Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on their free movement, otherwise known as the General Data Protection Regulation (hereinafter GDPR) sets out the legal framework applicable to the processing of personal data.
The GDPR reinforces the rights and obligations of data processors, data controllers, data subjects and data recipients.
As part of its business, SNOWLEADER is required to process personal data of its customers and prospects.
For a clear understanding of this policy, it is stated that:
- the 'data controller’, i.e. SNOWLEADER
- the ‘processor': refers to any natural or legal person who processes personal data on behalf of SNOWLEADER
- the 'concerned persons': refers to customers and/or prospective customers of SNOWLEADER
- the ‘recipients': refers to natural or legal persons who receive personal data from SNOWLEADER
The recipients of the data may therefore be SNOWLEADER employees as well as external organisations (partners, banks, IT service providers, etc.)
Article 12 of the GDPR requires that data subjects be informed of their rights in a concise, transparent, comprehensible and easily accessible manner.
The purpose of this policy is to meet SNOWLEADER's obligation to provide information and to formalise the rights and obligations of SNOWLEADER's customers and prospects with regard to the processing of their personal data.
This policy is to be applied within the framework of the implementation of all processing of personal data relating to customers and/or prospects of SNOWLEADER.
SNOWLEADER does its utmost for data to be processed under a precise internal governance. This policy applies only to processing for which SNOWLEADER is the controller and therefore does not apply to processing that would be created or operated outside the rules of governance set by SNOWLEADER (processing known as ‘wild' or shadow IT).
The processing of personal data may be managed directly by SNOWLEADER or through a subcontractor specifically appointed by SNOWLEADER.
This policy is unrelated to any other document that may apply within the contractual relationship between SNOWLEADER and customers and prospects.
No processing is carried out by SNOWLEADER regarding customer and prospects data if it does not concern personal data collected by or for its services or processed in relation to its services and if it does not comply with the general principles of the GDPR.
SNOWLEADER may use it in the following ways:
Games & prize draws | Any game intended or not intended to win a prize for Snowleader's customers or prospects. It may be carried out online or offline. Directly by SNOWLEADER or its partners. The data collected are generally those necessary for the identification of participants and the granting of prizes. |
Push media |
Any commercial action, commercial follow-up. Marketing, generally by e-mail, SMS, telephone, etc. Data is collected on an opt-in or opt-out basis, depending on use. |
Events |
Physical events organized by SNOWLEADER or in which SNOWLEADER participates or sponsors. The data is generally collected at the time of registration for the event (directly or via a partner) or during the event itself (newsletter, survey, business card, dedicated mobile applications, etc.). |
Social media |
Any social selling operation, in particular the gathering of data relating to registrations, posts, likes, replies and forwards, comments, reviews, etc. |
Communities |
Any social gathering organized by SNOWLEADER or on its behalf and dedicated to it. |
This list is intended to be as exhaustive as possible. Any new case of use, modification or deletion of an existing processing operation will be brought to the attention of customers and prospects by an amendment to this policy.
NON-TECHNICAL DATA |
Identification data (last name, first name, etc.) Contact details (postal address, e-mail address, telephone number, etc.) Personal and/or professional life, when necessary (civil status, professional status) Economic and financial information (bank details, etc.) Transaction data (shopping basket, amount and date of transactions, etc.) Photograph/image |
TECHNICAL DATA |
Connection data (IP address, logs, etc.) |
Data relating to customers or prospects is generally collected directly from them (direct collection) by Snowleader.
Data may also be collected indirectly:
- via specialised companies (purchase or rental of base) or via Snowleader's partners and suppliers. In this case, SNOWLEADER takes great care to ensure the quality of the data it receives
- via sponsorship. In this case, the sponsor ensures that they can communicate the person's data to SNOWLEADER
Depending on the case, SNOWLEADER processes your data for the following purposes and on the following legal bases:
Purpose | Comments | Legal framework |
Pre-contractual exchanges | SNOWLEADER processes the data of individuals who interact with it before the signing of a contract. | - Execution of pre-contractual measures |
Contract and contract follow-up | SNOWLEADER processes the data of its customers in the context of monitoring contractual relations (eg. online shopping). | - Execution of contractual measures |
Invoicing, payment and bookkeeping | SNOWLEADER processes the data of its customers as part of the billing and payment of orders placed. | - Execution of contractual measures |
Management of customer and prospect directory | SNOWLEADER maintains a directory of its customers and prospects. | - Legitimate interest |
Organisation of events | SNOWLEADER processes the data of its customers and prospects when it invites them to events that it organizes. | - Legitimate interest |
Sending newsletters and managing requests to unsubscribe | SNOWLEADER sends its customers and prospects newsletters to which they can unsubscribe. |
- Legitimate interest (customers) - Consent (prospects) |
Service improvement and satisfaction surveys | SNOWLEADER may process the data of its customers and prospects in order to improve its services, including through customer satisfaction surveys. | - Legitimate interest |
Behavioural analysis and audience measurement | SNOWLEADER may process data to analyse the behavior of its customers and prospects and monitor their online activity. | - Legitimate interest or consent where necessary |
Community management | SNOWLEADER collects and processes the data of its customers and prospects in order to maintain its communities on the Internet, particularly on social media. | - Legitimate interest |
Video surveillance | Certain specific areas of SNOWLEADER's offices and shops are subject to video surveillance. | - Legitimate interest |
Production of statistics | SNOWLEADER is likely to make statistics regarding the data of its customers and prospects. | - Legitimate interest |
SNOWLEADER ensures that the data is only accessible to authorised internal or external recipients.
Internal recipients | External recipients |
- authorised personnel in the marketing department, sales department, departments responsible for customer relations and canvassing, administrative departments, logistics and IT departments and their line managers
|
- partners (including payment management partners), external companies or subsidiaries of the same group of companies
|
The recipients of customer and prospective customer personal data within SNOWLEADER are subject to an obligation of confidentiality.
SNOWLEADER decides which recipient may have access to which data according to an authorisation policy.
All access to processing of personal data of customers and prospects is subject to a traceability measure.
Personal data may also be communicated to any authority legally authorised to have access thereto. In this case, SNOWLEADER is not responsible for the conditions under which the staff of these authorities have access and use the data.
The duration of data storage is defined by SNOWLEADER with regard to the legal and contractual constraints imposed on it and, if not, according to its needs and in particular according to the following principles:
Processing | Storage period |
Contracts with customers |
5 years from the date of signing. |
Commercial correspondence (order slips, delivery notes, invoices, etc.) |
10 years from the end of the financial year. |
Data processed for marketing purposes |
For customers: 3 years from the end of the commercial relationship (from the end of a contract) or from the last contact from the customer. |
Images from video surveillance cameras |
For a maximum period of one month. |
Access to buildings |
For a maximum period of one month. |
Technical data |
1 year from the date of collection. |
Bank details |
Deleted as soon as the transaction is completed, unless the customer expressly agrees. If the transaction is disputed: storage for 13 months following the debit date. |
After the set deadlines, the data is either deleted or kept after being anonymised, in particular for statistical purposes. It may be kept for pre-litigation and litigation purposes.
Customers and prospects are reminded that deletion or anonymisation are irreversible operations and that SNOWLEADER is no longer able to restore them.
Customers and prospects have the right to ask SNOWLEADER to confirm whether or not data concerning them are processed.
Customers and prospects also have a right of access, which is subject to compliance with the following rules:
- the request must come from the individual themselves
- be made in writing to the following address Snowleader, 4 Allée du Parmelan 74370 EPAGNY METZ TESSY or to the following email address, [email protected]
Customers and prospects have the right to request a copy of their personal data being processed from Snowleader. However, should a request for an additional copy be made, SNOWLEADER may require customers and prospects to bear the cost of this.
If customers and prospects submit their request for a copy of the data via email, the information requested will be provided in a commonly used electronic form, unless requested otherwise.
Customers and prospective customers are informed that this right of access may not relate to information or data that is confidential or for which communication is not authorised by law.
The right of access must not be applied in an abusive fashion, i.e. on a regular basis with the sole aim of disrupting the department concerned.
SNOWLEADER fulfils update requests:
- automatically for online modifications to fields which, technically or legally, can be updated
- upon written request from the user, who may be required to provide identification
SNOWLEADER fulfils update requests:
- automatically for online modifications to fields which, technically or legally, can be updated
- upon written request from the user, who may be required to provide identification
Customers and prospects are informed that this right is not intended to apply insofar as the treatment operated by SNOWLEADER is lawful and that all personal data collected are necessary for the execution of the business contract.
SNOWLEADER gives the right to data processing in the particular case of data communicated by customers or prospects themselves, on online services offered by SNOWLEADER itself and for purposes based solely on the consent of individuals. In this case, the data will be communicated in a structured, commonly used and computer-readable format.
SNOWLEADER does not make individual automated decisions.
Customers and prospects are informed that they have the right to give instructions regarding the conservation, deletion and disclosure of their post-mortem data. Any specific post-mortem directives and the exercise of their rights may be submitted in writing to Snowleader, 4 Allée du Parmelan 74370 EPAGNY METZ TESSY or via e-mail to [email protected].
Customers and prospects are informed on each personal data collection form whether responses are compulsory or optional by means of an asterisk.
If answers are compulsory, SNOWLEADER shall explain to customers and prospects the consequences of a lack of response.
SNOWLEADER is granted by customers and prospects a right to use and process their personal data for the purposes set out above.
However, the enhanced data, which are the result of processing and analytical work by Snowleader, remain the exclusive property of SNOWLEADER (analysis of use, statistics, etc.).
SNOWLEADER informs its customers and prospects that it may involve any subcontractor of its choice in the processing of their personal data.
In this case, SNOWLEADER ensures that the subcontractors complies with its obligations under the GDPR.
SNOWLEADER agrees to sign with all its subcontractors a written contract. SNOWLEADER also reserves the right to audit its subcontractors to ensure compliance with the GDPR.
It is the responsibility of SNOWLEADER to define and implement the technical, physical or logical security measures it deems appropriate to protect against the accidental or unlawful destruction, loss, alteration or unauthorised disclosure of data.
These measures mainly include:
- management of access rights to data
- the use of a security protocol or solutions
In case of breach of personal data, SNOWLEADER will notify the CNIL, French Data Protection Agency, under the conditions prescribed by the GDPR.
If the breach poses a high risk to customers and prospects and the data has not been protected, SNOWLEADER:
- will notify the customers and prospects concerned
- will provide the customers and prospects concerned with the necessary information and recommendations
If customers or prospective customers wish to obtain information or ask a specific question, they can do so by using the following contact details:
- E-mail address: [email protected]
- Tel: 08724 429028
In the event of a problem with the processing of personal data, customers and prospects may also contact Snowleader via the aforementioned contact details.
As data controller, Snowleader undertakes to keep an up-to-date register of all processing activities carried out.
This register is a document or software that allows to list all the processing carried out by Snowleader, as data controller.
SNOWLEADER undertakes to provide to the supervisory authority, upon first request, the information enabling the said authority to verify the compliance of the processing with the applicable data protection regulations.
Customers and prospects who wish to complain about the processing of their personal data are informed of their right to lodge a complaint with a supervisory authority, namely the CNIL, French Data Protection Agency, in France, if they consider that the processing of their personal data does not comply with European data protection regulations, at the following address:
CNIL - Complaint Department
3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07
Tel: 01 53 73 22 22
The present policy may be amended or modified at any time in case of legal or jurisprudential evolution, decisions and recommendations of the CNIL or practices.
Any new version of the present policy will be brought to the attention of customers and prospects by any means defined by Snowleader, including electronic means (via e-mail or online for example).
For further information, please contact the following departments: [email protected]
For any other general information on the protection of personal data, please consult the CNIL website www.cnil.fr