Privacy Policy Treatment
SILPH Technologies, including each company that composes it (hereinafter the SILPH Technologies SRLs” or “SILPHtech”), attaches great importance to protecting the privacy and data of users of its websites and mobile applications. These are comprised of its “silph.tech” institutional website and the websites and mobile applications attached to corporation operated by SILPH Tech. SILPH strives to adopt and comply with a strict confidentiality policy in accordance with the regulations in force. SILPH is subject to the applicable rules on the protection of personal data and, in particular, the European General Regulation on the Protection of Personal Data no. 2016/679 of 27 April 2016 (known as the “GDPR”), as well as all the rules of national law adopted in application thereof, on a subsidiary basis. The purpose of this Personal Data Protection Charter (the “Charter”) is to provide clear, simple and complete information to all persons concerned (“You” or “Your”) on the way in which SILPH, in its capacity as data controller, collects and uses personal data concerning You (“Personal Data”) and on the means at Your disposal to control this use and exercise Your rights relating thereto.
1. WHEN ARE YOUR PERSONAL DATA COLLECTED ?
(i) SILPH may collect Your Personal Data as part of Your visit and
Your use of its online services or those of its partners, Your customer
pathway for these services (e.g. audience measurement cookies), or Your
exchanges with the SILPH teams, in particular when – creating a user account
or candidate space, – subscribing to a newsletter or any other alert system,
– signing up to a competition or loyalty programme, – responding to
satisfaction surveys, or – requesting contact with a SILPH contact person.
Your Personal Data may also be collected in connection with Your use of any
other products and services offered by SILPH, particularly in its shopping
centres. Such Personal Data are those that You provide by means of forms,
whether dematerialised or in paper format, whether on the websites or mobile
applications made available by SILPH or in the terminals installed in its
shopping centres, or in response to questions put to You by SILPH employees
or service providers authorised by the latter. On these occasions, SILPH
takes into account the principles of
data minimisation and protection, from the design stage of projects and
by default (privacy by design and privacy by default). Consequently, only relevant, appropriate and limited information is
collected for the purposes for which it is processed. The Personal Data
required for processing are indicated by “! “” or “”*”” on the collection
medium. Apart from these cases, You are free to provide all or part of Your
Personal Data or not, bearing in mind that such a decision could have the
consequence of limiting Your access to certain services or products offered
by SILPH, or other functionality offered on its websites and mobile
applications (e.g. collection of Your date of birth in order to wish You a
happy birthday).
(ii) Social plug-ins Our websites may use
plugins (the “” Plugins””) provided by social networks (facebook.com,
Instagram, twitter, etc.). The Plugins are identifiable by the social
network logo to which they belong. They allow You to mark the pages of these
networks in Your Favorites and share Your Favorites with their other users.
When You visit a page containing Plugins, Your browser connects directly to
the corresponding social media servers. The Integrated Plugins indicate to
the social network that You have accessed the corresponding page on our
sites. If You are connected to the social network, Your visit may be
attached to your social network account. If You interact with the Plugins,
for example by clicking on the “share” button on Facebook, the corresponding
information is sent directly from Your browser to the Facebook social
network and retained by it.
(iii) Interactions through media
hosted by SILPH on social networks SILPH is present on social networks on
several levels: Facebook and Instagram pages, Linkedin pages and Twitter
accounts, individually run by shopping centers and/or by the SILPH Group. By
interacting with the moderators of these spaces, you agree that the personal
data you share (ID, status, photos, message content) may be used for
communication and promotion on this social network, and viewed by other
network visitors. They will not be transferred outside the social network
without your explicit consent. The SILPH Personal Data Protection Charter
cannot replace the regulations and conditions of use of the social networks
concerned.
(iv) Cookies When browsing our sites, cookies may be placed on Your
device (computer, phone or tablet), subject to the preferences You have set
and that You may change at any time. A cookie is a small text file
containing information relating to navigation on these websites, the main
purpose of which is to improve how they are viewed and make it possible to
provide personalised services. On computers, cookies are managed by the
Internet browser. These cookies may be session cookies (in this case, the
cookie will be automatically deleted when the browser is closed) or
permanent (in this case, the cookie will remain stored on the device until
its expiry date). Here are the cookies used by our websites. How to accept
or refuse cookies? You can configure Your browser so that cookies are stored
on the device or rejected, either systematically, or depending on their
sender, or to be informed when a cookie is stored in the terminal, so that
it can be accepted or refused. However, the removal of all cookies used by
the browser, including those used by other websites, may lead to the
alteration or loss of certain settings or information. The configuration of
each browser is different. You are responsible for following the
instructions of Your browser editor as follows (links available on the date
this page was last updated):
– If You use
Internet Explorer
– If you use
Safari
– If you use
Chrome
– If you use
Opera
To find out more about cookies and their implications please consult the
“Your traces” section of the CNIL website ‘French data protection authority’
.
(v) Collection from third party partners Your Personal Data may also
have been sent to us by third party partners so that You can benefit from
our newsletters, offers, discounts and other promotion. In particular, these
are companies in charge of loyalty programmes and retail chains present in
SILPH shopping centres. As with all of our Personal Data processing,
regardless of its source, we take into accoun there also the requirements of
applicable regulations, in particular the principles of . Consequently, only
relevant, appropriate and limited information is collected for the purposes
for which it is processed. Please note that in such cases, the
confidentiality policies of the partners concerned, enabling them to
transfer your Personal Data to SILPH, could be applicable to you.
2. ON WHAT LEGAL BASIS IS YOUR DATA PROCESSED ?
“Your Personal Data is only processed by SILPH in the cases permitted by the
applicable regulations, and in particular under the following conditions:
– when you have expressed free, specific, informed and unequivocal consent
to the processing of Your Personal Data (e.g. subscription to a newsletter,
partner offers, etc.);
– when necessary for the performance of a contract or pre-contractual
measures taken at your request (e.g. an application within the SILPH Group);
– compliance with the legal or regulatory obligations of the SILPH Group
(e.g. combating fraud);
– when the legitimate interests of SILPH or the recipients may justify SILPH
processing your Personal Data (e.g. IT security measures) accompanied by
adequate protection guarantees.
Clear information in accordance with applicable law is provided for in each
case. It is hereby specified that for children under the age of 16, this
consent must be given or authorised by the holder of parental
responsibility. If the latter discovers that SILPH has been entrusted with
Personal Data from the child concerned without his or her consent, he or she
may ask SILPH to delete this Personal Data by following the procedure
described in point 7.2 of this Charter.
3. FOR WHAT PURPOSES ARE YOUR PERSONAL DATA COLLECTED ?
Your Personal Data are collected for specific, explicit and legitimate
purposes. Depending on the case, Your Personal Data may be used for the
purpose of:
– Allowing you to request and obtain information about the SILPH Group or
one of its entities, a SILPH shopping centre, or about the products and
services offered by the latter or their partners;
– Allowing you to subscribe to and receive a newsletter or any other alert
system;
– Allowing you to create and manage a user account on the website of a
shopping centre operated by the SILPH Group in order to benefit from
information, products and/or services or any other types of benefits offered
by SILPH, a shopping centre or their partners;
– Responding to your request to rent a permanent room or a temporary space
within a shopping centre belonging to the SILPH Group;
– Participating in satisfaction surveys, analyses and statistics to improve
our products and services as well as knowledge of our customers and
prospects;
– Processing your application for a position within the SILPH Group;
– Managing our loyalty programs;
– Improving your customer experience and/or offering you tailored and
personalised services. None of your Personal Data is currently processed by
us to make an automated decision about you, including profiling. However,
SILPH will be able to send you personalised advertising and other specific
offers based on your own personal information and the analysis of your user
behaviour and, in particular, the consumption preferences that You have
reported to us. You may oppose this profiling at any time under the
conditions described in Article 7 below. SILPH may also use Your Personal
Data for administrative purposes or for any other purpose imposed by the
legislation in force (for example, to notify You of a significant change
made to this Charter).
4. WHO ARE THE RECIPIENTS YOUR PERSONAL DATA ?
“As your Personal Data is confidential, only persons duly authorised by SILPH due to their functions can access Your Personal Data, without prejudice to their possible transmission to the extent required by the applicable regulations. All persons for which SILPH is responsible with access to Your Personal Data are bound by a confidentiality agreement and are exposed to disciplinary measures and/or other sanctions if they do not comply with this commitment. These persons include authorised personnel within the SILPH Group, and more specifically, depending on the case, the purchasing, marketing, commercial, administrative and accounting, logistics and IT departments, the human resources departments, customer relations and their line managers. Our authorised service providers may also be required to process Your Personal Data strictly necessary for the performance of the services we entrust to them: these include, in particular, service providers responsible for conducting satisfaction surveys, monitoring customer opinions, organising competitions, managing customer relations, managing loyalty programmes, sending e-mails for marketing data, and customer behaviour analysis. It is hereby specified that the management of our websites and mobile applications is currently carried out by the following service provider who processes Your Personal Data on our behalf as a subcontractor: CHORUS, a société par actions simplifié (simplified limited company) registered in the Paris Trade and Companies Register under number 309 540 367 and whose registered office is located at 32, rue de Jeûneurs,75002, Paris. Subject to Your prior and express consent, Your Personal Data may also be transmitted to our Partners for marketing purposes and to benefit from their own newsletters, discounts, offers and other promotions. These “”Partners”” consist of permanent or temporary brands present in shopping centres operated by SILPH. Your Personal Data may also be forwarded in order to comply with legal or regulatory requests, court rulings, summons or legal proceedings, if required by the law in force. Lastly, Your Personal Data may be transferred to a transferee in the event that the assets of SILPH are sold or transferred to a third-party company. In the event of the use of service providers located outside the European Union, SILPH undertakes to check that appropriate measures have been put in place to ensure that Your Personal Data benefits from an adequate level of protection (in particular thanks to standard contractual clauses of the European Commission, internal company rules or the Data Protection Shield set up between the European Union and the United States).
5. HOW IS THE SECURITY OF YOUR PERSONAL DATA PRESERVED ?
SILPH strives to protect and secure Your Personal Data, in order to ensure its confidentiality and to prevent it from being distorted, damaged, destroyed or disclosed to unauthorised third parties. Where the disclosure of data to third parties is necessary and authorised, SILPH ensures that such third parties guarantee the same level of protection as that offered by SILPH, and requires contractual guarantees to ensure in particular that the data is solely processed for authorised purposes, with all the necessary confidentiality and security. SILPH implements technical and organisational measures to ensure that the Personal Data is kept as securely as possible, for the period necessary for the exercise of the intended purposes, in accordance with applicable law. Although SILPH takes all reasonable steps to protect Your Personal Data, no transmission or storage technology is totally infallible. In accordance with the applicable European regulations, in the event of a proven breach of Personal Data that could create a high risk for the rights and freedoms of the persons concerned, SILPH undertakes to communicate the breach to the competent supervisory authority and, where required by said regulations, to the persons concerned (individually or generally, depending on the case). Without prejudice to the above, You must exercise caution to prevent unauthorised access to Your Personal Data and Your devices (computer, smartphone, tablet, etc.), in particular by choosing a robust password. Furthermore, the SILPH Group’s websites and mobile applications may offer links to websites of third parties that may interest you (e.g. social networks). SILPH has no control over the content of these third-party websites or the practices of these third parties with regard to the protection of the Personal Data that they may collect. Accordingly, SILPH accepts no liability for the processing by these third parties of your Personal Data, which is not subject to this Charter. It is your responsibility to obtain information on the personal data protection policies of these third parties.”
6. HOW LONG ARE YOUR PERSONAL DATA STORED ?
SILPH retains Your Personal Data only for the time needed to achieve the
intended purposes, subject to the legal possibilities of archiving, the
obligation to retain certain data and/or anonymisation. In particular, we
apply the following retention periods for the following broad categories of
Personal Data:
— Personal Data from customers/prospects: retained as long as the user
remains active and, at the latest, 3 years after the last contact with the
user;
— Personal connection data: 1 year maximum from the connection;
— Cookies: 13 months maximum from insertion into the browser;
— Personal Data of job applicants (recruitment section): the time required
to process the application and, in the event of a negative outcome, a
maximum of 2 years after the last contact (unless the candidate agrees for a
longer period).
7. WHAT ARE YOUR RIGHTS WITH REGARD TO YOUR PERSONAL DATA AND HOW CAN YOU EXERCISE THEM ?
(i) Your Rights
Subject to the limits provided for by the regulations in force, You have the
following rights with regard to your Personal Data:
Right to be informed about the processing of Your Personal Data
SILPH strives to provide you with concise, transparent, comprehensible and
easily accessible information, in clear and simple terms, on the conditions
under which your Personal Data is processed.
Right of access, rectification and erasure (or “”right to be forgotten””)
with regard to Your Personal Data
The right of access allows you to obtain from SILPH confirmation that Your
Personal Data is processed by us or not, and the conditions of this
processing, as well as to receive a copy thereof (for any additional copy,
SILPH is entitled to require payment for reasonable expenses based on the
administrative costs incurred). When this request is submitted
electronically, the information is provided in customary electronic format,
unless You request otherwise. You also have the right to obtain from SILPH
the prompt rectification of Personal Data which is inaccurate or incomplete.
Finally, subject to the exceptions provided for by applicable law (e.g.
retention necessary to comply with a legal obligation), You have the right
to ask SILPH to erase your Personal Data promptly for one of the following
reasons:
– Your Personal Data is no longer necessary for the purposes for which it
was collected or otherwise processed;
– You wish to withdraw your consent on which the processing of Your Personal
Data was based, where applicable, and there is no other basis for such
processing;
– You consider and can establish that Your Personal Data has been unlawfully
processed;
– Your Personal Data must be erased by virtue of a legal obligation.
Right to restrict the processing of Your Personal Data
The applicable regulations provide that this right may be asserted in
certain cases, including the following in particular:
– when You dispute the accuracy of Your Personal Data, for the time required
to verify its accuracy;
– when You consider and can establish that the processing of Personal Data
is unlawful but You oppose the erasure of the Personal Data and instead
require that the processing be limited;
– when SILPH no longer needs Your Personal Data but You still need them to
establish, exercise or defend your legal rights;
– when You object to the processing based on the legitimate interest of the
data controller, for the time required to verify whether the legitimate
interests pursued by the data controller prevail over yours.
Right to object to marketing (including profiling)
You may object at any time to the processing of Your Personal Data for
marketing purposes. You may also object to profiling only. In this case, you
will no longer receive personalised offers.
Rights to the portability of Your Personal Data
Where the processing is based on Your consent or a contract, the right to
data portability allows you to receive the Personal Data that You have
provided to SILPH in a structured, commonly used and machine-readable
format, and to transmit this Personal Data to another data controller
without SILPH creating any obstacles thereto. Where technically possible,
You may request that this Personal Data be sent directly to another data
controller by SILPH.
Right to withdraw consent to the processing of Personal Data
When SILPH processes Your Personal Data on the basis of Your consent, it may
be withdrawn at any time using the means made available to you for this
purpose (hyperlink and/or procedure indicated in point 7.2 of this Charter).
However, and in accordance with applicable law, the withdrawal of Your
consent is only valid for the future and cannot therefore call into question
the legality of the processing carried out before this withdrawal.
Right to lodge a complaint with a supervisory authority
If, despite SILPH’s efforts to preserve the confidentiality of Your Personal
Data, You believe that Your rights are not respected, You are entitled to
lodge a complaint with a supervisory authority. A list of the supervisory
authorities is available on the European Commission’s website.
(ii) Procedures for exercising Your rights For any questions relating
to this Charter and/or to exercise your rights as described above, you can
change your information at any time via mail to the address
dpo@silph.tech. SILPH undertakes to
reply to you as soon as possible and in any event within one month of
receipt of your request. If necessary, this period may be extended by two
months, given the complexity and number of requests addressed to SILPH. In
this case, you will be informed of this extension and the reasons for the
postponement. If Your application is submitted in electronic form, the
information will also be provided to You electronically wherever possible,
unless You expressly request otherwise. If SILPH does not respond to Your
request, it will inform you of the reasons for its inaction and you will
have the possibility of submitting a complaint to a supervisory authority
and/or bringing legal proceedings.