Since May 2018, the General Data Protection Regulations (GDPR) serve as the European framework for the processing and circulation of data of a personal nature. The protection of personal data is also governed by the modified data protection (Informatique et Liberté) act no. 78-17 of 6 January 1978. This personal data protection policy informs you of the manner in which Yoplait France processes your personal data in compliance with the GDPR and the data protection (Informatique et Liberté) act.
1. TO WHOM ARE YOUR PERSONAL DATA PROVIDED?
Your personal data are processed by Yoplait France, a simplified joint-stock company with a capital of EUR 138,875 listed in the Nanterre Register of Trades and Companies under the number
440 767 549 hereinafter referred to as “Yoplait”, with its registered office located at 150 rue Gallieni, Boulogne Billancourt 92641 cedex, France, as well as by any other company belonging to the SODIAAL group.
Your personal data are made accessible only to people authorized to have knowledge of them with a view to their attributions. Your personal data are transmitted to Yoplait France employees in charge of the administration of the platform and the conducting of surveys (Yoplait France’s marketing division), as well as to subcontractors contractually associated with the processing manager, namely General Mills. Your data are not sent to our commercial partners without your having been informed beforehand and having given your prior consent.
2. WHY DO WE NEED TO PROCESS YOUR PERSONAL DATA?
Your personal data are processed Yoplait France for the following purposes:
Yoplait France takes care to collect and process only data that are strictly necessary with regard to the aim of their processing.
The legal basis of this processing is your consent. You can withdraw your consent in accordance with your right of withdrawal as described below.
3. FOR HOW LONG ARE YOUR DATA CONSERVED?
Data allowing identification and the targeting of surveys (email address, profile) are conserved on the platform until the moment of subscription cancellation, whereupon they will be definitively deleted. However, if your account remains inactive for a period of two years, you will be informed by Yoplait France and if you do not react within the period communicated by Yoplait France, your data will be deleted.
Replies to surveys conducted by Yoplait France are conserved for a period of three years, at the end of which these data are deleted.
However, these retention periods may be extended or shortened if:
4. WHAT RIGHTS DO YOU HAVE?
You have:
This right concerns all data regarding you, whether or not processed by the processing manager.
They will no longer undergo any active processing and may not be modified during the exercising of this right.
For more details on your rights, you can contact the Data Protection Officer, whose contact details are given below.
You may exercise your rights at the following address:
150 rue Gallieni, Boulogne Billancourt 92641 cedex, France
To formalize your request, you will be asked to prove your identity.
You may draw up general directives with a trusted third party, or special directives with the processing manager concerning the conservation, deletion and communication of your personal data after your death. These directives may be modified or revoked at any time. In this regard, we advise you to contact the Data Protection Officer, whose contact details are given below.
If, after having contacted us, you consider that your personal data protection rights have not been respected, you have the possibility of taking your case to National Commission for Information Technology and Civil Liberties (CNIL). The CNIL’s contact details are available at the following address: https://cnil.fr/
5. HOW TO CONTACT THE DATA PROTECTION OFFICER
For any further information, you can contact the Data Protection Officer at the following address:
Annabel Francony Legros
6. THE SECURITY OF YOUR DATA
Yoplait France takes the appropriate technical and organizational measures to ensure the security of your data in accordance with the applicable regulations. In this connection, the company takes the necessary precautions and measures against any unauthorized access to and use of the data, any accidental loss or theft of data, any destruction or alteration of data and in general, any damage that could affect these data.