Data protection policy
SPAC takes personal data protection extremely seriously, and is committed to complying with applicable regulations related to the handling of personal data, particularly:
• Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 applicable from 25 May 2018 and also;
• The French Act n°78-17 of 6 January 1978 relating to data processing, data files, and individual liberties as amended.
The purpose of the following legal notices is to set out which personal detail is collected and how it is treated within the website www.spac.fr.
Who is responsible for how my personal data is handled?
The responsible entity is the company, which defines how your personal data is used and for what purposes.
The entity responsible for data handling within the website is:
1 rue du 1er mai, Immeuble Axe Seine, 92000 Nanterre, France
Registered at the Trade & Companies Register of Nanterre as number 542 064 175
Why is my personal data used, and what is the basis of that?
All personal data handling must be in line with the legal basis set out by General Data Protection Regulations.
Your personal data is collected in line with the legal principles set out below, and for these purposes:
1) Objectives. To respond to requests sent via the contact form.
Basis. Legitimate interests of SPAC.
2) Objectives. Managing potential business (request for information and so on)
Basis. Legitimate interests of SPAC.
3) Objectives. Marketing activity: sending out targeted or untargeted marketing offers
- You are a member of the public: messages are sent subject to your prior consent being obtained.
- You are a business person: messages are sent on the basis of SPAC’s legitimate interest.
What data is collected and handled? To whom is my data sent?
Personal data handling as part of this website is set out below:
At what point is my personal data collected? What personal data is collected? To whom is my personal data exclusively sent?
When a contact request is made (contact form) Information given in the form, including:
- Last name
- First name
- Email address
- Information given in the message sent The SPAC, EGEC, and Colas Environment services that relate to your request
No data is transferred outside the European Union.
How long is my data kept?
Personal data handled as part of a contact request is kept for the time needed to formulate a response, or for the time needed to resolve the request.
Personal data relating to a non-customer prospective business matter may be kept for 3 years following the last contact from you.
What are my rights on data?
You can access personal data about you, you can object to the handling of that data, and you can object to receiving business marketing correspondence from us, and you can correct or remove data. You also have the right to limit the handling of your data, as well as the right to set out instructions relating to your personal data in the event of death.
Moreover, you can withdraw your consent to your data being handled at any time.
The exercising of these different rights apply in line with the legal basis of the handling relating to the request (see above).
Please see the website cnil.fr for information about your rights.
How can I exercise my rights?
For any request related to your personal data and/or to exercise your rights, please contact the Chief Privacy Officer (CPO):
- By email: email@example.com
- By letter: Chief Privacy Officer – COLAS – 1 rue du colonel Pierre Avia, 75015 Paris, France
Making a complaint to the CNIL - the French Data Protection Authority
If, after you have contacted us, you feel that your computerised information and liberties rights have not been respected then you can make a complaint to the French Data Protection Authority the ‘Commission Nationale de l’Informatique et des Libertés’ (CNIL).