Global Data Privacy Statement

1  Introduction

The FRAIKIN group is particularly committed to the respect of privacy and the protection of personal data.

The purpose of this personal data protection policy (hereinafter referred to as the “General Data Protection Policy”), which applies to all legal entities of the FRAIKIN group, is to describe how each FRAIKIN entity (hereinafter “FRAIKIN”) collects and uses personal data for the purposes of its business as a data controller.

 2 Scope

This General Data Protection Policy is applicable to all processing of personal data carried out by FRAIKIN, as Data Controller, and is addressed to:

  • FRAIKIN’s customers, suppliers, and service providers in the context of the execution of commercial contracts.
  • Individuals who would like to join FRAIKIN in the capacity of employment or work opportunity.
  • users of FRAIKIN’s internet and extranet sites (customer area)

3 Definitions

For the purposes of this General Data Protection Policy, the following definitions shall apply:

  • “Processing of personal data” is an operation, or an organised set of operations performed on personal data (collection, structuring, storage, modification, communication, etc.).
  • “Personal data” is information that makes it possible to identify a human being (natural person), either directly (e.g., surname/first name), or indirectly (e.g., telephone number, contract number, nickname).
  • “Data subject” is a person who can be identified by the data used in the processing of personal data.
  • “Data controller” is a natural or legal person who determines the means and purposes of the processing.
  • “Processor” is the person who carries out operations on the data on behalf of the Data Controller. They sign a contract with the Data Controller who entrusts them with certain tasks and ensures that they have the technical and organisational support enabling them to process the personal data entrusted to them in accordance with the regulations.
  • “Recipient” is the person who receives an authorised disclosure of personal data.
  • “GDPR” is the general data protection regulation (EU) 2016/679.

4 Appointment of a Data Protection Officer (DPO)

In order to preserve the privacy and protection of personal data of all, the FRAIKIN group has appointed a “Data Protection Officer” (hereinafter “DPO”) with the CNIL. This person carries out their tasks independently and for all the companies within the FRAIKIN group.

As the FRAIKIN Group’s main company is located in France, the French authority is naturally designated as the “one-stop shop” in the event of requests from several local authorities across the European territories within which the FRAIKIN Group operates.

The DPO of the Fraikin group has appointed a GDPR correspondent in each of the group’s entities, a local contact who facilitates exchanges with the DPO.

The group DPO can be contacted at the address mentioned at the end of Article 12 of this Policy (Rights of Data Subjects).

 5 Commitments of FRAIKIN as a data controller

FRAIKIN is responsible for the processing carried out in the context of its activity and, in this capacity, makes the following commitments:

  • Personal data shall be used only for explicit, legitimate, and specific purposes (objectives) in relation to its various business lines as mentioned in each case at the time of collection of said data, in accordance with Article 5-b) of the GDPR.
  • In accordance with the principle of minimisation, only personal data that are strictly necessary shall be collected and processed.
  • Data shall not be retained beyond the period necessary for the operations for which it was collected, considering the nature of the operations and legal, contractual, or other requirements.
  • FRAIKIN shall not communicate or transfer personal data to unauthorised third parties.
    Where processing is to be carried out on behalf of FRAIKIN by a sub-contractor, FRAKIN shall ensure that said sub-contractor presents sufficient guarantees as to the implementation of appropriate technical and organisational measures so that the processing meets the requirements of the GDPR.
  • FRAIKIN shall take appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
  • At FRAIKIN, all employees are made aware of the principles of data protection. They have access only to the information necessary for their activity.

 6 Data collection methods

Instances of direct collection:

  • Collection of data when contact is made (e-mail, telephone, contact forms, handing over of business cards).
  • Collection of data for the purposes of vehicle rental (through the conclusion of the contract, through the telematics box, in the event of an accident or damage).
  • Collection of data for the purposes of a contact with a service provider or supplier.
  • Data collection when browsing Fraikin’s websites.
  • Data collection when subscribing to the customer area and its services.
  • Data collection when processing an application (e-mail, letter, contact form) for work or internship.

Instances of indirect collection:

  •  Collection of data for the purposes of sponsorship or business referrals.

7 Data collected

FRAIKIN shall ensure that it collects and processes only personal data that is relevant, appropriate, not excessive, and strictly necessary, and shall take all reasonable steps to ensure that your data is accurate, complete and, where necessary, kept up to date.

FRAIKIN may collect and process the following personal data:

Personal data relating to customers and prospects:

  • Identification and contact data: first name, surname, position, postal address, email, telephone number of our contacts within the customer company.
  • Identification and authentication data, particularly when using the customer area.
  • Data relating to vehicle rental: driving licence number, identity card number (a copy of the identity card or driving licence will not be made or retained by FRAIKIN), date and place of birth, claims and damage data, offence data, tachograph and telematics use data (geo-location, distances travelled, driving data);
  • Data relating to invoicing and means of payment (bank details, payment card number, invoicing address, invoice number, email addresses of recipients of paperless invoices, etc.).

Personal data relating to suppliers and service providers.

  • Identification and contact data: first name, surname, position, postal address, email, telephone number within the supplier or service provider company.

Data relating to candidates wishing to join FRAIKIN.

  • Application data: first name, last name, residential address, e-mail address (form) other contact data and, if applicable, via the photo CV, date and place of birth, gender, nationality, telephone number
  • Data relating to qualifications, career paths, Tax, national insurance number and health.

Data relating to users of the internet and extranet sites (customer area)

  • IP address.
  • Dates, times, and locations of connections to the FRAIKIN websites.
  • Cookies.

Any other personal information that you provide to FRAIKIN directly and voluntarily in the course of using the sites, services, and contracts that FRAIKIN may have with you.

The compulsory nature of the information you must provide is indicated by an asterisk at the time of data collection on the relevant forms. Any failure to reply or any reply deemed abnormal by Fraikin may result in Fraikin’s refusal to consider your request.
You shall undertake to ensure that the personal data you provide to FRAIKIN is up-to-date, accurate, complete, and unambiguous.

8 Purposes of collection and legal basis

FRAIKIN is committed to collecting and processing your personal data in a fair and lawful manner.

The processing carried out by FRAIKIN is for explicit, legitimate, and specific purposes.

In particular, your data may be processed for the following purposes:

  • To manage the business relationship between FRAIKIN and its customers

In this context, the legal basis for the processing is the execution of the contract between FRAIKIN and its customers.

  • To optimise fleet management and anticipate vehicle maintenance.

In this context, the legal basis for the processing is FRAIKIN’s legitimate interest in offering vehicle tracking.

  • To manage the business relationship between FRAIKIN and its service providers, suppliers, and partners

In this context, the legal basis for the processing is the performance of the contract between FRAIKIN and its service providers, suppliers, and partners.

  • To send you commercial information about FRAIKIN

In this context, the processing is based on FRAIKIN’s legitimate interest, more specifically its economic interest in communicating offers to you and providing you with suitable services.

  • To analyse your navigation through the websites and improve their use.

In this context, the legal basis for the processing is FRAIKIN’s legitimate interest, more specifically its economic interest in continuously improving its sites and services and understanding your needs in order to meet your expectations; and to personalise the customer experience.

  • To answer your questions and complaints

In this context, the legal basis for the processing is either the execution of the contract if the request is related to the contractual relationship between FRAIKIN and yourself, or the legitimate interest of FRAIKIN, more specifically its economic interest in communicating clearly with you and understanding your needs and expectations.

  • To track your application

In this context, the legal basis is the obligation arising from Article L1221-6 of the French Labour Code, which is necessary for the execution of pre-contractual measures and the establishment of the contractual relationship between FRAIKIN and candidates for employment or internship.

9 Recipients of the data collected

FRAIKIN shall only communicate your personal data to authorised and specified recipients in accordance with the provisions of the applicable regulations.

FRAIKIN may in particular give access to your personal data to the companies of its group as well as to its possible third-party service providers, acting as subcontractors, to perform services related to FRAIKIN’s IT services and applications (in particular hosting, storage, analysis, data processing, database management or IT maintenance). These third-party service providers, who act only on instructions from FRAIKIN, shall only have access to your personal data to achieve the pursued objectives for which the data is to be collected and shall be bound by the same security and confidentiality obligations as FRAIKIN.

In addition, your personal data may be shared for the following purposes:

  • In the event of a merger or acquisition of all or part of FRAIKIN by a third party, you shall agree.
  • In response to judicial or administrative proceedings of any kind or to law enforcement measures requested by the competent authorities.
  • To comply with legal obligations, to protect the rights and/or safety of an individual, to protect the rights and property of FRAIKIN, including the need to ensure compliance with the present Data Protection Policy and to prevent fraud, security, or technical problems.
  • To meet legal obligations for transmission to administrations.
  • FRAIKIN may also share your information with authorised third parties acting as their own data processors such as lawyers, auditors, external auditors, etc.

 10 Data retention

FRAIKIN shall retain your personal data for as long as necessary for the purposes for which they were collected and processed. FRAIKIN may, however, retain your personal data for a longer period to comply with legal obligations and in particular applicable limitation periods.

In order to define an adequate data retention period, FRAIKIN uses the following criteria in particular:

  • Data relating to the management of the business relationship with customers and with FRAIKIN suppliers and service providers are retained for the entire duration of the contractual relationship and then archived for a period of time in accordance with the applicable limitation periods.
  • Where you have consented to receive commercial prospecting, FRAIKIN will retain your personal data until you express your wish not to receive further communications or 3 years from the last contact with you.
  • Candidate files may be kept for up to 2 years from the last contact with the candidate, unless the candidate consents to a longer retention period, in which case the data is archived in accordance with the applicable limitation periods.

11 Security

Data security refers to the measures taken to protect data from the following:

  • The destruction, loss, alteration, unauthorised disclosure of transmitted, stored or processed personal data, unauthorised access to such data, whether accidental or unlawful.

In order to guarantee the security of personal data, FRAIKIN and its sub-contractors shall implement appropriate technical and organisational measures taking into account the state of knowledge, the costs, the nature, the scope, the context, and the purposes of the processing operations in order to ensure a level of security appropriate to the risks.

In particular, and wherever necessary, the following measures have been taken:

  • The deployment of means to ensure the continued confidentiality, integrity, availability and resilience of systems and processing.
  • The deployment of means to restore the availability of and access to personal data within an appropriate time frame in the event of a physical or technical incident.
  • The implementation of a procedure for the regular testing, analysis, and evaluation of the effectiveness of technical and organisational measures to ensure the security of processing.
  • The implementation of measures to secure data flows and storage: FRAIKIN requires all its subcontractors to use secure network protocols when exchanging information over public networks. In particular, all information exchanges on the FRAIKIN network and with its subcontractors rely on authentication methods based on the use of certificates. In order to protect the information, and depending on the sensitivity, cryptographic measures may be implemented on the storage spaces. Access to storage areas is restricted in accordance with the access control policy and is controlled by a secure login procedure. In addition, backups are made and tested regularly in accordance with a backup policy agreed between FRAIKIN and its sub-contractors.
    FRAIKIN and its sub-contractors have adopted appropriate measures that comply with the rules of the art and the required standards to guarantee the protection of your personal data.

The internet and extranet sites and any mobile applications offered by FRAIKIN are secured, in particular for websites, by a “secure hypertext transfer protocol” whenever necessary.

The pages where your personal data is collected are subject to additional security measures.

 12 Rights of the persons concerned.

In accordance with the legislation applicable to the protection of personal data, you have a number of rights concerning the collection and processing of your personal data, namely:

  • The right to be informed: you have the right to be informed in a concise, transparent, comprehensible, and easily accessible way with regard to how your personal data are processed.
  • The right of access: you have the right to obtain (i) confirmation as to whether or not personal data relating to you are being processed and, where they are, the right to obtain (ii) access to and a copy of such data.
  • The right of rectification: you have the right to obtain the rectification of any personal data concerning you that are inaccurate. You also have the right to have incomplete personal data completed, including by providing an additional declaration.
  • The right to erasure: in certain cases, you have the right to have your personal data erased. This right is not, however, an absolute right and FRAIKIN may have legal or legitimate reasons for retaining such data.
  • The right to restrict processing: In some cases, you have the right to obtain a restriction of the processing of your personal data.
  • The right to portability: you have the right to receive the personal data you have provided to FRAIKIN in a structured, commonly used, and machine-readable format and you have the right to transmit said data to another controller without FRAIKIN’s obstruction. This right only applies where the processing of your personal data is based on your consent or on the execution of a contract and where such processing is carried out by automated means.
  • The right to object: you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you where such processing is based on the legitimate interests of FRAIKIN. FRAIKIN may, however, invoke legitimate and overriding reasons for continuing the processing. Where your personal data are processed for the purpose of prospecting, you have the right to object to the processing of such data at any time. In particular, you can take advantage of this right by clicking on the “unsubscribe” link available at the bottom of the messages you receive.
  • The right to lodge a complaint with a supervisory authority: You have the right to contact a supervisory authority (such as the CNIL in France, ICO in UK) to lodge a complaint about FRAIKIN’s personal data protection practices.
  • The right to give instructions concerning the use of data after death (this right is applicable in France): you have the right to give FRAIKIN instructions concerning the use of your personal data after your death.
  • The data subject may also object, on legitimate grounds, to the processing, dissemination, transmission, storage or hosting of their data.

To exercise the rights, the data subject may contact the FRAIKIN Data Protection Officer (DPO).

 

The DPO can be contacted at the following address:

  • By email:dpo@fraikin.com
  • By post:
    Protection des Données à Caractère Personnel
    FRAIKIN
    9 Rue du Débarcadère
    CS 80037
    92707 COLOMBES Cedex
    In order to facilitate the procedures and moreover to speed up the processing time, FRAIKIN invites each person concerned, when sending a request to exercise their rights, to:
  • Indicate which right(s) they wish to exercise,
  • Clearly state the name/first name/contact details to which they wish to receive replies,

In case of doubt about your identity, the FRAIKIN DPO may ask you for a copy of an identity document.  This copy will be retained for as long as it is necessary to verify your identity, but for no longer than 30 days.

FRAIKIN undertakes to reply to you within one (1) month of receipt of the request to exercise your rights or three (3) months in the event of a complex request.

 13 Data transfer

Wherever possible, FRAIKIN does not transfer personal data outside the European Union.

Where transfers of personal data outside the European Union are necessary for the provision of services offered by FRAIKIN, FRAIKIN undertakes to take all necessary measures to ensure the protection of your personal data on the basis of appropriate safeguards (including standard contractual clauses).

 14 Cookies

You are informed that when you visit FRAIKIN’s internet and extranet sites (customer area), data may be stored in or retrieved from your browser in the form of cookies. This information may relate to you, your preferences or your device and is mainly used to ensure that the FRAIKIN websites and customer area function properly.

The information does not generally identify you directly but can provide you with a personalised web experience.

In order to respect your right to privacy, you have the option of not allowing certain types of cookies. The first time you browse the FRAIKIN websites and the customer area, a banner explaining the use of cookies will appear inviting you to familiarise yourself with the cookies used on the websites and the customer area, to accept or refuse them, or to modify the default settings. However, if you block certain types of cookies, your browsing experience and the services FRAIKIN is able to offer you may be impacted.

There are different types of cookies with the following characteristics:

Strictly necessary cookies

These cookies are necessary for the operation of FRAIKIN’s websites and customer area and cannot be disabled in FRAIKIN’s systems. These cookies are essential for the use of the functionalities and services of the websites and the customer area. If you block these cookies on your browser, FRAIKIN cannot guarantee access to the services offered on the websites and the customer area or ensure the proper functioning of these during your navigation session.

Performance cookies

These cookies allow FRAIKIN to measure and improve the performance of FRAIKIN websites by determining the number of visits and the sources of traffic. They also help FRAIKIN to identify the most/least visited pages and to evaluate how visitors navigate FRAIKIN websites. All information collected by these cookies is aggregated and therefore anonymised. If you do not accept these cookies, FRAIKIN will not be informed of your visit to its websites/mobile applications.

Please note that FRAIKIN has chosen to use the Google Analytics solution only on its websites (excluding the customer area) and that in accordance with the recommendations of the CNIL, FRAIKIN has interfaced the collection of your data with an anonymisation filter to ensure that your personal data does not leave the European Union in a format that can be used or even simply read by an information system. This technique is known as “proxification”. Only concerns websites, not the customer area.

Functionality cookies

These cookies are used to improve and personalise the functionality of the FRAIKIN websites and customer area. They may be activated by FRAIKIN staff, or by third parties whose services are used on the pages of FRAIKIN websites. If you do not accept these cookies, some or all of these services may not function properly.

Cookies for targeted advertising

These cookies may be set on FRAIKIN websites by FRAIKIN’s advertising partners. They may be used by these companies to send you relevant advertisements on other websites. They do not store personal data directly, but are based on the unique identification of your browser and Internet device. If you do not allow these cookies, your advertising will be less targeted.

The duration of the cookies we use will not exceed 13 months.

15 Monitoring of the General Data Protection Policy

This policy, which is accessible to all users on the websites of the companies in the FRAIKIN Group, is updated regularly to take account of legislative and regulatory developments and any changes in the organisation of the FRAIKIN Group or in the offers, products and services provided. We invite you to consult it regularly.

General Data Protection Policy updated on 25 April 2023.