MENU

Mentions Légales

Aynel Catering

Privacy Policy

Aynel Catering places great importance on the protection and confidentiality of its Clients’ personal data and ensures compliance with applicable regulations. This charter outlines the commitments of Aynel Catering (hereafter referred to as the “Company”) regarding the use and protection of Data (hereafter referred to as the “Charter”).

Clients are invited to review this Charter, which aims to present how the Company processes Data in connection with the services offered and how Clients can exercise their rights.

1. Scope of the Charter

This Charter applies to any collection and processing of Data concerning the Company’s Clients via the website.

2. Processed Data

To provide Clients with all the services offered, the Company collects the following Data:

  • Contact details (e.g., phone number, email, postal address, etc.),
  • Identifications (e.g., first name, last name, etc.),
  • Website usage data (e.g., IP address, logs, tokens, clicks, etc.).

 

The Company adheres to the principle of data minimization, meaning it only collects Data strictly necessary for processing.

3. Sources of Data Collection

Client Data is generally collected directly through their actions on the website (e.g., budget estimates, newsletter subscriptions, contests registrations, etc.).

4. Purposes and Legal Bases for Data Processing

The Company processes Clients’ Data solely to provide the requested services and
to offer a quality Client experience.

a) Processing based on the execution of a contract with Clients includes:

  • Creating and managing “Client accounts,” processing orders and deliveries,
    managing accounting and payments, handling complaints and after-sales
    service,
  • Organising contests, lotteries, or any promotional operations conducted by
    the Company,
  • Managing loyalty programs.


b) Processing based on the legitimate interest of the Company includes:

  • Managing commercial prospecting, surveys, and product tests,
  • Developing commercial statistics.


c) Processing based on Client consent includes:

  • Managing newsletters.


d) Processing based on legal obligation involves collecting and preserving Clients’ actions when using the website.

5. Data Retention Period

The following data retention periods apply to the Data associated with the purposes of processing:

  • Data related to “Client account” usage, contest organisation, and newsletter management:
    • Duration of contract execution and legal prescription period if applicable.
  • Data related to commercial prospecting:
    • 3 years from the end of the commercial relationship.
  • Cookies:
    • 13 months from deposit on the Client’s terminal from the last use of the website.
  • Connection and website usage data:
    • 1 year.

 

After these periods, Data will either be deleted or anonymized for studies and/ or statistics.

Data is also retained in case of pre-litigation and litigation for the entire duration of the dispute resolution process.
It is also noted that deletion or anonymization of Data is irreversible, and the Company cannot restore it afterwards.

6. Data Recipients

The Company may transfer Data:

  1. To the Company’s suppliers, who will only use the Data on behalf of and according to the Company’s instructions and strictly within the framework of executing services requested by the Client.
  2.  To third parties as part of fraud prevention and generally in relation to any
    criminal activity or at the request of judicial or administrative authorities.

7. Clients' Rights

a) Right of Access and Copy

Clients have the right to request confirmation from the Company about whether their Data is being processed.
Clients can request a copy of their Data being processed by the Company.
However, for additional copy requests, the Company may require the Client to cover the associated costs.
If Clients make their request for Data copies electronically, the requested information will be provided in a commonly used electronic format, unless stated Clients are informed that this right of access cannot cover confidential information
or data that the law does not permit to be communicated. The right of access must not be exercised abusively, meaning it should not be done regularly solely to destabilize the Company.


b) Right of Rectification and Update
The Company automatically satisfies update requests for online modifications to fields that can technically or legally be updated upon written request from the individual concerned.


c) Right to Deletion
The right to deletion does not apply where the processing is implemented to comply with a legal obligation.
Outside of this situation, Clients can request deletion of their Data in the following limited cases:

  • Data is no longer necessary for the purposes for which it was collected or processed;
  • When the individual withdraws consent on which the processing is based, and there is no other legal basis for the processing;
  • The individual opposes processing necessary for the legitimate interests pursued by the Company and there are no overriding legitimate grounds for the processing;
  • The individual opposes processing their Data for marketing purposes, including profiling;
  • The Data has been processed unlawfully.

 

d) Right to Restriction
Clients are informed that this right does not apply if the processing operated by the Company is lawful and all collected Data is necessary for executing sales contracts.


e) Right to Portability
The Company grants the right to Data portability in the specific case of Data provided by Clients themselves, on online services offered by the Company and for purposes based solely on the consent of the individuals and contract execution.
In this case, Data will be provided in a structured, commonly used, and machine-readable format.


f) Right to Opposition
In accordance with applicable regulations, Clients have the right to object to the processing of their Data at any time for reasons related to their particular situation, concerning processing based on the legitimate interest pursued by the Company.
In exercising such an opposition right, the Company will no longer process the concerned Data, unless it demonstrates legitimate and compelling grounds for continuing the processing that prevail over the interests, rights, and freedoms of Clients. Clients also have the right to oppose any commercial prospecting by mail or phone, including profiling related to such prospecting. In the case of email (e.g., Text messages), the Company may use it if Clients consented to at the time of collection or if they are part of the “client base.”
At any time, Clients can oppose such prospecting by clicking on the link in the sending email or changing preferences in the “client account” on the website. By text message, they can oppose any prospecting by sending “stop” to the number indicated in the received message.

g) Automated Individual Decisions
The Company does not make automated individual decisions.


h) Post-Mortem Rights
Clients are informed that they have the right to set directives regarding the retention, deletion, and communication of their post-mortem data.


i) Exercising Rights
To exercise their rights, Clients must contact the Company in one of the following ways:

  • By sending a request via the contact form on the website,
  • By writing to the following email address: contact@aynel-traiteur.com,
  • By writing to the following address: 1 Rue Nicolas Bremontier – 33830 Belin Beliet.

 

According to personal data protection legislation, Clients are informed that this is an individual right that can only be exercised by the concerned person regarding their own information. Therefore, for security reasons, the Company reserves the right, in case of doubt about the identity of the requester, to ask for the requester’s current identity card, to avoid disclosing confidential information concerning someone other than the Client.


j) Right to Lodge a Complaint with the CNIL
Clients concerned by the processing of their Data are informed of their right to lodge a complaint with the CNIL if they believe that the processing of their Data does not comply with European data protection regulations, at the following address: CNIL – Complaints Service, 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07, Tel: 01 53 73 22 22.

8. Data Security & Confidentiality

It is the responsibility of the Company to define and implement appropriate technical security measures, whether physical or logical, to combat the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of data.
These measures primarily include:

  • Managing authorizations for access to data;
  • Internal backup measures;
  • Identification processes;
  • Conducting security audits and intrusion tests;
  • Adopting an information systems security policy; 
  • Adopting continuity/recovery plans;
  • Using security protocols or solutions.

 

To this end, the Company may enlist any third party of its choice to conduct vulnerability audits or intrusion tests as often as it deems necessary. In any case, the Company commits, in case of changes to the means of ensuring the security and confidentiality of Data, to replace them with superior performance means. No evolution may lead to a regression in the level of security.
In case of subcontracting all or part of a Data processing, the Company commits to contractually impose security guarantees on its subcontractors through technical protection measures for this Data and appropriate human resources.

9. Third-Party Sites or Services

This personal data privacy policy does not cover third-party practices regarding personal data protection, including for third-party services or sites to which the Site redirects (e.g., if such services are available on the Site: Stripe, Facebook, etc.). The Company is not responsible for data collection, use, disclosure, or security practices of these third parties, which are conducted according to the data protection policies of these third parties and under their responsibility.

For Firefox: click here,
For Internet Explorer: in “Internet options,” under the “Privacy” tab, check the box “Never allow websites to request your physical location,”
For Chrome: in the navigation bar, click on the logo, then in the dropdown menu for “Location,” choose between the three available options.

10. Data Breaches

The Company commits to notifying the CNIL of any Data breach it may experience, in accordance with the regulations in this area.
Clients will be informed of any Data breaches that could affect their rights and pose a risk to them.

11. Data Protection Officer

The Company has appointed a Data Protection Officer (DPO) whose contact details are as follows:

  • Name: Cécile Breton
  • Email Address: cecile@aynel-traiteur.com

12. Cookies and Other Trackers

The cookie policy is available here.

13. Modifications and Updates to the Charter

This Charter may be amended or modified at any time in response to legal changes, jurisprudential developments, or based on decisions and recommendations from the CNIL and best practices. Any new version of this Charter will be communicated to you by any means, including electronically.

Aynel Traiteur