LOXAM, a Simplified Joint-Stock Company (SAS) registered with the Companies Register of LORIENT under number 450 776 968, located at 256 rue Nicolas Coatanlem, 56850 CAUDAN, FRANCE (hereinafter “LOXAM”) processes personal data as part of its business. Terms starting with a capital letter in this Policy are defined in article 17 below.
- This Personal Data protection policy (the “Policy”) describes how LOXAM collects, uses and Processes your Personal Data as Data Controller, in accordance with applicable regulations. This Policy applies in countries where LOXAM operates. However the Personal Data privacy policy might differ slightly from one country to the next.
- This Policy applies to Personal Data which we are required to collect from our customers, suppliers, service providers and lessors when fulfilling all types of business contract. It also applies to the Personal Data of people who use our different websites, people who want to apply for our jobs and all other people we legitimately need to contact as part of LOXAM group activities.
- LOXAM might be required to amend or update this Policy depending on its business and to take into account changes to laws in force. We encourage you to read it carefully and to regularly consult this page to check any changes which might have been made, in accordance with the terms of this Policy.
- If you disagree with certain aspects of our Policy, you have the legal rights indicated in article 12 below. LOXAM believes your privacy is important and we undertake to protect and safeguard your Personal Data privacy rights.
1. SOURCES OF COLLECTED PERSONAL DATA
We collect Personal Data about you from the following sources:
- Personal Data which you supply to us directly (e.g. when you contact us by email or telephone, or by any other means, or when you give us your business card);
- Personal Data from the business relationship (e.g. when we supply a product or a service to you or your employer);
- Personal Data from our websites when you browse our websites or when you use the functions and resources available on our websites or accessible via the latter;
- Personal Data relating to registrations when you use, or when you create an account to use our websites and products or services; and
- Personal Data supplied by third parties (e.g. a rating agency or legal and business information agency).
Note for visitors and users of our websites: our different websites contain Terms and Conditions of Use which are part of this Policy. The use of our websites as well as Personal Data which is disclosed by users via our websites is subject to the provisions of this Policy and the applicable Terms and Conditions of Use.
2. CREATION OF PERSONAL DATA
We can create Personal Data about you, such as a history of purchases and our interactions.
3. THE PERSONAL DATA WE COLLECT
The Personal Data which we are likely to collect varies depending on the purpose of Processing. It mainly aims to allow people to be identified in view of their relationship with LOXAM. In any event, collected Personal Data will be limited to the data required for the purposes indicated in article 5 below.
Note for visitors and users of our websites: some functionalities and characteristics of our websites can only be used if certain Personal Data is disclosed. The user is free to supply or not supply all or some of the requested Personal Data. However if the user decides not to supply it, some services and/or functionalities of our websites might not work correctly and/or the user might be refused access to certain web pages.
Personal Data about customers and prospects:
We collect the following categories of Personal Data about our customers and prospects:
- personal information (full name) and contact details (postal address, shipping address, administration department details if applicable, telephone number, email address) of contacts within the customer or prospect’s company in order to be able to fulfil contracts signed with our customers;
- information about quotations and orders (order summaries and their total);
- information about means and terms of payment (date of payment, payment summaries, amount paid);
- information about customer requirements or limitations collected via customer satisfaction surveys and which we are likely to use to ensure that our marketing materials are relevant and appropriate;
- additional Personal Data which our customers have chosen to send to us, provided that it is required for the purposes indicated in article 5 below; and
- in certain circumstances, when you interact with some of our services or departments, our calls might be recorded to improve the service we provide, for training and evidence purposes, in accordance with applicable local requirements.
Personal Data about suppliers and service providers:
We collect the following categories of Personal Data about our suppliers and service providers:
- personal information (full name) and contact details (postal address, administration department details if applicable, telephone number, email address) of contacts within the supplier or service provider’s company to ensure a good business relationship; and
- additional data which our contacts within the supplier or service provider’s company have chosen to send to us, provided that it is required for the purposes indicated in article 5 below.
Personal Data about candidates applying for jobs:
We collect the following categories of Personal Data about candidates applying for jobs with LOXAM:
- personal information (full name, photo);
- demographic information (sex, date of birth/age, place of birth, nationality, title);
- professional information (job, employment status, work address);
- contact details (postal address, telephone number, email address); and
- career history, education, reasons for applying.
Personal Data about the users of our different websites (website audience tracking and browsing statistics):
We collect the following categories of Personal Data from users of our different websites to improve the use of our sites and to manage the services we provide. This information includes:
- IP address and type of device used;
- dates, times and places of connection to our websites;
- identification data (reCaptcha); and
- browser settings.
If you contact us through one of our sites, e.g. by using the “chat” function, we will collect any information which you provide, provided that it is required for the purposes outlined in article 5 below, such as your name and your contact details.
4. PROTECTING THE PERSONAL DATA OF MINORS
LOXAM products and services are for adults and they are not intended to be sold to minors. LOXAM does not voluntarily collect or keep the Personal Data of minors, unless as part of information relating to staff management.
5. PURPOSES OF PROCESSING PERSONAL DATA AND LEGAL GROUNDS
a) Purposes of processing personal data
We process your Personal Data for the following purposes:
- To allow our contacts to request and obtain information about LOXAM, our equipment and materials, and our services*;
- To prepare and submit contract bids, and to take part in calls for bids;
- To monitor the business and contractual relationship with our customers (order, quotation, invoice, provision of equipment, technical assistance, managing potential technical disputes…)*;
- To ask our contacts or prospects to take part in events organised by LOXAM as part of fairs, seminars or professional events*;
- To establish calls for bids and to monitor the business and contractual relationship with suppliers, Data Processors and service providers*;
- To fulfil our contract obligations;
- To conduct customer satisfaction surveys*;
- To carry out activities to promote our services with existing customers or prospects*;
- To conduct quality audits*;
- To manage speculative applications or applications sent in response to offers*;
- To guarantee the material security of our facilities (including a facility visitor record; and video surveillance records) and the electronic security of our systems, websites (including username records and access information)*;
- To improve our websites, products and services (to identify problems with our websites, products and services; to provide improvements to our websites, products and services; and to create new websites, products and services)*;
- For accounting and financial management (finance, audit, accounting)*;
- Legal procedures (establishment, exercise or defence of legal claims)*;
- Analyses or market studies conducted by third parties and analyses of online and offline media (which we can carry out ourselves or through other companies)*; and
- To comply with legal obligations.
b) Legal grounds
In order to process your Personal Data in accordance with the purposes indicated above, we rely on the following legal grounds:
- Processing might be necessary to fulfil the contract which you have signed with us or to carry out the procedures required to sign the contract;
- Processing might be necessary to comply with a legal obligation;
- Processing might be based on the consent you gave prior to Processing (this is only used for optional Processing, and not for Processing which is necessary or mandatory);
- we have a legitimate interest to carry out Personal Data Processing for the purposes listed in a) followed by an asterisk (*).
6. SENSITIVE PERSONAL DATA
We do not intend to collect or Process Sensitive Personal Data during the normal course of our business. However if it seems necessary to Process Sensitive Personal Data about you for any reason, we will rely on the following legal grounds:
- compliance with a legal obligation: if the Processing is required or allowed by applicable law (e.g. to comply with our various disclosure obligations);
- detecting and preventing criminal offences (including fraud prevention);
- consent: when, in accordance with applicable law, we have obtained your prior and express consent to Process your Sensitive Personal Data (this is only used for optional Processing and not for Processing which is necessary or mandatory).
If you provide us with a third party’s Sensitive Personal Data, you must ensure that you are entitled to disclose this information, notably that one of the legal grounds above is applicable to the Processing of this Sensitive Personal Data.
7. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
We can disclose your Personal Data to other LOXAM group entities for legitimate business reasons (notably to manage our websites or to provide products and services), in accordance with applicable law. We can also disclose your Personal Data to the third parties listed below:
- legally authorised, judiciary or administrative authorities, on their request, or to report actual or suspected security failings in accordance with applicable law;
- accountants, statutory auditors, lawyers or other professional consultants outside LOXAM, subject to contractual confidentiality obligations;
- our third party Data Processors (such as payment service providers; charter and transport companies; IT service providers; etc.);
- any potential buyer, if we were to sell or transfer all or some of our assets or business (including a potential reorganisation, dissolution or liquidation); and
- any relevant third party supplier, when our websites use advertising, plug-ins and third party content.
If our Data Processors are involved in Processing your Personal Data, they will be bound by contractual obligations requiring them: (i) to only Process Personal Data in accordance with our prior written instructions; (ii) to apply Personal Data security and
8. MINIMISING AND RETAINING PERSONAL DATA
We take all the appropriate measures so that the volume of Personal Data that we Process is limited to the Personal Data reasonably required for the purposes outlined in this Policy.
We take all appropriate measures to ensure that your Personal Data is kept for a period not exceeding what is required with regards to the purposes outlined in this Policy.
The criteria used to determine the Personal Data retention periods are the following:
- We will keep your Personal Data in a format which is used to identify you whilst:
- We have a contractual or business relationship with you (e.g. if you are a user of our products or services or, if you are registered for our newsletter and you have not opted out); or
- Your Personal Data is required for lawful purposes, for which we have legitimate grounds, as described in article 5 of this policy.
- We will keep your Personal Data for the applicable statute of limitations (i.e. the length of time during which a person can send us a complaint or bring legal proceedings against us, regarding their Personal Data or regarding which their Personal Data is used), plus, if a complaint is sent to us or proceedings brought against us, the length of time needed to process this complaint or proceedings.
- Once the aforementioned retention periods have expired, we will destroy the Personal Data on a permanent basis or anonymise it.
9. INTERNATIONAL TRANSFERS OF PERSONAL DATA
Due to the international nature of our company, we might transfer your Personal Data to LOXAM group entities or third parties located overseas for the purposes outlined in this Policy in article 5. We will ensure that your Personal Data is retained and transferred securely. As a result, when we transfer Personal Data outside the European Economic Area or EEA (including member states of the European Union, plus Norway, Iceland and Liechtenstein), these transfers will only be made (i) to countries which have received an adequacy decision from the European Committee or (ii) appropriate guarantees.
If you have any queries regarding the international transfers of Personal Data, you can contact us based on the arrangements outlined in article 15 below.
10. YOUR RIGHTS REGARDING YOUR PERSONAL DATA
Subject to applicable laws, you have a certain number of rights regarding the Processing of your Personal Data, notably:
Right to not disclose your Personal Data to us:
As indicated in article 3, but please note that in this situation, we might be unable to provide all our products and services – e.g. we might be unable to process your orders without the necessary details.
Right to object:
You can object to us Processing your Personal Data at any time. Your request to object will be handled carefully and we will stop the Processing to which you object. However we reserve the right to not stop Processing if:
- we can demonstrate that we have legitimate and compelling reasons to Process your Personal Data which prevail over your personal interests; or
- we are Processing your Personal Data for the establishment, exercise or defence of legal claims.
Right to withdraw consent:
If we have received your consent to Process your Personal Data for Processing other than those for which no consent is required, you can withdraw this consent at any time, and we will stop the specific Processing to which you have consented, unless we believe that there is another reason justifying our continued Processing of your Personal Data for this purpose, in which case we will inform you of this situation.
Please note that this withdrawal does not affect the lawfulness of any Processing before the date when we received notification of this withdrawal, nor does it prevent the Processing of your Personal Data based on other available legal grounds.
Request to access:
You are entitled to request access or copies of your Personal Data, accompanied by information relating to the nature of Processing and people who can access this Personal Data.
If we give you access to Personal Data which we hold about you, we will not charge you for this access, unless your request is clearly unfounded or excessive. If you ask for other copies of this information, we could charge you for reasonable processing costs where permitted by law. If the law allows, we might potentially reject your request. We will always justify this refusal in this instance.
Please note that in some countries where we operate, we are subject to specific local legal requirements in terms of data subjects requesting access and consequently we can reject your request in accordance with these laws.
Right to erasure:
You are entitled to request that we delete your Personal Data in some circumstances.
In principle, the Personal Data in question must meet one of the following criteria:
- your Personal Data is no longer required for the purposes for which we initially collected and/or Processed it;
- you have withdrawn your consent for Processing your Personal Data and there is no other valid reason why we can continue Processing;
- the Personal Data was Processed unlawfully;
- the Personal Data must be deleted so we can comply with legal obligations as Data Controller; or
- if we Process your Personal Data because we believe it is necessary for our legitimate interests, you object and we are unable to demonstrate that there is a legitimate and compelling reason to continue Processing.
Please note that in some countries where we operate, we are subject to specific local legal requirements in terms of the right to delete Personal Data, and consequently we can reject your request in accordance with these local laws.
We will be entitled to refuse to respond to your request for one of the following reasons:
- to exercise the right to freedom of expression and information;
- to respect legal obligations;
- for public health reasons in the public interest;
- for archiving, research or statistics reasons; or
- to exercise or defend a legal claim.
When we respond to a valid request to delete Personal Data, we will take all appropriate practical measures to delete the Personal Data in question.
Right to restrict Processing:
You are entitled to request that we restrict the Processing of your Personal Data in some circumstances. This means that we can only continue to retain your Personal Data and we can only continue to carry out other Processing activities in one of the following cases: (i) resolving one of the circumstances listed below; (ii) your consent; or (iii) later Processing is required for the establishment, exercise or defence of legal claims, to protect the rights of another person, or for significant public interest reasons in the European Union or a member state.
The cases where you are entitled to request that we restrict the Processing of your Personal Data are the following:
- when you dispute the accuracy of the Personal Data which we Process. In this case, we will restrict the Processing of your Personal Data to verify its accuracy;
- when you object to our Processing of your Personal Data for our legitimate interests. You can request that Personal Data is restricted whilst we verify our reasons for Processing your Personal Data;
- when your Personal Data is subject to unlawful Processing on our part, but you simply prefer that we restrict Processing rather than delete it; and
when we no longer need to Process your Personal Data but you ask for it for the establishment, exercise or defence of legal claims.
If we have disclosed your Personal Data to third parties, we will inform them of this restricted Processing unless it is impossible or would involve disproportionate effort. Of course, we will inform you before lifting any restriction on Processing your Personal Data.
Right to rectification:
You are also entitled to request that we rectify any inaccurate or incomplete Personal Data that we hold about you. If we have disclosed this Personal Data to third parties, we will inform them of this rectification unless it is impossible or would involve disproportionate effort. If applicable, we will also inform you to which third parties we have disclosed this inaccurate or incomplete Personal Data. If we think that it is reasonable to not respond to your request, we will give you the reasons for this decision.
Right to Personal Data portability:
If you want, you are entitled to transfer your Personal Data from one Data Controller to another. Specifically, this means that you are able to transfer Personal Data to another online platform. We will provide your Personal Data in a commonly used, structured and machine-readable format for this purpose. This right to data portability applies to the following Personal Data: (i) Personal Data which we Process automatically (i.e. without human involvement); (ii) Personal Data which you supply; and (iii) Personal Data which we Process based on your consent or as part of contract fulfilment.
Right to file a claim with a Data Protection Authority:
You are also entitled to file a claim with a Data Protection Authority and specifically the Data Protection Authority of the EU member state where you reside or work, where the alleged infringement took place.
This does not affect the rights you have in accordance with the laws and regulations in force.
To exercise one or several of these rights, to ask us a question about these rights or any other clause in this Policy, or to ask us about the Processing of your Personal Data, please use the details provided in article 15 of this Policy. Please note that:
- we can request proof of your identity before granting your requests; and
- when your request requires the facts to be established or additional analyses to be performed (e.g. to determine the lawfulness of Processing), we will examine your request as promptly and reasonably as possible, before making our decision.
11. PERSONAL DATA SECURITY
We undertake to take all the necessary measures to protect your Personal Data that we hold against any misuse, loss, alteration, disclosure, destruction, unauthorised access and any other unlawful or unauthorised Processing, in accordance with applicable law. We have a range of appropriate organisational and technical measures for this purpose. This can include measures to deal with suspected Personal Data breaches.
Because the internet is an open system, the transmission of information on this network is not totally secure. Although we apply all reasonable measures to protect your Personal Data, we cannot guarantee the security of your Personal Data which is sent to us online – this transfer takes place at your own risk, and you are responsible for ensuring that any Personal Data which you send to us is sent securely.
If you suspect misuse, loss or unauthorised access to your personal information, please inform us immediately based on the arrangements defined in article 14 below.
Access to Personal Data is limited to LOXAM employees, service providers and agents which need it to fulfil their duties. All people with access to your Personal Data are bound by a duty of confidentiality, and will be subject to disciplinary measures and/or other penalties if they do not respect these obligations.
12. DISPUTE RESOLUTION
Although LOXAM has taken all appropriate measures to protect your Personal Data, no transmission or storage technology is totally infallible.
However LOXAM is committed to guaranteeing the protection of your Personal Data. If you have reason to believe that the security of your Personal Data has been compromised or it has been misused, you are encouraged to contact LOXAM at the following address:
- by post at the following address: Legal department – 256 rue Nicolas Coatanlem – 56850 Caudan (France), or
- by email at the following address: dpo@loxam.com
LOXAM will examine complaints about the use and disclosure of your Personal Data, and will attempt to resolve them in accordance with the principles of this Policy.
Unauthorised access to Personal Data or misuse can constitute an offence in accordance with local law.
13. CONTACT
If you have any queries about this Policy, if you no longer wish to receive marketing materials from LOXAM or to exercise your rights regarding your Personal Data as outlined in article 12, you can send an email to the following email address: dpo@loxam.com
14. COOKIES POLICY
When you visit our websites, we can save cookies on your device, or read cookies already on your device, subject to having obtained your prior express consent.
Websites to which this cookies policy applies
This cookies policy applies to the following websites which are operated and controlled by LOXAM:
France: https://www.loxam.fr | Ireland: https://www.loxam.ie and http://swanplant.ie |
Germany: https://www.loxam.de | Italy: https://www.nacanco.it |
Belgium & Luxembourg: https://www.loxam.be | Latvia: https://www.ramirent.lv |
Denmark: https://www.loxam.dk | Lithuania: https://www.ramirent.lt |
Spain: https://www.loxamhune.com | Norway: http://www.loxamrental.no https://www.ramirent.no |
Estonia: https://www.ramirent.ee | Netherlands: https://www.loxam.nl |
Finland: https://www.ramirent.fi | Poland: https://www.ramirent.pl |
Czech Rep.: http://www.ramirent.cz | UK: http://www.nationwideplatforms.co.uk |
Slovakia: http://www.ramirent.sk | Sweden: https://www.ramirent.se |
Switzerland: https://www.loxam.ch |
What is a cookie?
A “cookie” is a small information file stored on your computer’s hard drive which records your browsing on a website, so that during your next visit to this site, it can present custom options based on the information stored about your previous visit. Cookies can also be used to analyse traffic and for advertising and marketing purposes. Nearly all websites use them, and they do not harm your computer. We also provide information in this regard on our Marketing preferences page on our websites.
There are different types of cookies which differ depending on their origin, functions and life span. The main characteristics of cookies are as follows:
- Session cookies: these are cookies stored on your computer solely during your web session and which are deleted automatically when you close your browser – they generally store a session ID allowing you to visit our websites without needing to log in again to each page;
- Persistent cookies: a persistent cookie is stored as a file on your computer and remains there when you close your browser. The cookie can be read by the website when you next visit this website. We use persistent cookies for Google Analytics and customisation (see below);
- Strictly necessary cookies: These cookies are required to allow you to use our websites effectively and therefore cannot be disabled. Without these cookies, the services which you use on our websites cannot be provided. These cookies do not include information about you which can be used for marketing purposes or to remember the pages which you have accessed online;
- Performance cookies: These cookies allow us to track and improve the performance of our websites. For example, they allow us to record visits, identify sources of traffic and see which parts of our websites are most regularly visited;
- Functionality cookies: These cookies allow our websites to remember the choices you have made (username, language, country, etc.) and to offer improved functionalities. For example, we are able to send information or updates about the services which you use. These cookies can also be used to remember changes you have made to text size, font and other webpage elements which you can customise. They can also be used to provide services which you have requested such as viewing a video or publishing comments on a blog; and
- Personalisation cookies: These cookies are used to send information on rental solutions which might interest you.
Why do we use cookies?
We use cookies for two purposes:
- To track your use of our websites. This allows us to understand how you use our websites and to monitor trends observed amongst individuals or larger groups. This allows us to develop and improve our websites and our services in response to our visitors’ interests and needs; and
- To help us propose jobs which we think might interest you, which should allow you to spend less time visiting several pages and to find the job you are looking for more quickly. We do not use collected Personal Data to create visitor profiles.
How long do cookies last?
The cookies that we use on our websites last 13 months.
Some cookies are placed by third parties, which are responsible for them.
How can I control cookies?
The majority of internet browsers are set up to automatically accept cookies. Depending on the type of browser used, you can configure them (i) to receive a warning before cookie installation, allowing you to accept or reject these cookies, or (ii) so cookies are always rejected. To find out how to configure cookies, click on the “help” button (or equivalent) in your browser. Disabling cookies can affect your browsing experience on our websites.
If you use different devices to access our websites, you must ensure that each browser on each device is configured depending on your cookie preferences.
You can find more information at: http://www.allaboutcookies.org/manage-cookies/. Please note that LOXAM is not affiliated or responsible for third party websites.
You can also disable cookies from certain companies by visiting the following websites: http://www.aboutads.info/choices/#completed andhttp://www.youronlinechoices.com/. Please note that LOXAM is not affiliated or responsible for third party websites.
15. DEFINITIONS
For the purposes of this Policy and pursuant to the amended law no. 78-17 of 6 January 1978 (the French Data Protection Act) and the GDPR, the following definitions apply:
- “Data Protection Authority” refers to an independent public authority legally empowered to supervise compliance with applicable laws in terms of data protection.
- “Personal Data” refers to any information relating to an identified or identifiable person, notably by reference to an identifier such as a name, ID number, location data, online login, or one or several elements specific to their physical, physiological, genetic, mental, economic, cultural or social identity.
- “Sensitive Personal Data” refers to Personal Data relating to the racial or ethnic origin, political opinions, religion or philosophical beliefs, union membership as well as genetic data, data about health or data about sex life or data relating to criminal sentences or offences, or even related security measures, as well as any other information which could be considered sensitive in accordance with applicable law.
- “EEA” refers to the European Economic Area.
- “Data Controller” refers to the entity which decides on the purposes and means of Processing Personal Data. In many jurisdictions, the Data Controller’s primary responsibility is to comply with applicable data protection laws.
- “GDPR” refers to Regulation (EU) 2016/679 (the General Data Protection Regulation).
- “Data Processor” refers to any individual or legal entity which processes Personal Data on behalf of the Data Controller, other than Data Controller employees.
- “Processing” or “Process” refers to any operation using Personal Data, whether or not it involves automated processes, such as the collection, recording, organisation, structuring, retention, adaptation or modification, extraction, consultation, use, disclosure by transmission, distribution or any other form of provision, reconciliation or interconnection, limitation, deletion or destruction.
