Last Update: 15th of September 2021
SODEXO builds strong, lasting relationships with its customers, partners, consumers and associates, based on mutual trust: making sure that their personal data are safe and remain confidential is an absolute priority for SODEXO.
SODEXO complies with all Luxembourgish and European regulatory and legal provisions on the protection of personal data.
- Users remain in control of their own data. The data are processed in a transparent, confidential and secure manner.
- SODEXO is committed to a continuous approach to the protection of its users’ personal data in accordance with the General (EU) Data Protection Regulation of April 27, 2016 (hereinafter the “GDPR”) and the law of 1st August 2018 on the protection of natural person to the processing of personal data in criminal matters and in national security matters.
- SODEXO has a team dedicated to the protection of personal data, composed of a Data Protection Officer declared to the CNPD (Commission Nationale pour la Protection des Données) (the “CNPD”) and the Commission Nationale Informatique et Libertés (the “CNIL”) as the lead supervisory authority for the group SODEXO and a network of contact points dedicated to the protection of personal data within the SODEXO group.
For more information, please consult our General Data Protection Policy.
For more information or any questions regarding your data protection or this policy, you can contact by email at: firstname.lastname@example.org
PURPOSE OF THIS POLICY
SODEXO takes the protection of your Personal data very seriously.
We developed this policy to inform you of the conditions under which we collect, process, use and protect your Personal data. Please read it carefully to know the categories of Personal data that are subject to collection and processing, how we use this data and with whom we are likely to share it. This policy also describes your rights and how you can get in touch with us to exercise these rights or to ask us any questions you might have concerning the protection of your Personal data.
IDENTITY AND CONTACT DETAILS OF THE CONTROLLER
The personal data controller is:
SODEXO PASS S.A.,
Registered Office: 39, rue du Puits Romain, L-8070 Bertrange
RCS Luxembourg: B 31382
Representative: Sven Marinus, CEO
“Personal data” means any information relating to an identified natural person or one that can be directly or indirectly identified by reference to an identification number or to one or more factors specific to this person.
“us” or “our” SODEXO PASS S.A., a Luxembourg public company limited by shares (société anonyme), having its registered office at 39, rue du Puits Romain, L-8070 Bertrange and registered with the Luxembourg Trade and Companies Registry (Registre de Commerce et des Sociétés, Luxembourg), section B, under number 31382 (hereinafter “Sodexo”).
“you” any Website user/visitor.
“Website” the website of Sodexo available at the address https://sodexo.lu.
COLLECTION AND SOURCE OF PERSONAL DATA
We process the Personal data of the following persons:
- You, in your capacity as a user/visitor of the Website;
- You in your capacity as a customer of Sodexo; and
- Any other person about whom you provide information to us through a communication channel indicated on the Webiste, including through social networks. The Personal data of such other persons is transmitted to us under your responsibility and you undertake to transmit it to us in accordance with the applicable legal provisions. We will only use this Personal data if it is necessary for the performance of our duties.
Subject to the previous paragraph, we may collect your Personal data directly (in particular via the collection forms available on our Website) or indirectly (in particular via our service providers and/or technologies of our Website). We will only use this Personal data if it is necessary for the performance of our duties.
We undertake to obtain your consent and/or to allow you to object to the use of your Personal data for certain purposes whenever necessary/appropriate.
TYPES OF PERSONAL DATA COLLECTED AND USED BY US
We may specifically collect and process the following types of Personal data:
- the information that you provide when filling in the forms on the Website (for example, for subscription purposes, to fill in a contact form, for marketing purposes, etc.);
- the information that you provide for authentication purposes;
- the information that you provide for order fulfillment or to provide a card/service;
PERSONAL DATA THAT WE AUTOMATICALLY COLLECT
We collect some information automatically when you visit the Website in order to personalize and enhance your experience. We collect this information using various methods such as:
A “cookie” is a small information file sent to your browser when you visit our Website and stored on your device. This file contains information such as the domain name, the internet access provider and the operating system as well as the date and time of access by the user. Cookies cannot damage your device in any way.
Cookies are not used to determine the identity of an individual who visits our Website. Cookies allow us to identify, in particular, your geographic location and the display language in order to improve your online browsing experience. They also enable us to process information about your visit to our Website, such as the pages viewed and the research conducted, in order to improve our Website content, to follow your areas of interest and offer you more suitable content.
If you do not want to receive cookies from our Website, you can adjust your browser settings accordingly. To manage your choices, each browser has a different configuration. These configurations are described in your browser’s help menu, which will explain how to change the settings to your desired cookies configuration. Note that you can indicate your choice regarding the cookies directly in the Cookie Settings available on the Website.
We recommend, however, that you do not deactivate our cookies. Keep in mind that some of our cookies are necessary for the proper functioning of our Website and if you block, turn off or reject these necessary cookies, some pages of our Website may not display properly or you may not be able to use some of the services we offer. In this case, we cannot be held liable for any consequences related to the reduced functionality of our services arising from our inability to store or consult the cookies required for its functioning and which you have declined or deactivated.
Lastly, by clicking on the dedicated icons of social networks such as Instagram, Facebook, Linkedin, etc., if these are displayed on our Website, and if you have agreed that cookies may be downloaded while you are browsing our Website, the social networks in question may also download cookies to your devices (computer, tablet or mobile phone). You can, however, at any time revoke your consent to these social networks downloading these types of cookies.
This technical information is generated when you access and use our Website. For example, in order to establish your connection to the Website, our servers receive and record information about your device and browser, which may include IP address, browser type, connection times, the most frequently accessed pages and other information about software, hardware, devices used or how you arrived at our Website. This data is used to ensure optimal use of the Website and to customise the Website to each user. The provision of this data is not mandatory and can be modulated via the user’s web browser settings in addition to the features implemented on the Website but it may affect the user’s experience of visiting the Website.
The Website uses Google Analytics to generate statistical reports. These reports tell us, for example, how many users consulted the Website, which pages were visited and from which geographical areas Website users come.
Your IP address is hidden on our systems and will only be used if necessary to resolve technical issues, to administer the Website and to understand the preferences of its visitors. Information about traffic on the Website is only available to authorized staff. We do not use any of this information to identify visitors and we do not share this information with third parties.
This data is processed on the basis of our legitimate interests, i.e. to ensure optimal use of the Website and to customise the Website for each user (e.g. by adapting the language in which the Website is displayed or by offering the Website in a mobile version if the connection comes from a mobile phone).
You have the option to click on the dedicated icons of social networks such as Instagram, Facebook, Linkedin, etc. that appear on our Website.
Social networks create a friendlier atmosphere on the Website and assist in promoting the Website via sharing. Video sharing services enrich the video content of our Website and increase its visibility.
When you click on these buttons, we may have access to the personal information that you have made public and accessible via your profiles on the social networks in question. We neither create nor use any separate databases from these social networks based on the personal information that you have published there and we do not process any data relating to your private life through these means.
If you do not want us to have access to your personal information published in the public spaces of your profile or your social accounts, then you should use the procedures provided by the social networks in question to limit access to this information.
PURPOSES, LEGAL BASIS AND STORAGE DURATION
We use your Personal data specifically for the following purposes:
|N°||Purpose of the processing||Legal Basis||Storage period|
|1||Respond to your contact requests (information, research, newsletter, other content)||Execution and management of our contractual relationship with you and/or our client |
Our legitimate interest in improving the quality and operational excellence of the services we offer you
|Up to three (3) years after the last contact|
|2||Provide you with the services ordered on the Website and/or in one of our establishments||Execution and management of our contractual relationship with you and/or our client||Up to ten (10) years after the termination of the contact|
|3||Conduct surveys and statistics||Our legitimate interest in improving the quality and operational excellence of the services we offer you |
Your consent if requested
|Up to twelve (12) months from last activity or immediately after the account is deleted|
|4||Personalise and improve your experience on the Website||Our legitimate interest in improving the quality and operational excellence of the services we offer you||Up to thirteen (13) months from last activity or immediately after the account is deleted|
|5||Provide you with offers for our products and services and/or our partners’ products and services||Our legitimate interest in improving the quality and operational excellence of the services we offer you |
Your consent to receive offers from our partners
|For the existing costumers: up to three (3) years after the last contact or immediately following the unsubscription from this service |
For the prospect: up to three (3) years after the last contact after the last contact
|Any other purpose that we may specify to you at the time of collection||Determined at the time of collection||Determined at the time of collection|
STORAGE PERIOD OF YOUR PERSONAL DATA
We take all reasonable steps to ensure that Personal data is processed and stored for the minimum period necessary for the purposes set out above.
We undertake to delete or anonymise your Personal data at the end of the retention period described above, plus a period of a few days or weeks, in proportion to the period indicated above, if this is necessary to ensure the deletion or anonymisation of the Personal data concerned in practice, unless there is a compelling reason to do otherwise.
Indeed, at the end of this period, strictly relevant Personal data may be retained (i) for evidential purposes (in the event of litigation or in the event of an inspection by authorised bodies), and/or (ii) to comply with a contractual obligation with our customers.
DISCLOSURE OF PERSONAL DATA
The security and confidentiality of your Personal data are of great importance to us. This is why we restrict access to your Personal data only to members of our staff who need to have this information in order to process your request or to provide the requested service.
We do not disclose your Personal data to any unauthorized third parties. We may, however, share your Personal data with entities within the Sodexo group and with authorized service providers (for example: technical service providers [hosting, maintenance], consultants, etc.) whom we may call upon for the purpose of providing our services. We do not authorize our service providers to use or disclose your Personal data, except to the extent necessary to deliver the services on our behalf or to comply with legal obligations. Furthermore, we may share Personal data concerning you (i) if the law or a legal procedure requires us to do so, (ii) in response to a request by public authorities or other officials or (iii) if we are of the opinion that transferring this Personal data is necessary or appropriate to prevent any physical harm or financial loss or in respect of an investigation concerning a suspected or proven unlawful activity.
SENSITIVE PERSONAL DATA
As a general rule, we do not collect sensitive Personal data via our Website. “Sensitive Personal data” refers to any information concerning a person’s racial or ethnic origins, political opinions, religious or philosophical beliefs, union membership, health data or data relating to the sexual life or the sexual orientation of a natural person. This definition also includes Personal data relating to criminal convictions and offenses.
PERSONAL INFORMATION AND CHILDREN
The Website is for use by adult persons who have the capacity to conclude a contract under the legislation of the country in which they are located.
Children users under the age of 16 years or users without legal capacity must obtain consent from their legal guardians prior to submitting their Personal data to the Website.
TRANSFER OF PERSONAL DATA
As Sodexo is an international group, your Personal data may be transmitted to internal or external recipients that are authorized to perform services on our behalf and that are located in countries outside the European Union or the European Economic Area which do not offer an adequate level of protection for Personal data.
We have entered into a contract with each of our service providers or partners to specify how they may access and process Personal data. They are subject to a confidentiality agreement and have security measures in place for Personal data that are at least equivalent to ours.
To guarantee the security and confidentiality of Personal data thus transmitted, we will take all necessary measures to ensure that such Personal data receive adequate protection, such as signing standard European Commission contractual clauses or any other equivalent mechanism that provides you with enforceable rights and effective remedies. A copy of these guarantees can be made available to you by sending us an email to the following address: email@example.com.
Please note that publications on the Website may be accessible, due to their presence on the internet, outside the European Union.
Sodexo is committed to ensure protection of your rights under applicable laws. You will find below a table summarizing your different rights:
|Right of access and rectification||You can request a copy of the Personal data we hold about you. You may also request rectification of inaccurate Personal data, or to have incomplete Personal data completed.|
|Right to erasure||Your right to be forgotten entitles you to request the erasure of your Personal data in cases where: |
(i) the Personal data is no longer necessary for the purpose for which it was collected;
(ii) you choose to withdraw your consent;
(iii) you object to the processing of your Personal data;
(iv) your Personal data has been unlawfully processed;
(v) there is a legal obligation to erase your Personal data;
|Right to restriction of Processing||You may request that processing of your Personal data be restricted in the cases where: |
(i) you contest the accuracy of your Personal data;
(ii) Sodexo no longer needs your Personal data for the purposes of the processing;
(iii) you have objected to processing for legitimate reasons.
|Right to data portability||You can request, where applicable, the portability of your Personal data that you have provided to Sodexo, in a structured, commonly used, and machine-readable format and you have the right to transmit this data to another Controller without hindrance from Sodexo where: |
(a) the processing of your Personal data is based on consent or on a contract; and
(b) the processing is carried out by automated means.
You can also request that your Personal data be transmitted to a third party of your choice (where technically feasible).
|Right to object to Processing||You may object (i.e. exercise your right to “opt-out”) to the processing of your Personal data particularly in relation to profiling or to marketing communications. When we process your Personal data on the basis of your consent, you can withdraw your consent at any time.|
|Right not to be subject to automated decisions |
|You have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal affect upon you or significantly affects you.|
|Right to lodge a Complaint||You can choose to lodge a complaint with the Data Protection Supervisory Authority in the country of your habitual residence, place of work or place of the alleged infringement, regardless of whether you have suffered damages. In Luxembourg, the Supervisory Authority is the CNPD. |
You have also the right to lodge your Complaint before the courts where the Sodexo entity has an establishment or where you have your habitual residence.
We also take care to preserve the intellectual property rights and image rights of each data subject. If you feel that there is an error on the Website in this respect, you can contact us to report it.
To exercise these rights, you can send your request to firstname.lastname@example.org.
You are responsible for ensuring that any Personal data you provide us with is secure.
We implement all possible technical and organizational security measures to ensure security and confidentiality in processing your Personal data.
To this end, we take all necessary precautions given the nature of the Personal data and the risks related to its processing, in order to maintain data security and in particular to prevent distortion, damage or unauthorized third-party access (physical protection of the premises, authentication procedures with personal, secured access via identifiers and confidential passwords, a connection log, encryption of certain data, etc.).
CUSTOMER RELATIONSHIP MANAGEMENT DATABASE (“CRM DATABASE”)
We use a database to manage and monitor our relationships with existing and potential customers. This database includes the Personal data of associates of our customers or other partners with whom we have a business relationship or with our prospects. These data, used only for this purpose, notably include: contact details (surname, first name, telephone number, email address, etc.), publicly accessible information, the responses to targeted emails and other information collected and recorded by our associates as part of their interactions with our customers and partners. If you want to be removed from our CRM database, please write to email@example.com.
LINKS TO OTHER SITES
UPDATES OF OUR CONFIDENTIALITY POLICY
If you have subscribed to certain services via our Website and you no longer want to receive emails, please consult the “unsubscribe” page corresponding to the service you are subscribed to.
HOW TO CONTACT US
If you have any questions or comments with regard to this policy, please do not hesitate to contact us at the following address: firstname.lastname@example.org