PERSONAL DATA PROTECTION POLICY
OF THE SITE BENETEAU.COM
Updated October 1, 2021
Preamble
This personal data protection policy (hereinafter the "Policy") established by SPBI aims to provide Users with summarised and comprehensive information on the collection and processing of Personal Data on the site www.beneteau.com (hereinafter the "Site") operated by SPBI, a public limited liability company, with a share capital of EUR 51,541,628, registered with the Trade and Companies’ Register of LA ROCHE-SUR-YON under number 491 372 702, having its registered office at Parc d’activités de l’Eraudière, 34 rue Eric Tabarly, DOMPIERRE-SUR-YON (85170) – FRANCE, having a branch dedicated to the distribution of its products sold under the trademark “BENETEAU”, whose address is 2 rue du Grand Large, Givrand, SAINT-GILLES-CROIX-DE-VIE (85805) – FRANCE (hereinafter referred to as “SPBI”) pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation).
The applicable Policy is that in force as of the date the Site is visited, until a new version replaces the existing one.
This Policy may be amended by SPBI at any time, without prior notice.
By visiting the Site, the User acknowledges that they have read this Policy and agrees to comply with them without reservation.
Article 1 — Definitions
If not defined in this section, all terms used in this Policy and beginning with a capital letter will have the same meaning as the corresponding definition in the Site's General Conditions of Use (GCU).
"Personal Data": refers to any information relating to an identified or identifiable natural person. An "identifiable natural person" is considered to be any natural person who can be directly or indirectly identified through an identifier, such as a name, identification number, address, online user ID or through one or several specific elements of their physical, physiological, genetic, mental, economic, cultural or social identity.
"Policy": refers to this Data Protection Policy applicable to the processing of the Site Users' personal data.
"Processing": means any operation or operations relating to such data, irrespective of the processing phase (collection, recording, organisation, retention, adaptation, modification, extraction, consultation, use, communication by transmission, broadcasting or any other form of dissemination, reconciliation or interconnection, locking, deletion or destruction etc.).
"Data Controller": refers to the entity responsible for determining the purposes and means of processing personal data.
Article 2 — Data Controller
SPBI is the Data Controller responsible for the data processing methods implemented on the Site.
Article 3 — Personal data collection and source
SPBI may collect the User's personal data directly (especially by means of data collection forms available on the Site).
GROUP BENETEAU undertakes to obtain the User's consent and/or allow them to oppose their Personal Data being used for certain purposes, as necessary.
In all cases, the User will be informed of the purposes for which their personal data is being collected via the various Personal Data collection forms.
Article 4 — Collected Personal Data
The following Personal Data of the User may be collected on the Site and processed by the Data Controller:
- Name and surname(s);
- Mailing address;
- Email address;
- Phone number;
- Any other Personal Data communicated by the User to SPBI.
Personal Data marked with an asterisk in the collection forms is mandatory, as this is necessary to consider the request made. If this mandatory information is not provided, these operations will not be considered.
Users' Personal Data that is made accessible on the Site may not be collected and subject to Processing without the prior written consent of the person concerned, in accordance with the provisions of this Policy.
Article 5 — Purposes of Processing Personal Data
SPBI uses the Site Users' Personal Data, especially for the following purposes:
- To process Users' requests such as requests for information, research, requests relating to the newsletter or other content;
- To make offers to Users with regard to the products marketed by SPBI and/or its partners;
- To customise and improve the Users' experience on the Site;
- For any other purpose that SPBI would specify, when appropriate, at the time of the collection of the User's Personal Data.
Article 6 — Legal basis for Processing Personal Data
SPBI will process the Users' personal data as part of the execution and management of their contractual relationship, in the User's legitimate interest to improve the quality and operational performance of the services offered on the Site, or to comply with specific regulatory obligations.
Personal Data processing may also be carried out based on the User's prior consent, in the event that this was requested from the latter party, in certain situations.
Article 7 — Communication of Personal Data
SPBI restricts access to Personal Data exclusively to members of its staff who know about such data in order to process the User's request or provide the requested Service.
SPBI will not disclose Personal Data to unauthorised third parties.
However, SPBI may share Personal Data with its subsidiaries and/or its holding, and its authorised service providers (e.g. technical service providers—publishers, web hosts, Site maintenance representatives— advisors etc.) with whom SPBI is partnered for the exclusive purpose of making the Site available.
SPBI does not authorise these service providers to use or disclose Personal Data, unless this is necessary to perform their Services on behalf of the User or to comply with legal obligations. In addition, SPBI may share Personal Data (i) if required by the law or a legal procedure, (ii) in response to a request from public authorities or other officials, or (iii) if SPBI deems it necessary to communicate such Personal Data to prevent physical damage or financial loss or in relation to an investigation regarding a suspected or proven illegal activity.
Article 8 — Transfer of Personal Data
Considering the global nature of our company and Services, Personal Data may be stored and/or processed in a country other than the User's country of residence.
Some countries outside the European Economic Area (EEA) are recognised by the European Commission as providing an adequate level of data protection in accordance with EEA standards (a full list of these countries is available here).
SPBI has implemented adequate measures for transferring Personal Data from EEA countries to countries that are not deemed by the European Commission to have sufficient data protection levels. Such measures have especially been applied by means of contractual agreements with third parties.
Article 8 — Duration of Personal Data retention
SPBI will retain Personal Data for a period not exceeding the necessary duration for achieving the purposes for which such data was collected and processed. Such period will be extended, where appropriate, from the periods stipulated by applicable legal or regulatory requirements.
Thus, SPBI will retain the User's Personal Data for a period of:
- Three (3) years from its disclosure by the User to SPBI;
- Thirteen (13) months from when it is collected by cookies.
Retention periods may be suspended in the event that a User exercises their rights, as provided for in this Policy.
Article 9 — Users' rights regarding their Personal Data
In accordance with the General Data Protection Regulation (GDPR), the User has certain rights with regard to the processing of their Personal Data. In the event that they exercise one or more rights relating to the processing of their Personal Data, the User will be informed that they may lose access to the Site and they may no longer be able to use its services.
Right of access: The User may request access to their Personal Data and request that any inaccurate or incomplete Personal Data is corrected or completed.
In addition, the User has the right to know the sources of such Personal Data.
Right of deletion: The right to be forgotten authorises the User to request that their Personal Data is deleted in the event that:
(i) the Personal Data is no longer needed to fulfil the purposes for which it was collected and processed;
(ii) the User chooses to withdraw their consent (when such consent was obtained as a legal basis for data processing), with such a withdrawal not affecting the lawfulness of the data processing preceding its implementation;
(iii) the User opposes the Processing of their Personal Data;
(iv) the Personal Data was processed in an unlawful manner;
(v) the Personal Data must be deleted to comply with a legal obligation; or
(vi) its deletion is required in order to comply with the GDPR.
Right to restrict processing: The User may also request limited processing of their Personal Data if:
(i) the User contests the accuracy of the Personal Data;
(ii) SPBI no longer needs such Personal Data for data Processing purposes; and
(iii) the User is opposed to the Processing of Personal Data.
Right to object to direct marketing emails: At any time, the User may request to stop receiving any advertisements or marketing emails from SPBI by contacting the company directly and free of charge, by clicking on the unsubscribe link included in any marketing email that SPBI would be likely to send to the User by email, or by sending an email to the email address indicated below. This opposition may be exercised without prejudice to the legality of the emails sent before the exercising of such right.
Right not to be subject to a decision based solely on the automated Processing of Personal Data: The User has the right not to be subject to a decision based solely on automated Processing, which has a legal impact on them or that similarly significantly affects them.
Right to data portability: The User may require SPBI to provide them with their Personal Data in an organised, commonly used, machine-readable format.
Right to issue advance guidelines on the processing of Personal Data after death: The User may provide guidelines on the use of their Personal Data after death (especially regarding their retention period, deletion and/or communication) and appoint a person responsible for exercising these rights.
Right to lodge a complaint with a supervisory authority: If the User has concerns or claims relating to the protection of their Personal Data, they may rightfully lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés — National Commission on Informatics and Liberties) via the following link: https://www.cnil.fr/en/home.
The User is, however, asked to address any request to SPBI, in advance, by contacting them via the address indicated below, so that the Group can process the User's request and reach an amicable solution.
For the purposes of exercising these rights, the User may email their request to: contact.rgpd@beneteau-group.com. All requests must be accompanied by a photocopy of an identity document bearing the User's signature and specifying the address to which SPBI should send any replies. Replies to requests submitted shall be sent to the User within a maximum period of two (2) months from receipt of the request by SPBI.
Article 11 — Cookies
When visiting this Site, some information relating to the User's browsing habits may be stored in files called "Cookies" installed on the User's device (computer, tablet, mobile phone or any other device through which the Internet can be used). These cookies are issued by SPBI in order to best meet the User's needs and to facilitate the latter's browsing experience on the Site.
11.1. What is a cookie?
A cookie is a text file that, through the browser software, is deposited into a dedicated space on the hard drive of the User's device when visiting a site or viewing an advertisement. Cookies contain data, including the name of the server issuing them (the server of the site you are visiting), a unique identifier number and potentially the Cookie's expiry date.
Cookies allow their issuers to recognise the User's device on which they have been deposited, to collect information regarding the User's browsing preferences and to provide customised services to the User. Cookies do not contain any information that personally identifies the User and only the cookie issuer can read or modify the information contained in the cookies.
11.2. Cookies issued on the Site
"Essential cookies" for the Site's operation: They allow information entered in forms to be stored and they facilitate the management and secure access to restricted spaces (Account registration or login, requested service etc.);
"Functional cookies": These allow you to adapt the Site's layout to your device's display preferences (language, display resolution etc.) and thereby customise access to the Site;
"Analytics cookies" (or "audience measurement cookies"): These cookies anonymously collect the Site's traffic data in order to make statistics and traffic volumes (number of visits, pages viewed etc.) and to record the use of components making up this Site (headings and pages consulted etc.), enabling the Company to monitor and improve the quality of its services. In addition, this Site uses Google Analytics, a web analytics service provided by Google Inc. ("Google") which allows the Company to analyse the User's utilisation of the Site;
"Social cookies": They allow the User to interact with the Site's social plug-ins (e.g. Facebook, Twitter);
"Retargeting cookies": They memorise the User's information and recognise it on another website that is partially selling a similar advertising inventory.
11.3. User cookie management
The User can control and manage the installation of these cookies on their device by changing their browser settings.
It is therefore possible to set up the browser to enable it accept or reject all cookies automatically or based on the issuer. The User may also choose to be notified automatically whenever a cookie is stored on their device.
For better control regarding cookie management, the User may set up their browser so they are regularly asked whether they would like to accept or reject cookies before a cookie is likely to be deposited on their hard drive by the server hosting the Site they are visiting.
It is stated that any set up of the User's device may result in a change in the Site's browsing experience as well as the conditions for accessing some services requiring the use of cookies. In the event that the User is dissatisfied, they may, at any time, modify their preferences regarding cookies.
Article 12 — Security
SPBI implements all technical and organisational measures to ensure that Users' Personal Data is processed securely and confidentially.
As such, SPBI takes all necessary precautions regarding the nature of the Personal Data and the risks connected with their Processing in order to ensure that this data remains secure and, in particular, to prevent their distortion, damage or unauthorised access by third parties (physical protection of premises, authentication processes with personal and secure access via confidential credentials and passwords, updating of connections, encryption of data etc.).
Article 13 — Contact
If the User has any questions or requires additional information with regard to the Policy hereof, they may contact SPBI at contact.rgpd@beneteau-group.com