Privacy Policy
Data Privacy policy
​
Name and registered office of the Data Controller
The data controller with regard to Regulation (EU) náµ’ 2016/679, known as the General Data Protection Regulation (GDPR) applicable to the Member States of the European Union and the applicable national legislation is THE MEDITERRANEAN FOOD LAB (FRANCE), a French simplified joint stock company with share capital of €1,050,000, whose registered office is located at 15 Boulevard de Brosses, 21000 Dijon, registered with the Dijon Trade and Companies Register under number 983.102.534.
​
The Data Protection Officer (DPO):
​
Mr. Yair Yosefi
​
E-mail: dpo@med-food-lab.com
​
General information on the processing of personal data
Scope of personal data processing
​
Hereinafter we provide information on the collection of personal data when using our website. Personal data is defined as any data relating to an identified or identifiable natural person, such as the user’s name, address, e-mail address or behavior. You can find these and other definitions of terms used from Regulation (EU) náµ’ 2016/679, the General Data Protection Regulation (GDPR) here [https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02016R0679-20160504&qid=1532348683434].
​
In general, we only collect and use personal data from our users insofar as this is necessary to ensure the proper operation of our website and the quality of the content and services offered. The collection and use of your personal data is only carried out with your consent as a user. As an exception, we may need to collect your personal data in cases where your prior consent cannot be obtained for technical reasons or where the processing of such data is authorized by current legal regulations.
​
Legal framework for processing personal data
​
Insofar as we obtain the prior consent of the data subject, Article 6 paragraph 1 subsection (a) of the General Data Protection Regulation (GDPR) provides for the legal framework for the processing of personal data.
​
When processing personal data necessary for the performance of a contract to which the data subject is a party, Article 6 para. 1 paragraph (b) of the General Data Protection Regulation (GDPR) provides for the legal framework for the processing of personal data. This also applies to data processing necessary for the implementation of pre-contractual measures and information.
​
Insofar as the processing of personal data is necessary for the performance of a legal obligation to which our company is subject, Article 6 paragraph (c) of the General Data Protection Regulation (GDPR) provides for the legal framework for the processing of personal data.
In the event that, safeguarding the vital interests of the data subject or another natural person make it necessary to process personal data, Article 6, paragraph 1, subsection (d), of the General Data Protection Regulation (GDPR) provides for the legal framework for the processing of personal data.
​
In the event that, processing is necessary to safeguard a legitimate interest of our company or of a third party unless the fundamental rights and freedoms of the data subject prevail, Article 6, paragraph 1, subsection (f) of the General Data Protection Regulation (GDPR) provides for the legal framework for the processing of personal data.
​
Data storage and deletion periods
The data subject’s personal data will be deleted or isolated as soon as it is no longer required for the purpose for which it was collected. In addition, data may be retained if this has been provided for by the applicable European or national legislation to which the data controller is subject. Data will also be isolated or deleted on expiry of the storage period prescribed by the aforementioned standards, unless its storage is made necessary for the conclusion or performance of the contract.
​
Data transfer
Data will only be disclosed to third parties within the scope of applicable legal requirements, in particular with regard to Article 6, paragraph 1, subsection (b), of the General Data Protection Regulation (GDPR), if this is made necessary for contractual purposes or for legitimate reasons as defined by Article 6, paragraph 1, subsection (f), of the General Data Protection Regulation (GDPR).
​
In case that we use external service providers as subcontractors, they have been carefully selected and commissioned by us. They are bound by our instructions and are subject to regular controls. We take all legal, technical and organizational precautions to protect your personal data. Data will only be transferred to third countries, where the General Data Protection Regulation (GDPR) is not in force, if the third country in question offers a satisfactory level of protection for personal data, and we obtain the user’s consent or a legal provision authorizes us to do so.
​
SSL encryption
To protect your data, our website uses SSL encryption. You can recognize this type of encryption by the display of “https://” in the Internet address line. In the case of a non-encrypted website, “http://” is displayed. Thanks to SSL encryption, the data you transmit to us on our website cannot be read by unauthorized third parties.
Use of the website and creation of log files
Description and scope of data processing
​
When you simply use the website for information purposes, i.e. when you do not register or provide us with any other information, our system automatically collects data and information from the computer system of the calling computer.
​
The following data are collected:
​
(1) Information on the type and version of browser used
(2) User operating system
(3) User’s Internet Service Provider
(4) User IP address
(5) Date and time of access
(6) Time zone difference from Greenwich Mean Time (GMT)
(7) Type of request (specific page)
(8) Quantity of data transmitted in each case
(9) Websites from which the user’s system accesses our website
(10) Websites that are called by the user’s system via our website
​
Data is also stored in our system log files. This data is not stored with the user’s personal data.
Legal framework for data processing
The legal framework for the temporary storage of data and log files is provided by Article 6, paragraph 1, subsection (f) of the General Data Protection Regulation (GDPR).
​
Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable access to the website by the user’s computer. To this end, the user’s IP address must remain recorded for the duration of the session.
​
Log files are stored to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our IT systems. Evaluation of this data for marketing purposes will not be carried out in this context.
​
These purposes also include our legitimate interest in processing data in accordance with Article 6, paragraph 1, subsection (f) of the General Data Protection Regulation (GDPR).
​
Period of data storage
Data will be deleted as soon as it is no longer required for the purpose for which it was collected. In the case of data collected for the provision of the website, this is the case when the session has ended.
​
In the case of data storage in log files, this occurs after seven (7) days at the latest. Storage beyond this period is possible. In this case, the user’s IP address is deleted or aliased, so that it is no longer possible to assign the calling customer.
​
Right to oppose and revoke consent
The collection of data for the provision of the website and the storage of data in log files are necessary for the proper operation of the website. There is therefore no possibility for users to object to this processing.
​
Use of cookies
Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. If a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a string of characteristic characters that enables the browser to be uniquely identified when the user accesses the website again. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the entire website easier to use and more efficient.
​
We use cookies to make our website easier to use. Some elements of our website require that the calling browser can be identified even after a page change.
​
We also use cookies on our website to analyze user browsing behavior.
When accessing our website, the user is informed of the use of cookies for analysis purposes and his/her consent to the processing of personal data used in this context is obtained. When accessing our website, reference is also made to this data protection declaration.
​
We also use third-party cookies on our website. These are cookies from partner companies, which are placed on our site. These cookies contain only pseudonyms, generally in the form of anonymized data. At no time is this pseudonymous data merged with your personal data.
Legal framework for data processing
The legal framework for the processing of personal data using technically necessary cookies is provided by Article 6 paragraph 1 subsection (f) of the General Data Protection Regulation (GDPR).
​
The legal framework for the processing of personal data using cookies for analysis purposes is provided by Article 6 paragraph 1 paragraph (a) of the General Data Protection Regulation (GDPR) if the user has given consent.
​
The legal framework for the processing of personal data using third-party cookies is provided by Article 6 paragraph 1 subsection (f) of the General Data Protection Regulation (GDPR).
​
Purpose of data processing
The use of technically necessary cookies is intended to simplify the use of the website by users. Certain functions of our website cannot be offered without the use of cookies. For this purpose, it is necessary for the browser to be recognized even after a page change.
​
User data collected by technically necessary cookies is not used to create a user profile.
​
Analysis cookies are used to improve the quality and content of our website. Analysis cookies enable us to find out how the site is used, so that we can continually optimize our offering.
​
The sole purpose of using third-party cookies is to enable our advertising partners to send you ads that may be of interest to you.
​
These purposes also include our legitimate interest in processing personal data in accordance with Article 6 paragraph 1 subsection (f) General Data Protection Regulation (GDPR).
​
Period of storage, right of objection and withdrawal
Cookies are stored on the user’s computer and transmitted by the user to our site. As a user, you therefore have full control over the use of cookies. Some cookies are only used temporarily (transitory cookies). They are automatically deleted when you close your browser. Some cookies are not automatically deleted when the browser is closed (so-called persistent cookies). These are automatically deleted after a set period of time, which may vary depending on the cookie. You can deactivate or limit the transmission of cookies by modifying the settings of your Internet browser. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to make full use of all site functions.
​
Contact form and e-mail contact
Description and scope of data processing
On our website, there is a contact form that can be used for electronic contacts. If a user uses this form, the data entered will be transmitted to us and stored.
​
For data processing, your consent will be obtained during the sending process and reference will be made to this data protection declaration.
​
It is also possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be retained.
In this context, data will not be transferred to third parties. The data will be used exclusively to process the communication with the user.
​
Legal framework for data processing
The legal framework for data processing is provided by Article 6 paragraph 1 paragraph (a) of the General Data Protection Regulation (GDPR) if the user has given consent.
​
The legal framework for the processing of data transmitted when sending an e-mail is provided by Article 6, Paragraph 1, Paragraph (f) of the General Data Protection Regulation (GDPR). If the purpose of the contact is the conclusion of a contract, the additional legal basis for processing is provided by Article 6 paragraph 1 subsection (b) of the General Data Protection Regulation (GDPR).
​
Purpose of data processing
The processing of personal data from the contact form is used solely for the purpose of communicating with the user. In the case of contact by e-mail, the legitimate interest required for data processing lies precisely in the processing of the communication with the user.
​
Period of data storage
Data will be deleted as soon as it is no longer required for the purpose for which it was collected. For personal data on contact forms and those sent by e-mail, this occurs when the respective conversation with the user has ended. The communication is terminated when circumstances allow us to conclude that the purpose of the communication in question is definitively closed.
​
Right of objection and withdrawal
Users may revoke their consent to the processing of their personal data at any time. If the user contacts us by e-mail, he may at any time object to the storage of his personal data. In this case, the communication cannot be continued.
In this case, all personal data stored during this communication will also be deleted.
Rights of the person concerned
When your personal data is processed, you are the data subject under the General Data Protection Regulation (GDPR) and have the following rights with regard to the data controller:
​
Right to information
You can ask the data controller to confirm whether your personal data has been processed by us.
​
If such processing has taken place, you can ask Data Protection Officer (DPO) for information on the following points:
​
(1) the purposes of processing personal data ;
​
(2) the categories of personal data processed;
​
(3) the recipients or categories of recipients to whom your personal data has been or will be disclosed;
​
(4) the intended period of time to keep your personal data or, if it is not possible to give precise details, the criteria for determining the period of time;
​
(5) the existence of your right to rectify or delete your personal data, your right to have the controller restrict processing or your right to object to such processing;
​
(6) the existence of your right of action with a supervisory authority;
​
(7) any available information as to the source of the data, if the personal data are not collected from the data subject;
​
(8) the existence of an automated decision-making process, including profiling in accordance with Article 22, paragraphs 1 and 4, of the General Data Protection Regulation (GDPR) and – at least in these cases – relevant information on the reasoning applied as well as on the scope and expected effects of such processing on the data subject.
​
You have the right to request information as to whether your personal data is being transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards under Article 46 of the General Data Protection Regulation (GDPR) in relation to said transfer.
​
Right of rectification
You have the right to request the data controller to correct and/or complete the data if the personal data processed concerning you is incorrect or incomplete. The data controller must carry out this correction without delay.
​
Right to restrict processing
Under the following conditions, you may request a restriction on the processing of your personal data:
​
(1) if you challenge the accuracy of your personal data for a period of time that allows the data controller to verify the accuracy of the personal data
​
(2) if the processing is unlawful and you object to the deletion of the personal data, requesting instead the restriction of the use of the personal data;
​
(3) the controller no longer needs the personal data for the purposes of processing, but you need the personal data to assert, exercise or defend legal claims; or
​
(4) if you have objected to the processing under Article 21, paragraph 1, of the General Data Protection Regulation (GDPR) and the legitimate reasons given by the data controller clearly do not override your reasons.
​
If the processing of your personal data has been restricted, such data may only be processed – apart from storage – with your consent or for the purpose of asserting, exercising or defending your rights or protecting the rights of another natural or legal person or for reasons of legitimate public interest of the European Union or one of its member states.
​
If processing has been restricted in accordance with the above conditions, you will be informed of this by the data controller before the restriction is lifted.
Right to erasure
Duty to delete
You may request the data controller to delete your personal data without delay and the data controller is required to delete such data without delay if one of the following reasons applies:
​
(1) your personal data are no longer necessary for the purposes for which they were collected or otherwise processed
​
(2) you revoke your consent on which the processing was based pursuant to Article 6, paragraph 1, subsection (a), or Article 9, paragraph 2, subsection (a) of the General Data Protection Regulation (GDPR) and there is no other legal framework for the processing.
​
(3) You object to the processing under Article 21, paragraph 1 of the General Data Protection Regulation (GDPR) and there are no legitimate grounds for the processing, or you object to the processing under Article 21, paragraph 2 of the General Data Protection Regulation (GDPR).
​
(4) Your personal data has been processed unlawfully.
​
(5) The deletion of your personal data is necessary to comply with a legal obligation under European Union law or the law of one of its Member States to which the data controller is subject.
​
(6) Your personal data has been collected in connection with the direct offer of information society services to children, in accordance with Article 8, paragraph 1 of the General Data Protection Regulation (GDPR).
​
Informing third parties
If the data controller has made your personal data public and is required to delete it pursuant to Article 17 paragraph 1 of the General Data Protection Regulation (GDPR), it shall take all reasonable measures, including technical measures, taking into account available technology and implementation costs, to inform its processors that you, as the data subject, have requested them to delete all links to such personal data or copies or replicas of such data.
​
Exceptions
The right to erasure does not exist insofar as processing is necessary:
​
(1) for the exercise of the right to freedom of expression and information;
​
(2) to comply with a legal duty to do so under European Union law or national law to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
​
(3) for reasons of public interest in the field of public health, in accordance with Article 9, paragraph 2, paragraphs (h) and (i), and Article 9 paragraph 3 of the General Data Protection Regulation (GDPR) ;
​
(4) for archiving purposes, for scientific or historical research in the public interest or for statistical purposes within the meaning of Article 89, paragraph 1 of the General Data Protection Regulation (GDPR), insofar as the right referred to in point (a) above, is likely to make it impossible or seriously compromise the achievement of the purposes of such processing, or
​
(5) to assert, exercise or defend legal claims.
​
Right to information
If you have asserted your right to rectification, erasure or restriction of processing to the data controller, the latter is obliged to inform all recipients to whom your personal data have been communicated of such rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort.
​
You have the right, vis-à-vis the data controller, to be informed of the identity of these recipients.
​
Right to data portability
You have the right to retrieve your personal data when you have provided it to the data controller, in a structured, common and machine-readable format.
​
You also have the right to have this data transferred to another data controller, provided that:
(1) the processing is based on consent within the meaning of Article 6 paragraph 1, subsection (a), of the General Data Protection Regulation (GDPR), or Article 9 paragraph 2, subsection (a) of the General Data Protection Regulation (GDPR), or on a contract within the meaning of Article 6 paragraph 1 subsection (b), of the General Data Protection Regulation (GDPR), and
​
(2) processing is carried out using automated procedures.
​
In exercising this right, you also have the right to have your personal data transferred directly from one controller to another, insofar as this is technically possible. The rights and freedoms of other persons must not be affected by this.
​
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object
You have the right to object at any time, for reasons relating to your particular situation, to the processing of personal data concerning you that is carried out pursuant to Article 6, paragraph 1, subsection (e) or (f), of the General Data Protection Regulation (GDPR). This right also applies to profiling based on these provisions. Data protection is an absolute priority for THE MEDITERRANEAN FOOD LAB (FRANCE).
​
The data controller will no longer process your personal data, unless it can demonstrate compelling reasons justifying processing that is worthy of protection and overrides your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
​
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for marketing purposes, including profiling, insofar as such processing is directly related to such direct marketing.
​
If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
​
You may exercise your right to object to the use of information society services for children, without prejudice to European Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), by using automated procedures involving technical specifications.
​
Automated case-by-case decision, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects on you or significantly affects you. This provision does not apply if the decision:
(1) is necessary for the conclusion or performance of a contract between you and the data controller
​
(2) is authorized by the legislation of the European Union or the national legislation to which the controller is subject and that this legislation provides for appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
​
(3) with your explicit consent.
​
However, such decisions may not be based on particular categories of personal data in accordance with Article 9 paragraph 1 General Data Protection Regulation (GDPR), unless Article 9 paragraph 2 paragraph (a) or (g) applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
​
With regard to the cases referred to in paragraphs 1 and 3, the data controller shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, which shall include at least the right to contact the data controller, to express your point of view and to contest the decision.
Right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you reside, at your place of work or at the place of the alleged infringement, if you consider that the processing of your personal data is contrary to the General Data Protection Regulation (GDPR).
​
In France, you may at any time lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL) via the following link: www.cnil.fr.
​
The supervisory authority to which the complaint is referred informs the complainant of the status and outcome of the complaint, as well as the possibility of legal recourse under Article 78 of the General Data Protection Regulation (GDPR).