PRIVACY POLICY & DATA PROTECTION

SO BAG Company attaches importance to the protection of the privacy of those who provide us with personal data.

Our Privacy Policy describes how and why we process your personal data and provides you with information about your rights.

Who is responsible for processing your personal data?
The controller is SO BAG, a simplified joint-stock company with a share capital of 380,000 euros, having its registered office at ZI La Fiolle - Rue Claude Boucher - 71450 Blanzy - France and registered in Trade and Companies Register of Chalon- sur-Saône under Number: B 789 673 910.
Email address: dpo@sobagfrance.fr
Phone number: 03.58.41.00.41

What personal data do we process?
Personal data collected may include :
- Last name and first name
- City name and Country
- Address
- Mail address
- Phone numbers
- Company Name

Personal data which is collected by SO BAG and in particular if you are:
- SO BAG customer
- partner or business correspondent
- candidate for recruitment or internship
- SO BAG website visitor are processed for the following management purposes:
- of your files
- your requests for information, quotes, appointments, etc.
- of your applications
- your subscriptions to our newsletter, e-mailing campaign …

On what legal basis we process your personal data?
SO BAG ensures that its processing of personal data is lawful and justified by a valid legal basis, such as the consent of the data subject, the necessity linked to the performance of a contract to which the data subject is party, or the legitimate interests of SO BAG.

How long do we keep your personal data?
SO BAG keeps your personal data only for the necessary time for the operations for which it was collected, in compliance with the legislation in force and taking into account the limitation periods.

Are we profiling with your personal data?
SO BAG does not make automated decisions, including profiling, based on your personal data.

What are your rights and how you can exercise them?
As soon as the processing is based on your consent, you can withdraw it at any time, without prejudice to the lawfulness of the processing carried out before this withdrawal.

In accordance with the General Data Protection Regulation n ° 2016/679 of April 27, 2016, you have the following rights:
- Right of access:  right to be informed and to request access to your personal data that we process
- Right of rectification: right to ask us to modify or update your personal data when it is inaccurate or incomplete
- Right to erasure:  right to ask us to permanently delete your personal data
- Right of limitation: right to ask us to temporarily or permanently stop the processing of all or part of your personal data
- Right of opposition: right to refuse the processing of your data at any time for personal reasons and for direct marketing purposes
- Right to data portability: right to request a copy of your personal data in electronic format and the right to transmit this personal data for use by a third-party service
- Right not to be subject to automated decision-making:  right not to be subject to a decision based solely on automated decision-making, including profiling, in the event that the decision would have legal effect on you or would produce a similar significant effect.

You also have the right to lodge a complaint with the CNIL https://www.cnil.fr/
In order to exercise your rights with SO BAG, you can send a letter to SO BAG - Z.I La Fiolle - Rue Claude Boucher - 71450 Blanzy - France or an email to dpo@sobagfrance.fr

What security measures have we put in place to protect your personal data?
We have implemented appropriate technical and organizational security measures to protect your personal data against unauthorized use, accidental loss, partial or total destruction

- Confidentiality of Data
Deontology is inherent in our profession and among these great principles, confidentiality is a strong axis of our policy. We are committed to preserving this principle of ethics, the foundation of our profession and our working methods
Hereby,
- if necessary, we sign confidentiality agreements with suppliers, subcontractors, etc. partners of SO BAG
- we have incorporated the appropriate confidentiality clauses / appendices into the employment contracts of our employees

- Data security
IT management standards of SO BAG are strict and guarantee the best security of the data we process:
- Ultra secure Extranet and internet connection
- Extranet: by username and confidential password
- The data passing through the site www.sobagfrance.com and www.bagutil.fr are encrypted before being sent over the internet
- Ultra secure accommodation: a secure Data Center + a server hosted in a monitored room with protected access on site in France
- Automatic data backup on site
- Anti intrusion security
- Service blocking procedure when suspicion of intrusion

Who else can have access to your personal data?
We only transmit personal information to our affiliates and other entities or trusted persons who process it on our behalf, according to our instructions, in accordance with these Confidentiality Rules and in compliance with any other appropriate security and confidentiality measure

Is your personal data transferred outside the European Union?
Your personal data processed by or on behalf of SO BAG Company cannot be transferred and processed by third parties located outside the European Union

 

GLOSSARY

Consent: any manifestation of will, free, specific, informed and unequivocal by which the Data Subject accepts, by a declaration or by a clear positive act, that Personal Data concerning him / her is subject to Processing.

Data Protection Officer (DPO): the designated person responsible for the protection of Personal Data

Recipient: natural or legal person or any other body that receives communication of Personal Data

Personal data / Personal data / Data: any information relating to a Data Subject in particular by reference to an identifier such as a name, an identification number, an identity card number, a salary, health, bank account information, driving or consumption habits, Location data, an online identifier, etc. The term "Personal Data" includes sensitive Personal Data.

Sensitive personal data / Sensitive personal data: means personal data revealing or based on:
- racial or ethnic origin, political, religious or philosophical opinions,
- membership of a trade union organization,
- physical or mental health,
- sexual orientation or sexual life,
- genetic and biometric data,
- data relating to criminal convictions, offenses or related security measures

Applicable legislation: all the regulations relating to the protection of personal data and applicable to the Processing of Personal Data, namely European Regulation n ° 2016/679 relating to the protection of Personal Data (GDPR), the amended Data Protection Act and any other regulations relating thereto.

Person concerned / Person: natural person to whom the personal data relates and who can be identified or identifiable, directly or indirectly, thanks to this personal data. This includes past and present customers, prospects and collaborators.

Controller: natural or legal person who, individually or jointly, decides what personal data is collected, why and how it is collected and processed

GDPR: abbreviation of European Regulation n ° 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

Processor: any natural or legal person or other body that processes Personal Data on behalf of the Data Controller and according to his instructions (for example providers or suppliers).

Third party: any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are empowered or authorized to process Data.

Processing: any operation or set of operations carried out or not using automated processes and applied to Personal Data such as collection, access, recording, copying, Transfer, conservation, storage, crossing, modification, structuring, making available, communication, recording, destruction, whether automatic, semi-automatic or other. This list is not exhaustive.

Data transfer: any communication, any copy or movement of Data via a network, or any communication, any copy or movement of this Data from one medium to another, whatever this medium, of Personal Data to a country Third Party to the European Union or to an international organization which is or is intended to be the subject of Processing after this Transfer.