Protecting your data is a priority for Blackfox

Blackfox has appointed a Data Protection Officer (DPO) to ensure compliance with the European Data Protection Regulation (RGPD).

The role of the DPO is to implement information governance as part of our service quality commitments. He or she ensures compliance with current regulations, advises employees, raises awareness, monitors and organises processes to guarantee data protection.

To this end, we have adopted a personal data protection policy. In it you will find information about Blackfox's main commitments, the duties of the DPO and information about your rights.

 

What data do we collect?

In the course of our business and the operation of our website, we collect and process personal data relating to our prospects, customers, job seekers and other business partners (their managers, associates and/or members of their staff), as well as users of our website.

This data includes in particular information relating to: 

• Identity, in particular surname, first name, gender;
• Personal and/or professional life, in particular postal address, e-mail address, fixed and/or mobile telephone numbers, position or job title;
• Information relating to our contractual relationship, in particular product purchases or orders, and complaints addressed to our company;
• Records of correspondence and communications with our company, in particular e-mails, SMS and MMS messages;
• Connection data to our website, in particular cookies, which enable us to collect information such as browser type, pages viewed, language preferences and other general traffic data;
• As well as any information communicated to us by means of the contact form accessible on our website or, more generally, by communicating with our company.

Where applicable, it is specified at the time the data is collected whether or not this data is necessary for the purpose in question.

On what legal grounds do we process your data?

We collect and process personal data, as appropriate:

• For the purposes of executing contracts entered into with candidates, jobseekers, our customers or our other business partners, or pre-contractual measures taken at their request;
• For the purposes of our legitimate interests, such as prospecting and promotion, as well as managing our relationship with prospects, customers, suppliers and other business partners;
• In order to comply with our legal and regulatory obligations and to defend our rights; and/or
• On the basis of the consent of the individuals concerned.

In the event that the natural person whose personal data we are processing has objected to such processing, we may nevertheless be authorised to carry out or continue such processing on one of the other legal bases referred to above.

 

How long do we keep your data?

We only keep the personal data collected for as long as is necessary for the purposes for which it was collected, in compliance with the regulations in force and without prejudice to legal retention obligations and limitation periods.

In particular, our customers' data is kept for the duration of the contractual relationship, and for a further period of 3 years for marketing and canvassing purposes.

An indicative table of the retention periods for data collected by our company is provided in the Appendix.

 

To whom do we communicate your data?

Our company communicates or is likely to communicate the data collected to the following persons or entities:

• Authorised members of our staff;
• Other companies in our group;
• Our sub-contractors or service providers;
• Our statutory auditors;
• Supervisory authorities (regulators), administrative authorities, courts.

The vast majority of our computer servers are located within the European Union and we do not transfer outside the European Union any personal data collected with the exception of that collected by Google Analytics cookies (USA) on our website.

In the event that we need to transfer personal data that we have collected outside the European Union, we undertake, in compliance with the legal provisions, to ensure (i) that the country to which the transfer is made ensures an adequate level of protection by virtue of an adequacy decision by the European Commission, (ii) in the absence of such a decision, that appropriate safeguards, as referred to in Article 46 of the GDPR, have been put in place, or (iii) in the absence of an adequacy decision and the aforementioned appropriate safeguards, that the transfer of data falls within one of the cases referred to in Article 49 of the GDPR.

 

What rights do data subjects have?

Any individual whose personal data is processed by our company has the following rights, as recognised by the applicable regulations:

• A right of access to their data and to information relating to the processing of their data (art. 15 of the RGPD; art. 49 of the Loi Informatique et Libertés);
• A right to rectification of inaccurate or incomplete data (art. 16 of the RGPD; art. 50 of the Loi Informatique et Libertés);
• A right to erasure of data (art. 17 of the RGPD; art. 51 of the Loi Informatique et Libertés);
• A right to limit the processing of his/her data (art. 18 of the RGPD; art. 53 of the Loi Informatique et Libertés);
• A right to data portability (art. 20 of the RGPD; art. 55 of the Loi Informatique et Libertés);
• A right to object to the processing of their data (art. 21 of the RGPD; art. 56 of the Loi Informatique et Libertés);
• Where data processing is based on consent, the right to withdraw consent at any time (art. 7.3 of the RGPD);
• The right to define directives relating to the conservation, deletion and communication of their personal data after their death (art. 85 of the Data Protection Act).

Any person concerned may, by proving their identity, exercise their rights at any time with our company, by means of the contact form accessible on the website www.blackfox-nature.com, by e-mail to dpo@blackfox-nature.com, or by post to : Blackfox - Data Protection Officer (RGPD), 19 avenue des Pays Bas, ZA du Val de Moine Saint-Germain-sur-Moine, 49230 SEVREMOINE (France).

The player concerned also has the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) concerning the processing of their personal data (www.cnil.fr/fr/plaintes).

 

Identity of the data controller

The data controller is Blackfox, a société par actions simplifiée (simplified joint stock company) with a share capital of 5,000,000 euros, whose registered office is located at 19 avenue des Pays Bas, ZA du Val de Moine Saint-Germain-sur-Moine, 49230 SEVREMOINE (France), registered in the ANGERS Trade and Companies Register under number 351 962 964.

Correspondence address: registered office address above
Telephone number: + 33 (0)2 41 63 35 36
Email : dpo@blackfox-nature.com

 

Appendix

Indicative table of retention periods

Purpose of processing	Shelf life
Preservation of contracts concluded with our customers	5 years 10 years where the contract is concluded with a consumer electronically and is for a sum equal to or greater than 120 euros
Management of orders Management of deliveries Management of invoicing Accounting, management of customer accounts	10 years
Customer file management Management and monitoring of commercial relations with customers, suppliers and other business partners	For the duration of the commercial relationship, then for 3 years from the end of the relationship, for the purposes of sales promotion and commercial prospecting, without prejudice to applicable retention obligations or limitation periods
Creation and management of a file of prospective customers	3 years from the date of collection of the data or the last contact from the prospect
Improving navigation and the user experience on our website Audience measurement statistics	13 months
Management of newsletters and other similar communications	Until the data subject unsubscribes
Sending solicitations (emailings, telephone calls, SMS, faxes, etc.)	3 years from the date of collection or last contact from the prospect