DATA PROTECTION POLICY
: May 1, 2020
: any information concerning an identified natural person or who can be identified directly or indirectly by reference to an identification number or to one or more factors specific to that person.
: persons designated by the Customer as beneficiary of Circles concierge services.
: CIRCLES (hereinafter “Circles”), 800 South Street, Suite 195, Waltham, MA 02451, represented by Circle Company Associates, Inc. a subsidiary of Sodexo, Inc. (hereinafter “Sodexo“).
: any user / visitor to the website.
: the Circles websites available at www.circles.com and members.circles.com as
well as any client website hosted under a domain managed by Circles.
COLLECTION AND SOURCE OF PERSONAL DATA
We will most likely collect your personal data directly (in particular via the data collection forms on our Website) or indirectly (in particular via our service providers and / or technologies on our Website, or data communicated by your employer). We are committed to obtaining your consent and/or allowing you to refuse the use of your data for certain purposes whenever necessary. In any event, you will be informed of the purposes for which your data is collected.
TYPES OF PERSONAL DATA WE COLLECT AND USE
We may specifically collect and process the following types of personal data:
- the information you provide when filling out the Website forms (for example, to subscribe, participate in surveys, for marketing purposes, etc.
- the information you provide for authentication purposes;
- the information you provide for the fulfillment of an order or to provide a service; and
- through “messages”, comments or other content that you post on the Website.
Personal data identified by an asterisk in the data collection forms is mandatory because it is necessary for the execution of past requests. In the absence of this mandatory information, these requests cannot be processed.
PERSONAL DATA WE COLLECT AUTOMATICALLY
We automatically collect certain information when you visit our Website to personalize and improve your experience. We collect this information using various methods such as Cookies.
Cookies – California’s Do Not Track Notice
Our Website does not support “Do Not Track” browser settings and does not currently participate in any Do Not Track frameworks that would allow any of our Website to respond to signals or other mechanisms from you regarding the collection of your personal data.
An IP address is a unique identifier used by certain electronic devices to identify and communicate with each other on the Internet. When you visit our Website, we may use the IP address of the device you use to connect to the Website. We use this information to determine the general physical location of the device and to know in which geographic areas our visitors are located.
Our Website uses Google Analytics to generate statistical reports. These reports tell us, for example, how many users have visited our Website, what pages have been visited, and in what geographic areas users of the Website are located. Information collected through statistics may include, for example, your IP address, the website from which you came to our Website and the type of device you used. Your IP address is hidden on our systems and will only be used when necessary to solve a technical problem, for the administration of the Website and to know the preferences of our users. Information on Website traffic is only accessible by authorized personnel.
You can click on the dedicated icons of social networks such as Twitter, Facebook, LinkedIn, etc. that appear on our Website. Social networks create a more friendly atmosphere on the Website and help promote the Website through sharing. Video sharing services enrich the video content of our Website and increase its visibility. When you click on these buttons, we may have access to the personal information that you have made public and accessible via your profiles on the social networks in question. We do not create or use any separate database from these social networks on the basis of the personal information you have published there, and we do not process any data relating to your privacy by these means.
PURPOSES FOR WHICH WE USE PERSONAL DATA
We use your personal data for the following purposes:
- to respond to your requests such as requests for information, research, newsletter or other content;
- to provide the services and offers ordered on our Website and / or in one of our establishments;
- to conduct surveys and collect statistics;
- to personalize and improve your experience on our Website;
- offer you our products and services and / or those of our partners; and
- any other purpose of which we will inform you, if necessary, when we collect your data.
We do not sell, as defined under the California Consumer Protection Act
of 2018 (“CCPA”), your personal data to third parties.
LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
We process your personal data as part of the execution and management of our contractual relationship with you, in our legitimate interest to improve the quality and operational excellence of the services we offer you or in accordance with certain regulatory obligations. Your personal data may also be processed based on your prior consent if, in certain circumstances, your consent is required.
DISCLOSURE OF PERSONAL DATA
The security and confidentiality of your personal data is of great importance to us. Therefore, we limit access to your personal data to only members of our staff who need it to process your orders or provide the requested service. We will not disclose your personal data to unauthorized third parties. However, we may be required to share your personal data with entities of the Sodexo group and with authorized service providers (for example: technical providers [hosting, maintenance], consultants, etc.) to which we can call in the context of our benefits. We do not allow our service providers to use or disclose your data, except to the extent necessary to provide services on our behalf or to comply with legal obligations. In addition, we may share personal data about you:
- if required by law or legal process,
- in response to a request from public authorities or other officials, or
if we believe that the transfer of this data is necessary or appropriate to prevent any physical damage or financial loss or in connection with an investigation concerning a suspected or proven illegal activity.
SHELF LIFE OF YOUR PERSONAL DATA
We will only keep your data for as long as is necessary to achieve the purposes for which it was collected and processed. This period may be extended, if necessary, for the duration provided for by any applicable legal or regulatory provision.
PERSONAL DATA AND “SENSITIVE” DATA, AS DEFINED BY GDPR
In general, we do not collect sensitive personal data through our Website. “Sensitive personal data” means any information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, union membership, data relating to health or sexual life or orientation sexual activity of a natural person. This definition also includes personal data relating to criminal convictions and offenses.
If it is strictly necessary to collect this data to achieve the objective for which the processing is carried out, we will do so in accordance with local legal requirements regarding the protection of personal data and, in particular,
PERSONAL INFORMATION AND CHILDREN
The Website is intended for use by adults who have the capacity to enter a contract under the laws of the country in which they are located. Child users under the age of 16, or those without legal capacity, must obtain the consent of their legal guardians before submitting their data on the Website. The age limit of 16 can be reduced to 13 depending on the local legislation of your place of usual residence. Our Website is intended for a general audience and is not directed to children under the age of 13. Please contact us if you believe that we may have collected information from your child, and we will work to delete it.
TRANSFER OF PERSONAL DATA
As Sodexo is an international group, your personal data may be transmitted to internal or external recipients who are authorized to provide services on our behalf and who are located in countries outside the country of data collection who may not offer an adequate level of protection of personal data. In order to guarantee the security and confidentiality of the personal data thus transmitted, we will take all necessary measures to ensure that these data benefit from adequate protection, such as the signing of standard contractual clauses of the European Commission or other equivalent measures.
In accordance with applicable law, you may have certain rights relating to the processing of your personal data.
Right of Access
– You have the right to request access to your personal data. You can also request the rectification of inaccurate personal data or request that incomplete data be completed. You also have the right to know the origin of personal data.
Right to Erasure
– Your right to be forgotten gives you the right to request the erasure of your personal data when:
(i) the data is no longer necessary for the fulfillment of the purposes for which it was collected and processed; (ii) you choose to withdraw your consent (if your consent has been obtained as a legal basis for processing), without this withdrawal affecting the lawfulness of any processing carried out before this withdrawal; (iii) you object to the processing; (iv) your data has been processed unlawfully; (v) your data must be deleted to comply with a legal obligation or (vi) their deletion is necessary to comply with current legislation.
Right to Limitation
– You can also request the limitation of the processing of your personal data if: (i) you dispute the accuracy of your data; (ii) we no longer need this data for processing purposes; and (iii) you object to the processing of data.
Right to Refuse Direct Marketing Messages
– You can at any time request to no longer receive advertising or prospecting by contacting us directly, free of charge, or via the “unsubscribe” link included with any form of prospecting that we may send you, by e-mail, or by sending us an e-mail to the address provided below. This opposition is without prejudice to the lawfulness of any communication sent to you before the implementation of the opposition.
Right Not to Be Subject to Automated Decisions
– You have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal affect upon you or significantly affects you.
Right to Object to Processing
– You may object (i.e. exercise your right to “opt-out”) to the processing of your Personal Data particularly in relation to profiling or to marketing communications. When we process your Personal Data on the basis of your consent, you can withdraw your consent at any time.
Right of Data Portability
– You can ask us to provide your personal data in a structured, commonly used and machine-readable format or you can request that it be transmitted directly to another controller, provided that: (i) the processing is based on your consent or is necessary for the performance of a contract with you; and (ii) that it is carried out by automated means.
Right to Lodge a Complaint
– You can choose to lodge a complaint with the Data Protection Supervisory Authority in the country of your habitual residence, place of work or place of the alleged infringement, regardless of whether you have suffered damages. Personal Data. You have also the right to lodge your Complaint before the courts where the Sodexo entity has an establishment or where you have your habitual residence.
The CCPA provides
California residents, who are consumers
of Circles, with specific rights regarding their personal information
processed by Circles.
Details on your these specific rights may be found at https://us.sodexo.com/legal–privacy/california-consumer-privacy-act.html
EXERCISING YOUR RIGHTS
To exercise your rights, if you reside outside of the United States or Canada, you can contact us by writing to us at the following address: 800 South Street, Suite 195, Waltham, MA 02451 or at firstname.lastname@example.org.
In your communication please indicate your last name, first name and reason for your request. We will most likely ask you for additional information in order to identify you and allow us to process your request.
For United States or Canadian residents, please utilize one of the following options to contact us:
Sodexo Office of Ethics, Compliance & Privacy
9801 Washingtonian Blvd
Gaithersburg, MD 20878
For California residents, please utilize our specific California Data Subject Request form at https://privacyportal-eu-cdn.onetrust.com/dsarwebform/c51cde17-e99e-4699-80ce-892748f9ad1a/c603db2f-2a85-4ad8-9e51-c0441dc0cd81.html
or call our toll free number at 833-955-1494.
We implement all possible technical and organizational security measures to ensure the security and confidentiality of the processing of your personal data. To this end, we take all the necessary precautions taking into account the nature of the personal data and the risks linked to their processing, in order to ensure the security of the data and in particular to avoid any deformation, deterioration or unauthorized access by third parties. (physical protection of premises, authentication procedures with personal and secure access via confidential identifiers and passwords, connection log, encryption of certain data, etc.).
CUSTOMER RELATIONSHIP MANAGEMENT DATABASE (“CRM DATABASE”)
We use a database to manage and monitor our relationships with our current and potential customers. This database includes the personal data of associates of our customers or other partners with whom we have a business relationship or with whom we want to establish such a relationship. This data, used only for this purpose, includes in particular: contact details (surname, first name, telephone number, e-mail address, etc.), information accessible to the public, replies to targeted e-mails and other information collected and recorded by our associates as part of their interactions with our customers and partners. If you wish to be removed from our CRM database, please write to 800 South Street, Suite 195, Waltham, MA 02451 or email email@example.com
LINKS TO OTHER SITES
UNSUBSCRIBE AND OPT-OUT
If you have subscribed to certain services through our Website and you no longer wish to receive emails, click the “Unsubscribe” link at the bottom of any email message you receive from us, send us an email at firstname.lastname@example.org
, or write to us as described in the “How to Reach Us” section below.