Welcome to the Stratégies Mer et Littoral privacy notice.
In accordance with GDPR regulations, Stratégies Mer et Littoral (SML) respects your privacy and is committed to protecting your personal data. This privacy notice informs you about how we process your personal data in general. It details your privacy rights and how the law protects you when you visit our website or contact us (wherever you are located).
1 - IMPORTANT INFORMATION
PURPOSE OF THIS PRIVACY NOTICE
The purpose of this privacy notice is to inform you about how SML collects and processes your personal data in connection with your use of this website, including any data you may provide through this website, such as when you contact us to request further information, or when you apply to work with SML as an employee or consultant on one of our projects.
This website is not intended for children and we do not knowingly collect data relating to children through this website. It is important that you read this privacy notice and any other privacy notices or fair processing notices we may provide on specific occasions when we collect or process personal data about you, so that you are fully aware of how and why we use your data.
CONTROLLER
SML is the controller and responsible for this website. We have appointed a Data Protection and Compliance Officer (DPCM) who is responsible for overseeing matters relating to this privacy notice. If you have any questions about this privacy notice, including any request to exercise your legal rights, please contact the DPCM via the contact form found on the website.
CHANGES TO THE PRIVACY NOTICE AND OBLIGATION TO INFORM US OF CHANGES
This version was last updated on 1 June 2022 and may be updated from time to time in line with current best practice and business needs.
It is important that the personal data we hold about you is accurate and up to date. Please keep us informed if your personal data changes during the course of your relationship with us.
LINKS WITH THIRD PARTIES
This website may include links to third-party websites, plug-ins and applications. Clicking on these links or activating these connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
2 - THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, refers to any information about a person from which that person can be identified. It does not include data from which the identity has been removed (anonymous data). We may collect, use, store and transfer different types of personal data about you, which we have grouped together as follows:
- Identity data includes first name, maiden name, family name, user name or similar identifier, marital status, title, date of birth and gender.
- Contact details include address, e-mail address and telephone numbers.
- Financial data includes the bank account
- Transaction data includes details of payments made to and by you and other details of the products and services you have purchased from us.
- Technical data includes your IP (Internet Protocol) address, your connection data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technologies on the devices you use to access this website.
- Profile data includes all the information you have given us about your interests, preferences, comments and survey responses.
- Usage data includes information about how you use our website, products and services.
- Marketing and communication data includes your preferences for receiving marketing from us and from our third parties, as well as your communication preferences.
We will not collect, use or share aggregated data such as statistical or demographic data derived from your personal data.
We may collect certain categories of personal data about you if you provide it, but we will not ask for or require such data.
3 - HOW IS YOUR PERSONAL DATA COLLECTED?
We use various methods to collect data from and about you, including the following
Direct interaction. You may provide us with your identity, contact and financial data by filling in forms or by corresponding with us by post, telephone, e-mail or otherwise. This includes personal data you provide when you: apply to work with us as an employee or consultant on one of our projects; request our products or services; or give us feedback.
Automated technologies or interactions. When you interact with our website, we may automatically collect technical data about your equipment, actions and browsing habits. We collect this personal data using cookies and similar technologies.
Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources.
4 - HOW WE USE YOUR PERSONAL DATA
We will only use your personal data where we are authorised to do so by law. Most often, we will use your personal data in the following circumstances:
- When we need to perform the contract we are about to enter into or have entered into with you.
- Where this is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override these interests.
- When we must comply with a legal or regulatory obligation.
As a general rule, we do not rely on consent as a legal basis for processing your personal data, except in relation to sending direct marketing communications to third parties by email or SMS. You have the right to withdraw your consent to marketing at any time by contacting us.
COOKIES
You can configure your browser to refuse all or some cookies, or to warn you when websites install or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or may not function properly.
AUTOMATED DECISION-MAKING
Automated decision-making occurs when an electronic system uses personal information to make a decision without human intervention. We do not envisage decisions being made about you by automated means, but we will inform users if this situation changes.
CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another purpose and that this purpose is compatible with the original purpose. If you would like an explanation of how processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will inform you and explain the legal basis for doing so. Please note that we may process your personal data without your knowledge or consent, in accordance with the above rules, where required or permitted by law.
5 - DISCLOSURE OF YOUR PERSONAL DATA
We may share your personal data with the parties listed below for the purposes of paragraph 4 above.
- Internal third parties: all staff working for SML and acting as joint controllers or processors.
- External third parties: all service providers, tax and customs authorities, regulators and other authorities, as well as all customers acting as joint data controllers or subcontractors, or all customers for whom we carry out projects.
- Third parties to whom we may choose to sell, transfer or merge parts of our business or assets. We may also seek to acquire or merge with other businesses. If there is a change in our business, the new owners may use your personal data in the same way as described in this privacy notice.
We require all third parties to respect the security of your personal data and to process it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and we only allow them to process your personal data for specific purposes and in accordance with our instructions.
6 - INTERNATIONAL TRANSFERS
Please contact us if you would like more information about the specific mechanism we use when we transfer your personal data outside the European Economic Area.
7 - DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised manner, modified or disclosed. In addition, we restrict access to your personal data to employees, agents, subcontractors and other third parties who need to know it for professional reasons. They will only process your personal data on our instructions and are subject to a duty of confidentiality. We have procedures in place to deal with any suspected personal data breaches and will notify you and any applicable regulatory body of a breach where we are legally required to do so.
8 - DATA RETENTION
HOW LONG WILL WE USE YOUR PERSONAL DATA?
We will only keep your personal data for as long as is necessary to fulfil the purposes for which we collected it, including to meet legal, accounting or reporting requirements. In determining the appropriate retention period for personal data, we take into account the amount, nature and sensitivity of the personal data, the potential risk of harm arising from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and the possibility of achieving those purposes by other means, as well as applicable legal requirements. We are required by law to retain basic information about our customers and suppliers (including contact, identity, financial and transaction data) for at least six years after they cease to be customers or suppliers for tax purposes. In certain circumstances, you may ask us to delete your data: see Request for deletion below for more information. In certain circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without notifying you.
9 - YOUR LEGAL RIGHTS
In certain circumstances, you have rights under data protection laws in relation to your personal data.
You have the right to
- Request access to your personal data (commonly known as a "data subject access request"). This allows you to receive a copy of the personal data we hold about you and to check that we are processing it lawfully.
- Request rectification of the personal data we hold about you. This allows you to have incomplete or inaccurate data that we hold about you corrected, although we may need to verify the accuracy of new data that you provide to us.
- Request the deletion of your personal data. This right allows you to ask us to delete or withdraw personal data where there is no valid reason for us to continue processing it. You also have the right to ask us to delete or withdraw your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to delete your personal data to comply with local legislation. Please note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, where appropriate, at the time of your request.
- To object to the processing of your personal data where we rely on a legitimate interest (or those of a third party) and there is an element of your particular circumstances which causes you to object to the processing on this ground, as you consider that it affects your fundamental rights and freedoms. You also have the right to object to the processing of your personal data for direct marketing purposes. In some cases, we can demonstrate that we have compelling legitimate grounds for processing your information that outweigh your rights and freedoms.
- Request the restriction of the processing of your personal data. This allows you to ask us to suspend the processing of your personal data in the following cases: (a) if you want us to check the accuracy of the data; (b) if our use of the data is unlawful but you do not want us to delete it; (c) if you need us to retain the data even if we no longer need it because you need it to establish, exercise or defend legal rights; or (d) if you have objected to our use of your data but we need to check whether we have compelling legitimate grounds for using it.
- Request the transfer of your personal data to you or to a third party. We will provide you or a third party of your choice with your personal data in a structured, commonly used and machine-readable format. Please note that this right only applies to automated information that you originally consented to us using or where we have used that information to perform a contract with you.
- Withdraw your consent at any time where we rely on that consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdrew your consent. If you withdraw your consent, we may not be able to provide you with certain products or services. We will inform you if this is the case at the time you withdraw your consent.
- If you wish to exercise any of the above rights, please contact us.
WHAT WE MAY NEED FROM YOU
We may need to ask you for specific information to help us confirm your identity and guarantee your right of access to your personal data (or to exercise one of your other rights). This is a security measure to ensure that personal data is not disclosed to anyone who is not entitled to receive it. We may also contact you to request additional information in relation to your request in order to speed up our response.
RESPONSE TIME
We aim to respond to all legitimate requests within one month. We may need more than one month if your request is particularly complex or if you have made several requests. In this case, we will inform you and keep you informed. In addition, we restrict access to your personal data to employees, agents, subcontractors and other third parties who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality. We have procedures in place to deal with any suspected breach of personal data and will notify you and any applicable regulator of a breach where we are legally required to do so.