Homepage / Privacy Policy

Privacy Policy

Processing of personal data

The company S.F.N, located at ZA Le Châtellier II, 5 and 17 rue de Corbusson, in SAINT-BERTHEVIN (53940), and all its subsidiaries, franchisees and preferred partners (collectively referred to as the “Data Controller”) pay particular attention to the protection of the personal data of their employees, agents, customers and business partners, in compliance with the General Data Protection Regulation (GDPR) and the French Data Protection Act (Loi Informatique et Libertés) in force.

The purpose of this note is to explain the personal data protection policy as Processor of personal data relating to users of the NOZ.FR website and/or any affiliated site (collectively referred to as “NOZ. FR”), in particular customers of “NOZ” stores (hereinafter referred to as “NOZ customers”) and candidates for recruitment for offers presented by the company TALENT SELECTION [located at ZA Le Châtellier II, 5 and 17 rue de Corbusson, in SAINT-BERTHEVIN (53940)] on behalf of the Data Controller (hereinafter referred to as “NOZ candidates”).

  1. Categories and sources of personal data processed

The Data Controller only collects the personal data you provide.

The list of categories of personal data processed by the Data Controller according to your status is available in Appendix I.

  1. Purposes and legal basis of processing activities

Your personal data is processed for the purposes set out in Annex I, depending on your status.

For each processing activity, the Data Controller relies on one of the following legal bases:

  • The conclusion and/or performance of the contractual/commercial relationship with you (where transmission is strictly necessary for the process);
  • The legitimate interest of the Data Controller or other third parties (e.g. administrative authorities, courts), depending on the purposes (security, communication, loyalty, canvassing, etc.);
  • Compliance with legal obligations;
  • Your consent, if no legal basis mentioned above applies.
  1. Categories of recipients

Any access to your personal data is limited to those who need to know it in order to carry out their professional responsibilities.

The Data Controller may engage service providers, acting as subcontractors within the meaning of applicable regulations, in order to provide support (administrative, IT, etc.). These sub-contractors are bound to the Data Controller by a long-term, supervised partnership, and act in accordance with the latter’s instructions. The Data Controller limits their access to your personal data to what is strictly necessary to provide such services.

These subcontractors, located within the European Union, may use subcontractors and/or subsidiaries located in a third country (Moldavia, Ukraine, Tunisia, Morocco). These transfers are systematically governed by the standard contractual clauses drawn up by the European Commission, available in implementing decision (EU) 2021/914.These standard contractual clauses (SCCs) constitute one of the appropriate safeguards for the transfer of personal data to a third country, with regard to Article 46 of Regulation (EU) 2016/679 of 27 April 2016 (known as the “GDPR”).

 

The Data Controller may also disclose your personal data to government authorities, courts, external advisors and similar third parties where required or permitted by applicable law.

  1. Storage period

Your personal data is stored for the period defined in Annex I, depending on your status. The data is stored to the extent necessary for the Data Controller to fulfil its obligations, for the time necessary to achieve the purposes for which the information is collected, always in compliance with applicable regulations.

When the Data Controller no longer needs to use your personal data to comply with contractual or legal obligations (in particular in relation to time limits) or for its legitimate interests, the data will be deleted and/or anonymised.

  1. Automated decision-making

The Data Controller does not implement any automated decision-making processes in relation to the processing operations described herein.

  1. Your rights

You have the right at any time to access, rectify, modify or delete any information about you held by the Data Controller.

Where applicable, deletion rights may be exercised at any time in accordance with the procedures set out at the end of newsletter and/or commercial prospecting emails.

Any other request may be addressed to the Data Controller via the contact address provided in article 9.

If you feel that your rights have not been respected, you may submit a complaint to the data protection authority.

  1. Security of personal data

The Data Controller shall maintain appropriate security safeguards, including reasonable physical, organisational and technical security measures, to protect its databases against unauthorised access, disclosure, alteration or destruction.

  1. Amendments to this Privacy Policy

The Data Controller reserves the right to amend this Privacy Policy. Amendments will be published and/or communicated to the persons concerned by any appropriate means.

  1. Contact

If you have any questions about this notice and/or your rights, please contact: rgpd@noz.fr rgpd@noz.fr

Annex I - Processing, personal data and data subjects

 

Part 1: NOZ customers’ personal data (nozarrivages newsletter)

Nature and purpose of processing nozarrivages newsletter for the purpose of advertising “NOZ” shops
Duration of processing activities Until deregistration
Types of personal data E-mail address (mandatory)

Surname, first name, telephone number (optional)

Categories of data subjects NOZ customers who subscribe to the newsletter

 

 

Part 2: NOZ customers’ personal data (dematerialisation of till receipts)

Nature and purpose of processing Transmission of till receipts by electronic means (end of systematic printing of till receipts, in accordance with the “AGEC” law)
Duration of processing activities Immediate use of e-mail address to send receipt

Intermediate archiving and storage for a maximum of 2 years to manage any requests for returns, in accordance with established commercial rules or legal rules (application of the legal guarantee of conformity)

Types of personal data E-mail address, “home” shop
Categories of data subjects NOZ customers who have entered their e-mail address to receive their paperless till receipt

 

 

Part 3: NOZ customers’ personal data (commercial prospecting)

Nature and purpose of processing Commercial prospecting
Duration of processing activities Until deregistration
Types of personal data E-mail address, “home” shop
Categories of data subjects NOZ customers in part 2 who have not objected to this processing activity

 

 

Part 4: Personal data of NOZ customers (users of the NOZ customer service)

Nature and purpose of processing Processing of complaints from NOZ customers following an incident (e.g. defective products, injuries, problems displaying prices, etc.) or via the contact form on the noz.fr website
Duration of processing activities Processing time + 6 months

In certain cases, storage until the end of the statutory limitation period (10 years for personal injury; 2 years from the date of purchase for the application of the legal guarantee of conformity; 5 years under ordinary law)

Types of personal data Identification and contact details :

At least: surname, first name, e-mail address and/or telephone number

In some cases: date and place of birth

 

Other data in the case of personal injury, data relating to healthcare services may be required.

Categories of data subjects NOZ customers / persons outside the company that request NOZ customer service

 

 

Part 5: Recruiting and processing applications from NOZ candidates

Nature and purpose of processing Processing applications

Recruitment (managing the process, conducting interviews, etc.)

Duration of processing activities Immediate destruction for unsuccessful applicants

2 years from last contact with the candidate

4 years for interim storage, in the event of legal proceedings

Types of personal data Identity, information contained in the curriculum vitae (CV), contact details (e-mail address and/or telephone number), information relating to the recruitment process (dates of interviews, salary positioning, action taken on the application, type and duration of contract offered, etc.).
Categories of data subjects Employees, trainees, apprentices, people who have applied for a job, traineeship or any other professional opportunity for which an offer has been made.

en_GBEN