Pluxee International Privacy Policy

What is the purpose of this Policy

The following information is provided to you to inform you of the categories of Personal Data that are subject to collection and Processing when using websites, portals, applications, and platforms (our “Site” or “Sites”) how we (i.e. Pluxee International) use this Personal Data, and with whom we are likely to share it. This policy also describes your rights and how you can get in touch with us to exercise these rights or to ask us any questions you might have concerning the protection of your Personal Data.
Data.

Pluxee International builds strong, lasting relationships with its customers, partners, and consumers based on mutual trust, making sure that their Personal Data is safe and remains confidential is an absolute priority for Pluxee International.

Pluxee International is committed to complying with all applicable regulatory and legal provisions governing the protection of Personal Data.

Pluxee International enforces a very strict privacy policy to guarantee the protection of the Personal Data of those who use its Sites:

  • Users remain in control of their own data. The data processed in a transparent, confidential and secure manner.
  • Pluxee International is committed to a continuing quest to protect its users’ Personal Data in accordance with the General Data Protection Regulation of April 27, 2016 (GDPR). 
  • Pluxee International has a Group Data Protection Officer, that you can contact is case of question. 

This policy may be amended, supplemented, or updated, in particular to comply with any legal, regulatory, case law, or technical developments that may arise. However, your Personal Data will always be processed in accordance with the policy in force at the time of the data collection, unless a compulsory legal prescription determines otherwise and must be enforced retroactively.

Who is the “Data Controller” and how can you get in touch with us?

The Data Controller is:

Pluxee International,    
A French Société par actions simplifiée 
Registered office: 16, rue du Passeur de Boulogne, - 92130, Issy-les-Moulineaux - FRANCE
Trade register: 350 925 384 RCS Nanterre 
Legal Representative: Aurélien SONET as a CEO
Group Data Protection Officer : dpo@pluxeegroup.com 
 

Definitions 

  • “Data Controller”: Means the natural or legal person, public authority, agency or other body which, alone or jointly with others determines the purposes and means of the Processing of your Personal Data on the Sites. In this Policy, Data Controller means Pluxee International
  • “Personal data”: Means any information relating to an identified natural person or one that can be directly or indirectly identified by reference to an identification number or to one or more factors specific to this person. 
  • “Processing”: Any operation or set of operations that is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  • "Processor: Natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller.
  • “us” “we” or “our”: Pluxee International acting as Data Controller
  • “you” or “Users”: Any Site user/visitor or beneficiary of the Services.

How will your Personal Data be collected? Is it mandatory that you or others provide your Personal Data?

We may collect your personal data in the ways listed below:

  • Collection of your Personal Data directly from you, such as when you complete forms on our Sites ; and

  • Collection of your Personal Data indirectly during your navigation on the Site or via our service providers and/or technologies on our Sites.

We will collect your Personal Data on a mandatory basis where this is required by applicable local laws or where this is necessary for the performance of the Services on the Site.

If we are unable to collect these mandatory Personal Data items, we will not be able to manage your access to the Site.
 

What Personal Data does Pluxee International hold? For which purposes and on which legal basis will your Personal Data be collected and processed? 

We may process, use, and disclose your Personal Data for certain purposes, as detailed below, connected to your use of the Site and to the services we provide. 

We will collect and process your Personal Data as detailed below (without this list being exhaustive) where necessary to provide you an access to the Site, or when it is necessary for compliance with a legal obligation to which we are subject. We will also collect and process your Personal Data for Pluxee International’s legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms. Where legitimate interests do not apply as a lawful basis for the Processing of Personal Data under the applicable Data protection laws, prior explicit consent will be alternatively collected if required by law.

Data Processing Activities Purposes Categories of Personal Data  Legal basis
Cookies Personalization of the Site and enhancement of the experience. 
A more detailed description of how and why cookies might be used on the Sites is at your disposal on our web page		 •    IP address
•    Cookies
•    Statistical data
 		 Consent
Legitimate interest in implementing the technical measures necessary for the operation of our website
 
Site navigation Compliance to legal obligations •    Identification data (name, surname, image - if you provided it)
•    Technical data (time and date of connection, meta data
 		 Legal obligation
Communication with Users Collect and process requests from Users contacting Pluxee International •    Email address
•    Any Personal Data provided by the Users in their  request
 		 Legitimate interest in communicating with our website users and clients
Webcast for investors Allow investors to access to the platform and enable Pluxee to compile statistics in order to monitor audience and to contact its investors •    Identification data (name, surname, company and position)
•    Email address
 		 Legitimate interest in interacting with investors
Other Any other purpose that we may specify to you at the time of collection and described in a specific privacy policy  Determined at the time of collection and described in a specific privacy policy Determined at the time of collection and described in a specific privacy policy

 

Who will have access to your Personal Data?

Pluxee International is part of an international group under the brand Pluxee (the “Pluxee group”). 
There is a possibility of transfers of your Personal Data within or outside of the Pluxee group. 
 

  • Within the Pluxee Group: The security and confidentiality of your Personal Data is of great importance to us and the other entities of the Pluxee group. This is why we strictly restrict access to your Personal Data to members of our staff and only to the extent strictly necessary to process your Personal Data or provide the services necessary for the Site. We ensure that the persons authorized to process the Personal Data have commited themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
    European data protection laws do not allow the transfer of Personal Data to third countries outside the European Economic Area (‘EEA’) that do not ensure an adequate level of data protection. Some of the third countries in which Pluxee entities operate are located outside of the EEA and do not provide the same level of data protection as the country in which you reside, and are not recognized by the European Commission as providing an adequate level of protection for individuals’ data privacy right For those transfers, Pluxee International and the Pluxee Group entities have implemented the appropriate safeguards in accordance with the relevant Data Protection laws and rules. If you have any questions or wish to have details on those safeguards, you can contact the Group Data Protection Officer, email to dpo@pluxeegroup.com 
  • Outside the Pluxee Group: We will not disclose your Personal Data to any unauthorized third parties. We may, however, share your Personal Data with authorized service providers (for example, technical service providers [hosting, maintenance], consultants, etc.) whom we may call upon for the purpose listed above in compliance with the applicable data protection laws.
    All third-party service providers to whom we have disclosed and transferred your Personal Data have been engaged under a binding confidentiality and data processing agreement with Pluxee International or the Pluxee Group entities, whereby said third party may act only upon the instruction of Pluxee International or Pluxee Group entities. 
    This third-party service provider and/or other contractors, as the case may be, may be located in countries (e.g, United States, United Kingdom), where data protection laws may not provide a level of protection equivalent to European law (it being specified the European Commission has recognized the United States and the United Kingdom as providing adequate protection). If Pluxee International or Pluxee group’s entities disclose your Personal Data to such recipients, which shall be only for disaster recovery purposes or for the purpose of providing assistance on our request, we will establish and/or confirm that, prior to receiving any of your Personal Data, they will provide an adequate level of protection for your Personal Data, included appropriate technical and organizational security measures. In particular, if the recipients concerned are located in a country that does not provide an adequate level of protection, Pluxee International or Pluxee Group entities will also implement other appropriate measures, including standard contractual clauses, to secure such transfer in compliance with applicable law. 
    If you have any questions or wish to have details on those safeguards, you can contact the Group Data Protection Officer, email to dpo@pluxeegroup.com.
    Furthermore, we may share your Personal Data (i) if the law or a legal procedure requires us to do so, (ii) in response to a request by public authorities or other officials, or (iii) if we are of the opinion that transferring this data might benecessary or appropriate to prevent any physical harm or financial loss, or in respect of an investigation concerning a suspected or proven unlawful activity.

How long will your Personal data be held? 

We will store your Personal Data only for as long as necessary to fulfill the purposes for which it was collected and processed. This period may be extended, if applicable, for any amount of time prescribed by any legal or regulatory provisions that may apply.

Categories of Personal Data  Purposes  Retention period
•    IP address
•    Statistical data
 		 Personalization of the Site and enhancement of the experience.  The data related to your use of the Site, will be kept for as long as necessary for the Processing.
•    Cookies Personalization of the Site and enhancement of the experience. 

Maximum of 13 months (depending on the category the cookie belongs to). For more details, please refer to the Cookie Policy

 
•    Identification data (name, surname, image - if you provided it)
•    Technical data (time and date of connection, meta data
 		 Compliance to legal obligations

As long as necessary for the Processing.
•    Email address
•    Any Personal Data provided by the Users in their request
 		 Collection and processing of requests from Users contacting Pluxee International As long as necessary for the processing of your request.
•    Email addresse
•    Identification data (name, surname, company, position)
 		 Allow investors to access to the platform and enable Pluxee to compile statistics in order to monitor audience and to contact its investors As long as necessary for the processing
Any other category of Personal Data determined at the time of collection and described in a specific privacy policy specified to you at the time of collection and described in a specific privacy policy  As long as necessary for the processing


 

Will your sensitive Personal Data be processed?

As a general rule, we do not collect sensitive Personal Data via our Site or to provide our services. Please note that our contact forms are not intended to collect any sensitive Personal Data. You should therefore limit your input to what is strictly necessary regarding your request when sending us an email, contacting us through a contact form or by any other mean.

“Sensitive Personal Data  refers to any information concerning a person’s racial or ethnic origins, political opinions, religious or philosophical beliefs, union membership, health data, or  data relating to the sexual life or the sexual orientation of a natural person. This definition also includes Personal Data relating to criminal convictions and offenses.

In the exceptional event that it would be strictly necessary to collect such data to achieve the purpose for which the Processing is performed or if you provide us with such data, for instance when you send us an email), we will process such data in accordance with local legal requirements for the protection of Personal Data and in particular, with your explicit prior consent and under the conditions described in this policy.  
 

What are your rights in connection with your Personal Data and how can you exercise those rights?

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes by updating your account on the Site.

Pluxee International is committed to ensuring protection of your privacy rights under applicable laws. You will find below a table summarizing your privacy rights under the applicable data protection law, which applies to all Personal Data processed on the Site. 
 

  • Right of access and rectification: You can obtain all the information listed under Art. 15 GDPR and/ or request a copy of the Personal Data we hold about you. You may also request rectification of inaccurate Personal Data to have incomplete Personal Data rectified.

  • Right to erasure: Your right to be forgotten entitles you to request the erasure of your Personal Data in cases where:

    - the data is no longer necessary for the purpose for which it was collected;

    - you choose to withdraw your consent;

    - you object to the processing of your Personal data;

    - your Personal data has been unlawfully processed;

    - there is a legal obligation to erase your Personal data;

  • Right to restriction of Processing: You may request that processing of your Personal Data be restricted in the cases where:

    - you contest the accuracy of your Personal data;

    - we no longer needs your Personal data for the purposes of the processing;

    - you have objected to processing for legitimate reasons.

    - the processing of your Personal data is unlawful and you prefer the restriction of their use instead of their deletion

  • Right to data portability: You can request, where applicable, the portability of your Personal Data that you have provided to us, in a structured, commonly used, and machine-readable format you have the right to transmit this data to another Data Controller without hindrance from us where:

    - the processing of your Personal data is based on consent or on a contract; and

    - the processing is carried out by automated means.
    You can also request that your Personal Data be transmitted to a third party of your choice (where technically feasible).

  • Right to object to Processing: You may object (i.e., exercise your right to “opt-out”) to the processing of your Personal Data particularly in relation to profiling or to marketing communications. When we process your Personal on the basis of your consent, you can withdraw your consent at any time.
  • Right not to be subject to automated decisions: You have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal affect upon you or significantly affects you.
  • Right to lodge a Complaint: You can choose to lodge a Complaint with the French Supervisory Authority (the Cnil: https://www.cnil.fr/).
    You have also the right to lodge your Complaint before the French courts or where you have your habitual residence.
  • Right to withdrawl consent: In the circumstances where you may have provided your specific consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. When you provide your consent, you will ordinarily be provided with the method to withdraw it. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
  • Right to define post-mortem directives: In accordance with the French Data Protection Act, you have the possibility to define directives relating to the conservation, deletion and communication of your Personal data after your death. These directives can be registered with a trusted digital third party, certified by the Cnil and responsible for enforcing your wishes in accordance with the requirements of the applicable regulations on the protection of Personal data.

To exercise these rights, you can: 

  • Use the online Request webform : This electronic system allows you to log in and see the progress of your request, see and send messages and review your documents securely. This system is provided by One Trust and after making the request you will be sent details about how to log on.

  • You can also raise queries or complaints with the Group Data Protection Officer, by email to dpo@pluxeegroup.com  or by post to 16, rue du Passeur de Boulogne, 92130 Issy-les-Moulineaux, France.

No fee usually required.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.

For more details, please consult the Group Data Protection Rights Management Policy
 

How will your Personal Data be protected? 

We implement all possible technical and organizational security measures to ensure security and confidentiality in Processing your Personal Data.

To this end, we take all necessary precautions, given the nature of the Personal Data and the risks related to its Processing, in order to maintain data security and, in particular, to prevent distortion, damage, or unauthorized third-party access (physical protection of the premises, authentication procedures with personal, secured access via identifiers and confidential passwords, a connection log, encryption of certain data, etc.

In addition, if we contract with Processors for all or part of the Processing of your Personal Data, we require a contractual agreement from our service providers to guarantee the security and confidentiality of the Personal Data that we transmit to them or that they collect on our behalf, in accordance with the applicable regulations on the protection of Personal Data.

We regularly conduct audits to verify the proper operational application of the rules relating to the security of your Personal Data.

Nevertheless, you also have a responsibility to ensure the security and confidentiality of your Personal Data so we invite you to remain vigilant, especially when using an open system such as the Internet.
 

Links to other sites/platforms

Occasionally, we provide links to other platforms for practical and informative purposes. These platforms operate independently from our Sites and are not under our control. These platforms have their own privacy policies or terms of use, which we strongly advise you to read. We do not accept any liability with regards to the content on these platforms, for the products and services that may be offered there, or for any other use thereof.

How will you be notified if the uses of your Personal data change?

We may update or amend this policy as and when needed. In this case, amendments will only become applicable after a period of 30 business days from the date of the amendment. Please consult this page from time to time if you want to be informed of any possible changes.

If you have any questions or comments with regard to this policy, please do not hesitate to contact us at the following address dpo.@pluxeegroup.com.