Table of Contents
General Data Protection Regulation (GDPR)
2 Information about FICOFI's data processing
2.1 Data Collection
FICOFI is the data controller of the collection and the processing of the personal data which are provided by its clients/Members, partners and employees as well as the visitors of its website (hereinafter the “Data Subjects”).
“Personal Data”: means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2.2 Purposes of personal data processing carried out by FICOFI
FICOFI uses the personal data of Data subjects in relation to several purposes including but not limited to:
- Human Resources management;
- Registration of Members at Le Club FICOFI®;
- Management of Collecting & sourcing services;
- Wine tasting experiences;
- Wine tour experiences;
- Personal advisory & concierge services;
- Cellaring & insurance services; · Delivery services;
- Inform Members among others of events, wines’ offers and group shipments organized by FICOFI;
- To process any question and request for information sent to FICOFI.
2.3 The lawfulness basis of the processing
FICOFI collects and processes personal data only if:
- processing is necessary for the performance of a contract to which the Data subject is party or in order to take steps at the request of the Data subject prior to entering into a contract (e.g., clients/Members and partners);
- processing is necessary for compliance with a legal obligation to which the FICOFI is subject;
- processing is necessary for the purposes of the legitimate interests pursued by FICOFI (e.g., recruitment, organisation of the activities of Le Club FICOFI®, etc.);
- the Data subject has given its consent to the Processing of his or her Personal Data for one or more specific purposes.
2.4 The recipients or categories of recipients within FICOFI
The personal data will only be accessible by a limited list of recipients on a need to know basis or where required by law, such as FICOFI’s directors, along with all Departments involved in Le Club FICOFI® management such as: Marketing, Le Club FICOFI® Service, Operations, Offers, IT….
2.5 Data Storage
Personal data collected by FICOFI are kept in a form which permits identification of Data subjects for no longer than is necessary for the purposes for which the personal data are processed.
More specifically, FICOFI processes the personal data as long as necessary for the business relationship (e.g., client/Member or partner) or the employment relationship for employees. At the end of such period, the personal data are archived in accordance with the applicable statutory limitation period and then deleted.
2.6 Data sharing & data transfer
The personal data will not be transferred or made accessible to third parties except to FICOFI’s data processors and for the purposes it was collected as described in section 2.2, including for the management of the order of Goods, Storage and Insurance, Delivery and IT services.
In addition, FICOFI may provide personal data of its employees to public or private entities which are involved in the management of social benefits (e.g., Social Security).
FICOFI may also transfer the personal data of the Members to other FICOFI entities which may be located in countries which do not have the same level of protection of personal data as in the EEA (e.g., Singapore and Hong-Kong). In such cases, such data transfers are secured through appropriate contractual guarantees such as the EU Commission’s Standard Contractual Clauses. Any Data subject may request and receive copy of such documents.
FICOFI may be obliged to communicate Personal Data to third parties, upon the request of a competent authority or to protect its rights.
3 Security measures
FICOFI has put in place appropriate and commercially reasonable technical and organizational security measures to keep Personal Data that it collects and holds confidential and to protect it against unauthorized or unlawful disclosure or access, accidental loss, destruction, alteration or damage taking into consideration the state of art of technology and the cost of implementation. FICOFI’s information systems are protected by state-of-the-art hardware and software security systems and physical and electronic safeguard procedures are implemented.
FICOFI takes appropriate measures to ensure that data processors who are given access to personal data reasonably uphold at least as stringent security measures as those applied by FICOFI.
4 Individual rights relating to collected data
Every data subject has the right to request from FICOFI access, rectification, erasure, restriction of processing or to object to processing as well as the right to receive, when applicable, the personal data concerning him or her, which he or she has provided to FICOFI, in a structured, commonly used and machine-readable format (right to data portability).
FICOFI reserves the right not to accept any request contravening any regulatory authority or law. Each data subject can exercise their right:
- by mail: writing to 29 Avenue de l’Opéra 75001 PARIS
- by email: firstname.lastname@example.org Finally, for any claim, each data subject has the right to file an application with the “Commission Nationale de l’Informatique et des Libertés (CNIL)”.
5 Personal data policy updates
6 Questions / Contact
For any questions or comments relating to the Personal Data Policy or the manner in which FICOFI collects and uses the personal data, please contact:
- by mail: writing to FICOFI 29 Avenue de l’Opéra 75001 PARIS
- by email: email@example.com