SILPH Technologies, including each company that composes it (hereinafter the SILPH Technologies SRLs” or “SILPHtech”), attaches great importance to protecting the privacy and data of users of its websites and mobile applications. These are comprised of its “silph.tech” institutional website and the websites and mobile applications attached to corporation operated by SILPH Tech. SILPH strives to adopt and comply with a strict confidentiality policy in accordance with the regulations in force. SILPH is subject to the applicable rules on the protection of personal data and, in particular, the European General Regulation on the Protection of Personal Data no. 2016/679 of 27 April 2016 (known as the “GDPR”), as well as all the rules of national law adopted in application thereof, on a subsidiary basis. The purpose of this Personal Data Protection Charter (the “Charter”) is to provide clear, simple and complete information to all persons concerned (“You” or “Your”) on the way in which SILPH, in its capacity as data controller, collects and uses personal data concerning You (“Personal Data”) and on the means at Your disposal to control this use and exercise Your rights relating thereto.

1. WHEN ARE YOUR PERSONAL DATA COLLECTED ?

(i) SILPH may collect Your Personal Data as part of Your visit and Your use of its online services or those of its partners, Your customer pathway for these services (e.g. audience measurement cookies), or Your exchanges with the SILPH teams, in particular when – creating a user account or candidate space, – subscribing to a newsletter or any other alert system, – signing up to a competition or loyalty programme, – responding to satisfaction surveys, or – requesting contact with a SILPH contact person. Your Personal Data may also be collected in connection with Your use of any other products and services offered by SILPH, particularly in its shopping centres. Such Personal Data are those that You provide by means of forms, whether dematerialised or in paper format, whether on the websites or mobile applications made available by SILPH or in the terminals installed in its shopping centres, or in response to questions put to You by SILPH employees or service providers authorised by the latter. On these occasions, SILPH takes into account the principles of data minimisation and protection, from the design stage of projects and by default (privacy by design and privacy by default). Consequently, only relevant, appropriate and limited information is collected for the purposes for which it is processed. The Personal Data required for processing are indicated by “! “” or “”*”” on the collection medium. Apart from these cases, You are free to provide all or part of Your Personal Data or not, bearing in mind that such a decision could have the consequence of limiting Your access to certain services or products offered by SILPH, or other functionality offered on its websites and mobile applications (e.g. collection of Your date of birth in order to wish You a happy birthday).
(ii) Social plug-ins Our websites may use plugins (the “” Plugins””) provided by social networks (facebook.com, Instagram, twitter, etc.). The Plugins are identifiable by the social network logo to which they belong. They allow You to mark the pages of these networks in Your Favorites and share Your Favorites with their other users. When You visit a page containing Plugins, Your browser connects directly to the corresponding social media servers. The Integrated Plugins indicate to the social network that You have accessed the corresponding page on our sites. If You are connected to the social network, Your visit may be attached to your social network account. If You interact with the Plugins, for example by clicking on the “share” button on Facebook, the corresponding information is sent directly from Your browser to the Facebook social network and retained by it.
(iii) Interactions through media hosted by SILPH on social networks SILPH is present on social networks on several levels: Facebook and Instagram pages, Linkedin pages and Twitter accounts, individually run by shopping centers and/or by the SILPH Group. By interacting with the moderators of these spaces, you agree that the personal data you share (ID, status, photos, message content) may be used for communication and promotion on this social network, and viewed by other network visitors. They will not be transferred outside the social network without your explicit consent. The SILPH Personal Data Protection Charter cannot replace the regulations and conditions of use of the social networks concerned.
(iv) Cookies When browsing our sites, cookies may be placed on Your device (computer, phone or tablet), subject to the preferences You have set and that You may change at any time. A cookie is a small text file containing information relating to navigation on these websites, the main purpose of which is to improve how they are viewed and make it possible to provide personalised services. On computers, cookies are managed by the Internet browser. These cookies may be session cookies (in this case, the cookie will be automatically deleted when the browser is closed) or permanent (in this case, the cookie will remain stored on the device until its expiry date). Here are the cookies used by our websites. How to accept or refuse cookies? You can configure Your browser so that cookies are stored on the device or rejected, either systematically, or depending on their sender, or to be informed when a cookie is stored in the terminal, so that it can be accepted or refused. However, the removal of all cookies used by the browser, including those used by other websites, may lead to the alteration or loss of certain settings or information. The configuration of each browser is different. You are responsible for following the instructions of Your browser editor as follows (links available on the date this page was last updated):
– If You use Internet Explorer
– If you use Safari
– If you use Chrome
– If you use Opera
To find out more about cookies and their implications please consult the “Your traces” section of the CNIL website ‘French data protection authority’ .
(v) Collection from third party partners Your Personal Data may also have been sent to us by third party partners so that You can benefit from our newsletters, offers, discounts and other promotion. In particular, these are companies in charge of loyalty programmes and retail chains present in SILPH shopping centres. As with all of our Personal Data processing, regardless of its source, we take into accoun there also the requirements of applicable regulations, in particular the principles of . Consequently, only relevant, appropriate and limited information is collected for the purposes for which it is processed. Please note that in such cases, the confidentiality policies of the partners concerned, enabling them to transfer your Personal Data to SILPH, could be applicable to you.

2. ON WHAT LEGAL BASIS IS YOUR DATA PROCESSED ?

“Your Personal Data is only processed by SILPH in the cases permitted by the applicable regulations, and in particular under the following conditions:
– when you have expressed free, specific, informed and unequivocal consent to the processing of Your Personal Data (e.g. subscription to a newsletter, partner offers, etc.);
– when necessary for the performance of a contract or pre-contractual measures taken at your request (e.g. an application within the SILPH Group);
– compliance with the legal or regulatory obligations of the SILPH Group (e.g. combating fraud);
– when the legitimate interests of SILPH or the recipients may justify SILPH processing your Personal Data (e.g. IT security measures) accompanied by adequate protection guarantees.

Clear information in accordance with applicable law is provided for in each case. It is hereby specified that for children under the age of 16, this consent must be given or authorised by the holder of parental responsibility. If the latter discovers that SILPH has been entrusted with Personal Data from the child concerned without his or her consent, he or she may ask SILPH to delete this Personal Data by following the procedure described in point 7.2 of this Charter.

3. FOR WHAT PURPOSES ARE YOUR PERSONAL DATA COLLECTED ?

Your Personal Data are collected for specific, explicit and legitimate purposes. Depending on the case, Your Personal Data may be used for the purpose of:
– Allowing you to request and obtain information about the SILPH Group or one of its entities, a SILPH shopping centre, or about the products and services offered by the latter or their partners;
– Allowing you to subscribe to and receive a newsletter or any other alert system;
– Allowing you to create and manage a user account on the website of a shopping centre operated by the SILPH Group in order to benefit from information, products and/or services or any other types of benefits offered by SILPH, a shopping centre or their partners;
– Responding to your request to rent a permanent room or a temporary space within a shopping centre belonging to the SILPH Group;
– Participating in satisfaction surveys, analyses and statistics to improve our products and services as well as knowledge of our customers and prospects;
– Processing your application for a position within the SILPH Group;
– Managing our loyalty programs;
– Improving your customer experience and/or offering you tailored and personalised services. None of your Personal Data is currently processed by us to make an automated decision about you, including profiling. However, SILPH will be able to send you personalised advertising and other specific offers based on your own personal information and the analysis of your user behaviour and, in particular, the consumption preferences that You have reported to us. You may oppose this profiling at any time under the conditions described in Article 7 below. SILPH may also use Your Personal Data for administrative purposes or for any other purpose imposed by the legislation in force (for example, to notify You of a significant change made to this Charter).

4. WHO ARE THE RECIPIENTS YOUR PERSONAL DATA ?

“As your Personal Data is confidential, only persons duly authorised by SILPH due to their functions can access Your Personal Data, without prejudice to their possible transmission to the extent required by the applicable regulations. All persons for which SILPH is responsible with access to Your Personal Data are bound by a confidentiality agreement and are exposed to disciplinary measures and/or other sanctions if they do not comply with this commitment. These persons include authorised personnel within the SILPH Group, and more specifically, depending on the case, the purchasing, marketing, commercial, administrative and accounting, logistics and IT departments, the human resources departments, customer relations and their line managers. Our authorised service providers may also be required to process Your Personal Data strictly necessary for the performance of the services we entrust to them: these include, in particular, service providers responsible for conducting satisfaction surveys, monitoring customer opinions, organising competitions, managing customer relations, managing loyalty programmes, sending e-mails for marketing data, and customer behaviour analysis. It is hereby specified that the management of our websites and mobile applications is currently carried out by the following service provider who processes Your Personal Data on our behalf as a subcontractor: CHORUS, a société par actions simplifié (simplified limited company) registered in the Paris Trade and Companies Register under number 309 540 367 and whose registered office is located at 32, rue de Jeûneurs,75002, Paris. Subject to Your prior and express consent, Your Personal Data may also be transmitted to our Partners for marketing purposes and to benefit from their own newsletters, discounts, offers and other promotions. These “”Partners”” consist of permanent or temporary brands present in shopping centres operated by SILPH. Your Personal Data may also be forwarded in order to comply with legal or regulatory requests, court rulings, summons or legal proceedings, if required by the law in force. Lastly, Your Personal Data may be transferred to a transferee in the event that the assets of SILPH are sold or transferred to a third-party company. In the event of the use of service providers located outside the European Union, SILPH undertakes to check that appropriate measures have been put in place to ensure that Your Personal Data benefits from an adequate level of protection (in particular thanks to standard contractual clauses of the European Commission, internal company rules or the Data Protection Shield set up between the European Union and the United States).

5. HOW IS THE SECURITY OF YOUR PERSONAL DATA PRESERVED ?

SILPH strives to protect and secure Your Personal Data, in order to ensure its confidentiality and to prevent it from being distorted, damaged, destroyed or disclosed to unauthorised third parties. Where the disclosure of data to third parties is necessary and authorised, SILPH ensures that such third parties guarantee the same level of protection as that offered by SILPH, and requires contractual guarantees to ensure in particular that the data is solely processed for authorised purposes, with all the necessary confidentiality and security. SILPH implements technical and organisational measures to ensure that the Personal Data is kept as securely as possible, for the period necessary for the exercise of the intended purposes, in accordance with applicable law. Although SILPH takes all reasonable steps to protect Your Personal Data, no transmission or storage technology is totally infallible. In accordance with the applicable European regulations, in the event of a proven breach of Personal Data that could create a high risk for the rights and freedoms of the persons concerned, SILPH undertakes to communicate the breach to the competent supervisory authority and, where required by said regulations, to the persons concerned (individually or generally, depending on the case). Without prejudice to the above, You must exercise caution to prevent unauthorised access to Your Personal Data and Your devices (computer, smartphone, tablet, etc.), in particular by choosing a robust password. Furthermore, the SILPH Group’s websites and mobile applications may offer links to websites of third parties that may interest you (e.g. social networks). SILPH has no control over the content of these third-party websites or the practices of these third parties with regard to the protection of the Personal Data that they may collect. Accordingly, SILPH accepts no liability for the processing by these third parties of your Personal Data, which is not subject to this Charter. It is your responsibility to obtain information on the personal data protection policies of these third parties.”

6. HOW LONG ARE YOUR PERSONAL DATA STORED ?

SILPH retains Your Personal Data only for the time needed to achieve the intended purposes, subject to the legal possibilities of archiving, the obligation to retain certain data and/or anonymisation. In particular, we apply the following retention periods for the following broad categories of Personal Data:
— Personal Data from customers/prospects: retained as long as the user remains active and, at the latest, 3 years after the last contact with the user;
— Personal connection data: 1 year maximum from the connection;
— Cookies: 13 months maximum from insertion into the browser;
— Personal Data of job applicants (recruitment section): the time required to process the application and, in the event of a negative outcome, a maximum of 2 years after the last contact (unless the candidate agrees for a longer period).

7. WHAT ARE YOUR RIGHTS WITH REGARD TO YOUR PERSONAL DATA AND HOW CAN YOU EXERCISE THEM ?

(i) Your Rights
Subject to the limits provided for by the regulations in force, You have the following rights with regard to your Personal Data: Right to be informed about the processing of Your Personal Data SILPH strives to provide you with concise, transparent, comprehensible and easily accessible information, in clear and simple terms, on the conditions under which your Personal Data is processed. Right of access, rectification and erasure (or “”right to be forgotten””) with regard to Your Personal Data The right of access allows you to obtain from SILPH confirmation that Your Personal Data is processed by us or not, and the conditions of this processing, as well as to receive a copy thereof (for any additional copy, SILPH is entitled to require payment for reasonable expenses based on the administrative costs incurred). When this request is submitted electronically, the information is provided in customary electronic format, unless You request otherwise. You also have the right to obtain from SILPH the prompt rectification of Personal Data which is inaccurate or incomplete. Finally, subject to the exceptions provided for by applicable law (e.g. retention necessary to comply with a legal obligation), You have the right to ask SILPH to erase your Personal Data promptly for one of the following reasons:
– Your Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed;
– You wish to withdraw your consent on which the processing of Your Personal Data was based, where applicable, and there is no other basis for such processing;
– You consider and can establish that Your Personal Data has been unlawfully processed;
– Your Personal Data must be erased by virtue of a legal obligation. Right to restrict the processing of Your Personal Data The applicable regulations provide that this right may be asserted in certain cases, including the following in particular:
– when You dispute the accuracy of Your Personal Data, for the time required to verify its accuracy;
– when You consider and can establish that the processing of Personal Data is unlawful but You oppose the erasure of the Personal Data and instead require that the processing be limited;
– when SILPH no longer needs Your Personal Data but You still need them to establish, exercise or defend your legal rights;
– when You object to the processing based on the legitimate interest of the data controller, for the time required to verify whether the legitimate interests pursued by the data controller prevail over yours. Right to object to marketing (including profiling) You may object at any time to the processing of Your Personal Data for marketing purposes. You may also object to profiling only. In this case, you will no longer receive personalised offers. Rights to the portability of Your Personal Data Where the processing is based on Your consent or a contract, the right to data portability allows you to receive the Personal Data that You have provided to SILPH in a structured, commonly used and machine-readable format, and to transmit this Personal Data to another data controller without SILPH creating any obstacles thereto. Where technically possible, You may request that this Personal Data be sent directly to another data controller by SILPH. Right to withdraw consent to the processing of Personal Data When SILPH processes Your Personal Data on the basis of Your consent, it may be withdrawn at any time using the means made available to you for this purpose (hyperlink and/or procedure indicated in point 7.2 of this Charter). However, and in accordance with applicable law, the withdrawal of Your consent is only valid for the future and cannot therefore call into question the legality of the processing carried out before this withdrawal. Right to lodge a complaint with a supervisory authority If, despite SILPH’s efforts to preserve the confidentiality of Your Personal Data, You believe that Your rights are not respected, You are entitled to lodge a complaint with a supervisory authority. A list of the supervisory authorities is available on the European Commission’s website. (ii) Procedures for exercising Your rights For any questions relating to this Charter and/or to exercise your rights as described above, you can change your information at any time via mail to the address dpo@silph.tech. SILPH undertakes to reply to you as soon as possible and in any event within one month of receipt of your request. If necessary, this period may be extended by two months, given the complexity and number of requests addressed to SILPH. In this case, you will be informed of this extension and the reasons for the postponement. If Your application is submitted in electronic form, the information will also be provided to You electronically wherever possible, unless You expressly request otherwise. If SILPH does not respond to Your request, it will inform you of the reasons for its inaction and you will have the possibility of submitting a complaint to a supervisory authority and/or bringing legal proceedings.