GDPR

We take the protection of your personal data very seriously. We developed this policy to inform you of the conditions under which we collect, process, use and protect your personal data. Please read it carefully to familiarize yourself with the categories of personal data that are subject to collection and processing by Circles France, how we use this data, and with whom we are likely to share it. This Policy also describes the measures we take to ensure the security of your personal data, what are your rights and how you can get in touch with us to exercise these rights or to ask us any questions you might have concerning the protection of your personal data. In addition to this Privacy Policy, the use of the Website and concierge services of Circles France requires the acceptance of the following documents: Terms of Use (Website) 1. DEFINITIONS Personal data means any information relating to an identified natural person or one that can be directly or indirectly identified by reference to an identification number or to one or more factors specific to this person. Beneficiary persons designated by the Client as the beneficiary of Circles concierge services. Client legal entity which has concluded a contract with Circles to set up and manage a concierge service. Partners any independent natural or legal person selected by Circles to perform certain services offered as part of a concierge service. Us or Our Circles. You any Website user and, including but not limited to, Clients, Beneficiaries or Website visitors. Website the website of Circles available at the address: https://circles.com/nl/ 2. SOURCE OF PERSONAL DATA, PURPOSES FOR THE PROCESSING, LEGAL BASIS We will most likely collect your personal data directly (in particular via the data collection forms on the Website) or indirectly (information transferred by the Client if you are a Beneficiary). You can find below information about the purposes for which your data are processed (why we treat your data) by category of people whose data are processed and about the legal basis on which this process is based.

	Purposes for which you data are processed	Legal basis
Clients and prospects	Management and follow-up of the customer and prospect relationship (drafting of commercial offers, conclusion and monitoring of the execution of the contract, communication of information on the evolution of services and offers). • Communication of information via the Website • Management of your rights in application of the regulations on the protection of Personal Data • Realization of Website visit statistics, market research and Website improvement. Enhancing your experience on the Website.	Execution of a contractual obligation of Circles Legal obligations in relation to billing
Beneficiaries	Management of the relationship with the Beneficiaries (creation of member account, order and payment of Circles concierge services, answer to questions asked or requests formulated through the forms available on the Website, linking with Partners) Communication of information via the newsletter or other media (in particular by email)	Execution of a contractual obligation of Circles and your consent if you choose to receive information from us
Partners	Initial contact and communication of information Management and monitoring of the relationship with Partners	Circles’ legitimate interest in developing its partner network Execution of a contractual obligation of Circles Legal obligations in relation to billing
Candidates	Processing of your application and conclusion, if any, of an employment contract with you	Execution of pre-contractual obligations of Circles in relation to recruitment
Visitors	Enhancing your experience on the Website and realization of Website visit statistics	Circles’ legitimate interest in improving its Website

In accordance with the Labor Code, we inform candidates that the recruitment procedure used by our company includes:

• The collection of the candidate’s resume and motivation letter via the different channels of distribution of offers
  • A first telephone sourcing
  • One or more physical interviews
  • The sending of an application file to be completed by the candidate with requests for references
  • Taking a reference

3. TYPES OF PERSONAL DATA, AND STORAGE PERIOD You will find below information on the categories of personal data we process and how long these data are kept.

Catégories de données traitées*	Durée de conservation des données
Indentification Information (Name, first name etc.)	Candidates : 2 years Prospects : 3 years from the collection of data or last contact Clients, Partners and Beneficiaries : duration of contract + duration required to meet our legal and regulatory obligations
Information in relation with personal and family life (address email, telephone number etc.)
Information in relation with professional life (name of company, email address, telephone number, resume etc.)
Technical data (IP address, browser type, domain names, hours of access, operating system, clicks and mouse movements, screen scrolling). For further information, please consul tour cookie policy	6 months
Login	6 months

* The categories of Personal Data identified by a sign (*) in the collection forms are mandatory because they are necessary to take into account the request made (eg request for communication of a quotation). Failing to provide this mandatory information, these operations will not be taken into account. 4. DISCLOSURE OF PERSONAL DATA The security and confidentiality of your personal data are of great importance to us. This is why we restrict access to your personal data only to members of our staff who need to have this information in order to process your orders or to provide the requested service. We may, however, share your personal data to Circles authorized service providers (for example: Sodexo group subsidiaries, partners, technical service providers (hosting, maintenance), consultants, etc.) whom we may call upon for the purpose of providing our services. We do not authorize our service providers to use or disclose your data, except to the extent necessary to deliver the services on our behalf or to comply with legal obligations. Furthermore, we may share personal data concerning you (i) if the law or a legal procedure requires us to do so, (ii) if we are of the opinion that transferring these data is necessary or appropriate to prevent any physical harm or financial loss or in respect of an investigation concerning a suspected or proven unlawful activity. 5. YOUR RIGHTS In accordance with the applicable law, you have certain rights relating to the processing of your personal data.

Right of access	You have the right to request access to your personal data. You may also request rectification of inaccurate personal data or request that incomplete data be completed. You also have the right to know the source of the personal data.
Right of erasure	Your right to be forgotten entitles you to request the erasure of your personal data when: the data are no longer necessary to achieve the purposes for which they were collected and processed; you choose to withdraw your consent (if your consent was obtained as the legal basis for processing), without such a withdrawal affecting the lawfulness of any processing carried out prior to the withdrawal; you object to the processing; your data were processed unlawfully; your data must be erased to comply with a legal obligation; or erasure of the data is required to ensure compliance with current legislation.
Right to restriction	You may also request restriction of processing of your personal data if: you dispute the accuracy of your data; we no longer need these data for processing purposes; and you are opposed to the processing of the data.
Right to refuse direct marketing messages	You may at any time request to no longer receive advertising or prospecting by contacting us directly, free of charge, or via the “unsubscribe” link included with any form of prospecting that we might send to you by email, or by sending us an email to the address provided below. This opposition is without prejudice to the lawfulness of any communication sent to you before the opposition was implemented. In accordance with Article L.223-2 of the French Consumer Code, Users are hereby informed of their right to subscribe, free of charge, to the national “do not call” registry to opt out of telephone canvassing (www.bloctel.gouv.fr).
The right not to be the subject of a decision based exclusively on automated data processing	You have the option not to be the subject of a decision based exclusively on automated processing that has legal effects concerning you or that has a significant impact on you.
Right of portability	You may request that we provide your personal data in a structured, commonly used, machine-readable format or you may request that it be transmitted directly to another controller on condition that: the processing is based on your consent or necessary to fulfill a contract with you; and that it is done via automated means.
Right to issue advanced instructions about the processing of your personal data after your death	In application of the French Data Protection Act, you may also formulate instructions on exercising your rights as set out in this section, after your death (in particular with regard to the storage period or the erasure and/or disclosure of the data) as well as appoint a person tasked with exercising these rights.
Right to lodge a complaint with a supervisory authority	If you have any concerns or complaints with regard to the protection of your personal data, you have the right to lodge a complaint with the French Data Protection Agency (CNIL) using the following link: www.cnil.fr. However, please address any requests to us beforehand by contacting us at the address given below so that we can deal with your request and find an amicable solution.

To exercise your rights, you can contact us by writing to us at the following address: circles.privacy@sodexo.com stating your surname, first name and the reason for your request. We will most likely ask you for additional information in order to identify you and to enable us to deal with your request. 6. TRANSFER OF PERSONAL DATA Your personal data may be transferred to our US-based provider for marketing management purposes. This provider offers an adequate level of protection according to the European regulations on the protection of personal data, having adhered to the Privacy Shield. 7. COOKIE POLICY On this Website, we use cookies to improve our Website’s performance and to enhance your browsing experience.   7.1. WHAT IS A COOKIE? A cookie is a small information file sent to your browser and registered in your device (for example computer, smartphone). Cookies are not used to determine the personal identity of anyone who is merely visiting Our Website. They serve to help us track traffic patterns to determine a user’s preferred location and language so that we can direct them to the correct country home page when they visit Our Website. Those cookies are set by us and called first party cookies. 7.2. HOW DO YOU DISABLE COOKIES If you do not want to receive a cookie from Our Website, you have several options. You may opt-out of receiving them or disable those that would have been installed on your terminal. You can choose at any time to express and modify your wishes with regard to cookies, by the means described below. Indeed, if most browsers are set by default and accept the installation of cookies, you have the option, if you wish, to choose to accept all the cookies, or to opt-out of receiving them systematically. You also have the option to set up your browser to accept or opt-out of cookies before they are installed on a case-by-case basis. In addition, you can regularly remove cookies from your terminal via your browser. However, please be aware that if you do turn off ‘cookies’ in your browser, you will not be able to fully experience some of Our Website. For example, you will not be able to benefit from automatic log-on and other personalization features of Our Website. Please note that you should not forget to set up all the browsers of your different terminals (tablets, smartphones, computers). There are various ways to configure browsers so you should refer to the help section of the browser you are using to understand how to configure it and exercise your options. Audience measurement cookies, can be disabled as follows:

• You can disable “Google Analytics” cookies, by downloading the module accessible from the following address: https://tools.google.com/dlpage/gaoptout/

7.3. WHAT COOKIES DO WE USE? More specifically, we use cookies and other tracking technologies for the following purposes:

• Offer a better browsing experience;
• Facilitate the registration of our events, the opening of a session, and allow you to share your comments more easily;
• Analyze your use of our products, services or applications;

The cookies used by Our Website are of three types, as classified below:

• Strictly necessary cookies
• Performance cookies
• Functional cookies

7.4. STRICLTY NECESSARY COOKIES Some cookies we use are essential to the functioning of Our Webite. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but be aware that some parts of the site may not work. 7.5. PERFORMANCE COOKIES Some cookies help us with the performance and design of Our Website. This function allows us to measure how many times a page has been visited, to know which pages are the most and least popular, and see how visitors move around Our Website. All information collected by these cookies is aggregated and therefore anonymous. If you disallow these cookies, we will have no knowledge of when you have visited Our Website. 7.6. FUNCTIONAL COOKIES Some cookies help us to remember the settings which you have selected, or assist with other functionality when you browse and use Our Website. This helps us to remember your preferences when you return to Our Website. So when you visit the site again, we will remember your preferences. These cookies enhance functionality and personalization. If you do not allow these cookies, then some or all of these functionalities may not function properly. By navigating on Our Website, you agree that we can place cookies on your computer or device. If you prefer not to receive cookies, then you should stop using Our Website, or consult your browsing settings.   8. UPDATES OF OUR PRIVACY POLICY We may update or amend this Privacy Policy from time to time without notice. We will post an update notice that we will highlight on the homepage of the Website to inform you of any significant changes to this policy, and we will notify you the date of the last update. 9. HOW TO CONTACT US If you have any questions or comments with regard to this policy, please do not hesitate to contact us at the following address: circles.privacy@sodexo.com or contact our Group Data Protection Officer at the following address: dpo.group@sodexo.com. Last updated : May 22, 2018