PRIVACY POLICY

1. DATA CONTROLLER

This privacy policy governs the processing of personal data by companies within the Dyma group, data controllers, whose registered office is located in Luxembourg, 9780 WINCRANGE, 8 Route de Lullange/Lëllger Wee, with the company number LU19270520. Fabienne Pleic has been appointed as the contact person for processing: fpleic@dymagroup.com

This privacy policy applies to all the services we provide and the activities we undertake.

Your disclosure of your personal data explicitly acknowledges that you have read, fully understand the content and fully accept the terms of the privacy policy. In particular, you agree that Dyma Group companies may process (either collect, store or use) the data for the purposes specified below.

 2. PERSONAL DATA CATEGORIES

The general data protection regulations define the term "personal data" as follows: "Any information relating to an identified or identifiable natural person" (hereinafter referred to as "data subject").

An "identifiable natural person" is defined as a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, online identifier, or to one or more elements specific to the person's physical, physiological, genetic, psychological, economic, cultural or social identity.

In the course of their activities, Dyma group companies may collect personal data relating to their customers, suppliers, subcontractors (and any subcontractors they may have), prospects, companies/persons forming part of their professional network and, in each case, their principals, staff, employees, agents and any other relevant contact persons.

Such personal data may include personal data, such as marital status, first and last names, telephone numbers, addresses or registered offices, e-mail addresses,..., as well as any information that the individual may provide voluntarily.

The websites of Dyma Group companies use cookies (see "cookies" policy).

 3. HOW DATA ARE COLLECTED AND STORED

Personal data are collected as follows:

• - By encoding data provided by data subjects in the forms on the website https://www.dymagroup.com;
• - By sending data provided by data subjects when placing an order (by internet, by e-mail or by post).

The data communicated via the website https://www.dymagroup.com are stored on the server of the hosting company "PHPNET.ORG", in France.

Data communicated otherwise than via the website is stored on the local secure server (back up) of Dyma group companies, accessible only to the staff and persons authorised by Dyma group companies, as well as to the staff of the IT maintenance company, by means of a secret password, via secure ERP.  

4. PURPOSES OF THE PROCESSING

These data are collected by Dyma group companies in order to enable them to carry out their activities and provide the services entrusted to them by the contract/agreement concluded with the customer. They are also collected to ensure the management of their customers, the preparation of invoices and their collection, and legal, accounting and regulatory obligations. Subject to the consent of the persons concerned, they make it possible to send promotional material, offers, new products, price changes, closures or seasonal greetings via newsletters.

5. LEGAL BASIS FOR THE PROCESSING

The legal bases for the processing operations are the performance of a contract, the consent of the data subject (if applicable) and compliance with legal/regulatory obligations and/or the legitimate interest of Dyma group companies.

 6. RECIPIENTS OF PERSONAL DATA

Dyma group companies will store and process the data collected themselves in order to enable them to achieve the purposes of the processing.

However, for these purposes, it is possible that personal data may be disclosed to public authorities, accountants, auditors, lawyers, accountants, collection companies, IT service providers, subcontractors or companies collaborating with Dyma Group companies.

These entities may be located outside the European Economic Area ("EEA"). However, in this case, personal data will be transmitted only to third countries that have an appropriate level of protection.

If necessary, personal data may also be transferred to other third parties in the context of, for example, a reorganisation of Dyma Group companies, in the event of a transfer of business, liquidation or bankruptcy, due to an injunction or in order to fulfil a specific legal obligation.

However, Dyma group companies will ensure that these persons/companies/entities have the most limited possible access to these personal data and will only process them on a strictly necessary basis.

 7. DURATION OF THE PROCESSING

Dyma group companies keep the personal data entrusted to them for the duration necessary for the purpose of processing.

In determining the appropriate period of time, account will be taken of the nature and sensitivity of the personal data and the purposes for which they are processed. Account is also taken of the need to comply with their legal and regulatory obligations.

 8. SECURITY MEASURES

Dyma Group companies have established appropriate technical and organisational security measures to prevent the destruction, loss, falsification, modification, unauthorised access by third parties or erroneous notification to third parties of the personal data collected, as well as any unauthorised processing of such data

Thus, Dyma group companies have, among other things, provided for the following:

• - use of secure passwords for its employees and managers;
• - inclusion in contracts and employment regulations of clauses providing for data confidentiality;
• - regular updating of PCs with up-to-date security patches and antivirus software;
• - regular backups of important data.

9. RIGHTS OF DATA SUBJECTS

9.1 Right of access, modification, deletion and limitation

You have the right to ask Dyma Group companies to access your data and request their correction.

In accordance with the legal conditions and provided for in the DGMP, you may also request their removal or limitation.

You acknowledge that in the event of a refusal to disclose or a request to delete personal data, Dyma Group companies may not be able to provide certain services.

9.2 Right to object

You have the right to object to the processing of your personal data if you have compelling and legitimate reasons for doing so.

In addition, you have the right to object to the use of personal data for direct marketing purposes. If so, you do not even have to give a reason.

9.3 Right of free transfer of data

You have the right to receive the personal data you have provided to Dyma Group companies in a structured, commonly used and machine-readable format and to pass on this data to other data controllers.

9.4 Right to withdraw consent

Provided that the processing is based on your prior consent, you have the right to withdraw this consent.

9.5 Exercising your rights

You can exercise your rights by contacting Dyma Group companies for this purpose by e-mail at the address "fpleic@dymagroup.com" or by post at the address "Route de Lullange/Lëllger Wee 8 at 9780 WINCRANGE, LUXEMBOURG", with the addition of a copy of the front and back of your identity card.

9.6 Automated decisions and profiling

The processing of your personal data does not include any profiling and will not be the subject of automated decisions by Dyma Group companies.

9.7 Right to lodge a complaint

You have the right to file a complaint with the National Data Protection Commission, without prejudice to any appeal to a civil court:

Commission nationale la protection des données

Service des réclamations

1, avenue du Rock’n’Roll

L-4361 Esch-sur-Alzette

Tel.: (+352) 26 10 60 -1

Fax.: (+352) 26 10 60 - 29

cnpd.public.lu

10. CHANGES

This data protection policy is subject to change. We recommend that you regularly consult the data privacy policy, which can be consulted via the website "https://www.dymagroup.com", to be aware of any changes.

 Latest update: 29/03/2019

This privacy policy is established without prejudice to the rights and obligations of Dyma Group companies under applicable provisions such as those contained in the DGPS.