GT COMPANY (whose registered office is located at 5 rue de la Galmy Immeuble le Vega 77700 Chessy FRANCE) as data controller, attaches great importance to protecting and respecting your privacy.

This policy is intended to inform you, in accordance with the EU Regulation No.2016-679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the "Regulation"), of our practices concerning the collection, use and sharing of information that you may provide to us through our website accessible at the URL https://www.agfaphoto-gtc.com/ (hereinafter referred to as the "Site"). 

The purpose of this policy is to inform you about the categories of personal data we may collect or hold about you, how we use it, with whom we share it, how we protect it, and the rights you have with respect to your personal data. 

1. The data we collect

By using the Site, you are required to provide us with information, some of which may identify you and therefore constitute personal data (hereinafter referred to as "Data"). This is particularly the case when you create a customer account, when you place an order on the Site or when you consent to being sent a newsletter. 

This information contains the following data in particular:

Account data: this refers to the data you provide when creating an account by completing the registration form.

Invoicing data: this refers to all the information you transmit in order to proceed with the purchase of one of our products on the site.

Transaction data: Where applicable, this refers to the data you provide when you make purchases through the Site, such as information relating to your means of payment. The banking data collected is transmitted to third parties who help process and fulfil your requests. 

Navigation data:  This refers to data that we collect during your navigation on the Site such as the date, the time of connection and/or navigation, the type of browser, the browser language, its IP address.

2. How do we use the data we collect?

Purposes

Legal basis

Creating an online customer account

Legitimate interest

Logs of site users to ensure the security of the Site

Legitimate interest

Customer invoicing data

Execution of the contract

Sending information to prospects by SMS

Consent

Sending a newsletter to Site users

Consent

Personal contact of Site users with a view to prospecting

Legitimate interest

Logs attesting to customer(s) acceptance of the GTCs

Execution of the contract

Banking data to ensure the security of transactions

Execution of the contract

Follow-up of Customer complaints with GT COMPANY

Execution of the contract

Custom cookies from site users

Consent for personalised trackers

3. Who are the recipients of the data we collect, and why do we pass this data on to them?

3.1  Data processed by GT COMPANY

The Data collected is intended for the managers of the Site managed by GT COMPANY in their capacity as the data controller.

3.2 Data transferred to authorities and/or public bodies

In accordance with the regulations in force, the Data may be transmitted to the competent authorities on request and in particular to public bodies, court officials, ministerial officers, debt collection bodies, to exclusively meet legal obligations, as well as to track down internet offenders.

3.3  Data transferred to third parties

We work closely with third-party companies that may have access to your Data, including:

Our subcontractors and service providers to ensure the maintenance of the Site, Hosting and conduct digital marketing operations (newsletter, emailing). 

We only give third parties the Data they need to perform their services, and we require that they do not use your Data for any other purpose. These third parties will only act in accordance with our instructions and will be contractually obliged to ensure a level of security and confidentiality of your Data that matches ours and to comply with the applicable regulations on the protection of personal data.

 How long do we keep your data?

Your Data will not be kept beyond the period strictly necessary for the purposes pursued as set out in the Policy and in accordance with the Regulations and applicable laws.

In this regard, the Data used via the Site is kept for the following periods: 

Purposes

Length of time data is kept

Creating an online customer account

3 years from collection or last contact from the prospective Customer

Logs of site users to ensure the security of the Site

1 year from the end of the validity of the user's contract or the closure of their account

Customer invoicing data

10 years from the end of the accounting year.

Sending information to prospects by SMS

3 years from collection or last contact from the prospective Customer

Sending a newsletter to Site users

3 years from collection or last contact from the prospective Customer

Personal contact of Site users with a view to prospecting

3 years from collection or last contact from the prospective Customer

Logs attesting to customer(s) acceptance of the GTCs

5 years from the end of the performance of the contract

Banking data to ensure the security of transactions

5 years from the end of the performance of the contract

Follow-up of Customer complaints with GT COMPANY

5 years from the end of the performance of the contract

Custom cookies from site users

Audience measurement cookies:

13 months for the lifetime of the tracer, 25 months for the information collected via these tracers.  Marketing and advertising cookies: Consent to renew every 6 months, personal data collected via tracers kept for 25 months.

Third-party cookies and social media cookies 

Consent to renew every 6 months, personal data collected via tracers kept for 25 months

When the retention periods expire, your Data is deleted or anonymized so that it can be used without infringing your rights. 

5.  Is your data transferred, if so, how and where?

Your Data is not subject to transfers outside the European Union.

6. How is your data protected?

We take adequate technical and organizational measures to prohibit unauthorised access to or alteration, disclosure, loss or destruction of your Data. It is important that you maintain the confidentiality of your login details in order to prevent illegal use of your account.

7.  What are your rights over your personal data?

In accordance with the laws and regulations applicable to the protection of personal data, you have a number of rights relating to your Data, namely:

- A right of access and information: you have the right to be informed in a concise, transparent, intelligible and easily accessible manner about how your Data is processed. You also have the right to obtain (i) confirmation that your Data is being processed and, where applicable, (ii) to access such Data and obtain a copy thereof.

- A right of rectification: you have the right to obtain the rectification of inaccurate data concerning you. You also have the right to correct any incomplete data that concerns you, by providing a supplementary statement. If exercising this right, we undertake to communicate any rectification to all recipients of your Data.

- A right to deletion: in certain cases, you have the right to obtain the deletion of your Data. However, this is not an absolute right, and we may keep this Data for legal or legitimate reasons.

- A right to restriction processing: in certain cases, you have the right to restrict the processing of your Data.

- A right to Data portability: you have the right to receive your Data that you have provided to us, in a structured, commonly used and machine-readable format, for your personal use or to transmit it to a third party of your choice. This right only applies when the processing of your Data is based on your consent, on a contract or when this processing is carried out by automated means.

- A right to oppose processing: you have the right to oppose the processing of your Data at any time, for processing based on our legitimate interest or a public interest mission, and processing for commercial prospecting purposes. This is not an absolute right, and we may refuse your opposition request for legal or legitimate reasons.

- The right to withdraw your consent at any time: you can withdraw your consent to the processing of your Data when such activity is based on your consent. The withdrawal of consent does not compromise the lawfulness of the processing based on the consent given before this withdrawal.

- The right to lodge a complaint with a supervisory authority: you have the right to contact your data protection authority to lodge a complaint about our personal data protection practices.

- The right to give directives concerning the fate of your data after your death: you have the right to give us directives concerning the use of your Data after your death.

To exercise these rights, you can contact our Personal Data Protection Officer at the following address: 

alexia.launois@gtcompany.fr 

and / or

GT COMPANY, 

Data Protection Officer

5 rue de la Galmy Immeuble  Vega 

77700 Chessy, FRANCE

Please note that we may require proof of your identity before we exercise these rights. 

8.  Changes to our privacy policy

We may occasionally change this policy, in particular, to comply with any regulatory, jurisprudential, editorial or technical developments. If applicable, we will change the “last updated” date to the date the changes were made. We will inform you and/or seek your consent as necessary. We also recommend you to check this page regularly to keep up to date with any changes or updates to our Policy.

9. Contact

For any question relating to this policy or for any request relating to your Data, you can contact us by:

- Sending an email to our Data Protection Officer at the following address: alexia.launois@gtcompany.fr

- Sending a letter to the following address: 

GT COMPANY, 

Data Protection Officer

5 rue de la Galmy Immeuble  Vega 

77700 Chessy, FRANCE

The Commission nationale de l 'informatique et des libertés (CNIL) located at 3 Pl. de Fontenoy, 75007 Paris can also provide you with useful information on personal data protection laws. 

Updated June 9, 2022.