strong, lasting relationships with its customers, partners, consumers and
associates, based on mutual trust: making sure that their personal data are
safe and remain confidential is an absolute priority for SODEXO.
SODEXO complies with all French and European regulatory and legal provisions on
the protection of personal data.
personal data of those who use its websites and other applications:
• Users remain in control of their own data. The data are
processed in a transparent, confidential and secure manner.
• SODEXO is committed to a continuing quest to protect its
users’ personal data in accordance with the Loi Informatique et Libertés
[French Data Protection Act] of January 6, 1978 as amended (hereinafter the
“DPA”) and the General (EU) Data Protection Regulation of April 27, 2016
(hereinafter the “GDPR”).
• SODEXO has a dedicated personal data protection team
comprising a Group Data Protection Officer registered with the CNIL (Commission
Nationale de l’Informatique et des Libertés [French Data Protection Agency])
and a network of contact persons dedicated to personal data protection.
PURPOSE OF THIS POLICY
SODEXO takes the protection of your personal data very seriously.
We developed this policy to inform you of the conditions under which we
collect, process, use and protect your personal data. Please read it carefully
to familiarize yourself with the categories of personal data that are subject
to collection and processing, how we use these data and with whom we are likely
to share it. This policy also describes your rights and how you can get in
touch with us to exercise these rights or to ask us any questions you might
have concerning the protection of your personal data.
This policy may be amended, supplemented or updated, in particular to comply
with any legal, regulatory, case law or technical developments that may arise.
However, your personal data will always be processed in accordance with the
policy in force at the time of the data collection, unless a compulsory legal
prescription determines otherwise and must be enforced retroactively.
This policy forms an integral part of the Conditions of Use of the website.
IDENTITY AND CONTACT DETAILS OF THE CONTROLLER
UMANIS, « Société par Actions Simplifiée », with share capital
of € 400.000 euros, whose head office is located at 33 Av Emile Zola 92100
Boulogne-Billancourt Cedex, registered with Paris Trade & Companies
Register under number 841 448 707.
“Personal data” means any information relating to an
identified natural person or one that can be directly or indirectly identified
by reference to an identification number or to one or more factors specific to
“us” or “our” means the entity of the Sodexo group that
operates Personal Data processing activities,
means this website and/or, if applicable, mobile application, as well as the
sub-sites, mirror sites, portals, URL variations relating thereto if
COLLECTION AND SOURCE OF PERSONAL DATA
We will most likely collect your personal data directly (in particular via the
data collection forms on our website) or indirectly (in particular via our
service providers and/or technologies on our website).
We undertake to obtain your consent and/or to allow you to refuse the use of
your data for certain purposes whenever necessary.
You will in any event be informed of the purposes for which your data are
collected via the various online data collection forms and via the Cookie
TYPES OF PERSONAL DATA COLLECTED AND USED BY US
We may specifically collect and process the following types of personal data:
- the information that you provide when filling in the forms
on the website (for example, for subscription purposes, to participate in
surveys, for marketing purposes, etc.);
- the information that your provide for authentication purposes;
- the information that you provide for order fulfillment or
to provide a service;
- via “posts”, comments or other content that you post on the
Personal data identified by an asterisk in the data collection forms are
compulsory as these are necessary to fulfill any orders placed. In the absence
of this compulsory information, these transactions cannot be processed.
PERSONAL DATA THAT WE AUTOMATICALLY COLLECT
We collect some information automatically when you visit the website in order
to personalize and enhance your experience. We collect this information using
various methods such as:
A “cookie” is a small information file sent to your browser when you visit our
website and stored on your computer. This file contains information such as the
domain name, the internet access provider and the operating system as well as
the date and time of access by the user. Cookies cannot damage your computer in
Cookies are not used to determine the identity of an individual who visits our
website. Cookies allow us to identify, in particular, your geographic location
and the display language in order to improve your online browsing experience.
They also enable us to process information about your visit to our website,
such as the pages viewed and the searches made, in order to improve our website
content, to follow your areas of interest and offer you more suitable content.
If you do not want to receive cookies from our website, you can adjust your
browser settings accordingly. To manage your choices, each browser has a
different configuration. These configurations are described in your browser’s
help menu, which will explain how to change the settings to your desired
We recommend, however, that you do not deactivate our cookies. Keep in mind
that if you block, turn off or reject our cookies, some of our webpages will
not display correctly or you will no longer be able to use some of the services
we offer. In this case, we cannot be held liable for any consequences related
to the reduced functionality of our services arising from our inability to
store or consult the cookies required for its functioning and which you have
declined or deactivated.
Lastly, by clicking on the dedicated icons of social networks such as Twitter,
Facebook, Linkedin, etc., if these are displayed on our website, and if you
have agreed that cookies may be downloaded while you are browsing our website,
the social networks in question may also download cookies to your devices
(computer, tablet or mobile phone). These types of cookies are downloaded to
your device only on condition that you have given your consent by continuing to
browse our website. You can, however, at any time revoke your consent to these
social networks downloading these types of cookies.
An IP address is a unique identifier used by some electronic devices to
identify and communicate with each other on the internet. When you consult our
website, we can use the IP address of the device used by you to connect you to
the website. We use this information to determine the general physical location
of the device and to know in which geographical areas visitors are located.
The website uses Google Analytics to generate statistical reports. These
reports tell us, for example, how many users consulted the website, which pages
were visited and in which geographical areas website users are located. The
information gathered via the statistics may include, for example, your IP
address, the website from which you arrived at our site and the type of device
that you used. Your IP address is hidden on our systems and will only be used
if necessary to resolve a technical problem, for website administration and to
gain insight into our users’ preferences. Website traffic information is only
accessible to authorized staff. We do not use any of this information to
identify visitors and we do not share this information with third parties.
You have the option to click on the dedicated icons of social networks such as
Twitter, Facebook, Linkedin, etc. that appear on our website.
Social networks create a friendlier atmosphere on the website and assist in
promoting the website via sharing. Video sharing services enrich the video
content of our website and increase its visibility.
When you click on these buttons, we may have access to the personal information
that you have made public and accessible via your profiles on the social
networks in question. We neither create nor use any separate databases from
these social networks based on the personal information that you have published
there and we do not process any data relating to your private life through
If you do not want us to have access to your personal information published in
the public spaces of your profile or your social accounts, then you should use
the procedures provided by the social networks in question to limit access to
PURPOSES FOR WHICH WE USE PERSONAL DATA
We use your personal data specifically for the following purposes:
• to respond to your requests such as requests for
information, searches, the newsletter or other content;
• to provide the services and offers ordered on our website
and/or in one of our establishments;
• to conduct surveys and gather statistics;
• to personalize and enhance your experience on our website;
• to offer you our products and services and/or our partners’
products and services;
• any other purpose of which we will inform you, if
applicable, when we collect your data.
LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
We process your personal data as part of the performance and management of our
contractual relationship with you, in our legitimate interest to improve the
quality and operational excellence of the services we offer to you or in
compliance with certain regulatory obligations.
Your personal data may also be processed based on your prior consent in the
event that under certain circumstances, your consent would be requested.
DISCLOSURE OF PERSONAL DATA
The security and confidentiality of your personal data are of great importance
to us. This is why we restrict access to your personal data only to members of
our staff who need to have this information in order to process your orders or
to provide the requested service.
We will not disclose your personal data to any unauthorized third parties. We
may, however, share your personal data with entities within the Sodexo group
and with authorized service providers (for example: technical service providers
[hosting, maintenance], consultants, etc.) whom we may call upon for the
purpose of providing our services. We do not authorize our service providers to
use or disclose your data, except to the extent necessary to deliver the
services on our behalf or to comply with legal obligations. Furthermore, we may
share personal data concerning you (i) if the law or a legal procedure requires
us to do so, (ii) in response to a request by public authorities or other
officials or (iii) if we are of the opinion that transferring these data is
necessary or appropriate to prevent any physical harm or financial loss or in
respect of an investigation concerning a suspected or proven unlawful activity.
STORAGE PERIOD OF YOUR PERSONAL DATA
We will store your data only for as long as necessary to fulfill the purposes
for which it was collected and processed. This period may be extended, if
applicable, for any amount of time prescribed by any legal or regulatory
provisions that may apply.
SENSITIVE PERSONAL DATA
As a general rule, we do not collect sensitive personal data via our website.
“Sensitive personal data” refers to any information concerning a person’s
racial or ethnic origins, political opinions, religious or philosophical
beliefs, union membership, health data or data relating to the sexual life or
the sexual orientation of a natural person. This definition also includes
personal data relating to criminal convictions and offenses.
In the event that it would be strictly necessary to collect such data to
achieve the purpose for which the processing is performed, we will do so in
accordance with local legal requirements for the protection of personal data
and, in particular, with your explicit prior consent and under the conditions
described in this Confidentiality Policy.
PERSONAL INFORMATION AND CHILDREN
The website is for use by adult persons who have the capacity to conclude a
contract under the legislation of the country in which they are located.
Children users under the age of 16 years or without legal capacity must obtain
consent from their legal guardians prior to submitting their data to the
The 16-year age limit may be reduced to 13 years depending on the local
legislation in your usual place of residence.
TRANSFER OF PERSONAL DATA
As Sodexo is an international group, your personal data may be transmitted to
internal or external recipients that are authorized to perform services on our
behalf and that are located in countries outside the European Union or the
European Economic Area which do not offer an adequate level of personal data
To guarantee the security and confidentiality of personal data thus transmitted,
we will take all necessary measures to ensure that these data receive adequate
protection, such as signing standard European Commission contractual clauses or
other equivalent measures.
In accordance with the applicable law, you have certain rights relating to the
processing of your personal data.
Right of access You have the right to request access to your
personal data. You may also request rectification of inaccurate personal data
or request that incomplete data be completed.
You also have the right to know the source of the personal data.
Right of erasure Your right to be forgotten entitles you to
request the erasure of your personal data when:
(i) the data are no longer necessary to achieve the purposes
for which they were collected and processed;
(ii) you choose to withdraw your consent (if your consent was
obtained as the legal basis for processing), without such a withdrawal
affecting the lawfulness of any processing carried out prior to the withdrawal;
(iii) you object to the processing;
(iv) your data were processed unlawfully;
(v) your data must be erased to comply with a legal
(vi) erasure of the data is required to ensure compliance
with current legislation.
Right to restriction You may also request restriction of
processing of your personal data if:
(i) you dispute the accuracy of your data;
(ii) we no longer need these data for processing purposes;
(iii) you are opposed to the processing of the data.
Right to refuse direct marketing messages You may at any time
request to no longer receive advertising or prospecting by contacting us
directly, free of charge, or via the “unsubscribe” link included with any form
of prospecting that we might send to you by email, or by sending us an email to
the address provided below. This opposition is without prejudice to the
lawfulness of any communication sent to you before the opposition was
In accordance with
Article L.223-2 of the French Consumer Code, Users are hereby informed of their
right to subscribe, free of charge, to the national “do not call” registry to
opt out of telephone canvassing (www.bloctel.gouv.fr).
The right not to be the subject of a decision based exclusively on automated
data processing. You have the option not to be the subject of a decision based
exclusively on automated processing that has legal effects concerning you or
that has a significant impact on you.
portability You may request that we provide your personal
data in a structured, commonly used, machine-readable format or you may request
that it be transmitted directly to another controller on condition that:
(i) the processing is based on your consent or necessary to
fulfill a contract with you; and
(ii) that it is done via automated means. Right to issue
advanced instructions about the processing of your personal data after your
In application of
the French Data Protection Act, you may also formulate instructions on
exercising your rights as set out in this section, after your death (in
particular with regard to the storage period or the erasure and/or disclosure
of the data) as well as appoint a person tasked with exercising these rights.
Right to lodge a complaint with a supervisory authority If
you have any concerns or complaints with regard to the protection of your
personal data, you have the right to lodge a complaint with the French Data
Protection Agency (CNIL) using the following link: www.cnil.fr.
address any requests to us beforehand by contacting us at the address given
below so that we can deal with your request and find an amicable solution.
To exercise your rights, you can fill out and send us the Complaint/Request
form or make your request by email to the following address: email@example.com
stating your surname, first name and the reason for your request. We will most
likely ask you for additional information in order to identify you and to
enable us to deal with your request.
We implement all possible technical and organizational security measures to
ensure security and confidentiality in processing your personal data.
To this end, we take all necessary precautions given the nature of the personal
data and the risks related to its processing, in order to maintain data
security and in particular to prevent distortion, damage or unauthorized
third-party access (physical protection of the premises, authentication
procedures with personal, secured access via identifiers and confidential
passwords, a connection log, encryption of certain data, etc.).
CUSTOMER RELATIONSHIP MANAGEMENT DATABASE (“CRM DATABASE”)
We use a database to manage and monitor our relationships with existing and
potential customers. This database includes the personal data of associates of
our customers or other partners with whom we have a business relationship or
with whom we want to establish such a relationship. These data, used only for
this purpose, notably include: contact details (surname, first name, telephone
number, email address, etc.), publicly accessible information, the responses to
targeted emails and other information collected and recorded by our associates
as part of their interactions with our customers and partners. If you want to
be removed from our CRM database, please write to firstname.lastname@example.org.
LINKS TO OTHER SITES
provide links to other websites for practical and informative purposes. These
websites are mostly Sodexo websites and some of them operate independently from
our websites and are not under our control. These websites are run by third
strongly advise you to read. We do not accept any liability with regard to the
content on these sites, for the products and services that may be offered there
or for any other use thereof.
UPDATES OF OUR CONFIDENTIALITY POLICY
This policy will
become effective on May 25, 2018. We may update or amend this confidentiality
policy as and when needed. In this case, amendments will only become applicable
after a period of 30 business days from the date of the amendment. Please
consult this page from time to time if you want to be informed of any possible
If you have subscribed to certain services via our website and you no longer
want to receive emails, please consult the “unsubscribe” page corresponding to
the service you are subscribed to.
HOW TO CONTACT US
If you have any
questions or comments with regard to this policy, please do not hesitate to
contact us at the following address: email@example.com or contact our Group
Data Protection Officer at the following address: firstname.lastname@example.org.
Last updated: May 2023.