Privacy policy

LEROUX DATA PROTECTION POLICY

We aim to establish a relationship based on trust with you, our customers, employees, partners, service providers, trainees, applicants and website users, for this reason, this Personal Data Protection Policy for natural persons defines how we process your data.

The concept of “personal data” is defined herein as per article 4 of the General Data Protection Regulation of the European Union (GDPR 2016/679), i.e. any data which can be used to directly or indirectly identify a natural person.

LEROUX takes good care of your personal data and will ensure it benefits from the best possible protection.

DATA CONTROLLER

LEROUX is a French company with capital of 251,466 euros, listed on the Registry of Trade and Companies of Douai under number 0457508170012. LEROUX is the data controller for your personal data and its head office is located 84 rue François Herbo, 59310 ORCHIES, France.

If you require any further information, you can contact us at the following email address: RGPD@leroux.com

DATA COLLECTION

We collect the data we process straight from you or via your employer or an authorised party. Leroux SAS processes personal data for the following purposes:

– To check compliance with a contract or general terms and conditions

– To ensure compliance with legal and regulatory requirements while protecting our legitimate interests

– For specific purposes, after obtaining your explicit consent.

– To improve our websites, products and services (primarily via cookies or online surveys)

– To answer your requests

– To send you emails on LEROUX, primarily including special offers and product information, or any LEROUX news

PERSONAL DATA PROCESSED

Leroux processes the following personal data:

– Contact details (surname, first name, address, e-mail, telephone number, company)

– Business trip data for applicants as part of the recruitment process

– Geolocation and/or internet browsing data collected using cookies

– Bank data used for transactions

– Should you subscribe to the newsletter or request a specific action via the Leroux.com, Leroux.fr or avec-plaisir.fr websites, we may ask you to provide your contact details and indicate your consumer habits.

LEROUX SAS does not collect or process sensitive data via the website, and exclusively processes the identification and bank data required to provide the services requested by users.

We also retain your consent to provide or receive specific information.

Employee personal data

LEROUX processes the following personal data:

– Identification data (surname, first name, address, e-mail, telephone number, personnel no., badge, a photocopy of proof of identity, a photocopy of their driving licence, a photocopy of safe machinery handling training certificates (CACES), date and place of birth, civil status, nationality, gender, language, social security no., etc.)

– Career data (career, skills, fields, promotions, professional reviews, employment contract, etc.)

– Health data (occupational physician clearance or other, sick leave, medical certificates, occupational accident declaration)

– Family data (number of children, family status, private medical insurance, substantiation for leave for family reasons, etc.).

– Economic data (bank details, pay slips, amounts withheld on various grounds, wages, expense notes, tax withholding, etc.).

– All data which must be collected as per legal, regulatory or administrative requirements.

We also retain your consent to provide or receive specific information. This data may be transferred to various company services and external companies if required by law or to ensure compliance with contractual provisions.

DATA SECURITY

Leroux takes the necessary technical and organisational actions to prevent any unauthorised access, modification, disclosure or destruction of the data processed by our teams.

 

Leroux thus only collects the data we require for the legitimate purposes explicitly listed. All employees, sub-contractors or service providers requiring access to personal data for their assigned roles are informed of the applicable requirements and sign a non-disclosure agreement.

We arrange internal audits and organise regular awareness sessions for our employees to ensure the long-term effectiveness of our data protection policy.

DATA RETENTION

Recruitment-related personal data is retained for 2 years and subsequently archived or deleted.

Any personal data pertaining to our customers which we collect via our websites is retained for the consent period for use granted to Leroux during which we can send out special offers, product information and Leroux news in general by email. If no consent is provided, the retention period cannot exceed 18 months for events (competitions, online surveys, etc.).

The personal data of people visiting Leroux sites is retained for 1 year and subsequently archived or deleted.

All other types of personal data are retained for the full length of the commercial relationship, after which we archive or delete the data.

In some cases, we do however reserve the right to retain the data for an extended period to prevent any risk of litigation and in compliance with legal or regulatory requirements.

Any personal data processed subject to your consent will be immediately deleted if you withdraw your consent.

Employee personal data

Personal data is retained for the period required in order to fulfil the purposes for which the data was collected or processed.

We retain such personal data from recruitment and for the entire duration of the employment contract, and for a further period when necessary.

Any personal data processed subject to your consent will be immediately deleted if you withdraw your consent.

TRANSFERRING PERSONAL DATA

In some cases, particularly when handling commercial relations, we must transfer data outside of the European Union in compliance with contractual provisions or to provide a service. We agree to set up suitable guarantees and obtain your authorisation prior to the transfer.

We remain liable for meeting all our personal data requirements.

Employee personal data

We do not transfer personal data outside of the European Union.

YOUR RIGHTS

Leroux is required to comply with your rights:

– You are entitled to be clearly and fairly informed of how your data is processed with due transparency

– You are entitled to access your personal data: we can provide a copy of the data currently being processed by our teams at your request. You are also entitled to enquire if we are processing your personal data or not, and to what purpose, who is receiving your data and if your data is transferred.

– You are entitled to correct or oppose your data: you may request the correction, updating, freezing or deletion of your personal data if the latter is found to be inaccurate or incorrect. You can also define both general and specific directives on how your personal data should be processed after your death. If necessary, heirs may require the consideration of the death of their member of family and/or make the necessary updates. However, personal data can only be opposed for legitimate reasons or to object to marketing.

– You are entitled to withdraw your consent without retroactive effect

– You are entitled to delete your personal data in the event of unauthorised processing

– You are entitled to be informed if any of your personal data has been transferred to a data processor

– You are entitled to place limits on processing

Based on the security and privacy policies applicable to the processing of personal data, to which Leroux is subject, please provide us with proof of your identity in the form of a scanned copy or photocopy of your current proof of identity so that we can handle your request.

If you wish to exercise your rights with respect to personal data provided via the websites, submit your request using the following contact form: https://www.leroux.com/contact/.

If you wish to exercise your rights with respect to personal data provided by means other than our websites, please contact the following email address rgpd@leroux.com or send a letter to Leroux SAS à l’attention du Responsable RGPD, 84 rue François Herbo, 59310 ORCHIES, France.

You may also submit a claim to the French Data Protection Board (CNIL).

DATA BREACHES

If your personal data rights are breached, the GDPR controller will notify the French Data Protection Board (CNIL) of the breach and will rapidly inform you as per the provisions of article 34 of the GDPR. Reviewing our Data Protection Policy

Leroux will process your data in compliance with the applicable legal requirements. The Data Protection Policy will be completed and reviewed whenever necessary to ensure that the level of protection remains unchanged. Updated versions will be available on our websites.