SODEXO builds strong, lasting relationships with its customers, partners, consumers and associates, based on mutual trust: making sure that their personal data are safe and remain confidential is an absolute priority for SODEXO.
SODEXO complies with all French and European regulatory and legal provisions on the protection of personal data.
personal data of those who use its websites and other applications:
• Users remain in control of their own data. The data are processed in a transparent, confidential and secure manner.
SODEXO is committed to a continuing quest to protect its users’
personal data in accordance with the Loi Informatique et Libertés
[French Data Protection Act] of January 6, 1978 as amended (hereinafter
the “DPA”) and the General (EU) Data Protection Regulation of April 27,
2016 (hereinafter the “GDPR”).
• SODEXO has a dedicated personal
data protection team comprising a Group Data Protection Officer
registered with the CNIL (Commission Nationale de l’Informatique et des
Libertés [French Data Protection Agency]) and a network of contact
persons dedicated to personal data protection.
PURPOSE OF THIS POLICY
SODEXO takes the protection of your personal data very seriously.
developed this policy to inform you of the conditions under which we
collect, process, use and protect your personal data. Please read it
carefully to familiarize yourself with the categories of personal data
that are subject to collection and processing, how we use these data and
with whom we are likely to share it. This policy also describes your
rights and how you can get in touch with us to exercise these rights or
to ask us any questions you might have concerning the protection of your
This policy may be amended, supplemented or
updated, in particular to comply with any legal, regulatory, case law or
technical developments that may arise. However, your personal data will
always be processed in accordance with the policy in force at the time
of the data collection, unless a compulsory legal prescription
determines otherwise and must be enforced retroactively.
This policy forms an integral part of the Conditions of Use of the website.
IDENTITY AND CONTACT DETAILS OF THE CONTROLLER
personal data controller is: BATOBUS, - SARL au capital de 8.000 € -
SIRET 350 540 324 000 18, RCS Paris Port de la Bourdonnais, 75007 Paris.
data” means any information relating to an identified natural
person or one that can be directly or indirectly identified by reference
to an identification number or to one or more factors specific to this
“us” or “our” BATOBUS (hereinafter “BATOBUS”),
“you” any website user/visitor.
“Website” the website of BATOBUS available at the address http://www.batobus.com/.
COLLECTION AND SOURCE OF PERSONAL DATA
will most likely collect your personal data directly (in particular via
the data collection forms on our website) or indirectly (in particular
via our service providers and/or technologies on our website).
We undertake to obtain your consent and/or to allow you to refuse the use of your data for certain purposes whenever necessary.
will in any event be informed of the purposes for which your data are
collected via the various online data collection forms and via the
TYPES OF PERSONAL DATA COLLECTED AND USED BY US
We may specifically collect and process the following types of personal data:
the information that you provide when filling in the forms on the
website (for example, for subscription purposes, to participate in
surveys, for marketing purposes, etc.);
- the information that your provide for authentication purposes;
- the information that you provide for order fulfillment or to provide a service;
- via “posts”, comments or other content that you post on the website.
data identified by an asterisk in the data collection forms are
compulsory as these are necessary to fulfill any orders placed. In the
absence of this compulsory information, these transactions cannot be
PERSONAL DATA THAT WE AUTOMATICALLY COLLECT
collect some information automatically when you visit the website in
order to personalize and enhance your experience. We collect this
information using various methods such as:
“cookie” is a small information file sent to your browser when you visit
our website and stored on your computer. This file contains information
such as the domain name, the internet access provider and the operating
system as well as the date and time of access by the user. Cookies
cannot damage your computer in any way.
Cookies are not used to
determine the identity of an individual who visits our website. Cookies
allow us to identify, in particular, your geographic location and the
display language in order to improve your online browsing experience.
They also enable us to process information about your visit to our
website, such as the pages viewed and the searches made, in order to
improve our website content, to follow your areas of interest and offer
you more suitable content.
If you do not want to receive cookies
from our website, you can adjust your browser settings accordingly. To
manage your choices, each browser has a different configuration. These
configurations are described in your browser’s help menu, which will
explain how to change the settings to your desired cookies
We recommend, however, that you do not deactivate
our cookies. Keep in mind that if you block, turn off or reject our
cookies, some of our webpages will not display correctly or you will no
longer be able to use some of the services we offer. In this case, we
cannot be held liable for any consequences related to the reduced
functionality of our services arising from our inability to store or
consult the cookies required for its functioning and which you have
declined or deactivated.
Lastly, by clicking on the dedicated
icons of social networks such as Twitter, Facebook, Linkedin, etc., if
these are displayed on our website, and if you have agreed that cookies
may be downloaded while you are browsing our website, the social
networks in question may also download cookies to your devices
(computer, tablet or mobile phone). These types of cookies are
downloaded to your device only on condition that you have given your
consent by continuing to browse our website. You can, however, at any
time revoke your consent to these social networks downloading these
types of cookies.
IP address is a unique identifier used by some electronic devices to
identify and communicate with each other on the internet. When you
consult our website, we can use the IP address of the device used by you
to connect you to the website. We use this information to determine the
general physical location of the device and to know in which
geographical areas visitors are located.
website uses Google Analytics to generate statistical reports. These
reports tell us, for example, how many users consulted the website,
which pages were visited and in which geographical areas website users
are located. The information gathered via the statistics may include,
for example, your IP address, the website from which you arrived at our
site and the type of device that you used. Your IP address is hidden on
our systems and will only be used if necessary to resolve a technical
problem, for website administration and to gain insight into our users’
preferences. Website traffic information is only accessible to
authorized staff. We do not use any of this information to identify
visitors and we do not share this information with third parties.
have the option to click on the dedicated icons of social networks such
as Twitter, Facebook, Linkedin, etc. that appear on our website.
networks create a friendlier atmosphere on the website and assist in
promoting the website via sharing. Video sharing services enrich the
video content of our website and increase its visibility.
you click on these buttons, we may have access to the personal
information that you have made public and accessible via your profiles
on the social networks in question. We neither create nor use any
separate databases from these social networks based on the personal
information that you have published there and we do not process any data
relating to your private life through these means.
If you do not
want us to have access to your personal information published in the
public spaces of your profile or your social accounts, then you should
use the procedures provided by the social networks in question to limit
access to this information.
PURPOSES FOR WHICH WE USE PERSONAL DATA
We use your personal data specifically for the following purposes:
− to respond to your requests such as requests for information, searches, the newsletter or other content;
− to provide the services and offers ordered on our website and/or in one of our establishments;
− to conduct surveys and gather statistics;
− to personalize and enhance your experience on our website;
− to offer you our products and services and/or our partners’ products and services;
− any other purpose of which we will inform you, if applicable, when we collect your data.
LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
process your personal data as part of the performance and management of
our contractual relationship with you, in our legitimate interest to
improve the quality and operational excellence of the services we offer
to you or in compliance with certain regulatory obligations.
personal data may also be processed based on your prior consent in the
event that under certain circumstances, your consent would be requested.
DISCLOSURE OF PERSONAL DATA
The security and
confidentiality of your personal data are of great importance to us.
This is why we restrict access to your personal data only to members of
our staff who need to have this information in order to process your
orders or to provide the requested service.
We will not disclose
your personal data to any unauthorized third parties. We may, however,
share your personal data with entities within the Sodexo group and with
authorized service providers (for example: technical service providers
[hosting, maintenance], consultants, etc.) whom we may call upon for the
purpose of providing our services. We do not authorize our service
providers to use or disclose your data, except to the extent necessary
to deliver the services on our behalf or to comply with legal
obligations. Furthermore, we may share personal data concerning you (i)
if the law or a legal procedure requires us to do so, (ii) in response
to a request by public authorities or other officials or (iii) if we are
of the opinion that transferring these data is necessary or appropriate
to prevent any physical harm or financial loss or in respect of an
investigation concerning a suspected or proven unlawful activity.
STORAGE PERIOD OF YOUR PERSONAL DATA
will store your data only for as long as necessary to fulfill the
purposes for which it was collected and processed. This period may be
extended, if applicable, for any amount of time prescribed by any legal
or regulatory provisions that may apply.
SENSITIVE PERSONAL DATA
a general rule, we do not collect sensitive personal data via our
website. “Sensitive personal data” refers to any information concerning a
person’s racial or ethnic origins, political opinions, religious or
philosophical beliefs, union membership, health data or data relating to
the sexual life or the sexual orientation of a natural person. This
definition also includes personal data relating to criminal convictions
In the event that it would be strictly necessary to
collect such data to achieve the purpose for which the processing is
performed, we will do so in accordance with local legal requirements for
the protection of personal data and, in particular, with your explicit
prior consent and under the conditions described in this Confidentiality
PERSONAL INFORMATION AND CHILDREN
website is for use by adult persons who have the capacity to conclude a
contract under the legislation of the country in which they are
Children users under the age of 16 years or without
legal capacity must obtain consent from their legal guardians prior to
submitting their data to the website.
The 16-year age limit may be reduced to 13 years depending on the local legislation in your usual place of residence.
TRANSFER OF PERSONAL DATA
Sodexo is an international group, your personal data may be transmitted
to internal or external recipients that are authorized to perform
services on our behalf and that are located in countries outside the
European Union or the European Economic Area which do not offer an
adequate level of personal data protection.
To guarantee the
security and confidentiality of personal data thus transmitted, we will
take all necessary measures to ensure that these data receive adequate
protection, such as signing standard European Commission contractual
clauses or other equivalent measures.
In accordance with the applicable law, you have certain rights relating to the processing of your personal data.
of access You have the right to request access to your personal
data. You may also request rectification of inaccurate personal data or
request that incomplete data be completed.
You also have the right to know the source of the personal data.
Right of erasure Your right to be forgotten entitles you to request the erasure of your personal data when:
(i) the data are no longer necessary to achieve the purposes for which they were collected and processed;
you choose to withdraw your consent (if your consent was obtained as
the legal basis for processing), without such a withdrawal affecting the
lawfulness of any processing carried out prior to the withdrawal;
(iii) you object to the processing;
(iv) your data were processed unlawfully;
(v) your data must be erased to comply with a legal obligation; or
(vi) erasure of the data is required to ensure compliance with current legislation.
Right to restriction You may also request restriction of processing of your personal data if:
(i) you dispute the accuracy of your data;
(ii) we no longer need these data for processing purposes; and
(iii) you are opposed to the processing of the data.
to refuse direct marketing messages You may at any time request to
no longer receive advertising or prospecting by contacting us directly,
free of charge, or via the “unsubscribe” link included with any form of
prospecting that we might send to you by email, or by sending us an
email to the address provided below. This opposition is without
prejudice to the lawfulness of any communication sent to you before the
opposition was implemented.
In accordance with Article L.223-2 of
the French Consumer Code, Users are hereby informed of their right to
subscribe, free of charge, to the national “do not call” registry to opt
out of telephone canvassing (www.bloctel.gouv.fr).
The right not
to be the subject of a decision based exclusively on automated data
processing. You have the option not to be the subject of a decision
based exclusively on automated processing that has legal effects
concerning you or that has a significant impact on you.
portability You may request that we provide your personal data in a
structured, commonly used, machine-readable format or you may request
that it be transmitted directly to another controller on condition that:
(i) the processing is based on your consent or necessary to fulfill a contract with you; and
(ii) that it is done via automated means.
Right to issue advanced instructions about the processing of your personal data after your death.
application of the French Data Protection Act, you may also formulate
instructions on exercising your rights as set out in this section, after
your death (in particular with regard to the storage period or the
erasure and/or disclosure of the data) as well as appoint a person
tasked with exercising these rights.
Right to lodge a complaint with
a supervisory authority If you have any concerns or complaints with
regard to the protection of your personal data, you have the right to
lodge a complaint with the French Data Protection Agency (CNIL) using
the following link: www.cnil.fr.
However, please address any
requests to us beforehand by contacting us at the address given below so
that we can deal with your request and find an amicable solution.
exercise your rights, you can fill out and send us the
Complaint/Request form or make your request by email to the following
address: email@example.com stating your surname, first name and
the reason for your request. We will most likely ask you for additional
information in order to identify you and to enable us to deal with your
We implement all possible
technical and organizational security measures to ensure security and
confidentiality in processing your personal data.
To this end, we
take all necessary precautions given the nature of the personal data
and the risks related to its processing, in order to maintain data
security and in particular to prevent distortion, damage or unauthorized
third-party access (physical protection of the premises, authentication
procedures with personal, secured access via identifiers and
confidential passwords, a connection log, encryption of certain data,
CUSTOMER RELATIONSHIP MANAGEMENT DATABASE (“CRM DATABASE”)
use a database to manage and monitor our relationships with existing
and potential customers. This database includes the personal data of
associates of our customers or other partners with whom we have a
business relationship or with whom we want to establish such a
relationship. These data, used only for this purpose, notably include:
contact details (surname, first name, telephone number, email address,
etc.), publicly accessible information, the responses to targeted emails
and other information collected and recorded by our associates as part
of their interactions with our customers and partners. If you want to be
removed from our CRM database, please write to firstname.lastname@example.org.
LINKS TO OTHER SITES
we provide links to other websites for practical and informative
purposes. These websites are mostly Sodexo websites and some of them
operate independently from our websites and are not under our control.
These websites are run by third parties with their own confidentiality
do not accept any liability with regard to the content on these sites,
for the products and services that may be offered there or for any other
UPDATES OF OUR CONFIDENTIALITY POLICY
policy will become effective on May 25, 2018. We may update or amend
this confidentiality policy as and when needed. In this case, amendments
will only become applicable after a period of 30 business days from the
date of the amendment. Please consult this page from time to time if
you want to be informed of any possible changes.
you have subscribed to certain services via our website and you no
longer want to receive emails, please consult the “unsubscribe” page
corresponding to the service you are subscribed to.
HOW TO CONTACT US
you have any questions or comments with regard to this policy, please
do not hesitate to contact us at the following address:
email@example.com or contact our Group Data Protection Officer at
the following address: firstname.lastname@example.org.
Last updated: 5 mai 2018