Dalival data protection policy

The purpose of this policy is to provide a framework for the compliance of the processing of personal data and the respect of the rights of the persons concerned for the implementation of the website www.dalival.com (hereinafter the ” Website “) by the company DALIVAL. The reference texts for this policy are the General Data Protection Regulation (EU) 2016/679, known as the “GDPR” and the French Law no. 78-17 of 6 January 1978 relating to information technology, files and freedoms, in the version in force on 23 March 2024; known as the “Loi Informatique et Libertés modifiée” – French amended data protection low. The concepts used in this policy are defined in the GDPR, in particular the concepts of processing, personal data or data of a personal nature, data subjects and data controller.

DALIVAL is committed to respecting the privacy and protecting the personal data of its customers, suppliers and users of the Website. Dalival undertakes to define and apply appropriate measures to guarantee the security of personal data processing. In this text, Dalival provides information on the processing and protection of personal data.

Who is the data controller?

DALIVAL, a SAS with capital of 2,500,000 euros, whose registered office is at Château de Noue, 02600 Villers-Cotterêts, registered with the Soissons Trade and Companies Register under number 786 095 851, is the Data Controller for personal data within the meaning of the General Data Protection Regulation (GDPR).
Contact details for the data protection department: dataprotection@dalival.com

Data subjects?

The persons concerned by the processing that we carry out are:
– Users of the Website (hereinafter the “Users“)
– Customers of Dalival products (hereinafter the “Customers“).

When is personal data collected?

Dalival collects personal data directly from Users and Customers:
– when Users and/or Customers contact Dalival to request information or a quote
– when Users and/or Customers browse the Website,
– when Users and/or Customers respond to Dalival surveys.
Dalival indirectly collects personal data concerning Users and/or Customers when Dalival is put in contact with them through a technician (independent or employee of their cooperative) or a tree buyer on behalf of their producer organisation.

It is possible to consult the Website without disclosing personal information. However, certain services used by Users and/or Customers require the collection and storage of a certain number of automatically recognised elements: the date and time, the IP address, the domain name, the browser software and the operating system used (if the browser provides this information), the address of the page visited (if the browser provides it), the object requested and the execution status of the request.
Consultation of the Website, completion of forms and receipt of communications and canvassing campaigns are, of course, optional. The data to be provided in the forms marked with an asterisk (*) are compulsory in order to allow Dalival to contact Users and/or Customers and to address their needs and requests in the best possible way, or to allow Dalival to deliver and invoice what they have ordered.
These data are collected by means of cookies, intended to improve Dalival’s services and for statistical purposes. The Data Controller never associates the information entered in the form with the cookies deposited in the terminal of each User and/or Customer. Cookies are valid for a maximum of thirteen (13) months.
For more information on cookies, please consult the Website’s Cookie Policy.
The Data Controller collects and processes personal data fairly and lawfully. It does not store personal data beyond the period necessary to achieve the purpose of the processing, as indicated below, while complying with the applicable legal and regulatory limits.
The Data Controller ensures that the data is kept up to date throughout the processing process so that it is not obsolete.

Purposes of processing, legal bases and storage periods

Dalival implements various processing operations relating to the personal data of Users and/or Customers, the purposes of which are detailed below and the legal bases of which are as follows: the consent of Users and/or Customers, the performance of a contract concluded between Dalival and Users and/or Customers, the legitimate interest of Dalival, or the legal and regulatory obligations of Dalival.
In accordance with the GDPR and the French Data Protection Act, personal data collected by Dalival will be used for the purposes for which it was collected and for the period detailed in the tables below, it being specified that a User of the Website or Customer is considered “active” when he/she contacts Dalival to request a quote or to place an order.
At the end of the storage periods described below, personal data will be deleted or, in the case of data that Dalival is legally obliged to store, or that is necessary to safeguard Dalival’s rights, placed in an archive and stored for an additional period corresponding to the period detailed in the tables below. At the end of this period, the personal data will be deleted.
The legal bases and storage periods associated with each personal data processing purpose are described below:

Use of the Website:

What data is collected?	Why does Dalival collect data?	Legal basis	Length of storage
Contact form: Name, Company, Telephone, E-mail address, Country, Message	The purpose is to respond to requests made via the forms or by using the means of contact available on the Website.	Execution of pre-contractual measures taken at the request of Users and/or Customers and/or execution of the contract	Duration necessary to achieve the purpose of the processing and for a further period of five (5) years
Quotation form: Name, Company, Telephone, E-mail address, Telephone, SIRET, VAT number, Country, Message	The data is collected in order to respond to the request and send a quote if the request meets Dalival’s delivery criteria.	Execution of pre-contractual measures taken at the request of Users and/or Clients and/or execution of the contract	Duration necessary to achieve the purpose of the processing and for a further period of five (5) years

Customer relationship management:

In the table below, the term ” activity ” means any active contact initiated by the User or Customer towards the company Dalival or by any contact of the company Dalival towards the User or Customer, which the latter have accepted.

Purpose	Description of the processing	Legal basis	Length of storage
“Customer” file:	Creation of an account in Dalival’s commercial management software, enabling quotations to be issued, orders to be managed and products to be reserved.	Execution of pre-contractual measures taken at the request of Users and/or Clients and/or execution of the contract	Five (5) years as from the last activity of the User and/or Customer, then transfer to an archive for an additional period of five (5) years.
Orders :	Confirmation, validation, dispatch, management of any complaints	Execution of pre-contractual measures taken at the request of Users and/or Customers and/or execution of the contract	Five (5) years from the last order placed by a User and/or Customer, then transfer to an archive for an additional period of five (5) years.
Customer service:	Management of requests, questions and complaints.	Execution of pre-contractual measures taken at the request of Users and/or Customers and/or execution of the contract	Five (5) years from the date of each request, question or complaint.
Satisfaction surveys and opinion gathering:	Collecting opinions and carrying out surveys on our products.	Legitimate interest	Five (5) years from the date of the opinion or product survey.
Product recalls:	Provision of information relating to a possible product recall.	Compliance with legal and regulatory obligations	Five (5) years from the date of the product recall.
Commercial relations by post, telephone and electronic means:	Sending commercial information by post or telephone or by electronic means (e-mail and SMS).	Legitimate interest	Five (5) years from the last activity of a User and/or Customer

Compliance with legal and regulatory obligations, defence of Dalival’s rights, protection of Dalival’s interests and fight against fraud:

Purpose	Description of processing	Legal basis	Length of storage
Accounting and taxation	Storage of invoices and other documents required for the management of Dalival’s general accounting and tax obligations.	Compliance with legal and regulatory obligations	Personal data processed as part of the management of accounting and tax obligations are stored for a period corresponding to the duration of the current financial year plus one (1) year, then transferred to an archive for a period of ten (10) years.
Exercising the rights of Users and/or Customers	Management of requests to exercise rights (communications with you, extracts of information required)	Compliance with legal and regulatory obligations	Personal data relating to requests to exercise rights is stored for three (3) or six (6) years from the date of the request, depending on the right exercised. Where proof of identity is required, it is deleted as soon as it has been verified.
Defending Dalival’s rights and combating fraud	Establishment and storage of evidence necessary to defend the rights of Dalival in actions and claims brought against it by Users and/or Clients and to combat fraud.	Legitimate interest	The personal data necessary for the establishment and storage of the means of evidence necessary for the defence of rights are stored for the entire duration of the applicable legal requirements, or for the entire duration of the dispute or litigation, should one arise, and until a final and binding decision has been rendered.
Public and judicial authorities	Management of requests from public or judicial authorities and communications with the authorities	Legitimate interest	Personal data relating to the management of requests from authorities is stored for the duration of the proceedings before the authority concerned, and until a final and binding decision has been handed down.

If Dalival is required to process the personal data of Users and/or Clients for purposes other than those listed in the tables above, Dalival will take any additional steps that may be necessary to ensure the legal compliance of all such processing.

How is personal data protected?

The Data Controller determines and implements the means necessary to protect the processing of personal data in order to prevent any access by unauthorised third parties and to prevent any loss, alteration or disclosure of data.

The Data Controller has put in place technical and organisational measures, adapted according to the degree of sensitivity of the personal data collected, to ensure the integrity and confidentiality of personal data and to protect it against any malicious intrusion, loss, alteration or disclosure to unauthorised third parties. In particular, the Data Controller uses encryption and/or pseudonymisation techniques for personal data whenever this is possible, useful or necessary.

To whom is personal data transmitted?

The Data Controller may transmit personal data to subcontractors who process them on its behalf and according to its instructions, in order to achieve the purposes described above.
The personal data that Dalival collects may be transmitted to some or all of the following recipients:
– within the DALIVAL group and its parent company SCA TERRENA:
o to the internal departments of DALIVAL responsible for the conclusion, management and execution of contracts and orders ;
o to persons responsible for marketing, customer relations, complaints, canvassing, administrative services, IT services, online advertising or commercial canvassing;
o the TERRENA cooperative, which manages the customer database centrally, and its dedicated teams;
o IFO, which manages Dalival’s intellectual property, its promotion and defence, and its dedicated teams.
– outside the Dalival group:
o to service providers and sub-contractors (in particular IT service providers responsible for maintaining the Website, advertising service providers and those responsible for the routing and delivery of products) ;
o partners involved in carrying out and sending commercial prospecting campaigns;
o companies, specialist firms and their dedicated teams who manage the intellectual property of certain varieties propagated by Dalival;
o lawyers, specialised advisors, arbitrators, mediators, court officers and ministerial officers, administrative or judicial authorities to whom a dispute has been referred, where applicable, in the context of compliance with the legal obligations incumbent on Dalival or to enable Dalival to defend its rights and interests;
o to the departments responsible for control, such as the statutory auditors and internal control departments.

Only duly authorised recipients may access, within the framework of an access management policy, the information necessary for their activity. The Data Controller defines the access and confidentiality rules applicable to the personal data processed.

Dalival has control over and responsibility for the use of personal data provided by Users and/or Customers. Some data may be stored or processed on computers located in jurisdictions outside the European Union and the European Economic Area, whose regulations on personal data may differ from European regulations. In such cases, Dalival will ensure that appropriate safeguards are in place to ensure that data processing in that country maintains personal data protection equivalent to that in France.

What rights do Users and Customers have?

Under the General Data Protection Regulation (GDPR), the following rights are granted to Users and Customers:

– Right of access: a User and/or Customer may request access to their personal data that Dalival collects and processes. If a request for access is made, Dalival will provide the User and/or Customer with a copy of his/her personal data in Dalival’s possession as well as all legally required information.
– Right of rectification: a User and/or Customer may request rectification of personal data that is inaccurate, incorrect or incomplete.
– Right to erasure: a User and/or Customer may request the erasure of his/her personal data, except where such data must be stored to enable Dalival to comply with legal obligations, or to enable Dalival to exercise or defend its rights, or where such data is necessary for the performance of the contract binding the User and/or Customer to Dalival.
– Right to limit processing: a User and/or Customer may ask the Data Controller to temporarily freeze the processing of his/her personal data. The Data Controller will no longer be able to use these data but will have to store them.
– Right to portability: a User and/or Customer may retrieve the personal data they have provided to Dalival, for personal use or for transmission to a third party of their choice, in a commonly used format. This only concerns personal data collected with the consent of the User and/or Customer or in the context of the performance of a contract and which the Data Controller processes by automated means, provided that the exercise of this right does not infringe the rights and freedoms of third parties.
– Right to object: Users and/or Customers have the right to object to the processing of their personal data for legitimate reasons, such as the use of their personal data for commercial prospecting purposes, including profiling.
– Right to define general or specific directives relating to the storage, deletion or communication of their personal data after the death of a User and/or Customer: a User and/or Customer may define general or specific directives relating to the manner in which they intend their rights under the applicable regulations to be exercised after their death.
– a User and/or Customer may also withdraw their consent at any time, in cases where it has been requested.

In order to exercise his/her rights, a User and/or Customer may send an e-mail or a letter to Dalival at the addresses below, specifying the right he/she wishes to exercise, the personal data concerned by his/her request and indicating his/her first and last name as well as his/her e-mail address:

– by e-mail: dataprotection@dalival.com
– by post: DALIVAL, Data Protection Department DPO, 7 avenue Jean Joxé, CS 20248, 49002 Angers.

If a User and/or Customer considers, after having contacted Dalival, that their Data Protection rights have not been respected, they may submit a complaint to the Commission Nationale de l’Informatique et des Libertés (CNIL):

– electronically: https: //www.cnil.fr/fr/plaintes
– by post: Commission Nationale de l’Informatique et des Libertés, For the attention of the Data Protection Officer (DPO), 3 place de Fontenoy – TSA 80715 – 75334 Paris CEDEX 07.

Hyperlinks

The practices described in this personal data protection policy statement relate solely to the www.dalival.com website. External links to other services/entities linked to DALIVAL may be present on the Website, for partnership purposes. Users and/or Clients may refer to the privacy policies of other services/entities when visiting their webWebsite(s). Dalival draws the attention of Users and Customers to the fact that it is in no way responsible for the privacy policies and content of other Websites.

This text is a courtesy translation.
The only text with legal value is the test in French, which prevails over the other versions and can be found at this link.