Customer (BtoB) privacy notice
N° | Purpose for processing | Lawful basis |
---|---|---|
1 | To carry out administrative operations relating to agreements, orders, receipt of deliveries, invoices, payments, accounting in relation to customer accounts management, etc. | This processing is necessary to perform the contract between you and Asmodee. |
2 | To establish financial statistic and turnover statistics per customer. | We consider that we have a legitimate interest in conducting analysis regarding our activities to help us take business decisions. |
3 | To provide a selection of customers for the needs of Asmodee. | We consider that we have a legitimate interest in maintaining a list of our customers to conduct our business operations. |
4 | To maintain documentation on customers. | We consider that we have a legitimate interest in maintaining such documentation to conduct our business operations. |
5 | To send you marketing communications regarding our services and products. | We consider that we have a legitimate interest in ensuring that our customers are kept up to date with information about our products and services, as this helps us to preserve our business operations or grow our business. However, where we are required by law to obtain your consent before sending you such information, we will rely upon such consent as our basis for processing. |
6 | To comply with our legal obligations in terms of client verifications (including any Know Your Client, Anti-Money Laundering or Anti-Bribery regulations), conflicts or similar obligations including, but without limitation, maintaining regulatory insurance. | This processing is necessary to comply with our legal obligations. However, where such legal obligations result from laws other than EU or Member State law, then we consider that we have a legitimate interest in complying with such legal obligations when non-compliance may result in sanctions or other adverse consequences for our organization or the Asmodee group in general. |
7 | To comply with any applicable law, court order, other judicial processes, or the requirements of a regulator. | This processing is necessary to comply with our legal obligations. |
8 | To enforce our agreements with you. | We consider that we have a legitimate interest in ensuring that our contracts are performed correctly and in defending our rights where necessary. |
9 | To enforce our legal rights and obligations, and for any purposes in connection with any legal claims made by, against or otherwise involving you. | We consider that we have a legitimate interest in protecting our organization from breaches of legal obligations owed to it and to defend itself from litigation. |
10 | To protect the rights of third parties. | This processing is necessary for the compliance with legal obligations to which Asmodee is subject. This processing is also necessary for the purpose of the legitimate interests pursued by Asmodee. We consider that we have a legitimate interest in ensuring our activities do not violate any third parties’ rights. |
11 | In contemplation of and/or in connection with a business transaction such as a merger, or a restructuring, or sale. | We consider that we have a legitimate interest as we need to be able to make decisions relating to the future of our business in order to preserve our business operations or grow our business. |
12 | Organization of marketing activities including meals or other events where information on food restrictions may be collected. | We rely on your consent to collect information for the organization of marketing activities where you may be involved, to better serve you. |
If you are an employee of one of Asmodee’s corporate customers, we only use your contact information for the management of the relationship with your employer. We consider that we have a legitimate interest in ensuring we can communicate with you and preserve our business operations with your employer.
4. Who do we disclose your personal data to?
We may share your personal data with a variety of the following categories of third parties as necessary:
- Other entities of the Asmodee group (the list of Asmodee affiliates is available here),
- Third-party service providers (maintenance, storage, payment, logistics, marketing services, reputation audits, etc.), for the purposes described in Section 3 above,
- Third-party postal or courier providers who assist us in delivering our postal marketing campaigns to you, or delivering documents related to a matter,
- Our professional advisers such as lawyers and accountants, auditors,
- Shareholders,
- Government or regulatory authorities,
- Professional indemnity or other relevant insurers,
- Regulators/tax authorities/corporate registries,
- Partners, and
- Banks
Please note this list is non-exhaustive and there may be other examples where we need to share with other parties were justified by our legitimate interest, permitted by applicable law, or necessary for compliance with a legal obligation to which we are subject.
In this context, your personal data may be transferred outside the European Economic Area (EEA), to countries not offering a level of protection of personal data equivalent to that offered within the EEA, such as China, USA, Canada, etc. In the absence of an adequacy decision of the European Commission, the transfer of your personal data will be made pursuant to the standard contractual clauses adopted by the European Commission or pursuant to any other legal protection mechanism in accordance with applicable law.
5. How long do we retain your personal data?
Our general approach is to retain your personal data only for as long as required to fulfill the purposes for which it was collected. We generally retain your personal data for the duration strictly necessary for the management of our relationship with you. However, unless you object, we retain your personal data used for marketing purposes for an additional 3-years period after the end of our relationship with you.
However, we may, in addition, retain personal data for longer periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or where such data is necessary to establish the existence of a right or contract. In that case, your personal data will be archived and retained for the duration imposed by applicable law, or for the duration of the applicable statute of limitations.
When your personal data will no longer be necessary, we will delete or anonymize them.
6. Security of your personal data
We are committed to keeping your personal data secure and we have implemented appropriate information security policies, rules and technical measures to protect it from unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss.
All of our partners, employees, consultants and data processors, who have access to, and are associated with the processing of personal data, are obliged to respect its confidentiality.
7. What are your rights?
You have a number of rights in relation to your personal data. More information about each of these rights is set out below:
- Withdrawal of consent. You can withdraw at any time your consent in respect of any processing of personal data based on your consent, without affecting the lawfulness of processing based on your consent before its withdrawal.
- Access. You can ask us to confirm whether we process your personal data and, as the case may be, inform you of the characteristics of such processing, allow you to access such data and give you a copy of it.
- Rectification. You can ask us to rectify or complete inaccurate or incomplete personal data.
- Erasure. You can ask us to erase your personal data in the following cases: where it is no longer necessary for the purposes for which it was collected; you withdrew your consent; you objected to the processing of your personal data; your personal data has been processed unlawfully, or to comply with a legal obligation. We are not required to comply with your request notably if the processing of your personal data is necessary for compliance with a legal obligation or for the establishment, exercise or defense of legal claims.
- Restriction. You can ask us to restrict the processing of your personal data (i.e., keep but not use your personal data) where: the accuracy of your personal data is contested; the processing is unlawful, but you do not want it erased; it is still necessary to establish, exercise or defend legal claims; to verify the existence overriding grounds following the exercise of your right of objection. We can continue to use your personal data following a request for restriction, where: we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.
- Portability. You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another data controller, but only where the processing is based on your consent or on the performance of a contract with you, and the processing is carried out by automated means.
- Digital legacy. You have the right to define (general or specific) directives regarding the fate of your personal data after your death.
- The right to object to processing justified on legitimate interest grounds. Where we are relying upon legitimate interest to process personal data (see Section 3), then you have the right to object to that processing. If you object, we must stop that processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or where we need to process the data for the establishment, exercise or defense of legal claims.
- The right to object to processing for marketing purposes. Where we process personal data for direct marketing purposes, then you have the right to object to that processing at any time.
You also have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes applicable law. In France, the supervisory authority for the protection of personal data is the CNIL (www.cnil.fr).
To exercise your rights regarding your personal data, please complete this form and send it to us at the contact details provided.
8. Contact and complaints
For further information regarding your rights or if you have any questions regarding the processing of your personal data, please contact donneespersonnelles-group@asmodee.com.
9. Changes to this Privacy Notice
We may occasionally change this Privacy Notice, for example, to comply with new requirements imposed by the applicable laws, technical requirements, or good commercial practices. We will notify you in case of material changes.
Last update: March, 30th, 2021