Personal data protection policy under the European Data Protection Regulation (GDPR) concerning commercial relations with FERCHAU France SAS and FERCHAU France Labs SAS, in accordance with Articles 12, 13 and 14 GDPR.

The subsidiaries of the ABLE GROUP (listed in Annex 1) attach great importance to privacy and the protection of personal data. They undertake to implement adequate measures to ensure the protection of personal data and to process and use such data in compliance with the applicable provisions and in particular European Regulation 2016/679 of 27 April 2016 (hereinafter the “GDPR”) and the French Data Protection Act (“Loi informatique et libertés”) no. 78-17 of 6 January 1978 in force in France.

1. Who is responsible data processing and who can I contact? 

The company FERCHAU France SAS at 4 rue Farman, Bâtiment D, 31700 Blagnac, France, (RCS Toulouse 484 083 456) acting on its behalf and account but also on behalf and for the account of the company FERCHAU France Labs SAS at 4 rue Farman, Bâtiment D, 31700 Blagnac, France (RCS Toulouse 817 693 617) may collect, process, store and if necessary transfer personal data to business partners (prospects, customers, etc.) natural persons (including salaried employees, corporate officers or legal representatives of said business partners).

Your data is transmitted, stored, and processed by our parent company and subsidiary of the ABLE GROUP acting in the capacity and performing the functions of Data Protection Officer (DPO): 

FERCHAU GmbH
Steinmüllerallee 2
D-51643 Gummersbach, Germany
Tel.: +49 2261 5011-0
privacy@ferchau.com

The functions of the Data Protection Officer (DPO) are performed by the company

ABLE Management Services GmbH
Steinmüllerallee 2
D-51643 Gummersbach, Germany
Tel.: +49 2261 5011-0
privacy@ferchau.com

2. What sources and data do we use?

In the course of our business relationship, we may process the following persona data about individuals: 

• Basic personnel data, such as your name, function, business contact information (address(es), telephone and fax numbers, E-mail addresses) and other contact information.
• Other relevant information, e.g., your industry, your previous business activities, business development with us.  
• Other personal data you have provided to us (e.g., your birthday, hobbies). 
• If the customer or prospect is a natural person, contractual data such as customer number, bank details, tax/VAT number.
• Photographs which you provide to us or that are taken at events that you participate in or for which you have authorised access and processing
• If the customer or prospect is a natural person, data on solvency
• Data for the processing of payment transactions
• Personal data from publicly available sources which we can lawfully possess 

As a general rule, we receive the above data (with the exception of this last item) directly from you. We may also receive additional data from your employer, colleagues, or third parties, or obtain it from publicly available sources (e.g., your company website or professional social networks).

3. For what purpose do we process data (purpose of the processing) and on what legal basis?

We process your personal data for the proper conduct and development of our business relationship or in order to fulfil the legal obligations to which we are subject and if, and to the extent that this is required for our legitimate interests, unless these are outweighed by your interests or fundamental rights and obligations.

The legal basis for the processing of data is Articles 6(1)(b) and 6(1)(f) GDPR or your consent, if you have granted us such consent.

4. Who will receive my data? 

In particular, we may pass on your data to the following recipients:

• Within the companies of the ABLE GROUP as referred to in Annex 1, the staff of the marketing department, the sales departments, the departments in charge of customer relations and prospecting, the administrative departments, the logistics and IT departments as well as their line managers
• Authorised personnel of the departments in charge of the audit (auditor, departments in charge of the internal audit procedures, etc.),
• Authorised personnel of our subcontractors or external service providers who have undertaken to comply with the legal and regulatory provisions in force concerning the processing of personal data,
• Public bodies such as tax or social security authorities and other public or private entities to whom we must communicate personal data in order to meet our legal obligations. 

5. Is the data transferred to a third country or an international organisation? 

No data will be transferred to third countries or international organisations.

6. How long will my data be kept?

We store and retain your personal data for the duration of our business relationship and beyond that relationship, if necessary, to fulfil legal and regulatory obligations or to protect our legitimate interests   for a maximum of three years after the last contact with you. After this period, if we wish to retain your data, we will seek your consent.  

7. What are my data protection rights?

Every data subject has the right of access (Article 15 GDPR), the right to rectification (Article 16 GDPR), the right to erasure (Article 17 GDPR), the right to restriction of processing (Article 18 GDPR), the right to object (Article 21 GDPR) as well as the right to data portability (Article 20 GDPR). With regard to the right of access and the right to erasure, the restrictions provided set out in Articles 38 et seqq. French Data Protection Act (“Loi informatique et libertés) apply. In addition, there is a right to lodge a complaint with a data protection authority (Article 77 GDPR and Article 11 of the French Data Protection Act (“Loi informatique et libertés”).

In France, data subjects have the right to lodge a complaint with the French National Commission for Information Technology and Civil Liberties (CNIL). In addition, people who so wish have the possibility of organising what happens to their data after their death. For more information on this subject see: https://www.cnil.fr/.

You can revoke your consent to the processing of your data at any time with the competent authorities. This also applies to the revocation of declarations of consent given before the entry into force of the GDPR, i.e. before 25 May 2018. Please note that the revocation only takes effect in the future. Thus, data processing carried out before the date of revocation is not affected by this revocation of consent.

8. Am I obliged to provide data?

We require some of the above personal data for the proper conduct of our business relationship.

If you do not provide us with the necessary personal data, we may not be able to fulfil our legal obligations and may have to consider whether we can continue the business relationship.

9. To what extent is there automated decision-making (including profiling)?

We do not engage in any automated decision-making /profiling. 

10. How do we ensure the security of your personal data and we may have collected?

We apply technical security measures to protect your personal data and make every effort to control it and prevent any accidental or intentional manipulation, alteration, destruction, or loss, as well as access to it by unauthorised persons. We make every effort to regularly improve these procedures.

11. Changes

We will update this privacy policy regularly. Any changes will be posted on this page with an updated revision date. If we make material changes, we will notify you by any means available to us.

This document is sent to you by E-mail, and will be always available on our website. It will be considered as accepted by you upon receipt of your agreement by E-mail sent to our departments. This document authorises the company FERCHAU GmbH, as the controller of all personal data, to process the data mentioned above (Article 2) for the purpose of the monitoring and proper development of the currently existing or future business relationship between the parties.

ANNEX 1 :

ABLE GROUP subsidiaries (not exhaustive):

• The company ABLE Management Services GmbH
• The company FERCHAU GmbH
• The company FERCHAU France SAS
• The company FERCHAU France Labs SAS

Information on your rights to object under Article 21 of the EU General Data Protection Regulation (GDPR) 

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data. 

The objection may be made without any formality.