Home / Personal data protection
Personal data protection
Table of Contents
As part of its activities, Onet, as data controller, is required to collect and use personal data relating to prospects, customers, and Internet users of the Internet pages belonging to them.
In order to build a long-term relationship of trust with you that respects your rights and freedoms, Onet is committed to the protection of personal data.
What is GDPR?
In France, the legislation applicable to the protection of personal data is the so-called "Informatique et Libertés" law of 6 January 1978.
At the European level, the General Data Protection Regulation (better known by the acronym GDPR) came into force on May 25, 2018 in all Member States of the European Union.
One of the objectives of the GDPR is to harmonize all European legislation on the protection of personal data.
What is the purpose of this page?
The main purpose of this page is to provide you with information about the use of your data by Onet's websites in a concise, transparent, understandable and easily accessible format.
This information will allow you to understand how your data is used, your rights, and how to exercise them with us.
Who is the Data Controller?
Onet and its subsidiaries are the Data Controllers of the processing carried out on the websites.
ONET Group
36, boulevard de l'Océan
13009 Marseille
France
How do I contact the Data Protection Officer (DPO)?
Onet has appointed a personal data protection officer at Group level, who can be reached at this address: dpo@Onet.fr.
The Data Protection Officer advises, informs and monitors compliance with the regulations on personal data.
Why do we use your personal data on the Websites?
The websites allow you to:
- Receive and respond to requests from our Clients and Prospects via a contact form.
- Receive and respond to requests from our Clients and Prospects via the Chatbot.
- Carry out marketing operations such as integration into the CRM (customer relationship management) and cross-selling.
- Send email communications to our customers who have not objected:
- On products similar to those they ordered.
- Manage the opt-out list.
- Manage your consents relating to cookies and other trackers.
- Exercising your rights (GDPR).
What are the legal bases for processing?
- Contact request (by form or chatbot): the legal basis for the processing is consent.
- Marketing: The legal basis is the company's legitimate interest in finding new Customers.
- Sending email communications: The legal basis for the processing is the Company's legitimate interest in promoting our products to our customers.
- Opt-out list: the legal basis is the legitimate interest of the data subject in making his or her choice effective.
- Management of consents relating to cookies and trackers: the legal basis is the consent of Internet users.
- Exercising the rights of individuals: the legal basis is the law.
What data do we collect and use?
- Contact request (by form or chatbot): Type of requester, surname, first name, position, telephone number, email address, company, subject of your request, Message.
- Marketing operations: name, surname, email, phone number, job title
- Phone callback: phone number
- Opt-out list: email
- Management of consents relating to cookies and trackers:
- Exercising your rights: surname, first name, request, proof of identity, any data relating to your request.
To whom will we share your data?
We will share your personal data with the following recipients:
- Authorised employees within the Group and its subsidiaries are recipients of the data according to their activities.
- The subcontractors, in charge of the customer file, communications, the Chatbot, the automatic reminder and the management of cookies, are data according to their necessity:
- CRISP Company
- WANNASPEAK Company
How long will we keep your data?
- Data necessary for marketing operations (loyalty and prospecting actions): for the duration of the commercial relationship and three (3) years from the last contact.
- Data concerning the opt-out lists to be received from direct marketing: three (3) years.
- Data required for the management of cookies: 6 months
- Data required by the Chatbot: 6 months
- Data relating to the exercise of rights: five (5) years from the end of the calendar year for all rights except for data in the context of the right to object, which will be kept for six (6) years. If you have provided us with proof of identity, it will be kept for one (1) year after receipt of the request if proof is required. Otherwise, the receipt will be deleted immediately.
What are your rights?
You can access, rectify or delete your personal data. You also have a right to portability and a right to restrict the processing of your data.
If you receive communications where the legal basis is legitimate interest, then you can object to them either at the time of your message via the "I object" tick or via the link at the bottom of each newsletter.
As your consent is required for the choice of cookies and trackers, you can change your choices at any time by clicking on this link:
How do I contact the DPO?
To exercise your rights or if you have any questions about the processing of your data in this system, you can contact our Data Protection Officer (or DPO).
- Contact our DPO electronically: dpo@onet.fr
- Contact our DPO by post:
Data Protection Officer
ONET Group
36, boulevard de l'Océan
13009 Marseille
France
How can I exercise my rights?
This specific page allows you to exercise your rights.
To exercise your rights, you must prove your identity by any means.
If in doubt, we may ask you to provide additional information necessary for your identification.
In the event that you wish to prove your identity by sending us an identity document, please make sure to send us only the front in black and white. Do not send us your health insurance card!
The exercise of rights is free of charge. However, if your requests are repetitive, excessive or abusive, you may be asked to pay fees.
We will acknowledge receipt of your request to exercise rights and respond to your request as soon as possible and no later than one (1) month from receipt of the request.
This period may be extended by two (2) months if the request is complex, for a total of three (3) months after receipt of your request.
In the latter case, we will inform you of the extension and explain the reasons for it.
How do I contact the CNIL?
If, after contacting us, you believe that your "Informatique et Libertés" rights have not been respected, you can send a complaint to the Commission Nationale de l'Informatique et des Libertés (CNIL – 3 place de Fontenoy 75007 Paris): https://www.cnil.fr/