Site Data Privacy Policy

1. IDENTITY OF THE DATA CONTROLLER

SUCRALLIANCE publishes and operates a website accessible at the URL WWW.SUCRALLIANCE.COM or at any other URL that may replace it (hereinafter the “Site”).

The simplified joint-stock company SUCRALLIANCE SERVICE (2S) with capital of 10.000 euros, registered with the Perpignan Trade and Companies Register under number 844 185 710, domiciled at Allées de Barcelone, 66350 Toulouges, (FRANCE), acting as publisher of the Site, undertakes to protect and respect your privacy.

The group SUCRALLIANCE is a French family group specializing in the manufacture of confectionery, comprising four production sites specializing in sugar confectionery, particularly under private label. The companies that mainly make up the Group SUCRALLIANCE are as follows: Confiseries du Nord, Dolis and Dupont d'Isigny (hereinafter individually referred to as the “Group Company”) SUCRALLIANCE » and collectively « SUCRALLIANCE " or "WE"). 

When the Data Processing is implemented by one of the Group Companies SUCRALLIANCE, the latter acts as the Controller of Your Data (and SUCRALLIANCE Service as a Subcontractor within the meaning of the GDPR). 

Within the meaning of the applicable Regulations, the data controller is the legal person (company, etc.) or natural person who determines the purposes and means of data processing, i.e. the objective and manner of processing. realize.

2. OBJECT 

The purpose of this personal data privacy policy (“Policy”) is to describe in a clear and concise manner the conditions under which the personal data (“Personal Data”) of any natural person (“User(s)” or “YOU”) browsing the Site and using the functionalities offered by the Site (“Service(s)”) are processed. The Parties are hereinafter individually referred to as “the Party” and collectively referred to as “the Parties”.

This Policy is intended to inform Users of any notice required by applicable regulations regarding the processing of Your Personal Data by SUCRALLIANCE.

Indeed, when YOU browse the Site, SUCRALLIANCE may collect and process Your Personal Data. When the User entrusts his Personal Data to SUCRALLIANCE, the latter is subject to the regulations in force relating to the protection of personal data.

Are thus applicable to SUCRALLIANCE, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("General Data Protection Regulation", known as "GDPR"), the Data Protection Act of 6 January 1978 as amended, the recommendations and doctrines of the National Commission for Information Technology and Civil Liberties (CNIL) as well as the guidelines of the European Data Protection Board (EDPB) and finally any other legal or regulatory provision that may be added to and/or substituted.

(Hereinafter together, the “Applicable Regulations”).

For the purposes hereof, terms beginning with a capital letter in this Privacy Policy have the meaning expressly defined therein or assigned to them by the applicable Regulations.

3. PERSONAL INFORMATION WE COLLECT ABOUT YOU 

3.1 SUCRALLIANCE applies, by default, the principles of minimization and protection of Personal Data in the execution of its Services (“privacy by design” and “privacy by default”). Consequently, only the strict Personal Data that is relevant, adequate and limited to what is necessary with regard to the purposes for which YOUR Data is processed are collected.

In order to benefit from our Services, WE collect and process Your Personal Data. The collection of Your Personal Data may be carried out initially by means of the Site or any other useful medium. The collection of Your Personal Data takes place when browsing and using our Services on the Site. 

The Personal Data that WE collect and process may vary depending on our Services and the purpose of the Data processing implemented.

3.2. Depending on the features used, SUCRALLIANCE collects and processes the following categories of Personal Data about YOU:

– Personal contact details, such as: title, surname, first name, email address, postal address;

– Any information provided by the User when YOU use our contact forms: 

This may be a request for information of a professional nature (contact our sales, export, etc.) or related to our products, such as a quality complaint. 

Generally, WE collect any information that YOU provide to us when YOU use our contact forms. 

The transmission of your Personal Data via our contact forms is not a requirement. However, please note that fields marked with an asterisk (*) are mandatory for WE to respond to your request. 

Any other information or Personal Data that YOU share with us when YOU fill out our contact forms is at your sole discretion. When YOU contact us, WE record and retain this correspondence under the conditions set out herein.

– All written (emails or letters) and/or oral exchanges subsequent to your initial request and necessary for processing your request are also kept by the Group Company SUCRALLIANCE in charge of processing your request who acts in this case as Data Controller

– Your professional data when YOU submit a spontaneous application OR when YOU respond to a job or internship offer on the Site, as indicated in detail in our Privacy Policy relating to candidate data.  

– Browsing history on the Site when YOU have consented to the deposit of cookies and tracers on your browser, as indicated in detail in our Cookie Policy.

It is specified that only relevant Personal Data, not excessive and in line with the purpose pursued by the Processing of personal data will be collected and processed by SUCRALLIANCE. Any Personal Data deemed not necessary or relevant in the processing of your request may not, under any circumstances, be collected and used by SUCRALLIANCE. When YOU provide us with these categories of Personal Data, YOU authorize SUCRALLIANCE to process them in accordance with the purposes indicated in point 3 below.

Unless you have given your express prior consent and subject to the conditions provided for by the applicable Regulations, WE do not collect Sensitive Data within the meaning of Article 9 of the GDPR (namely data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data or data concerning health, sex life or sexual orientation).

4. WHAT ARE THE OBJECTIVES PURSUED BY THIS PROCESSING OF PERSONAL DATA AND WHAT ARE THEIR LEGAL BASES?

Depending on the Services used, Your Personal Data may be processed by SUCRALLIANCE for the following purposes:

(a) For the purposes of receiving, processing and transmitting your request to the Group Company SUCRALLIANCE responsible for responding to your request for information, and keeping a history of our exchanges for better monitoring of your requests. The legal basis justifying this Processing of Personal Data being our legitimate interest.

(b) (Purpose of processing implemented by the Group Company SUCRALLIANCE targeted by your request), for the purposes of processing, responding to and archiving your exchanges following your request for information; 

(c) (Purpose of processing implemented by the Group Company SUCRALLIANCE targeted by your request) for the purposes of processing, responding to and archiving any complaints relating to the quality (proven or not) of our products, and this in accordance with our legal obligations. In this case, the legal basis justifying the existence of this Processing of Personal Data corresponds to the legal obligations in connection with our legal obligations with regard to our status as a producer;

(d) (When YOU authorize the deposit of cookies or tracers) for the purpose of collecting information on your browsing on the Site (see our Cookies Policy);

(e) When YOU subscribe to our newsletter for the purpose of sending YOU electronic communications for marketing purposes as an individual, usually by email, only if YOU have consented to this. In principle, a checkbox will be present in the forms that WE use to collect your Personal Data. If YOU agree to receive marketing communications, YOU will signify your agreement by checking this box. The legal basis justifying this Processing of Personal Data being in this case your consent.

B2B (business to business) Communications: When YOU (representing or acting on behalf of a company or legal entity, private or public) provide us with your Personal Data by contacting US as a customer or prospect, YOU authorize SUCRALLIANCE to send you marketing communications by email. In this case, the processing of your personal data is legally based on our legitimate interest in developing our customer and prospect database and informing YOU about our products or events that may be of interest to YOU. In any case, if marketing communications are sent to YOU ​​by email and YOU no longer wish to receive this type of communication, YOU can unsubscribe at any time by clicking on the unsubscribe link present in each email sent. 

5. WHO CAN ACCESS YOUR PERSONAL DATA? 

5.1. Recipients of your Personal Data 

Your personal data is confidential and secured according to current industry standards. 

Only persons duly authorized by SUCRALLIANCE due to their function (and in charge of processing YOUR requests) may access Your Personal Data, except for any possible transmission of your Personal Data imposed by a mandatory legal provision or which would emanate from a duly authorized judicial or state authority.

When your request justifies it, your Personal Data is processed directly by the Group Company SUCRALLIANCE targeted by your request.

Subject to the following and the applicable Regulations, SUCRALLIANCE is not authorized to disclose to a third party the content of the exchanges and information that YOU communicate to it. 

5.2. SUCRALLIANCE Subcontractors 

SUCRALLIANCE may be required to subcontract to third-party companies the performance of certain services necessary for the provision of the Services.

In this context, Your Personal Data may, within the strict framework of the purposes mentioned in point 4, be transmitted to our subcontractors for processing and only following the precise instructions of SUCRALLIANCEIn such a situation, our partners act as subcontractors (“Subcontractors”), within the meaning of the provisions of the European Regulation known as “GDPR”.

Thus, these third-party companies may be required, on our specific instructions, to process Your Personal Data, subject to guaranteeing YOU confidentiality and security requirements.

The following companies may access Your Personal Data, as a Subcontractor and only act on the specific instructions and under the control of SUCRALLIANCE :

The company OVH, domiciled at 2 Rue Kellermann, 59100 Roubaix, hosts the Personal Data that YOU transmit to US using the contact forms on the Site. 

The company BWAT domiciled at 10 Av. de l'Entreprise, 95800 Cergy, mission entrusted by SUCRALLIANCE resulting in the processing of personal data entrusted. 

Contractual guarantees with regard to our subcontractors

In accordance with the applicable Regulations, these partners have formalized a written agreement with SUCRALLIANCE for the purposes of guaranteeing the security, confidentiality, conservation and processing of your Personal Data according to our exclusive instructions and under the conditions provided for by the applicable Regulations.

Thus, a Subcontractor is not authorized:

– to keep Your Data beyond the performance of the service entrusted;

– to process Your Personal Data in a framework other than that defined by SUCRALLIANCE.

5.3. Transfer of Your Personal Data outside the European Economic Area (EEA)

SUCRALLIANCE does not transfer any of YOUR Personal Data to a service provider located outside the European Economic Area (EEA).

6. PERSONAL DATA STORAGE PERIODS

Your Personal Data is stored by SUCRALLIANCE only for a period necessary for the purpose pursued by the Data Processing.

The retention periods therefore differ depending on the purpose pursued by the Processing of Personal Data implemented by SUCRALLIANCE. 

So when SUCRALLIANCE :

Receives and transmits your request to the Group Company SUCRALLIANCE responsible for responding to your request WE keep a history of our exchanges for better monitoring of your requests and this for up to three (3) years after our last contact.

(For our Users) Processes and responds to each of your requests for information or questions and keeps a history of our exchanges for better handling of your requests, WE keep the necessary data for the entire legal period during which our liability may be incurred (i.e. under French law, 5 years from the day on which the holder of a right knew or should have known the facts allowing him to exercise it, under the conditions provided for in article 2224 of the Civil Code).

(When YOU authorize the deposit of cookies or tracers) for the purpose of collecting information on your browsing on the Site (see our Cookies Policy);

Sends YOU the newsletter to inform YOU about our products or news, WE keep YOUR data until you actually unsubscribe. However, it is specified that SUCRALLIANCE automatically deletes your Personal Data more than three (3) years after your registration, provided that WE have not had any contact from you for three (3) years).

When the Group Company SUCRALLIANCE responsible for responding to your request for information: 

Processes, responds to and archives your request for information as well as the exchanges resulting from it, it automatically deletes your Personal Data three (3) years after our last exchange;

Processes, responds to and archives any claim relating to the conformity of our products, it archives YOUR Personal Data for the entire period during which our liability may be incurred by a User (i.e. under French law: 5 years from the day on which the holder of a right knew or should have known the facts allowing him to exercise it, under the conditions provided for in Article 2224 of the Civil Code).

7. YOUR RIGHTS OVER YOUR PERSONAL DATA

7.1. Overview

YOU have the following rights regarding your Personal Data, these can be exercised by contacting US by one of the means referred to in this section.

Depending on the legal bases retained for each of the Personal Data Processing and in accordance with the applicable Regulations, YOU do not have access to all of the following Rights. 

Below you will find the list of rights that YOU may have depending on the legal basis retained for each of the Personal Data Processing.

7.2. List of Your Rights 

Right to information on the Processing of your Personal Data

SUCRALLIANCE strives to provide YOU with easily accessible information, in clear and simple terms, on the conditions of Processing of your Personal Data.

The Processing of Your Data was brought to Your attention when your Personal Data was collected. YOU were thus informed:

– The identity of the Data Controller(s);

– The nature of the Personal Data Processing implemented;

– The purpose of the Processing of Your Personal Data;

– The mandatory or optional nature of the Personal Data to be transmitted to SUCRALLIANCE ;

– Recipients of Your Personal Data;

– Rights over Your Data and how YOU can exercise them;

– Possible transfers of data to a country outside the European Economic Area (EEA).

This Privacy Policy also includes all the information required by the applicable Regulations.

Right of access, rectification and opposition

YOU have the right to ask the Data Controller whether it is processing Personal Data.

about YOU and obtain a copy of that information.

YOU also have the right (“right of rectification”) to obtain the modification of Personal Data

YOU that is inaccurate or incomplete.

Finally, YOU can object to the Processing of Your Personal Data.

Right to erasure (“right to be forgotten”) and to restriction of Processing

The right to be forgotten allows YOU to obtain the erasure of information concerning YOU when Your Data, subject to the exceptions provided for by the applicable Regulations (in particular when the processing is necessary for compliance with a legal obligation to which the Data Controller is subject).

Right to portability of your personal data

This right allows YOU to recover Your Personal Data provided to a Data Controller in a structured, commonly used and machine-readable format.

Under the conditions provided for by the applicable Regulations, YOU may also request a direct transfer of Your Data from one data controller to another, when this is technically possible.

Right to withdraw your consent and Right to define guidelines regarding Your Data after your death

YOU may also withdraw your consent to the Processing of your data at any time and define guidelines for the retention, deletion and communication of your Personal Data after your death. These guidelines may be registered with a trusted third party certified by the CNIL or directly with the Data Controller concerned.

Right to lodge a complaint with a supervisory authority

If despite the efforts of SUCRALLIANCE to preserve the confidentiality of your data and protect your privacy, YOU believe that your rights are not respected, YOU then benefit from the right to file a complaint with the National Commission for Information Technology and Civil Liberties (CNIL), https://www.cnil.fr.

7.3. Exercising your rights

7.3.1. To exercise your rights or in the event of a query relating to the Processing of Your Personal Data, YOU can contact the Data Controller in the following manner:

7.3.2. The exercise of Your rights must, in order to be considered valid, be accompanied for each request by proof of identity. Where applicable and if the Data Controller considers that the documents provided are not sufficient to identify YOU, additional information may be requested, including when the situation requires a copy of an identity document bearing the holder's signature.

The Data Controller undertakes to respond to YOU ​​as soon as possible, and at the latest, within one month of receipt of your request. If necessary, this period may be extended by two months, taking into account the complexity and number of requests addressed to the Data Controller. In this case, YOU will be informed of this extension and the reasons for the postponement.

8. SECURITY AND CONFIDENTIALITY OF YOUR PERSONAL DATA

In accordance with the applicable Regulations, the Data Controller implements appropriate technical and organizational measures in order to guarantee a level of security appropriate to the risk. These measures are defined by each person, taking into account the state of knowledge, the costs of implementation and the nature of the scope, context and purposes of the processing as well as the risks, including the degree of probability and severity varies, for the rights and freedoms of natural persons.

SUCRALLIANCE applies strict data confidentiality measures to prevent data from being distorted, damaged, destroyed or disclosed to unauthorized third parties.

The following measures can be taken to guarantee the security of Your Data:

– pseudonymization and data encryption

– means to ensure the continued confidentiality, integrity, availability and resilience of processing systems and services

– means to restore the availability of data and access to them within appropriate time frames in the event of a physical or technical incident

– a procedure aimed at regularly testing, analyzing and evaluating the effectiveness of technical and organizational measures to ensure the security of the processing

– the use of the SSL (Secure Sockets Layer) protocol.

In practice, this can materialize through the following measures:

– Authentication of persons having access to your Personal Data

– Careful management of authorizations (only personnel whose mission requires access to the information must be authorized to access it)

– Track access and manage incidents (fraudulent or illegitimate access)

– Protect the internal computer network and servers through firewalls

– Back up data regularly

– Secure the subcontracting of Data where appropriate

– Encrypt, guarantee the integrity of Data

- Etc. ; …

9. MODIFICATION OF THE PRIVACY POLICY

This Personal Data Confidentiality Policy may be modified or supplemented at any time by SUCRALLIANCE, in particular with a view to complying with any legislative, regulatory, jurisprudential developments, interpretations of supervisory authorities or developments regarding the processing of personal data implemented by SUCRALLIANCE. In the event of modifications, these will be applicable as soon as the updated Policy is posted online and under the conditions provided for by the applicable Regulations. 

10. APPLICABLE LAW AND DISPUTE

This Privacy Policy is subject to French law.

If despite the efforts of SUCRALLIANCE to preserve the confidentiality of your data and protect your privacy, YOU believe that your rights are not respected, YOU then benefit from the right to file a complaint with the National Commission for Information Technology and Civil Liberties (CNIL), www.cnil.fr.

Last update of the Data Privacy Policy: SEPTEMBER 21, 2023