DIATEX is strongly committed to ensuring that its systems and practices comply with the provisions of the European General Data Protection Regulation (“GDPR”).
Identity of the controller
The controller, as defined by the applicable regulations on personal data, is DIATEX, a simplified joint stock company with a share capital of €224,880, registered in the Lyon Trade and Companies Register under number 339 998 825, whose registered office is located at: Z.I. La Mouche- 58 rue des Sources – 69230 Saint-Genis-Laval (hereinafter referred to as “DIATEX”).
How is data collected?
As part of its business, DIATEX is required to process information concerning you. For example, by completing a form or by browsing our Website, you are transmitting information to us, some of which may identify you (“Personal Data”).
Your Personal Data may be collected when:
- You are browsing through the Website,
- You fill in the contact form on the Website or any other form on the Website, for example to receive a catalogue or information on our products and services,
- You subscribe to our newsletter,
- You exchange with us by phone, email or via social networks,
- You apply for a job offer,
- You exchange with us in a commercial setting (trade shows, business conferences, etc….)
What type of information is collected?
Data that you transmit directly to us
When we contact you, you may be asked to provide us with personal information about yourself. For example, it is collected when you submit a request via our contact form or when you apply for a job vacancy (see recruitment).
Some Personal Data that may be requested is mandatory (indicated by an asterisk or a red triangle).
All other Data is optional. DIATEX is unable to process your request if you do not provide the required Personal Data.
This data includes:
– Last Name, First Names, Title;
– Postal address, e-mail address, telephone number;
– Any other information you provide us with in the main body of the message.
Data we collect as part of our business relationship
The data that we collect during the course of our business relationship with you include the following:
– Information relating to your business relationship record with DIATEX:
Requests for samples, orders, and any invoices and payments;
– Requests you have made to our customer service department or any incidents you have reported to us;
Data that we automatically collect
Each time you access the Site, we collect information about your visit and browsing. Different technologies may be applied to collect data. The main ones include: cookies, standard Internet technologies and data provided by mobile devices. For more information about the cookies and tracking systems we use on the Website, please refer to our Cookies Policy.
Exclusion of any sensitive data
DIATEX does not collect any sensitive data about you.
Why do we collect data?
The main reasons why DIATEX may process your Personal Data are as follows:
- To provide you with the information or services that you have requested (e.g. to send you the Newsletter, commercial assistance, advice);
- To collect information that allows us to improve our Website, our products and services (including through cookies – For more information on this subject, please see our Cookies Policy);
- To contact you about various DIATEX-related developments, including product updates and customer support;
- To process your application for potential recruitment;
- To manage access to our social networks (Linked In, Twitter);
- To receive electronic payments;
- To update and supplement your personal information in a database dedicated to DIATEX;
- To set up personalised loyalty schemes or marketing campaigns;
- To obtain customer feedback;
- To produce commercial statistics.
The purpose is specified at the time of collection. It is explicit and legitimate and the Data that are collected for the purposes stated are adequate, relevant and not excessive with respect to the said purposes.
The legal grounds for the processing of data
We only use your personal data in accordance with current regulations.
The legal grounds for the processing of your Data may be, depending on the context in which it is collected:
- your consent, which may then be withdrawn at any time (via the preferences settings in emails or on our Website) so that we can inform you via our newsletters about new products or innovations or manage recruitment;
- a legal and/or regulatory obligation imposed on DIATEX such as the fight against money laundering, corporate and tax declarations, accounting requirements, etc;
- the fulfilment of a contract agreed with you, such as the processing and monitoring of services you have ordered;
- our legitimate interest (all commercial or corporate reasons that justify the use of your data by DIATEX) such as the development of DIATEX’s business, the improvement of services, the pursuit of new services, the administration, maintenance and enhancement of the Website, the prevention of fraud.
- Recital (47) of Regulation 2016/679: The legitimate interests of a controller, including those of a controller to which the personal data may be disclosed, or of a third party, may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller. Such legitimate interest could exist for example where there is a relevant and appropriate relationship between the data subject and the controller (…). (…) The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest. 2. Recital (48) of Regulation 2016/679: Controllers that are part of a group of undertakings or institutions affiliated to a central body may have a legitimate interest in transmitting personal data within the group of undertakings for internal administrative purposes, including the processing of clients’ or employees’ personal data.
Your personal data are retained for a period of time that complies with legal provisions or is proportionate to the purposes for which they were collected.
Some retention periods are in line with DIATEX’s legitimate interest.
The table below lists the main retention periods for your data.
In all cases, we regularly review the information that we retain. When its retention can no longer be justified by legal or commercial requirements, or by reasons related to the management of your customer account, or if you have exercised your right to modify or delete it, we will delete it in a secure manner.
|Data Category||Purpose||Retention Period|
|Data relating to a Prospective Customer|
|All data (including identification data: surname, first name, company)||Creation and management of a prospective customer file
|3 years from the collection of data or the last time the lead contacted the company.
Data is destroyed on request.
|Data relating to an Active Customer|
|All types of data||Customer account management||Throughout the duration of the contractual relationship
|Data relating to an Inactive Customer|
|Data relating to the fulfilment of the contract
|Management of customer account, orders, deliveries, invoicing, payments||10 years from expiry of the contract or the last time the inactive client contacted the company
|Identification and contact data – Subscribers to newsletters
|Sending of information on changes to our products and offers||3 years from the last time the customer contacted the company.|
|Data generated by Cookies|
|Data related to your navigation on our online services
|Operation and optimisation of services
Visitor traffic analysis.
Personalisation of content
|13 months maximum|
|Job Application Data|
|Data transmitted via the application form||Speculative application or application for a current vacancy||if your profile is likely to be of interest to us for another position, the Data is retained, after informing you.
It is destroyed if you so request, under any circumstances, 2 years after the last time you contacted us, unless you have given your formal consent for a longer retention period.
Which third parties have access to the personal data collected?
Recipients of Personal Data
DIATEX is the controller of your Personal Data.
Your Data is intended for the DIATEX services that are covered by the above-mentioned purposes. We ensure that only duly authorized persons have access to your Personal Data.
DIATEX may, however, share your Personal Data collected through the Website with other entities, solely for the purposes specified at the time of collection.
Neither DIATEX nor any of its subcontractors sell the Personal Data in its possession.
Transmission of data
The following entities may have access to some of your data:
Sub-contractors provide services on our behalf, in particular:
– Securing online payments (electronic payment) and combating fraud
– Maintenance operations and technical enhancements to the Site
– Site Hosting
– Provision of analytics solutions or statistics to analyse Site visits
– Analysis and enhancement of the Website’s SEO
– Management of supplier, customer and prospective customer files
Subcontractors only have access to your data when they have signed contracts stating their obligation to uphold data security and confidentiality.
Social networking platforms
The use of social networks to connect with our Site (in particular the “share” options on Twitter, LinkedIn) may lead to data exchanges between DIATEX and such social networks. For example, if you view an item on the Site and click on the Twitter share option, Twitter will collect the information. We therefore recommend that you consult the personal data management policies on the various social networks to find out about how they collect and process your data.
Law enforcement or administrative authorities
We may need to transmit your data to public authorities when we are legally required to do so.
Is data transferred outside the EU?
We keep your personal data within the European Union.
As a matter of principle, the Data collected is not intended to be transferred outside the European Union. This Personal Data is hosted on a server located in France.
This personal data is hosted on a server located in France.
As part of its recruitment policy, DIATEX collects and stores personal data on potential candidates, transmitted by candidates via the recruitment form.
Candidates who wish to modify or delete their personal data from our databases may at any time send an email via the contact form by selecting “RGPD” from the list and indicating “personal data” in the subject line.
The candidate must ensure that the references provided have agreed to be contacted by DIATEX.
How is your data protected?
As controller, we implement the necessary technical and organisational measures in accordance with applicable legal provisions to protect your personal data against alteration, accidental or unlawful loss, or unauthorised use, disclosure or access, by:
– Raising awareness about confidentiality requirements among our employees who have access to your personal data;
– Securing access to our premises and IT platforms;
– Implementing a general company IT security policy;
Unfortunately, the transmission of information via the Internet is not completely secure. Although DIATEX is fully committed to protecting your Personal Data, DIATEX cannot guarantee the security of the Data you transmit.
If your Personal Data is violated, DIATEX is legally required to notify the CNIL and to inform you, as soon as possible, of any violation of Personal Data that may pose a heightened risk to your rights and freedoms, so that you can take the necessary measures.
What are your rights?
Your rights to access your personal data
You have the right to access, question, rectify and delete information concerning you. You also have a right to limit its processing, a right to object to its processing on legitimate grounds, as well as a right to object to the processing of your data for marketing research.
You may request to exercise your right to data portability, i.e. the right to receive the personal data you have provided us in a structured and commonly used format and the right to transmit this data to another controller.
Any request related to the exercise of your rights can be addressed to DIATEX:
- Either via the contact form / GDPR section
- Or by post:
I. LA MOUCHE – 58 RUE DES SOURCES
This request must be accompanied by a valid identity document and contain as much information as possible. For example, you must specify the e-mail address requested and for which you are sending the request in order to facilitate the search.
Before responding to your request, we may verify your identity and/or ask you to provide us with further information in order to respond to your request. We will inform you of any reasons that may delay the processing of your request, including if it concerns the right to portability, and we will do our utmost to deal with it within a reasonable time frame and, in any event, within a period that does not exceed three months from the date we receive the request.
File a claim with the CNIL (French Data Protection Authority)
You also have the right to file a claim with the CNIL or a data protection authority of a Member State of the European Union as well as the right to set post-mortem guidelines.
This right can be exercised at any time with the CNIL (https://www.cnil.fr/en)