Privacy policy

Update on July 2024

Data controller:

France

  • STACI: ZAC des Béthunes – avenue du Fond de Vaux – 95310 SAINT-OUEN-L’AUMÔNE (France)
  • PUBLIDISPATCH (STACI subsidiary): ZAC des Béthunes – avenue du Fond de Vaux – 95310 SAINT-OUEN-L’AUMÔNE (France)
  • EURODISLOG (STACI subsidiary): ZAC des Béthunes – avenue du Fond de Vaux – 95310 SAINT-OUEN-L’AUMÔNE (France)
  • LOGIGONES (STACI subsidiary) : Avenue Satolas Green – 69330 PUSIGNAN (FRANCE)

Germany

  • STACI DEUTSCHLAND: Walter- Gropius – 19 street – 50126 BERGHEIM

United Kingdom

  • STACI UK: Walker Park – Blackburn – BB1 2LG

Belgium

  • STACI BELGIUM: Scheldeweg 1, 2850 Boom

Spain

  • STACI SPAIN – Vivace Logistica: Fco Street. Rabal 9, Pol. La Garena – 28806 ALCALÁ de HENARES (MADRID area)

Italy

  • STACI ITALIA : ZI via Marco Biagi 32 – 27022 CASORATE PRIMO

The Netherlands

  • STACI NETHERLANDS:  Theseusstraat 44 – 5047 RJ TILBURG

 

I/ – PROVISIONS RELATING TO THE CONTACT FORM

As part of their activities, the companies of the STACI Group (hereinafter the “Companies”) process personal data entered on the contact form published on this website (hereinafter the “Site”).

The purpose of this policy implemented by the Companies is to inform the persons concerned of the commitments they make in order to ensure compliance with the regulations in force on the protection of personal data.

This policy may be modified to take into account legislative and regulatory developments in this area. Therefore, data subjects are invited to access this page regularly if they wish to take note of these developments.

Legal basis, nature of the personal data processed & data subjects

The Companies need personal contact data (surname, first name, position if required, e-mail address, etc.) of the persons who, in the context of their professional activity, request them for information on the services offered by the Companies and /or a quote or even be kept informed of news and offers from the Companies.

These data are gathered with the primary objective of being able to respond to requests submitted by the data subject by transmitting these requests to the department(s) of the Companies which is(are) responsible of processing the requests.

The processing carried out on this data is therefore necessary for the purposes of the legitimate interests of the Companies (responding to the questions raised), for the execution of pre-contractual measures taken at the request of these persons or by virtue of the consent given by these persons.

Purposes of the processing of personal data

The Companies only use personal data for the following purposes:

  • to respond to the request made on the Site,
  • to save the contact in their prospect database,
  • to carry out their marketing and commercial communication (service offers, information on their news – newsletter, invite to promotional events) with the prior express consent of the data subjects,
  • to meet their legal obligations.

Sharing & transfer of personal data

Personal data is only intended for the Marketing & Sales departments of the Companies for the purposes defined in this policy.

When necessary to achieve these purposes and carry out their missions, they may be shared between the Companies or transferred to partner companies with whom the Companies have ensured that they explicitly commit to the same level of confidentiality and compliance with the regulations in force.

These data are not transferred to a third party (including free of charge).

Hosting & storage of personal data

The personal data collected on the contact form will only be kept for as long as necessary to meet the purposes defined above or to enable them to comply with legal obligations, if required.  In any case, the Companies do not retain personal data beyond three (3) years after the last contact with the data subject, except with prior and express consent for a longer retention period.

Personal data is hosted within the European economic territory.

Data subjects can assert their access rights (see Chapter V/ – “Right of Access”).

  

II/ – PROVISIONS RELATING TO THE RECRUITMENT FORM

As part of their activities, the companies of the STACI Group (hereinafter the “Companies”) process personal data entered on the recruitment form published on this website (hereinafter the “Site”).

The purpose of this policy implemented by the Companies is to inform the persons concerned of the commitments they make in order to ensure compliance with the regulations in force on the protection of personal data.

This policy may be modified to take into account legislative and regulatory developments in this area. Therefore, data subjects are invited to access this page regularly if they wish to take note of these developments.

Legal basis, nature of the personal data processed & data subjects

The Companies only collect the personal data that is necessary for them to process your applications submitted on the Site and to manage their current and future recruitments.

Purposes of the processing of personal data

The Companies only use personal data to manage their recruitment (analysis of applications, organization of tests and job interviews, creation of a database of potential candidates) and to meet their legal obligations.

These data are not processed for commercial prospecting purposes.

Sharing & transfer of personal data

Personal data is intended only for the Internal Departments of the Companies (Human Resources, departments requiring recruitment) for the purposes defined in this policy.

When necessary to achieve these purposes and carry out their missions, they may be shared between the Companies or transferred to partner companies (in particular recruitment agencies) with whom the Companies have ensured that they explicitly commit to the same level of confidentiality and compliance with the regulations in force.

These data are not transferred to a third party (including free of charge).

Hosting & retention of personal data

The personal data collected on the recruitment form will only be kept for the time necessary to meet the purposes defined above or to enable them to comply with legal obligations, if required. In any case, the Companies will not keep personal data beyond two years after the last contact with the candidate, except for his/her prior and express consent for a longer retention period.

Personal data is hosted within the European economic territory.

Data subjects can assert their access rights (see Chapter V/ – “Right of Access”).

  

III/ – PROVISIONS RELATING TO THE PROVISION OF SERVICES BY THE COMPANIES OF THE STACI GROUP

As part of the performance of the services that the STACI Group Companies (hereinafter the “Companies”) carry out at the request of their ordering clients (hereinafter referred to as “Clients”), the Companies process personal data   entrusted to them by the Clients or  communicated to them directly from access to an electronic catalogue  placing orders online (hereinafter the “Catalogue”) or from an online sales shop (hereinafter the “Shop”) that the Companies may be required to make available to their Clients.

The purpose of this policy implemented by the Companies is to inform the persons concerned of the commitments made by the Companies in order to ensure compliance with the regulations in force regarding the protection of personal data.

This policy may be modified to take into account legislative and regulatory developments in this area. Therefore, data subjects are invited to access this page regularly if they wish to take note of these developments.

Legal basis, nature of the personal data processed & data subjects

The Companies need personal contact data (surname, first name, function if required, telephone contact or e-mail address, delivery address, login and identification password to access a Catalog or Shop).

The data subjects are the contacts of their Clients, the people placing orders as well as the recipients of orders designated by their Clients.

The processing carried out on this data is therefore necessary for the Companies for the execution of the contract entered into with their Clients or for the purposes of the legitimate interests pursued by the Companies (improve the quality of services, guarantee the security and confidentiality of personal data processed, ensure their commercial development with their Clients).

Purposes of processing personal data

The Companies only use personal data for the following purposes:

  • to manage connection and functionalities of a Catalog,
  • to manage connection and functionalities of a Shop,
  • to manage logistical and financial orders and associated services,
  • to manage commercial relationship with their clients (negotiation and monitoring of contracts, invoicing and accounting follow-up, proof of operations in the management of any disputes or complaints, follow-up of services, proposal of new services),
  • to meet their legal obligations.

The Companies do not carry out any  individual profiling operation  from this personal data.

 Sharing & transfer of personal data

Companies are sometimes required to share personal data with the IT service provider in charge of the outsourcing of the Site.

Personal data is mainly intended for the Companies’ internal operational departments, for the purposes defined in this policy.

When necessary to achieve these purposes and carry out their missions, personal data may be shared between the Companies or transferred to partner companies that carry out certain operations on their behalf (in particular transport companies in charge of order deliveries, local storage companies,   companies that can ensure the financial porting of stocks of products put online on a Store …) and with whom the Companies have ensured that they explicitly commit to the same level of confidentiality and compliance with the regulations in force.

Companies are sometimes required to share personal data with IT service providers in charge of outsourcing and application maintenance of their information systems (including Catalog and Boutique).

Companies may also be required to share personal data with their Clients to justify the performance of their services.

These data are not subject to any transfer by us to a third party (including free of charge).

CASE OF AN ONLINE SETTLEMENT

The Companies do not collect payment data: in the event of an online payment of an order from a Store, the payment is taken care of on the secure site of a company specializing in this type of transaction committed to an international security standard in terms of confidentiality, security and integrity of payment data. This specialized company only communicates to the Companies truncated data to allow them to make bank reconciliations and organize any refunds.

The Companies therefore never question the holders of the means of payment, by any means whatsoever (email, telephone or mail), to obtain or have confirmation of information relating to their payment details. 

Hosting & retention of personal data

The personal data that the Companies process will only be kept for the time necessary to meet the purposes defined above or to enable them to comply with legal obligations, if required. The Companies therefore retain at least personal data for the entire duration of the contract and beyond for a period which will not exceed ten years.

Personal data is hosted within the European economic territory.

Data subjects can assert their access rights (see Chapter V/ – “Right of Access”).

 

IV/ – PROVISIONS RELATING TO COMMERCIAL RELATIONS WITH SUPPLIERS

As part of the process of selecting their suppliers, the STACI Group Companies (hereinafter the “Companies”) process personal data entrusted to them by the Suppliers.

The purpose of this policy implemented by the Companies is to inform the persons concerned of the commitments they make in order to ensure compliance with the regulations in force on the protection of personal data.

This policy may be modified to take into account legislative and regulatory developments in this area. Therefore, data subjects are invited to access this page regularly if they wish to take note of these developments.

Legal basis, nature of the personal data processed & data subjects

The Companies need personal contact data (surname, first name, function, professional address / professional e-mail) of the staff of the suppliers in charge of responding to their requests.

The processing carried out on this data is therefore necessary for the execution of the contract entered into with the Companies or for the purposes of the legitimate interests pursued by the Companies (guaranteeing the security and confidentiality of the data processed, sharing data within the Group).

Purposes of the processing of personal data

The Companies only use personal data for the following purposes:

  • to select their suppliers,
  • to save contacts in their Suppliers database,
  • to contract out services,
  • to exchange and monitor their commercial relations,
  • to carry out audits,
  • to meet their legal obligations.

Sharing & transfer of personal data

The personal data is intended for the internal services of the Companies (Purchasing, Legal, staff of the various departments authorized to order and monitor services ordered) for the purposes defined in this policy.

When necessary to achieve these purposes and carry out their missions, it may be shared between the Companies or transferred to partner companies (such as consultants who can prepare and manage calls for tenders), and to their advisors, who the Companies ensure explicitly commit to the same level of confidentiality and compliance with the regulations in force.

Companies are sometimes required to share personal data with their IT service providers in charge of outsourcing and third-party maintenance of their information systems.

These data are not transferred to a third party (including free of charge).

Hosting & retention of personal data

The personal data that the Companies process will only be kept for as long as necessary to meet the purposes defined above or to enable them to comply with legal obligations, if required. The Companies therefore retain at least personal data for the entire duration of the contract and beyond for a period which will not exceed ten years.

Personal data is hosted within the European economic territory.

Data subjects can assert their access rights (see Chapter V/ – “Right of Access”).

 

V/ – RIGHT OF ACCESS

The persons concerned by the processing of personal data carried out by the companies of the STACI Group have a right of access, rectification, deletion, limitation and opposition to the processing of their data by our company, and the right to request to receive their personal data in a structured and standardized format.

All requests must be made to the following address:

STACI – Finance and Legal Department – TSA 96797 – Saint Ouen l’Aumône – 95074 CERGY PONTOISE Cedex – FRANCE

 

In certain cases, STACI may be required to request proof of identity to guarantee the legitimacy of the data subject to exercise his/her right.

 In accordance with the regulations in force, these requests will be processed within a maximum period of 30 days from receipt of the request. This period may be extended by two months in view of the complexity and/or number of requests.

The STACI Group reserves the right to reject any excessive request (in particular in the event of excessive/abusive repetition) and to refuse any communication of data that may contain personal data of other persons or company secrets.

In application of the regulations in force, the data subjects by processing have the right to lodge a complaint with the CNIL (Commission Nationale de l’Informatique et des Libertés) on which the Group STACI depends. However, the data subjects have the option of submitting this complaint to any other local regulatory and/or supervisory authority that they consider competent in the matter.