In accordance with the provisions of the GDPR and Act No. 78-17 of 6 January 1978 on information technology, data files and civil liberties, as modified, the company AJS collects personal data. This data is related to carrying out its business activity of presenting its products, presenting its network and its events. Its products belong to the gardening and DIY sector. AJS collects, directly under its own name or its brands: "AJS" or "blackfox", personal data from prospects, its resellers or its direct customers, through sales contracts and in the usual manner (purchase orders, delivery notes and invoices) and/or on its website "blackfox-group.com". It would like to inform you below about its data protection policy for personal data collected when visiting the website blackfoxgroup.com.
Any other information relating to personal data collected through means other than its website shall be subject to a specific Data Protection Policy that will be communicated to the data subject. The Data Controller is the company AJS, represented by Mr. Jérôme SUBILEAU, a representative of BSBH, the parent company. Full contact details of AJS can be found by clicking on our legal notice tab.
1. Purposes of the processing
The company AJS sells its products through its network of resellers and the development of its customers and its online visibility and, as such, only collects personal information relating to the user and only for the legitimate interest that it has to:
- ensure the security of its website and, in particular, to prevent and identify any attempted malware intrusion;
- to ensure the proper functioning of the website;
- to send its newsletter and promotional offers to individuals who wish to receive them, and who provide their contact details for this purpose;
- to manage messages that the individual may have sent to the company through the contact form and in any further correspondence;
- to carry out prospecting activities and as such: to carry out technical prospecting operations, selecting individuals to carry out customer loyalty operations, prospecting, product surveys and testing and promotions and none of these operations can lead to profiles being established that would contain sensitive data; to carry out marketing operations; organising competitions, lotteries or any promotion other than gambling activities;
- to collect for statistical purposes, marketing studies and analyses carried out by the company, to improve its website in terms of its presentation and traffic;
- to enable its prospecting files to be updated by the organisation in charge of managing the list of individuals who have opted out of telephone canvassing;
- to manage requests for rights to access, rectify, object and the right to data portability.
2. Data collected and processed:
For security: Data that is strictly necessary is collected when browsing the site blackfoxgroup.com » :
- the URL of links through which the user has accessed the site;
- the user's service provider;
- l’adresse de protocole Internet (IP) de l’utilisateur.
To create a "contact": When an individual submits their data to receive the newsletter or our promotional offers, the following personal data is collected:
- pour un particulier : : nom, prénom, adresse mail individuel, numéro de téléphone, catégorie socio-professionnelle, code postal et ville,
- Pour un professionnel : nom, prénom, société ou média, site internet, adresse mail, téléphone, code postal et ville, code client.
AJS does not sell its products directly to non-professional individuals. It does not retain any personal data relating to payment methods of non-professional individuals.
3. Data retention
Data is only retained for the period necessary for the purposes for which it was collected and, in any case, is destroyed after this.
Data collected from customers is retained for 3 years following the last business transaction.
Data relating to a prospect who is not a customer shall be retained for a period of three years following the submission of this data to AJS or from the last contact from this prospect.
In the event of a request to exercise the rights to access or rectify, data relating to identification documents may be retained for the legal period of one year (contravention of Article 9 of the French Code of Criminal Procedure), in the event of an objection, this data may be retained for the statutory limitation period for criminal proceedings (6 years, limitation period for action of Article 8 of said code).
Our security plug-in retains personal data for a maximum period of 36 months.
4. Data recipients
AJS is the sole recipient of this data
Within the limits of their respective assignments, the following persons may have access to personal data:
.authorised AJS staff: from the marketing department, the sales department, departments in charge of dealing with customer relations and prospecting, administrative departments, logistics and IT departments as well as their managers;
.authorised AJS staff from departments responsible for control (statutory auditor, departments in charge of internal control procedures);
.authorised staff of AJS data processors, provided that the agreement signed between the data processors and the data controller mentions the obligations incumbent on the data processors with regard to protecting the security and confidentiality of the data (Article 35 of the Law of the 6th January 1978, as modified) and specifies, in particular, the security objectives to be achieved.
The following may also be data recipients:
.partners, external companies or subsidiaries of the same group of companies under the conditions set out in the GDPR and the standards published by the French Data Protection Authority (CNIL);
.organisations, court officials and ministerial officers, as part of their debt collection duties;
.the organisation in charge of managing the list of those who have opted out of telephone canvassing
For security purposes of the website, this data may be transferred to service providers from the company providing security services, within the framework of the aforementioned purposes.
The IP addresses of visitors are used to check that they do not intend to harm the website. The aim is to protect the website from any sort of attack: brute force, cookie theft, intrusions, malware (viruses, worms, trojan horses and malicious programs), denial of service, etc. It is also to guard against any robot attacks. If your IP address is considered malicious, it is shared in a database in order to protect other websites.
No personal information of users of the aforementioned website is, outside of the cases referred to above, processed, exchanged, transferred, assigned or sold to third parties other than to comply with our legal, administrative, accounting and tax obligations.
5. Rights of data subjects over their data
As a user of the website or an individual who has submitted personal data through the contact form, you have the following rights as defined by the regulations in force:
- The right to access, query, modify and rectify data concerning you;
- The right to object for a particular situation and the right to object to your data being used for commercial prospecting purposes and to this end, we would like to remind you that you can opt out of this prospecting at any time by sending your request to our email address: firstname.lastname@example.org
- The right to erase or restrict your data;
- The right to data portability;
- The right to withdraw your consent to the collection and processing of your data;
- The right to define the directives relating to the fate of your personal data after your death.
Any natural person whose data has been collected may send their signed, written request, along with a copy of the front and back of their identity document bearing the signature of the holder, specifying the address to which the reply should be sent.
This request must mention the right that you wish to exercise and if necessary, supporting documents for your request, if it is specifically regulated. This must be sent to the following address: email@example.com or by post to the following address: AJS, 6 rue de l’Eventard, St Germain sur Moine, 49230 SEVREMOINE, France.
If we do not reply to you within the allotted time frame, you may lodge a complaint with a supervisory authority (the CNIL in France).
6. Data security and confidentiality
AJS strives to implement all useful precautions to maintain the confidentiality of data and to ensure an adequate level of security for the personal data collected and processed, and to prevent it from being distorted, damaged, destroyed or unauthorised third parties having access to it.
All digital data is retained on servers located in the EU (data centre located in the Vendée department, France). Our data centre ensures optimal security of its infrastructure and meets Tier 3+ certification (https://www.neocenterouest.fr/fr/datacenter-vendee)
7. Changes to our data policy