RGPD

RGPD

Version applicable from 25 May 2018.

 

Dear Visitors, Suppliers and B2B Customers of the TF1 Group, 

Please take the time to read our data protection policy, which relates to the collection and processing of personal data about people from outside the TF1 Group[1] (visitors, suppliers, B2B customers).

We have set out our policy below in Q&A format. Our policy sets out clearly and concisely what personal data are held by TF1 Group entities, and how those data are used. It also reminds you of your rights in respect of your personal data, and how to exercise those rights.

 

 

Your question

Our answer

  1.  

Who has responsibility for processing my personal data?

TF1 SA and/or the TF1 Group entity that (i) you have a contractual relationship with or (ii) you are visiting.

If you have any questions about the processing of your personal data, you can e-mail our Data Protection Officer (DPO) at dpo@tf1.fr.

  1.  

Why do you need my personal data?

We use your personal data to:

  1. perform our contract with you;
  2. admit you to our premises and ensure your security while you are there;
  3. send you marketing messages about our products and services (for B2B customers only).
  1.  

On what legal basis do you use my personal data?

We use your data to perform your contract or as part of our pre-contractual relationship, and for the legitimate purpose of ensuring your security while you are on our premises.  

  1.  

How did you collect my data?

We may collect your personal data in connection with business events, projects, or partnerships; when you visit our premises, web pages or websites; and when you use our online services, in particular our news service.

We collect and process data you have sent us directly (i) when visiting us or (ii) during the performance of our contract with you. In addition, by continuing to browse our websites you accept the use by the TF1 Group and by third parties of cookies and other trackers for the purposes of audience metrics/compilation of statistics and sharing on social networks.

  1.  

What kinds of personal data about me do you process?

We process the following kinds of data:

Suppliers

B2B customers

Visitors

 

For suppliers (on or off site):

a) Identity: surname, forename, address, accounting ID code, telephone number, fax number, e-mail address, business registration number, ID document, photo, work permit, visa. b) Professional: job title, economic category, business sector.
c) Billing and payment:
– Subscriptions: goods, products and services covered by the subscription; frequency, amounts, terms & conditions.
– Orders and invoices: goods, products and services covered by the order and invoice; quantity and price; order and invoice number, date and amount; invoice due date; delivery terms.
– Payments: terms and method of payment (means of payment; bank or post office account references; discounts, advance payments, rebates); terms and period of credit.
– Payment defaults, credit notes, receipts.
– Retentions, disputes.

For on site suppliers only, we also process: 

d) Biometric data: digital fingerprint, stored solely on the personal access control card that allows entry to our premises.
f) Video surveillance: images, video, voice.

 

 

a) Identity: title, surname, forenames, address, telephone number (fixed and/or mobile), fax number, e-mail addresses, internal customer ID code.
b) Payment method data: bank or post office account details, cheque number.  
c) Transaction data such as the transaction reference number and details of the purchase, the goods acquired or service subscribed for.
d) Personal, economic and financial situation: marital status, number of people in household, number and age of children in household, job title, business sector, socio-professional category.
e) Commercial relationship tracking data: requests for documentation or trial; products or services bought; subscriptions taken out; quantity, amount and frequency; delivery address; buying history of goods and services; product returns; originator of sale (salesperson, rep, partner, affiliate) or order; correspondence with customer and after-sales; interactions with and comments from active and prospective customers; customer relationship manager(s).
f) Invoice payment data: methods of payment, discounts granted, receipts, balances and payment defaults.
g) Data needed for loyalty programs, marketing, research, opinion surveys, product testing and promotion.
h) Data collected via cookies: statistics relating to audience metrics for our web pages and websites and for social media sharing.

a) Identity: title, surname, forenames, e-mail address, photo.
b) Biometric data (only for visitors from Colas to access the catering facilities on our premises: digital fingerprint, stored solely on the personal access control card that allows entry to our premises.
c) Video surveillance: images, video, voice.

 

 

 

  1.  

Do you have sensitive data [2] about me?

Yes. Your biometric data are stored solely on your personal access control card.

  1.  

Do you sub-contract processing of my data?

Yes. We use sub-contracted processors to manage access and security at our premises; to provide catering services; and to manage information systems, in particular CRM and audience metrics.

We have contractual arrangements that require all sub-contracted processors to apply the technical and organisational measures needed to protect the security of your data (confidentiality, integrity and accessibility) and more generally to comply with data protection legislation.

  1.  

Who can access my personal data?

Only authorised employees of TF1 and/or the subsidiaries concerned, and of their sub-contracted processors, can access your data. However, in certain cases and when it is strictly necessary or results from a legal or regulatory obligation, we may transfer some of your personal data if requested to do so by the competent authorities (including the social security authorities, the labour inspectorate, our auditors, the tax authorities, other administrative or legal authorities in connection with a court ruling, etc.).

  1.  

Where are my data stored? Are my personal data transferred outside the European Union [3]?

Your personal data are stored within the European Union.

Your browsing data alone may be stored in the United States, in connection with our use of Google Analytics (a product of Google, Inc.) for the purposes of audience metrics on our websites. Such transfers outside the European Union are governed by the Privacy Shield Framework, with which[4] Google, Inc. is registered.

  1.  

How long do you keep my data?

The period for which we hold your data depends on why they were collected:

Suppliers

B2B customers

Visitors

Supplier relationship management: 5 years from the end of the commercial relationship. 

Accounting data: 10 years from date of collection.

Connection data: 6 months from date of collection.

On site suppliers only:

Security (video surveillance): 1 month from the date of collection.

Control over access to our premises (access history): 3 months from date of collection 

Customer relationship management: 3  years from the end of the commercial relationship.

Prospective customer data: 3 years from date of last contact.

Accounting data: 10 years from date of collection.

Connection data: 6 months from date of collection.

Security (video surveillance): 1 month from date of collection.

Control over access to our premises (access history): 3 months from date of collection  

 

 

  1.  

Will my data be used for automated decision-making about me, or for profiling[5]?

 

No.

  1.  

What are my rights relating to my personal data?

As an individual, you have the following rights:

  1. Right of access 

You can request us to provide access to all of your personal data.

This right of access enables you to check the accuracy of your data, and if necessary to request us to rectify or erase your data if they are inaccurate or out of date.

  1. Right of rectification

You can request that we rectify inaccurate information about you.

This right means you can prevent us from disseminating or processing inaccurate information about you.

  1. Right to erasure

You can request that we erase your data for any of the reasons permitted by law.

  1. Right to object

You can object, for legitimate reasons, to data about you being disseminated, transmitted or kept.

For customers only: you can object to receiving direct marketing from TF1 Group entities without giving reasons.

Cookies: You can change your browser settings to disable cookies. Each browser has different settings, so you should consult the terms of use of your browser to find out how to exercise your right to object to the placing of cookies.

To help you change your settings, you can use the help page specific to your browser:

 

Some browsers also offer a “Do Not Track” option.

  1. Right to restrict processing

This right allows you to request us to suspend processing your data temporarily for any of the reasons permitted by law.

  1. Right to data portability

This gives you the right to receive personal data you have provided to us in a structured, commonly used and machine readable format. Your data can then be stored or easily transmitted from one information system for reuse by another, enabling you to retain control.

  1. Rights after death

You may give instructions about what happens to your personal data (retention, erasure, transmission) after your death, and you may amend or withdraw those instructions at any time. 

NB: These rights are not absolute: you may exercise them within the specified legal framework, and within the limitations of such rights.

In some cases we may be unable to agree to your request, for example due to a legal obligation or in order to comply with our obligations to you. If that is the case, we will inform of you of the reason(s) for rejecting your request.

A copy of your identity document will be requested and retained solely as proof of the exercise of your rights or to meet a legal obligation.

For more information about your rights (in French only), go to the website of the French data protection agency (CNIL):
https://www.cnil.fr/fr/comprendre-vos-droits.  

  1.  

What happens if I object to my personal data being processed?

Some personal data are necessary for the performance of the contract or to meet a legal obligation. If you object to those data being processed or request that they be erased, we will contact you if your request is incompatible with those purposes.

  1.  

How can I exercise my rights and who should I contact?

  • You can exercise your rights by sending an e-mail to the Data Protection Officer at dpo@tf1.fr.
  • If you encounter a problem, you can go directly to the CNIL website (in French only): https://www.cnil.fr/fr/plaintes.

 


[1] “TF1 Group” refers to TF1 SA and to all present or future companies directly or indirectly controlled by TF1 SA within the meaning of Article L233-3 of the French Commercial Code.

[2] Sensitive data are (i) personal data revealing racial or ethnic origin; personal data revealing political opinions, religious or philosophical beliefs, or trade union membership; genetic data; biometric data (where used to identify an individual person); personal data concerning health; and data concerning a person’s sex life or sexual orientation, and (ii) personal data about criminal convictions or offences.

[3] As of 7 March 2018, the EU member states were: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, United Kingdom.

[4] The Privacy Shield Framework enables data to be transferred from the European Union to the United States provided that the company receiving the data (i) has signed up to a specific register held by the US administration and (ii) complies with obligations and guarantees on data protection equivalent to those specified in the European GDPR Regulation.

[5] “Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.