As part of its activities, LNS Group publishes a website which can be accessed at the following address:
hereinafter referred to as the “Website”
We are fully committed to respecting the privacy and personal data of all those who interact with us, which is why we implement appropriate technical and organisational measures to ensure that your personal data is processed in accordance with the regulations in force for each country concerned. (In particular the General Data Protection Regulation no. 2016/679 of 27 April 2016 (hereinafter “GDPR“) and any other applicable local data protection laws).
The terms “data” or “personal data” used in this charter have the same meaning as the term “personal data” in the GDPR. Other terms common to this Charter and the GDPR, such as “processing“, “data controller“, “processor“, or “recipient” have the meaning given to them in the GDPR.
The purpose of this charter is to inform you in a clear and transparent way about:
- How we process your personal data and what rights you have in relation to it;
- The use of cookies on our website.
Because we know the importance of clear and transparent information in this regard, we have included various tables to help you better understand our practices regarding the management of your personal data and to enable you to exercise your rights.
We apply the principles of data minimisation and data protection by design and by default. Consequently, we only collect information that is relevant, adequate and limited to what is necessary for the purposes for which the data is collected and processed.
You can access our general terms and conditions of sale by using the link below:
Additionally, you can find our code of conduct using the link below:
1. Who is responsible for processing your personal data?
According to the GDPR, the data controller is the person who determines the purposes of and methods for data processing, i.e. for what purpose(s) and in what way your personal data is processed.
The data controller responsible for processing your data is LNS Group, through its various companies.
We have appointed a data protection officer who will be your main contact for all questions relating to the protection of your personal data. You can contact them by email at GDPR@lns-europe.com. You can send them questions or request information.
2. What personal data do we collect and how?
- The data collected
- Identification and contact data: we process the data needed (email address) to create a customer account to interact with us via our secure MyLNS platform.
- Login data: If you have an online account as an existing or prospective customer on our MyLNS platform, we process a certain amount of data when you log in to your personal space, to enable us to identify you and your interactions with our services. This data includes your authentication data (login, password), the date of your last connection, the history of our communication and your interactions with the Website, the date of online acceptance of this charter and our T&Cs, for example.
- Website user browsing data: When you browse the Website, a certain amount of data is collected concerning your device (computer, smartphone, tablet), your browser, and the pages and content you view. This data may include directly or indirectly identifying data such as, for example, your IP address or a unique identifier linked to your device, operating system or software, or example
- Data from our existing and prospective customers: we process the data necessary for commercial contact in order to respond to their request, to present our service offers and to manage our subsequent business relations with our customers.
- Data from our service providers: we process data that is necessary and relevant to the management of our relationship with our service providers
- Data from our employees: we process data that is necessary and relevant to the management of our working relationship with our employees. The methods of processing this data are detailed in the documents organising our working relationships with our employees
2.2 How we collect your data
- Collection via the Website: we process the data that you voluntarily communicate to us via the fields in the contact form provided for this purpose on the Website.
- Use of cookies or other tracking files:
We use cookies or other types of “tracking files” on our Website. A cookie is an electronic file stored on your device (computer, tablet, smartphone, etc.) and associated with the Website. This file is automatically returned when you contact the Website in the future.
When you browse this Website, cookies from us and/or third party companies may be placed on your device. The first time you browse this Website, a banner explaining the use of cookies will appear to enable you to configure your preferences.
We use different types of cookies:
- Strictly “necessary” cookies:
These cookies are generally set as a response to actions you have taken that constitute a request for services, such as setting your privacy preferences, logging in, or filling out forms. They allow information to be recorded from numerous visits to the Website on the same device.
These cookies are necessary for the operation of the Website and do not require your consent. They are therefore automatically stored on your device. Refusing these cookies may affect the functioning of the Website and the quality of your browsing experience.
- “Statistical” or audience measurement cookies:
These cookies allow us to evaluate your actions on the Website in order to assess the frequency and volume of visitors and to improve the functioning and ergonomics of the Website. These cookies may be “internal” (stored by us) or “third party” (stored by third parties).
Your consent is requested before these cookies are stored, i.e. when you first log in, via a checkbox on our cookies banner
3. What are the purposes and legal bases of the personal data processing that we perform?
Type of data | Purpose of the processing | Legal basis |
Login data | Identification of the person logged in to access their personal space and management of our interactions with you through the Website. | Performance of the contract
GDPR, Article 6.1.b) |
Browsing data including directly or indirectly identifying data
|
Provision of a functional, secure Website adapted to the different types of devices and browsers on the market. | Legitimate interest
GDPR, Article 6.1.f) |
Statistics and audience measurement | Consent
GDPR, Article 6.1.a) |
|
Applicant data
|
Data provided by the applicant:
Recruitment management
|
Consent GDPR, Article 6.1.a) |
Prospect data | Prospection: identify potential new customers and presenting our service offerings. | Legitimate interest
GDPR, Article 6.1(f)] |
Customer data | Management of our relationships within the framework of our contractual relationship, in particular within the framework of the provision of the services for which we have been commissioned, | Performance of the contract
GDPR, Article 6.1.b) |
Employee data | Managing our working relationships. | Performance of the contract
GDPR, Article 6.1(b)] |
Service provider data | Performance of the service provision contract. | Performance of the contract
GDPR, Article 6.1.b) |
4. What security measures do we use to protect your personal data?
We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, accidental loss, alteration or unauthorised disclosure or access.
We also monitor how our service providers process your personal data to ensure that they provide sufficient guarantees that appropriate data security measures are in place.
5. How long do we keep your data?
Personal data is kept for the period necessary to achieve the purposes for which it is collected, as described in Article 3, plus the period of legal requirements.
The main retention periods are as follows:
- Current retention period (“active basis”) of personal data:
- Customer data: duration of the contractual relationship, usually increased by 5 years duration modified by locally applicable legal or fiscal obligations
- Data on prospects: 3 years from the last contact
with us (subject to the prospect not objecting at the time of contact) - Supplier data: duration of the contractual relationship, increased by 5 years
- “Intermediate storage” of personal data (i.e. the data is no longer used for the purpose for which it was collected but is still of administrative interest (e.g. for the management of a possible dispute) or must be kept to comply with a legal obligation. This data may be consulted on as and when needed by specifically authorised persons.
- Documents and accounting records: duration in accordance with local tax obligations, e.g. 10 years in France.
- Data required for the management of disputes: the limitation period legally applicable locally, e.g. 5 years in France.
6. What are your rights?
You have a number of rights over your data, which you can exercise as provided for in the GDPR. A summary is given below.
Your Rights | Purpose |
Right of access
GDPR, Article 15 |
To obtain a readable and comprehensible copy of the data we hold about you and a durable copy of this charter. |
Right to rectification
GDPR, Article 16 |
To rectify, update or complete data concerning you. |
Right to withdraw consent
GDPR, Article 7, 3. |
To withdraw consent for the future processing of data to which you have previously consented. |
Right to object
GDPR, Article 21 |
To object to the future processing of your data, where such processing is based on our legitimate interest or that of a third party (subject in particular to legitimate and compelling reasons) or where your data is used for commercial prospection purposes |
Right to erasure (right to be forgotten)
GDPR, Article 17 |
To have all or part of your data deleted, or anonymised in a complete and irreversible manner, under certain conditions (in particular if you consider that the data is no longer necessary, if you have withdrawn your consent, or if you consider that your data is being processed unlawfully). In this case, we may nevertheless need to retain certain data to meet our legal obligations or to enforce our legal rights. |
Right to restriction of processing
GDPR, Article 18 |
To allow your data to be retained without any further use (e.g. if you consider that the data is no longer necessary or is being processed unlawfully). In this case, your data is temporarily isolated and no longer used (subject to our legal obligations or the exercising of our legal rights). |
Right to data portability
GDPR, Article 20 |
To obtain a copy of the data you have provided to us in a reusable computer format for transfer to another data controller. |
Right to define post-mortem directives | Tell us how you want us to handle your data in the event of your death. |
You may exercise these rights at any time and free of charge, except in the case of manifestly unfounded or excessive requests (particularly because of their repetitive nature). In this exceptional case, we reserve the right, in accordance with the provisions of the GDPR (Article 12, 5), to charge a reasonable fee or to refuse your request.
You can exercise your rights by contacting our data protection officer by email at GDPR@lns-europe.com.
If you feel that we have not responded satisfactorily to your request, you may refer the matter to your local supervisory authority. The following is a list of supervisory authorities for the main countries in which an LNS Group company is located:
Countries subject to the GDPR:
France: Commission Nationale de l’Informatique et des Libertés (CNIL), 3 place de Fontenoy, 75007 Paris
Germany: Landesbeauftragten für den Datenschutz und die Informationsfreiheit Baden-Württemberg, Lautenschlagerstrasse 20 70173 Stuttgart
Italy:Garante per la protezione dei dati personali, piazza Venezia 11, 00187, Roma
Countries not subject to the GDPR but applying data protection law:
United Kingdom: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (Data Protection Act 2018 – “UK GDPR”)
Swiss Confederation: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1 CH-3003 Bern (Federal Data Protection Act “DPA” / Bundesgesetz über den Datenschutz “DSG”)
7. Who has access to your data?
Some of your data may be accessed, or at least hosted, by the following individuals:
- Our authorised personnel;
- Our technical subcontractors providing services that contribute to the operation of the Website and/or the fulfilment of the purposes described in Article 3 above;
- Our payment service providers and banks
- Third parties linked to our missions, in particular in the context of legal and fiscal obligations
All recipients of your data are located in countries either within the European Union (hereinafter “EU“) or considered adequate by the European Data Protection Commission (Swiss Confederation, United Kingdom), i.e. offering a level of data protection comparable to that offered by the GDPR.
The personal data you entrust to us is not, in principle, transferred outside the European Union (hereinafter “EU“), the European Economic Area (hereinafter “EEA“), or suitable countries. However, if we or any of our subcontractors are required to transfer any of your data outside of this geographical area, then we will ensure that we or those subcontractors provide appropriate safeguards to govern such transfers.
8. Changes
This charter may be updated from time to time. In the event of significant changes, we will inform you, by means of a prominent notice on the Website, before making such changes. In other cases, the previous charter will be replaced by the new version which will be immediately enforceable. We invite you to consult this page regularly for this purpose.