Purpose
Who are we?
Manutan is one of Europe's key players in multi-channel B2B distribution, with its head office, Manutan International, located at Avenue du 21ème siècle, ZAC Parc des Tulipes, 95500 Gonesse, France.
We have over 2200 employees in Europe, spread across 25 subsidiaries in 17 countries.
As part of our activities, we need to process your Personal Data in compliance with applicable regulations, in particular Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons (or "GDPR"), and the French Law of 6 January 1978, as amended, on information technology, data files and civil liberties (or the "French Data Protection Act").
What are our commitments?
We undertake to implement any technical and organisational measures in order to ensure compliance with the fundamental principles on collecting and Processing Personal Data, in particular the principles of:
i. Lawfulness, fairness and transparency: Personal data is processed in a lawful, fair and transparent manner.
ii. Purpose limitation: Personal data is processed for specified, explicit and legitimate purposes, and not further processed in a manner that is incompatible with the initial purposes.
iii. Data minimisation: Any Personal Data collected is adequate, relevant and limited to what is necessary in relation to the Processing purposes.
iv. Data accuracy: Personal data is accurate and kept up to date. Every reasonable step is taken to ensure that inaccurate or outdated data is erased or rectified, for data Processing purposes.
How do we collect your Personal Data?
Throughout our business relationship, we may ask you to submit your Personal Data in different ways:
i. When you subscribe to a newsletter.
ii. When you register for a webinar.
iii. When you download documents like our white papers.
We may also collect Personal Data via Partners to whom you have previously given your Consent to be contacted by us. In this context, only the data for which you have given explicit Consent for use by a partner will be used.
As you browse Manutan's websites, we may also use cookies, small text files that are stored on your device (PC, tablet computer or smartphone). These cookies enable us to collect Personal Data and information for different purposes (traffic and usage statistics for the website, adaptation of the website to your settings, third-party advertising cookies etc.).
In the context of managing cookies, we are also committed to complying with data protection regulations. As such, when required, cookie Consent will be collected through the cookie banner that appears clearly and visibly when you first visit the company's website.
You can also alter your cookie settings at any time. For more information about how Manutan manages cookies, you can go to the "cookies" section on our website, which is available using the following link: https://www.manutan.fr/fr/maf/gestion-cookies.
What do we use your Personal Data for? (Processing purposes)
Your Personal Data is mainly used to best organise our business relationship and to enable us to deliver the best quality service to you.
In this context, your Personal Data is processed for the following main purposes:
i. Canvassing and business analysis
- To carry out business and marketing canvassing operations.
- To compile business statistics.
ii. Statistical analysis
- To carry out statistical studies in order to:
- Find out about the use and performance of our blog.
- Improve our services and their relevance to you.
Do we process all of the Personal Data that you provide?
In accordance with our commitments, we only collect data that we deem necessary for our activities (data minimisation principle).
Some data is, however, essential for the Processing of your requests and/or orders, while other data enables us to get to know you better and to therefore tailor our offers to your needs. Fields on data collection forms marked with an asterisk (*) are mandatory. If they are not completed, we will not be able to process your request or order, or to send you offers tailored to your needs.
What are the legal grounds for Processing Personal Data?
The Processing of your Personal Data is based on different legal grounds according to the purpose of the Processing concerned. In this context, we need your data in order to:
i. Continue our legitimate interest as the Data Controller (in particular to develop knowledge of our clients, to tailor our offers to your needs and/or to carry out promotional activities.
ii. Comply with a legal obligation when the legislation in force imposes this data Processing.
Who can access your Personal Data?
Your Personal Data may also be transmitted to other organisations in the Group, and to our partners ("Subcontractors"), whose services are necessary in order to carry out our activities as Data Controller. For example, your Personal Data may be transmitted to Subcontractors providing hosting services and IT maintenance, webinar management etc.
In this context, we undertake to only call upon Processors that provide sufficient guarantees and that comply with our commitments in terms of protecting Personal Data.
For how long will your Personal Data be held?
These retention periods depend on the nature of the Processing purposes and, in particular, take into account any applicable legal provisions imposing a specific retention period for certain categories of data, applicable limitation periods and recommendations from local supervisory authorities regarding certain data Processing categories.
Your Personal Data is stored for three years from when it is collected, or from the last contact you had with our services (for example, a documentation request or a click on a hyperlink contained in an email).
Are your Personal Data secure?
We take great care with the confidentiality and security of your data.
In this context, we implement appropriate technical and organisational measures in order to guarantee an appropriate level of security that complies with the industry's best practices. As such, we comply with regulatory requirements and protect the rights and Personal Data of the data subjects when designing Processing operations.
Manutan has a global Information Security Management System, based on the international ISO/IEC 27001:2013 standard. The aim of this standard is to preserve the confidentiality, integrity and availability of sensitive, confidential data, including your Personal Data.
Furthermore, our Internet platform benefits from reinforced security measures, such as the use of reliable encryption protocols, and protection using an application firewall, constant supervision and regular external audits. Finally, the password linked to your account is stored and encrypted in our database, thus making it inaccessible to anyone other than yourself.
What are your rights regarding Personal Data?
In accordance with applicable data protection legislation, you may, at any time, exercise your rights as the data subject. You have the right of access, the right to rectification, the right to erasure, the right to data portability, and the right to restrict and to object to the Processing of this Personal Data.
In particular, you have the right to object to the Processing of your data for commercial prospecting. Depending on the choices you made when creating or amending your account, you may receive offers from our company, from other companies in the Manutan Group or from partners. These choices may be modified at any time when you are logged in to your online account.
In particular, if you no longer wish to receive our newsletter, you can click on the unsubscribe link at the bottom of each electronic advertising message.
How do you exercise your rights?
You can exercise your rights by writing to Manutan at: Group Legal Department, ZAC du Parc des Tulipes, Avenue du 21ème Siècle, 95506 Gonesse Cedex, France; or by sending an email to: privacy@manutan.com.
In this context, we kindly ask you to stipulate any elements necessary to identify you (surname, first name, and email address) in your request and attach a copy of an identity document, along with any other information regarding your request.
You also have the right to make a complaint to a local Supervisory Authority in the event of a breach of the applicable data protection legislation, in particular the GDPR.
Who should you contact?
If you have any further questions regarding this policy or how Manutan processes your Personal Data, please send an email to: privacy@manutan.com.
Modifications and updates
This Privacy Policy may be modified or updated in view of different interpretations, decisions, and opinions regarding the GDPR. Manutan undertakes to inform you of any modification made via its website.
Glossary
i. "Personal Data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
ii. "Processing" means any operation or set of operations that is performed on Personal Data or on sets of Personal Data, by automated means or otherwise, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
iii. "Data Controller" means the natural or legal person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of the processing of Personal Data; where the purposes and means of such processing are determined by Union or Domestic law, the controller or the specific criteria for its nomination may be provided for by Union or Domestic law.
iv. "Subcontractor" means a natural or legal person, public authority, agency or other body that processes Personal Data on behalf of the Controller.
v. "Recipient" means a natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, which may or may not be a Third Party. However, public authorities that may receive Personal Data in the context of a particular inquiry in accordance with Union or Domestic law will not be regarded as Recipients; the Processing of such data by those public authorities will be in compliance with the applicable data protection rules according to the purposes of the processing.
vi. "Partner" means a natural or legal person, public authority, agency or body other than the Data Subject, Data Controller, Subcontractor and persons who, under the direct authority of the Data Controller or Subcontractor, are authorised to process Personal Data.
vii. "Consent" of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her.
viii. "Supervisory Authority" means an independent public authority that is established by a Member State.