DALIVAL PERSONAL DATA PROTECTION POLICY

> DALIVAL PERSONAL DATA PROTECTION POLICY

GENERAL PERSONAL DATA PROTECTION POLICY

DALIVAL, SAS, whose registered office is at Château de Noue, 02600 Villers-Cotterêts, registered under number 786 095 851 RCS Soissons, a subsidiary of the TERRENA Group (hereinafter referred to as DALIVAL) processes Personal Data (as defined below) as part of its business activity, acting both on its own behalf and on behalf of its subsidiaries.

This Personal Data Protection Policy (the “Policy”) describes the way in which DALIVAL collects, uses and processes your personal data, in compliance with applicable regulations. Your privacy is important to DALIVAL and we are committed to protecting and preserving your privacy rights.
This Policy applies to the personal data that we may collect from our customers, suppliers and service providers in the performance of all types of commercial contracts. It also applies to the personal data of users of our various websites, of persons wishing to apply for our job offers and of all other persons whom we are legitimately led to contact within the framework of the activities of the DALIVAL Group.
Under the regulations applicable to the protection of personal data, and in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such personal data, and Law No. 78-17 of 6 January 1978 on data processing, data files and individual liberties, as amended (hereinafter together the “Personal Data Regulations“), the company responsible for your personal data is DALIVAL.
DALIVAL may modify this Policy from time to time. Please visit this page regularly to consult any changes that we may publish.
If you do not agree with certain aspects of our Policy, you have legal rights which are indicated to you where necessary.
DALIVAL’s subsidiaries may also collect and process Personal Data. This Policy applies to DALIVAL’s subsidiaries.

1- Introduction
2- Definitions
3- Collection of personal data
4- Protection of the personal data of minors
5- Purposes of collecting personal data
6- Recipients of personal data
7- Transfer of personal data outside the European Union
8- Security of personal data
9- Data rights
10- Easier contact for exercising rights
11- Policy update

1- Introduction

The personal data protection policy is based on the following non-exhaustive principles:

To comply with the optional application standards and recommendations of the Commission Nationale de l’Informatique et des Libertés (CNIL) and the Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI), while meeting DALIVAL’s operational requirements;
Apply data protection rules from the design and implementation stage (“Privacy-by-design”, “Privacy-by-default”) of new products designed to process personal data, and reduce data collection to the strict minimum (“minimisation”).
Continuously monitor compliance with legal obligations and commitments made by DALIVAL throughout the life of computerised data processing;
To ensure the greatest possible transparency in data processing, with the exception of information whose disclosure could compromise security;
Strengthening people’s rights and making it easier for them to exercise them.

2- Definitions

“Personal data“: any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

“Data subject“: natural person whose personal data is processed as indicated in Article 4.

“Data Controller“: Natural or legal person who, alone or jointly with other entities, determines the purposes of the processing and the means it uses. The Data Controller is, as a general rule, the Terrena entity that collected the Personal Data. In the event that the Terrena cooperative, the parent company of the Terrena Group, provides this entity with technical, administrative, marketing or commercial assistance, the Terrena cooperative may also be considered as the Data Controller.

“Data processing“: Operations carried out on personal data, whether or not by automatic means, which consist in particular in the collection, recording, use, transmission or communication.

“Sub-processor“: natural or legal person, public authority, department or any other body that processes Personal Data on behalf of the Controller.

“Recipient“: the natural or legal person, public authority, internal or external department or any other body that receives communication of Personal Data.

“TERRENA“: The cooperative company Terrena and its subsidiaries.

“DALIVAL“: Dalival and its subsidiaries.

3- Collection of personal data

The Personal Data that DALIVAL is likely to collect varies according to the purpose of the processing. Its main purpose is to identify individuals in the context of their relations with DALIVAL.

In any event, the Personal Data collected will be limited to that which is necessary for the purposes set out in Article 5 below.

People concerned

The persons concerned by the processing carried out by DALIVAL are :

Visitors, users and customers of its websites
Customers (members and non-members) of SCA Terrena and its subsidiaries
In-store customers who identify themselves with their loyalty card
Participants in competitions, lotteries, special operations online or in-store
Participants in surveys, polls or panels
Recipient of a promotion, online canvassing or commercial operation
Suppliers and service providers
Candidates and employees

Collection of personal data

Data may be collected directly from Data Subjects in various ways, including via :

Contracts signed with DALIVAL ;
Quotations as part of pre-contractual relations ;
Events;
Paper or web forms on websites;
Cookies present on the Internet browser of the persons concerned.

In the event of indirect collection of data from third parties (e.g.: purchase of files, sources accessible to the public), DALIVAL undertakes to inform the Data Subjects at the time of first contact and at the latest within 1 month, unless the Data Subjects already have this information.

Note to visitors and users of its websites: certain functions and features of its websites can only be used if certain personal data is provided. Users are free to choose whether or not to provide all or part of the Personal Data requested. However, if the user decides not to provide them, such a decision may prevent the satisfactory achievement of the objectives described in Article 5 below, certain services and features of our websites may not function correctly and/or the user may be denied access to certain pages of the sites.

Customer data (members and non-members) :

The data that DALIVAL collects about its customers is limited. As a general rule, DALIVAL needs the contact details of people within the client or prospective client (in particular their name, telephone number, e-mail address and postal address) in order to be able to execute contracts concluded with its clients. In the context of customer satisfaction surveys, DALIVAL also holds information relating to customers’ needs or constraints, which DALIVAL may then use to ensure that marketing communications to them are relevant and timely. DALIVAL may also hold additional information that customer contacts have chosen to communicate, such as through loyalty programmes. In some circumstances, when customers interact with certain DALIVAL departments or services, calls may be recorded, depending on applicable local laws and requirements.

Data relating to suppliers and service providers :

DALIVAL also collects data about its suppliers and service providers. In order to manage our commercial relations, DALIVAL collects information from its contacts within the supplier or service provider company, such as their name, telephone number and e-mail and postal addresses. DALIVAL may also hold additional information that contacts within the supplier or service provider company have chosen to communicate.

Data relating to personnel management :

For candidates applying for DALIVAL job offers, various types of information are collected to enable analysis of applications in relation to the positions offered, in particular identity, personal details, professional background, qualifications and motivations.

DALIVAL also collects all information useful for the proper management of its personnel, in particular identity, civil status, personal details, professional background, diplomas, bank details, social security and administrative information in accordance with legal and regulatory provisions.

Data relating to users of its various websites:

DALIVAL collects personal data from users of its various websites, which is used to enable it to improve the use made of its sites and to manage the services that DALIVAL provides. This information includes how its sites are used, the frequency with which the user accesses them, the type of browser, the place from which users visit DALIVAL’s sites, the language used and the times when the sites are most visited.

4- Protection of the personal data of minors

DALIVAL’s products and services are reserved for adults and are not intended to be marketed to minors. DALIVAL does not voluntarily collect or store Personal Data from minors, except in the context of information relating to the management of its personnel.

5- Purposes of collecting personal data

Personal Data is collected for the needs of DALIVAL’s business, such as the performance of contracts concluded with its customers (members or non-members), its suppliers and other service providers or any third party, for the purposes of its legitimate interests or the fulfilment of reporting obligations provided for by law, as well as for the recruitment of employees and the management of DALIVAL employees.

DALIVAL collects and uses Personal Data for the purposes of its activities and in particular to carry out the following activities:

Concerning use of the websites

Goals	Legal basis	Duration of storage
Make available the websites and the products and services offered on the websites	Execution of pre-contractual measures taken at the request of Users and/or Customers and/or performance of the contract	Duration necessary to achieve the purpose of the processing and for a further period of five (5) years
Respond to requests made via forms or using the contact facilities available on the websites	Execution of pre-contractual measures taken at the request of Users and/or Customers and/or performance of the contract	Duration necessary to achieve the purpose of the processing and for a further period of five (5) years

Concerning all customers for customer relationship management

Goals	Legal basis	Duration of storage
Create and manage current business accounts to enable quotations to be issued, orders to be managed, reservations to be made, deliveries to be made and invoices to be issued for products, services and solutions	Execution of pre-contractual measures taken at the request of Users and/or Customers and/or performance of the contract	Five (5) years from the date of the Customer’s last activity, then transferred to the archive for a further five (5) years.
Managing requests, questions and complaints	Execution of pre-contractual measures taken at the request of Users and/or Customers and/or performance of the contract	Five (5) years from the date of each request, question or complaint.
Find out about and characterise customers, monitor the relationship, improve and personalise communications, offers and advice, and carry out statistical studies.	Legitimate interest	Five (5) years from the date of the last Customer activity, followed by a further five (5) years in the archives.
To use personal data as a customer in order to be recognised as such by other services offered by other companies in the Terrena Group.	Legitimate interest	Five (5) years from the date of the last Customer activity, followed by a further five (5) years in the archives.
Provide digital tools, financial activity management services and regulatory data, and maintain the security of these tools	Legitimate interest	Five (5) years from the date of the last Customer activity, followed by a further five (5) years in the archives.
Manage commercial canvassing by post and telephone or electronic canvassing for similar products and services	Legitimate interest	Five (5) years from your last activity, then destruction

For all suppliers

Goals

Legal basis

Duration of storage

Managing purchasing and supplies:

* Order management

* Monitoring and management of purchases and stocks

* Performance management and management of the operating account

* Store supply management

* Invoice generation

Legitimate interest

Five (5) years from the date of the last Supplier activity, then transferred to the archives for a further five (5) years.

Marketing and prospecting

Goals	Legal basis	Duration of storage
To send promotions and offers, personalised or otherwise, by electronic means.	Consent	Five (5) years from the last activity.
Participation in competitions, lotteries and prize draws.	Execution of pre-contractual measures taken at your request and/or performance of the contract	Three (3) years from the end of the competition concerned.
Carrying out profiling for the purpose of improving customer knowledge (establishing your profile, combining purchasing and informational data collected online and offline, segmentation, carrying out studies and analyses to better understand people’s expectations in terms of services, products or offers).	Legitimate interest	Personal data from online and offline purchases used for this purpose is stored for 24 months from the date of your purchase. The other personal data used for this purpose is stored for as long as you have a customer or loyalty account, and for no longer than 5 years from the date of your last activity.

For all candidates

Goals	Legal basis	Duration of storage
Analysis of applications in relation to positions offered	Legitimate interest	1 month if candidate not selected but possibility of inserting CV library for a maximum of 2 years

With regard to compliance with legal and regulatory obligations, defending its rights, safeguarding its interests and combating fraud

Goals	Legal basis	Duration of storage
Accounting and tax: Storage of invoices and other documents required for general accounting and tax purposes.	Compliance with legal and regulatory obligations	Personal data processed as part of the management of accounting and tax obligations is stored for a period corresponding to the duration of the current financial year plus one (1) year, then transferred to the archives for a period of ten (10) years.
Exercising the rights of Users and/or Customers: Management of requests to exercise rights (communications, extracts of information required)	Compliance with legal and regulatory obligations	Personal data relating to requests to exercise rights are stored for three (3) or six (6) years from the date of the request, depending on the right exercised. Where proof of identity is required, it is deleted as soon as it has been verified.
Defence of DALIVAL’s rights and the fight against fraud: Establishment and storage of the means of proof necessary for the defence of rights in the context of actions and complaints brought against DALIVAL by Users and/or Customers and the fight against fraud.	Legitimate interest	The personal data required to establish and store the evidence needed to defend rights is stored for the duration of the applicable legal provisions, or for the duration of the dispute or litigation, should one arise, and until a final and binding decision has been handed down.
Public and judicial authorities: Management of requests from public or judicial authorities and communications with the authorities	Legitimate interest	Personal data relating to the management of requests from authorities is stored for the duration of the proceedings before the authority concerned, and until a final and binding decision has been handed down.

If DALIVAL is required to process the personal data of Users and/or Customers for purposes other than those listed in the tables above, DALIVAL will take any additional steps that may be necessary to ensure the legal compliance of all such processing.

6- Recipients of personal data

In order to achieve the purposes described above and only to the extent necessary for the pursuit of those purposes, the personal data we collect may be transmitted to some or all of the following recipients:

Within the Terrena Group :

Terrena Group subsidiaries in charge of placing, managing and executing contracts and orders;
Terrena Group subsidiaries in charge of marketing, customer relations, complaints, canvassing, administrative services, IT services, online advertising or commercial canvassing;
Terrena Group subsidiaries responsible for the centralised management of our customers’ databases;
To any other subsidiary of the Terrena Group whose intervention may be necessary to carry out the processing implemented in accordance with this policy.

Outside the Terrena Group :

Our service providers involved in all or part of the identified processing operations (in particular IT service providers responsible for maintaining the site, partners in the field of online advertising and personalised communications, and those responsible for the routing and delivery of products);
To our partners who operate services available on our site or services accessible through the use of loyalty programmes;
Our partners who sell products or services directly from our site;
Our partners involved in producing and sending commercial prospecting campaigns;
Our partners involved in the process of distributing personalised online advertising or commercial prospecting;
To the suppliers of products and services of the Terrena Group’s partners who may receive your personal data is available here.

7- Transfer of personal data outside the European Union

DALIVAL is committed to ensuring that data is stored and transferred securely. Consequently, data which is occasionally transferred outside the European Economic Area or EEA (comprising the Member States of the European Union, plus Norway, Iceland and Liechtenstein) will only be transferred to countries which comply with data protection legislation and where the means of transfer ensure adequate protection of your data.

To ensure that personal information receives an adequate level of protection, appropriate procedures are put in place with third parties with whom personal data is shared to ensure that personal information is processed by these third parties in a consistent manner and in compliance with data protection legislation.

8- Security of personnal data

The “processing” of Personal Data includes in particular the use, storage, recording, transfer, adaptation, analysis, modification, declaration, sharing and destruction of Personal Data in accordance with what is necessary in view of the circumstances or legal requirements.

8.1 Data security by TERRENA

TERRENA attaches particular importance to the security of Personal Data.

TERRENA implements technical and organisational measures, taking into account the degree of sensitivity of the Personal Data, to ensure the integrity and confidentiality of the data and to protect them against any malicious intrusion, loss, alteration or disclosure to unauthorised third parties.

Wherever possible and necessary, the following measures are taken:

Encryption ;
Anonymisation ;
Pseudonymisation ;
Deployment of resources to guarantee the confidentiality, integrity and availability of systems;
Deployment of resources to restore availability and access to your personal data in the event of a technical incident.

As all Personal Data is confidential, access to it is restricted to employees, subcontractors or business partners who need it to carry out their duties.

8.2 Data security by Data Recipients

In the event that Terrena uses applications, services or products provided by third parties, Terrena checks with their publishers to ensure that they comply with legal requirements and ensure the protection of the data that will be processed.

In accordance with its commitments, Terrena chooses its subcontractors and service providers carefully and requires them to :

A level of personal data protection at least equivalent to its own;
Use of Personal Data solely for the purposes of managing the services they are required to provide;
Strict compliance with applicable legislation and regulations on confidentiality, banking secrecy and personal data;
The implementation of all appropriate measures to ensure the protection of Personal Data that they may be required to process;
Definition of the technical and organisational measures required to ensure security.

If you suspect any misuse, loss or unauthorised access to your personal information, please inform us immediately.

9- Data rights

Article 15 of the General Data Protection Regulation recognises the right of any individual to obtain from the Data Controller confirmation as to whether or not personal data relating to him or her is being processed and, where such data is being processed, access to it.

DALIVAL has implemented appropriate Personal Data protection measures to ensure that Personal Data is used in accordance with the purposes indicated above and to ensure that it is accurate and kept up to date.

Right to object :

You may object to us processing your personal data at any time.

Your request to object will be dealt with promptly and we will cease the activity to which you object. However, we reserve the right not to cease the activity in question if :

We can demonstrate that we have compelling legitimate grounds for processing your data which override your interests; or
We process your data for the purposes of establishing, exercising or defending a legal claim.

If your refusal relates to direct marketing, we must act in accordance with your opposition by ceasing this activity as far as you are concerned.

Right to withdraw consent :

Where we have obtained your consent to process your personal data for certain activities other than those for which consent is not required, you may withdraw that consent at any time and we will cease to carry out the particular activity to which you had consented, unless we consider that there is some other reason why we should continue to process your data for that purpose, in which case we will inform you of that situation.

Access requests :

You may ask us to confirm the information we hold about you at any time, and you may ask us to amend, update or delete it. We may ask you to verify your identity and request further information about your request. If we give you access to the information we hold about you, we will not charge you for that access unless your request is “manifestly unfounded or excessive”. If you ask us for further copies of this information, we may charge you a reasonable administration fee where permitted by law. Where permitted by law, we may refuse your request. If we do so, we will always justify our refusal.

Right of erasure :

You have the right to request that we delete your personal data in certain circumstances.

In principle, the information in question must meet one of the following criteria:

The data is no longer necessary for the purposes for which it was originally collected and/or processed;
You have withdrawn your consent to the processing of your data and there are no other valid reasons for us to continue processing it;
The data have been processed unlawfully;
The data must be deleted to comply with our legal obligations as data controller; or
Where we process data because we consider it necessary for the purposes of our legitimate interests, you object and we are unable to demonstrate that there is a compelling legitimate reason for further processing.

We would be entitled to refuse to respond to your request only for one of the following reasons:

Exercising the right to freedom of expression and information ;
Comply with legal obligations;
For public health reasons in the public interest ;
For archival, research or statistical purposes; or
Exercising or defending a right in court.

When we respond to a valid request to delete data, we will take all appropriate practical steps to delete the data in question.

Right to limit processing :

You have the right to request that we restrict the processing of your personal data in certain circumstances. This means that we may only continue to store your data and may only carry out further processing activities in one of the following circumstances: (i) resolution of one of the circumstances listed below; (ii) your consent; or (iii) further processing is necessary for the establishment, exercise or defence of legal claims, for the protection of the rights of another person, or on important grounds of public interest of the European Union or a Member State.

You have the right to request that we restrict the processing of your personal data in the following cases:

If you dispute the accuracy of the personal data we process about you. In this case, our processing of your personal data will be limited while we verify the accuracy of the data;
When you object to our processing of your personal data for our legitimate interests. You may request that the data be restricted while we verify our grounds for processing your personal data;
Where your data has been unlawfully processed by us, but you simply prefer us to restrict its processing rather than delete it; and
When we no longer need to process your personal data but you request it in order to establish, exercise or defend legal claims.

If we have disclosed your personal data to third parties, we will inform them of the limited processing unless this proves impossible or involves disproportionate effort. We will, of course, inform you before lifting any restrictions on the processing of your personal data.

Right of rectification :

You also have the right to request that we rectify inaccurate or incomplete personal data that we hold about you. If we have disclosed this personal data to third parties, we will inform them of the rectification unless this proves impossible or involves disproportionate effort. Where appropriate, we will also tell you to which third parties we have disclosed inaccurate or incomplete personal data. If we believe that it is reasonable not to comply with your request, we will give you the reasons for this decision.

Right to data portability :

If you wish, you have the right to transfer your personal data from one controller to another. In practical terms, this means that you are able to transfer the data to another online platform. To enable you to do this, we will provide you with your data in a readable format. This right of portability applies to the following data: (i) personal data that we process automatically (i.e. without human intervention); (ii) personal data that you provide; and (iii) personal data that we process on the basis of your consent or in the performance of a contract.

Right to define general or specific directives relating to the storage, deletion or communication of personal data after the death of a User and/or Customer:

You have the option of defining general or specific directives concerning the manner in which you wish your rights under the applicable regulations to be exercised after your death.

The general directives concern all your personal data, and you may revoke them at any time. They may be registered with a trusted digital third party certified by the Commission Nationale de l’Informatique et des Libertés.

Specific directives concern the processing mentioned in these directives and are registered with Us: they are subject to your specific consent and you may revoke them at any time.

Right to lodge a complaint with a supervisory authority :

If, after contacting us in this respect, you consider that your rights with regard to your personal data have not been respected, you may submit a complaint to the Commission Nationale de l’Informatique et des Libertés (3 place de Fontenoy – TSA 80715 – 75334 Paris cedex 07 – telephone: 01 53 73 22 22 or https://www.cnil.fr/fr/plaintes).

It is important that the personal information we hold about you is accurate and correct. Please inform us of any changes to your personal information during the period in which we hold your data.

10- Easier contact for exercising rights

However, DALIVAL is concerned to guarantee the protection of Personal Data. If you have reason to believe that the security of your Personal Information has been compromised or that it has been misused, you are invited to contact DALIVAL at dataprotection@dalival.com.

You may exercise your rights at any time, and contact the Data Protection Officer at the following address

– By post to the following address Dalival (Terrena group), Data Protection/DPO, 7 avenue Jean Joxé, 49002 ANGERS, ou

– By e-mail to the following address: dataprotection@dalival.com

11- Policy update

This Policy may be updated according to DALIVAL’s needs and circumstances or if required by law. We therefore invite you to read the updates regularly.

DALIVAL undertakes to comply with legal and regulatory developments in the area of personal data.

In this respect, DALIVAL reserves the right to modify its processing and security measures at any time, and to adapt its data confidentiality policy accordingly.

This general policy for the protection of personal data is drafted in French and is subject to the application of French law in all matters arising from its interpretation and execution. If, for any reason whatsoever, this policy were to be translated or drafted in another language, only the French version would be deemed authentic in the event of a dispute.

Updated on 24/02/2025

Research

Discover IFO

News

Dalivalscope N°40

The 40th issue of Dalivalscope has been published. It brings together Pommoscope, Noyauscope and Cidriscope. Among other things, we highlight our production of double-axis trees,...

Read this news
The M200 rootstock receives the SIVAL d’or at the SIVAL INNOVATION 2025 competition

At the 2025 edition of SIVAL, we had the immense honour of receiving the gold trophy for the M200 rootstock. Many thanks to the jury...

Read this news
Trade fair SIVAL 2025

SIVAL is the international trade fair for vineyard, arboriculture and vegetable growing techniques. It was held in Angers from 14 to 16 January. For 3...

Read this news