercepted by third parties. No data transmission over the Internet can be considered 100% secure. The Data Controller undertakes to use reasonable means to protect the personal data of the persons concerned but cannot guarantee the total security of the information they exchange.
PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED
The user’s personal data will be kept for a period strictly necessary for the pursuit of the specific processing purposes referred above and, in particular, the personal data collected when browsing the Website through cookies will be kept for the following periods:
- Personal Data processed in order to perform a contract, including data acquired through the apps of the Data Controller: for the entire duration of the contract or precontractual phase and thereafter until the expiration of the limitation period.
- Personal Data processed in order to address precontractual requests made by the Data Subject: for the period necessary to address such requests and for 24 months thereafter.
- Personal Data processed in order to comply with legal requirements or orders of the authorities: for the period set forth by the law or by the order of the authorities.
- Personal Data processed on the basis of the legitimate interest of the Data Controller: for as long as such legitimate interest persists, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
- Personal Data processed on the basis of the consent of the Data Subject: until the Data Subject revokes the consent. Please note that the revocation of the consent does not affect the lawfulness of processing made before such revocation.
RIGHTS OF DATA SUBJECTS
At any time, the Data Subjects whose personal data has been acquired by the Data Controller have the right to:
- ask the Data Controller for access to their personal data (that is to say to know if the Data Controller processes these data), to obtain their rectification or cancellation, to limit the purposes for which these data are processed or to oppose their processing, as well as the right to obtain their portability.
- when the processing is based on the consent that had been given by the Data Subject, the latter may withdraw his/her consent at any time without prejudice to the lawfulness of the processing based on the consent given previously.
These rights can be exercised by sending a specific request to: firstname.lastname@example.org
In addition, the Data Subject may also lodge a complaint with a supervisory authority, and in particular:
- In Switzerland, to the Préposé fédéral à la protection des données (PFPDT) using the contact details mentioned on the site https://www.edoeb.admin.ch/edoeb/fr/home/le-pfpdt/contact.html
- In the Canton of Vaud, to the Préposé du Canton de Vaud à la protection des données, Rue Saint-Martin 6, PO Box 5485, 1002 Lausanne, Switzerland, email@example.com.
- To contact the authorities of the EU Member States, consult the list and contact details on the site: https://edpb.europa.eu/about-edpb/board/members_fr
MANDATORY OR FACULTATIVE NATURE OF THE PERSONAL DATA TO BE PROVIDED
- For the processing of the data necessary to fulfil the legal obligations incumbent on the Data Controller or to perform pre-contractual or contractual obligations between the Data Controller and the Data Subject, the PROVISION OF DATA IS MANDATORY and the possible refusal to provide such data may result in the total or partial impossibility for the Data Controller to provide the requested information, services or products, these data being essential for the full and proper execution of the obligations of the Data Controller or for the execution of the legal obligations incumbent on it.For any processing carried out on the basis of consent (e.g. subscription of the newsletter service), the CONSENT is FACULTATIVE and can be revoked at any time by sending a request to the Data Controller at the address e-mail firstname.lastname@example.orgPlease note that the revocation of consent does not affect the lawfulness of processing based on the consent given before the revocation.
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
Personal Data provided to, and processed by, the Data Controller are not transferred to third countries (i.e. outside the territories of Switzerland and of the EU).
You can consult the full version of the laws mentioned in this information notice on the following websites:
- The Swiss Federal Law on Data Protection (LPD) of June 19, 1992: https://www.admin.ch/opc/fr/classified-compilation/19920153/index.html
- Law of the Canton of Vaud on the protection of personal data (LPrD) of September 11, 2007: https://prestations.vd.ch/pub/blv-publication/actes/consolide/172.65?key=1543934892528&id=cf9df545-13f7-4106-a95b-9b3ab8fa8b01
- Regulation of the European Union n. 679/2016 (GDPR): https://eur-lex.europa.eu/legal-content/FR/TXT/?uri=CELEX%3A32016R0679