Rubix
Personal Data
Personal Data Protection Policy
Introduction
Welcome to the Personal Data Protection Policy of RUBIX FRANCE.
RUBIX FRANCE is part of the Rubix group (the “Rubix Group”). This Data Protection Policy (hereinafter: the “Policy”) is issued on behalf of the Rubix Group, therefore whenever we refer to “Rubix”, “we”, “us” or “our” in this Policy, we are referring to the relevant company of the Rubix Group responsible for processing your data.
Rubix respects your privacy and is committed to protecting your personal data. This Policy will tell you how we process your data when you visit our website (regardless of which site you started from), purchase a product or service, enter a competition, or correspond with us by post, telephone, email or any other means. This Policy will tell you about your privacy rights and how the laws protect you.
Please also refer to the Glossary for the meaning of terms used in this Policy.
1 – Important information and who we are
Purpose of this Personal Data Protection Policy
The purpose of this Policy is to inform you about how Rubix collects and processes your personal data through your use of this website, including data you provide on this website when, for example, you sign up for our newsletter, purchase a product or service, or enter a competition, or correspond with us by mail, telephone, email or any other means. This website is not designed for minors, and we do not knowingly collect data from and about minors.
It is important that you read this Policy as well as any other Data Protection Policy that we may provide on special occasions when we collect or process personal data about you so that you are fully aware of how and why we use your data. This Policy supplements the other Policies and is not intended to supersede them.
Data controller
RUBIX FRANCE acts as data controller and is responsible for this website.
We have set up a Data Protection Team (“DPT”) to address questions and issues about this Policy. If you have any queries about this Policy, including any request to exercise your legal rights, please contact DPT using the contact details set out below.
DPT Contact Information
Our contact details are: RUBIX FRANCE, 61 avenue Tony Garnier, 69007 Lyon, France.
DPT email address: rgpd-france@rubix.com
You have the right to lodge a complaint at any time with the Commission Nationale de l’Informatique et des Libertés (“CNIL”), the French supervisory authority for data protection issues (www.cnil.fr). However, we would like the opportunity to deal with your questions before you contact CNIL, and so invite you to contact us in the first place.
Updating the Policy and your duty to notify us of any changes
This version was last updated on 30 June 2022.
It is important that the personal data we hold about you is accurate and up to date. Please contact us if your personal data changes during your relationship with Rubix
.
Third Party Links
This website may include links to third-party websites, plug-ins and applications. Clicking on these links or enabling these connections may allow third parties to collect and share data about you. We have no control over these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the Data Protection Policy of each website you visit.
2 – The data we collect
Personal data or personal information means any information relating to a person that allows him or her to be identified. Personal data from which the identification element has been removed (anonymous data) does not constitute personal data.
We may use, collect, store and transfer various categories of personal data about you which we have grouped as follows:
- Identity data – this may include your first name, maiden name, last name, common name or similar identifier, marital status, title, date of birth and gender.
- Contact details – these include your billing address, shipping address, email address and telephone numbers.
- Financial data – this may include your bank account and payment card details.
- Transaction data – this may include details of payments about you and other details about the products and services you have purchased from us.
- Technical data – this may include your Internet Protocol (IP) address, login data, browser type and version, time zone and location, browser plug-in types and versions, operating system and other technologies of the devices you use to access this website.
- Profile data – this may include your username and password, purchases or orders, interests, preferences, reviews and survey responses.
- Usage Data – this may include information about how you use our website, products and services.
- Marketing and communication data – this may include your preferences for receiving marketing messages from us and our partners and your communication preferences.
We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may come from your personal data but is not legally deemed to be personal data as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific feature of the website. However, if we combine or connect aggregated data with your personal data in such a way that it becomes possible to identify you directly or indirectly, then the combined data will be treated as personal data and will be used in accordance with this Policy.
We do not collect special categories of personal data about you (these include details of your alleged racial origin or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information and genetic or biometric data). We also do not collect information on convictions and criminal acts.
In case of failure to communicate personal data
Where the law or the terms of a contract we have with you require us to collect personal data and you do not provide us with the data when prompted, we cannot perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may cancel an order or service in progress, and we will notify you if this is the case.
3 – How do we collect your personal data?
We use a number of methods to collect personal data about you via:
- Direct interactions. You may provide us with your Identity Data, Financial Data and Contact Information by completing forms or by corresponding with us by mail, telephone, email or other means. These include personal data that you provide when you:
- request our products or services,
- create an account on our website,
- subscribe to our services or publications,
- request to receive marketing or commercial communications,
- participate in a competition, promotion, or survey; or
- let us know what you think.
Automated technologies or interactions. When you interact with our website, we may automatically collect technical data about your device, and your browsing actions and behaviours.
We collect this personal data using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other sites using our cookies. Please see our Cookie policy, published on our website, for further information.
Third party or publicly available sources. We may collect or receive personal data about you from various third parties that you have authorised to pass on your details to us and from publicly available sources.
4 – How we use your personal data
We use your personal data only when permitted to do so by law. In general, we use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where we have a legitimate interest (or those of a third party) in using it and where your interests and fundamental rights do not override those interests.
- When we need to comply with a legal or regulatory obligation.
In general, we do not rely on consent as a legal basis for processing your personal data except in relation to the direct transmission, by email or SMS, of commercial or marketing communications from third parties. You have the right to withdraw your consent to commercial or marketing communications at any time by contacting us.
Purposes of processing your personal data
We have listed in the table below, the purposes of the proposed processing of your personal data and their legal basis on which we rely to do so. We have also identified our legitimate interests where applicable.
Note that the processing of your personal data may be justified by several legal grounds depending on the particular purpose for which we use your data. Please contact us to find out more about the specific legal basis for processing your personal data.
|
Purpose/Activity |
Type of data |
Legal basis for processing including the basis of legitimate interest |
|
To register as a new customer or supplier |
(a) Identity |
Performance of a contract with you |
|
To process and ship your/our order including: (a) Manage payments, fees and costs |
(a) Identity |
(a) Performance of a contract with you |
|
To manage our relationship with you which will include: (a) Notify you of changes to our terms or data protection policy |
(a) Identity |
(a) Performance of a contract with you |
|
To allow you to participate in a prize draw, competition, or survey |
(a) Identity |
(a) Performance of a contract with you |
|
To manage and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and data hosting) |
(a) Identity |
(a) Necessary for our legitimate interests (for the conduct of our business, the provision of administrative and IT services, network security, anti-fraud, and in the context of a business reorganisation or group restructuring exercise) |
|
To provide you with any website content and advertising relevant to you and to measure or understand the effectiveness of the advertising we offer you |
(a) Identity |
Necessary for our legitimate interests (to study how customers use our products/services, to develop them and our business, and to communicate our business strategy) |
|
To use data analytics to improve our website, products/services, commercial/marketing communications, customer relationships and experiences |
(a) Technical |
Necessary for our legitimate interests (to define the types of customers for our products and services, to maintain our website up to date and relevant, to develop our business, and to communicate our business strategy) |
|
To make suggestions and recommendations about goods or services that may be of interest to you |
(a) Identity |
Necessary for our legitimate interests (to develop our products/services and develop our business) |
|
To register you as a job applicant (as described in your Job Applicant Privacy Notice) |
(a) Identity |
Performance of a contract with you |
Marketing
We endeavour to provide you with choices regarding certain uses of your personal data, particularly in the field of marketing and advertising.
Promotional offers from us
We may use your Data: Identity, Technical, Use, Profile and your Contact Information to better appreciate your wishes or needs or what may be of interest to you. This is how we decide which products, services and offers might be relevant to you (we call this marketing).
You will receive marketing communications from us if i) you have requested information from us; (ii) you have purchased goods or services; iii) you have provided us with your contact details when entering a competition; or (iv) you have registered for special offers; and, in each case, you have indicated that you wished to receive marketing communications.
Third-party marketing
Your express consent will be requested before we share your personal data with any company outside the Rubix Group for commercial purposes.
If you have consented, your personal data may be shared with external marketing agencies for the purpose of conducting surveys or promotional campaigns in the name and on behalf of Rubix.
Unsubscribing
You can ask us and third parties to stop sending you marketing communications at any time by contacting us.
When you request to no longer receive commercial communications, this request does not apply to personal data communicated during the purchase of a product/service, a warranty registration, experience with a product/service, or other transactions.
Cookies
You can set your browser to refuse all or some categories of cookies, or to be notified when websites install or access cookies. If you disable or refuse cookies, please note that some parts of this website may be inaccessible or not function properly. To learn more about our Cookie policy, please see our policy published on our website.
Change of data processing purposes
Your personal data is used only for the purposes for which it is collected, unless we deem it reasonable to use it for another purpose and that purpose is compatible with the original purpose. If you wish to know whether this new data processing is compatible with the old one, please contact us.
If your personal data is used for a different purpose, we will inform you and explain the legal basis that allows us to do so.
Please note that we may process your personal data without acknowledgement or consent from you, in accordance with the above rules, where required or permitted by law.
5 – Disclosures of your personal data
We may share your personal data with the third parties listed below for the purposes listed in the table in paragraph 4 above.
- Internal Third Parties as set out in the Glossary.
- External Third Parties as set out in the Glossary.
- Third parties to whom we may choose to sell, transfer or merge parts of our business or assets.
At the same time, we may acquire new companies or merge with them. In the event of a change of ownership, your personal data will be used in accordance with this Policy.
We require third parties to comply with security requirements with regard to your personal data and process it in accordance with the law. We prohibit our third-party service providers from using your personal data for their own purposes. We only allow them to process your personal data for specific purposes and in accordance with our instructions.
We may share your personal data with credit bureaux for credit risk assessment purposes, and they will provide us with information about you, such as your financial history. We do this to assess your creditworthiness, verify your identity, manage your account, trace and collect debts, and prevent criminal activity.
We may also continue to share information about you with the credit bureaux on a regular basis, in particular about your accounts, payments and any receivables the full payment of was made after the due date. Credit bureaux may share data with other organisations for the purposes of assessing credit risk and preventing criminal activity.
- International transfers
If necessary, your personal data may be shared within the Rubix Group. This may exceptionally involve the transfer of your data outside the European Economic Area (EEA).
We ensure the protection of your personal data by requiring Group companies with which we share your personal data to follow the same rules when processing your personal data.
Some of our external third parties are based outside the EEA, so the processing of your personal data will entail a transfer of data outside the EEA.
When we transfer your personal data, we ensure a similar level of protection by making sure that at least one of the following safeguards is in place:
- We will only transfer your personal data to countries that are deemed able to provide an adequate level of protection for personal data by the European Commission. For more information, see European Commission: Adequacy of personal data protection in countries outside the EU.
- When we use certain service providers, we may use specific contracts approved by the European Commission that provide personal data with the same protection as in Europe. For more information, see European Commission: Model contracts for the transfer of personal data to third world countries.
- Data security
We have put in place appropriate security measures to prevent accidental loss, unauthorized use or access, alteration or disclosure of your personal data. In addition, we limit access to your personal data to employees, agents, subcontractors and other third parties for business purposes. They will only process your personal data according to our instructions and are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and the relevant regulator of a breach where we are required to do so by law.
- Data retention
How long will you use my personal data?
We will only retain your personal data for as long as it is necessary for the fulfilment of the purposes for which we collect it, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, whether we can achieve these purposes by other means, and the applicable legal requirements.
Details of retention periods for various aspects of your personal data are available in our retention policy which you can request from us by contacting us.
- Your rights
In certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:
- Request access to your personal data (commonly referred to as a “Data Subject’s Request for Access”). This allows you to receive a copy of the personal data we hold about you and to check whether we process it in accordance with the law.
- Request rectification of your personal data held by us. This allows you to have any incomplete or inaccurate data we hold about you rectified, although we verify the accuracy of any new data provided.
- Request erasure of your personal data. This allows you to request the deletion or erasure of personal data when we no longer have any valid reason to process it. You also have the right to request the deletion or erasure of your personal data where you have successfully exercised your right to object to the processing thereof (see below), where we have processed your information unlawfully, or where we are obliged to erase your personal data to comply with local law. Note, however, that we will not always be able to comply with your request for deletion for specific legal reasons that will be communicated to you, if any, at the time of your request.
- Object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and your particular situation requires you to object to the processing on that basis because you believe that it impacts your fundamental rights and freedoms. You also have the right to object to the processing of your personal data for commercial or marketing purposes. In some cases, we may be able to demonstrate that we have compelling legitimate grounds for processing your information that exceed your rights and freedoms.
- Request restriction of the processing of your personal data. This allows you to request to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the accuracy of the data; (b) where the use of your data is unlawful but you do not want us to delete it; (c) where you want us to retain it even if we no longer need it because you need it to establish, exercise or defend a right; or (d) you object to its use but we need to verify whether we have legitimate and compelling grounds for using it.
- Request the transfer of your personal data to any person. We will transfer your personal data to you, or to the third party or third parties of your choice, in a structured, commonly used format that can be read by a computer. Note that this right only applies to automated information that you have authorized us to use or where we have used the information to perform a contract with you.
- Withdraw your consent at any time where the processing is based on your consent. However, this will not affect the lawfulness of any processing carried out before the withdrawal of your consent. If you withdraw your consent, we may no longer be able to provide you with certain products or services. In this case, we will notify you accordingly when you withdraw your consent.
If you wish to exercise the rights set out above, please contact our Data Protection Team, using the contact details in paragraph 4 above.
No fees generally required
You will not have to pay any fee to access your personal data (or to exercise any other rights).
However, you may be charged a reasonable fee if your request is unfounded, repetitive or excessive. Furthermore, we may refuse to comply with your request in these circumstances.
Necessary information about you
You may be asked for specific information about you to help us confirm your identity and ensure your right to access (or to exercise any other rights). This is a security measure to ensure that your personal data is not disclosed to anyone who does not have the right to receive it. We may also contact you to request further information regarding your request in order to speed up our response.
Response times
We endeavour to respond to all legitimate requests within one month. Response times can sometimes exceed one month if your request is particularly complex or if you have made several requests. In this case, we will notify you accordingly and keep you informed.
- Glossary
LEGAL BASIS
Legitimate interest means our company’s interest in conducting and managing our business to enable us to offer you the best product/service and the safest experience. We ensure that we consider and balance out any potential impact on you (positive and negative) and your rights before processing your personal data in our legitimate interest. We will not process your personal data where your interest outweighs ours (unless we are permitted to do so or are required or permitted to do so by law). You can obtain further information on how we assess our legitimate interests relative to any potential impact on you regarding specific activities by contacting us.
Performance of contract means the processing of your personal data where this is necessary for the performance of a contract to which you are a party or to take measures at your request before entering into such a contract.
Compliance with a legal or regulatory requirement means the processing of your personal data where this is necessary to comply with a legal or regulatory requirement to which we are subject.
THIRD PARTIES
Internal third parties
Other companies within the Rubix Group acting as data processing managers or joint subcontractors.
External third parties
Third Parties other than our Internal Third Parties. For example, our IT suppliers; professional advisors (including lawyers, bankers, auditors and insurers); credit bureaux; regulators and other authorities; and our marketing agencies.