Privacy policy - Smérys EUROPE

1- Who are we?

Our website address is: https://www.smerys.eu
Smérys is a brand name and a registered trademark of SRI Group.
SRI Group is a company with the legal form: EIRL RCS Pointe-à-Pitre TMC.: 339 584 609 – 2006 A 116. Intra-community VAT number: FR87339584609. In transformation SAS with capital of 2,500,000 €uros.

Smérys is in transformation SAS with capital of 381,150 €uros.
Head office: 120, rue Jean Jaurès – Bâtiment B – 92300 LEVALLOIS-PERRET – France
Email address: contact@smerys.com
Director of publication: Riva SONGO
Telephone numbers (head office switchboard): Tel: (+33) (0)811 48 30 30 – Monday to Friday from 9:00 a.m. to 12:30 p.m. and from 2:00 p.m. to 5:00 p.m. (GMT -4)
Website manager & Director of publication: Mr. Riva SONGO
Email address: riva.songo@groupesri.com
Telephone: (+33) (0)811 48 30 30

Website host: LWS France (Ligne Web Services)
SARL with capital of 500,000 Euros
10, RUE PENTHIEVRE
75008 PARIS
FRANCE
RCS Paris B 851 993 683 00024 – APE 6311Z
Intra-community VAT: FR21 851 993 683
SIRET 85199368300024
Publication director: Nicolas Depredurand
President: Nicolas Depredurand
Managing director: Nicolas Depredurand
LWS – Ligne Web Services SAS is a subsidiary of the company Groupe LWS
Company with capital of 1,000,000 Euros registered with the RCS of Epinal under number 450 453 881 2, rue jules ferry, 88190 Golbey.

2- Use of personal data collected

The purpose of Smérys’ privacy policy is to provide you with information relating to the data processed by our various services.
This privacy policy also serves to inform you of your rights, and how you can exercise them at any time.

This privacy policy has been drafted in compliance with the provisions of the GDPR (General Data Protection Regulation), in article 27 of law 78-17 “Informatique et libertés” of January 6, 1978. Our privacy policy is likely to evolve according to the regulations, case law and doctrine of the supervisory authorities in France and Europe.

The personal data collected on our website https://www.smerys.eu are intended for strictly internal processing of your orders, and any future purchases you may make on our site.

2.1 Who is responsible for processing your data?
Smérys sas, responsible for the processing of personal data carried out on its websites, collects information about you, in particular when you create your customer account or when you make purchases.
As the person who determines the purposes and means of the processing, the data controller is Smérys sas.

Contact details for Smérys sas:
Head office address:
120, rue Jean Jaurès – Bâtiment B – 92300 LEVALLOIS-PERRET – France
Telephone number: 0811 48 30 30
Email address: contact@smerys.com

3- What type of data do we collect?

Smérys collects the data necessary to meet a specific purpose.
The data we collect may have as legal basis:

- Your consent, which can be withdrawn at any time.

- The execution of our contractual relationship or pre-contractual measures

- Compliance with a legal obligation to which we are subject

- The legitimate interest pursued by Smérys, to the extent that
  your interests and rights are respected.

The following table sets out the information to be provided when data is collected from the data subject (Article 12 of the GDPR).

4- What are the data processing operations?

Types of treatments	Data concerned	Purpose of the processing	Legal bases for processing	Data recipients
Commercial prospecting actions Marketing actions	Client identity; Contact details (email address); Exchanges related to the implementation of projects; Statistics	The processing is intended to enable prospecting operations, including: – The production of statistics – The improvement of the site – The development of the commercial strategy – Carrying out satisfaction surveys.	Consent (Article 6.1.a of the GDPR)	Internally: the departments responsible for communication and marketing. Externally, our IT and marketing service providers.
Recording phone calls	Telephone conversation	The processing is intended for: – carrying out satisfaction surveys and customer studies – staff training	Consent (Article 6.1.a of the GDPR)	Internally: the department responsible for customer relations.
Contact forms	Identification data; Date and subject of the request; Follow-up; Activity statistics	The purpose of the processing is to respond to your requests. It allows: – The receipt of requests addressed, – The management of the follow-ups given to these requests, – The production of statistics.	Execution of a pre-contractual or contractual measure (Article 6.1.b of the GDPR) Legitimate interest in meeting the expectations of users of the site (Article 6.1.f GDPR)	Internally: the departments responsible for processing your request. Externally, the IT service provider.
Customer management	Identification data	The processing is intended for: – Management of the contractual relationship – Production of statistics – Production of satisfaction surveys and customer studies – Management of complaints, after-sales service and guarantees	Consent (Article 6.1.a GDPR) Performance of a contract (Article 6.1.b GDPR) Compliance with a legal obligation (Article 6.1.c GDPR)	Internally: All Group entities responsible for processing your request, our service providers and subcontractors. Externally: partner sellers in the event of a product purchase on the MarketPlace www.smerys.eu/
Purchasing management	Identification data; Payment data; Transaction data;	The processing is intended for: – Management of the contractual relationship – Management of complaints, after-sales service and guarantees – Management of accounting – Improvement of the offers proposed	Performance of the contract (article 6.1.b GDPR) Compliance with a legal obligation (article 6.1.c GDPR	Internal: the department in charge of commercial management. External: partner sellers in the event of a product purchase on the MarketPlace www.smerys.eu/
Customer review management	Identification data; Transaction data;	The purpose of the processing is to enable: – Compliance with transparency criteria – Reliability of the processing of opinions – Production of statistics	Consent (Article 6.1.a of the GDPR) Legitimate interest namely the operation of the site (Article 6.1.f).	Internally: the departments responsible for communication, marketing, our IT service provider Externally: the opinions are intended to be published “individually” but are subject to moderation
Management of people’s rights	Identification data	The processing is intended to ensure the management of your rights as covered by the GDPR and the Data Protection Act (amended)	Compliance with a legal obligation (article 6.1.c GDPR)	Internally, the DPO and the persons authorized to manage your rights. Externally, certain regulated professions (lawyers)
Management of unpaid debts and disputes	Identification data; Payment data; Transaction data;	The processing is intended for: – Management of the contractual relationship – Management of accounting – Management of the rights of the data controller	Execution of the contract (Article 6.1.b GDPR); Compliance with a legal obligation (Article 6.1.c GDPR) Legitimate interest, namely the survival of the site (Article 6.1.f),	Internal: the department responsible for accounting. External: authorized service providers which may include regulated professions (lawyers, auditors)
Fraud management	Identification data; Payment data; Transaction data; Browsing and connection data.	The purpose of the processing is to: – Identify proven unpaid amounts – Identify persons in a situation of unpaid amounts for the purposes of exclusion from future transactions	Compliance with a legal obligation (Article 6.1.c GDPR) Legitimate interest of the site (Article 6.1.f),	Internally: Our accounting department – Finance Externally: financial authorities, judicial authorities or state agencies, public bodies on request and within the limits of what is permitted and justified by the regulations
Management of the MarketPlace www.smerys.eu	Identification data; Navigation and connection data	The processing is intended to: – Manage the contractual relationship – Receive requests sent – Manage accounting operations – Combat fraud	Compliance with a legal obligation (Article 6.1.c GDPR) Legitimate interest of the site (Article 6.1.f),	Within the limits of the respective needs: – Internally: The services in charge of managing the MarketPlace – Externally: the service providers in charge of the MarketPlace, the financial authorities, judicial authorities or State agencies, public bodies on request and within the limits of what is permitted and justified by the regulations
Management of promotional operations	Identification data	The processing is intended for: – Selection of suppliers – Development of our commercial strategy – Production of statistics	Consent (Article 6.1.a of the GDPR)	Internal: the department responsible for commercial management. External: the service providers authorized to process the data that you send us and which allow us to offer you the services proposed
Social media management	Identification data visible by default on platforms	The processing is intended for: Interactions between our Group and subscribers (commercial management) Technical administration of networks Production of statistics	Consent (Article 6.1.a of the GDPR) Legitimate interest namely the operation of the site (Article 6.1.f).	Internally, the communications department Externally, visitors to social media platforms
Online navigation (cookies)	Browsing data, Duration of your visit, Technical information (IP address, browser used, etc.)	The purpose of the processing is: – To ensure the maintenance of the site and its functionalities – to improve the interactivity of the site (services offered by third-party sites such as sharing buttons). – To distribute appropriate content depending on the device used.	Consent (Article 6.1.a of the GDPR) Legitimate interest namely the operation of the site (Article 6.1.f).	Internally: the departments responsible for communication. Externally, our IT service provider.
Newsletter	Identity; subscription date; statistics	Subscription management; Electronic mailing management; Development of service-related statistics	Consent (Article 6.1.a of the GDPR)	Internally: the department responsible for communications; Externally, our service providers responsible for IT and communications.
Types of treatments	Data concerned	Purpose of the processing	Legal bases for processing	Data recipients

5- Who are the recipients?

In addition to the recipients indicated above, and in order to achieve the aforementioned purposes, we disclose your personal data only to:

- Smérys entities

- Service providers and subcontractors carrying out services on our
  behalf; They are rigorously selected and act in accordance with our
  instructions

- Partner sellers in case of purchase of a product on the MarketPlace of smerys.eu

- Financial authorities, judicial authorities or state agencies, public bodies upon
  request and within the limits of what is permitted by the regulations

- Credit reporting and debt collection agencies in connection with creditworthiness assessment
  or debt collection in the event of unpaid invoices.

- Certain regulated professions such as lawyers, notaries, auditors.

6- What are the storage periods?

Smérys retains personal data for a period that does not exceed the period necessary for the purposes for which they are collected in accordance with the provisions of Article 27 of Law 78-17 “Informatique et Libertés” of 6 January 1978, as amended, and the GDPR.

It may be justified that certain data be kept for periods of time enabling compliance with the various legal obligations, and in particular the duration of the applicable limitation rules.

Loyalty accounts , loyalty cards and electronic wallets are an integral part of a global network loyalty system. This loyalty system is accepted on our site, and is managed by our third-party partner. Loyalty transaction data on the site www.smerys.eu are stored in a secure space at our loyalty service provider.

Bank cards are only saved after an explicit request from the customer, on the payment page if this option is offered to you. They are kept for a future order in order to improve your shopping experience on our site. Cards saved for a future purchase are kept in a secure space at our payment service provider. Smérys does not store any information on payment cards. You can delete your saved card at any time, on the payment page.

Cookies have a limited lifespan of thirteen months after their first deposit in the user’s terminal equipment (following the expression of consent), as recommended by the CNIL (National Commission for Information Technology and Civil Liberties). You can change your preferences at any time via the cookie manager, the link to which is present in the top menu in the header on each of the pages of the site https://www.smerys.eu . To learn more about cookies and how we are committed to using them, please visit the Cookie Policy page .

Business management: Your data is kept for the duration of the contractual relationship and according to the limitation periods relating to the conservation or protection of the rights of the data controller.

Management of accounting and tax operations: Accounting and tax data is kept for a period of 10 years, the legal period.

Business Operations Management: Data is retained until consent is withdrawn or 3 years from the last contact.

They may also be kept:
– For a period of 3 years from the last contact that the persons to whom they relate had with Smérys;
– After execution of the contract, in intermediate archiving, to meet accounting or tax obligations or to constitute proof in the event of litigation and within the limit of the applicable limitation period.

The data of the customer account, created by the latter, are intended to be kept until the deletion of the account by the user. However, the account may be considered inactive if not used for 2 years and may be subject to deletion.

Management of personal rights: When a person exercises their right to object to receiving prospecting, in order to guarantee its effectiveness, the information allowing this right to be taken into account is kept for at least 3 years from the exercise of the right.

Review management: At the request of the author of a review, Smérys offers the possibility of unpublishing a review, while maintaining traceability for the purposes of subsequent verification of the review. Smérys may delete reviews in the event of a change of ownership and/or complete renovation of an establishment, or a change in the substantial characteristics of a product or service. Smérys will keep a history of deleted reviews, and all documents attached to the reviews, from the site and the reason for their deletion for a maximum period of one rolling year from the date of deletion of the review.

Management of unpaid debts: In the event of unpaid debts, the data is deleted from the file listing persons in arrears no later than 48 hours from the time the unpaid debt has actually been settled. Exceptionally, and when necessary and proportionate circumstances justify it, the data may be retained in order to prevent the recurrence of payment incidents. In the event of non-regularization, the information may be retained in the file listing persons for a maximum of 3 years from the occurrence of the unpaid debt. They may then be archived to meet accounting and tax obligations or to serve as evidence in the event of litigation within the limit of the applicable limitation period.

Recording of telephone calls: Telephone calls may be recorded. These recordings are kept for a maximum period of 6 months, and are destroyed after this period.

Supporting documents sent to Customer Relations: the processing related to the request for supporting documents is intended to combat fraud and non-payment. The data is kept for a period of 1 month, in addition to the month in which the supporting documents are received. Supporting documents containing copies of bank cards are immediately deleted.

Newsletter: You can unsubscribe from our newsletter at any time using the link provided for this purpose at the bottom of each email we send you, or directly from your Smérys customer account.

7- Do we transfer data abroad?

No. Your data is not transferred to third countries. It remains hosted in Europe, and more precisely on French soil. Smérys does not sell or share your data to/with third-party commercial partners. With regard to features related to the use of social networks, your publications may be accessible outside the European Union. We invite you to consult the data management policy of the networks concerned. To this end, please consult the page by clicking here .

8- Security

We are committed to ensuring the security of your personal data through strict procedures within our company.

For data collected “online” via the site https://www.smerys.eu, communications on the client part are encrypted between the user’s terminal (PC, touch pad, smart phone) and our servers (HTTPS secure zone). Smérys undertakes to make every effort to protect your personal data. Only people who, due to their functions at Smérys, have a legitimate professional interest in accessing it will have access to your information. As part of technical operations, your data may also be hosted by our partner subcontractors. The latter are rigorously selected and act in accordance with our instructions.

9- Rights of individuals – Your rights

You are informed of your various rights:

- Right to withdraw consent at any time
  Where the processing of your personal data is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

- Right of access to personal data concerning you Article 15 of the GDPR

- Right of rectification Article 16 of the GDPR

- Right to erasure Article 17 of the GDPR

- Right to restriction of processing Article 18 of the GDPR

- Right to data portability Article 20 of the GDPR

- Right to object Article 21 of the GDPR

- Right to define guidelines regarding the fate of your personal data (retention, deletion and communication of data) after your death. Article 85 of the Data Protection Act (amended law).

- Right to lodge a complaint with a supervisory authority (the CNIL in France). Article 104.4 of the Data Protection Act (amended law).

Visit the website of the National Commission for Information Technology and Civil Liberties (CNIL) https://www.cnil.fr for more information on your rights.
These rights can be exercised directly with the data controller.

10- Exercising your rights

To exercise these rights or for any questions about the processing of your personal data, we invite you to contact us using the following contact details:

- Head office address:
  Smérys sas
  120, rue Jean Jaurès
  Building B
  92300 LEVALLOIS-PERRET.
  France

- Phone number: 0811 48 30 30

- Email address: contact@smerys.com

11- Complaint

After contacting us, if you believe that your “Data Protection” rights have not been respected, you can file a complaint with the supervisory authority on which we depend due to our location. The authorized supervisory authority is: The National Commission for Data Protection and Liberties (CNIL).

12- Update of the data policy

This page was last updated on: 12.09.2024