Personal data protection policy
This Data Protection Policy is intended to inform you as to the
commitments taken by REEL so as to guarantee respect of your Personal
- Personal data (or “Data”) refers to all information pertaining to an
identified or identifiable natural person, directly or indirectly,
notably with reference to an identifier.
- Personal Data Processing refers to any operation or group of
operations undertaken with or without the assistance of automated
processes and applied to Data or groups of Data.
- Websites: the websites accessible at the following addreses
- Data Controller: REEL, having its registered office at Chemin de la
Chaux, BP39, 69450 Saint-Cyr au Mont d’or France, hereby undertakes to
respect privacy and protect Personal Data.
1. SCOPE OF THE PERSONAL DATA PROTECTION POLICY
This Data protection policy is applicable to all Personal Data Processing implemented by the Data Controller via the Website.
2. DATA COLLECTED
Generally, you can visit our Website without it being necessary to send us Data.
However, in order to be able to offer certain services, the Data
Controller may request certain Data from you, for instance, to reply to a
contact request or follow an application.
All or some of the following Data may be collected when you use the Websites:
- Identity data (surname, forename, email address, telephone number)
- Data pertaining to your personal and professional life which you decide to send us, notably in the framework of applications.
In all instances, we restrict ourselves to the collection and
processing of pertinent, adequate, non excessive Data strictly necessary
for those purposes previously determined.
letters and figures downloaded to your terminal when you access the
Website (see paragraph entitled cookies).
3. PURPOSE OF PROCESSING UNDERTAKEN BY THE DATA CONTROLLER AND LEGAL BASIS FOR PROCESSING
The Data Controller hereby undertakes to collect and process your Personal data in a loyal, legal and transparent manner.
Use, in line with the purposes outlined hereunder, of your Data by the
Data Controller is authorised by legislative and regulatory provisions
as it is:
- Required for respect of our legislative and regulatory obligations
towards public institutions or competent authorities. Art. 6 sec. 1
lit. c) GDPR
- Required for conclusion or performance of a contract Art. 6 sec. 1 lit. b) GDPR
- In certain cases, required for our best interests for the purposes outlined hereunder Art. 6 sec. 1 lit. f) GDPR
- In certain circumstances, undertaken with your consent Art. 6 sec. 1 lit. a) in connection with Art. 7 GDPR
Processing, undertaken by the Data Controller, meets explicit, legitimate and determined purposes.
Your Data may notably be processed for the following purposes:
- Supervision of your application made on the Website:
- Response to your contact requests and issue of commercial documentation.
The purpose of collection will be precisely indicated at the time of collection.
4. TERM OF DATA STORAGE
The duration of storage of your Data depends on the processing purposes for which the data is used.
- Processing and supervision of applications:
We hereby undertake to delete your Data within a maximum of 2 years after our final contact with you.
- Communication, management of your contact requests:
We hereby undertake to delete your Data within a maximum of 3 years after our final contact with you.
Beyond this term, Data may be rendered anonymous and stored solely
for statistical use and will not be exploited, in any nature whatsoever.
5. CATEGORIES OF RECIPIENTS OF DATA COLLECTED
The Data Controller will only send your Personal data to authorised and given recipients.
No transfer to third parties for commercial use will be undertaken without your prior consent.
The recipients of your Data are those departments at the Data
Controller concerned as well as, where applicable, authorised persons:
- From our subsidiaries for internal management or recruitment;
- From our suppliers, service providers and notably technical service
providers so as to provide you with the service or information you
requested (Mailing, data storage, etc.) By virtue of their contract,
these service providers are not authorised to use or disclose this
information, aside for when required to provide services or comply with
requirements for which provision is made by law;
- From a legal or administrative authority where the Data Controller is required by law.
By application of applicable regulations, any sub-contractor who may
process this Personal data for the Data Controller undertakes notably
- process Data solely for that/those purpose(s) which are the sub-contracted,
- process Data pursuant to the Data Controller instructions
- guarantee the security and confidentiality of Data.
6. DATA TRANSFER
In such instance as your Data is transferred outside of the European Union, we ensure that:
- Data is transferred to a country accepted as offering an equivalent level of protection.
- Data is transferred to entities certified under the Privacy Shield
- For Data transferred outside of countries recognised by the French
Data Protection Authority (CNIL) as having a sufficient level of
protection, redress is made to one of the mechanisms offering
appropriate guarantees for which provision is made by applicable
regulations, and in particular standard contractual clauses.
You can consult our cookies policy here.
8. YOUR RIGHTS CONCENING DATA COLLECTED
8.1. Your rights
You have all of the following rights over Data we collect:
- Right to access your Data: You are entitled to receive confirmation
that your Data is or is not processed and, when it is, are entitled to
access said Data. This right includes that of receiving a copy of the
Data processed: Art. 15 GDPR.
- Right to request rectification of your Data if incorrect: You are
entitled to request that your Data be rectified, updated or completed
when inaccurate, incorrect, incomplete or obsolete: Art. 16 GDPR.
- Right to request deletion of your Data: According to Art. 17 GDPR,
you are entitled to request deletion of your Data only for those reasons
for which provision is made by applicable regulations and in particular
when: Data is no longer necessary in light of the purposes for which it
is collected or processed in any other manner; you withdraw consent
over which processing is based, and there is no legal basis for
processing; you object to processing and there is no overriding
legitimate ground for processing; you consider that your Data has been
processed illicitly; your Data should be deleted to respect a legal
- Right to limit processing of your data: According to Art. 18 GDPR,
you are entitled to request that the Data Controller limit the use of
your data solely on those grounds for which provision is made by
applicable regulation and in particular when: you object to the accuracy
of your Data; you consider that processing is illicit and you object to
deletion of your data; data is still required for exercising or
defending your rights in court even though the Data Controller no longer
requires this data,
- The right to object to processing by withdrawing your consent (with
it being reiterated that this withdrawal may not harm the legality of
processing based on the consent granted prior to its withdrawal) Art. 7
sec. 3 GDPR,
- The right to benefit from data portability: You are
entitled to reclaim your data provided to the Data Controller, in a
structured format, commonly used and machine-readable, and the right to
transfer this data to another Data Controller, Art. 20 GDPR.
- Right to make a complaint to the National Data Protection Authority (CNIL):
If you consider that the Data Controller has defaulted in respect of
its obligations in light of your Personal data, at any time you may
issue a complaint or make a claim to the competent authorities. In
France, the competent authority is the National Data Protection
Authority (CNIL) to whom you may issue a claim electronically by
clicking on the following link:
8.2. Terms for exercising rights
You may exercise the aforementioned rights with a written and
detailed request to the following address: REEL, Chemin de la Chaux,
BP39, 69450 Saint-Cyr au Mont d’or, France.
Due to the obligation of security and confidentiality in Data
processing incumbent upon the Data Controller, you are hereby informed
that your request will be processed subject that you provide proof of
your identity, notably by producing a scanned copy of a valid identity
document or a signed photocopy of a valid identity document.
The Data Controller will determine whether this is admissible or not
within one month following receipt of the claim. In such instance as it
is deemed admissible, the Data Controller will provide all information
requested or implement the rights claimed within the aforementioned
If, given the complexity of the claim or the number of requests
received, the aforementioned deadline cannot be respected, the Data
Controller will notify you prior to expiry of this deadline, of this
deadline being pushed back by a maximum of two months following its
The Data Controller hereby notifies you that it will be entitled,
where applicable, to object to any requests which are clearly abusive
(in their number, repetitive or systematic nature).
In such instance as the Data Controller does not follow up on your
request, we will inform you in the aforementioned deadlines of the
grounds on which our decision is based and your option to refer a
complaint to the National Data Protection Authority (CNIL).
9. PERSONAL DATA SECURITY
We take all necessary security measures so as to prevent as far as
practically possible any alteration or loss of your data or any
unauthorised access thereunto.
In such instance as we should be aware of any illegal access to personal
data concerning you, we undertake to notify you of the incident as soon
as possible if this fulfils a legal requirement.
10. UPDATING THE PRESENT POLICY
The present policy may be updated at any time, notably pursuant to
legal and/or regulatory provisions and/or any recommendations of the
National Data Protection Authority (CNIL). We hereby invite you to
consult this page regularly.