ONLINE PRIVACY POLICY
The following information is provided to you to inform you of Sodexo North America’s commitments in terms of Personal Data protection. Sodexo Live! belongs to Sodexo Group (hereafter “Sodexo Live!”).
Sodexo Live! builds strong, lasting relationships with its customers, partners and consumers based on mutual trust: making sure that their Personal Data is safe and remains confidential is an absolute priority for Sodexo Live!.
Sodexo Live! is committed to complying with all applicable regulatory and legal provisions governing the protection of Personal Data.
Sodexo Live! enforces a very strict privacy policy to guarantee the protection of the Personal Data of those who use its websites, portals, applications, and platforms (our “Sites”):
- Users remain in control of their own data. The data is processed in a transparent, confidential and secure manner.
- Sodexo Live! is committed to a continuing quest to protect its users’ Personal Data that meets or exceeds local data protection requirements.
- Sodexo Live! has a Data Protection Office dedicated to data protection, supported by a network of local data protection single points of contact or data protection officers.
PURPOSE OF THIS POLICY
Sodexo Live! takes the protection of your Personal Data very seriously.
Please read the Policy carefully to familiarize yourself with the categories of Personal data that are subject to collection and Processing, how we use this Personal data, and with whom we are likely to share it. This policy also describes your rights and how you can get in touch with us to exercise these rights or to ask us any questions you might have concerning the protection of your Personal data.
This policy may be amended, supplemented, or updated, in particular to comply with any legal, regulatory, case law, or technical developments that may arise. However, your Personal data will always be processed in accordance with the policy in force at the time of the data collection, unless a compulsory legal prescription determines otherwise and must be enforced retroactively.
For California Residents, please visit https://us.sodexo.com/legal--privacy/california-consumer-privacy-act.html for a summary of your data rights.
UNSUBSCRIBING
If you have subscribed to certain services via our Website and you no longer want to receive emails, please consult the “unsubscribe” page corresponding to the service you are subscribed to.
HOW TO CONTACT US
If you have any questions or comments with regard to this policy, please do not hesitate to contact us at the following address privacy.noram@sodexo.com.
Definitions
“Account” | The User’s dedicated personal area within the Site, which he or she accesses when he or she registers and connects to the Site. It enables the User to access the Services. |
“Controller” | The Sodexo Live! entity which, alone or jointly with other Sodexo Live! entities or third parties, determines the purposes and means of the processing of Personal Data. |
“Cookies” | As defined in the Cookie Policy. |
“Personal Data” | Means any information relating to an identified natural person or one that can be directly or indirectly identified by reference to an identification number or to one or more factors specific to this person. Personal Data will also encompass information defined as “Personally Identifiable Information” or “Personal Information” where local jurisdiction uses those terms. |
“Processing” | Any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. |
“Processor” | A legal person which processes Personal Data on behalf of the controller. |
“Sensitive Personal Data” | Any information concerning a person’s racial or ethnic origins, political opinions, religious or philosophical beliefs, union membership, health data or data relating to the sexual life or the sexual orientation of a natural person. This definition also includes Personal Data relating to criminal convictions and offenses. |
“us” or “our” | Those entities of Sodexo Live! that are based in the United States or Canada (hereinafter designated as “Sodexo Live!”) for all dimensions and activities. |
“you” | Any website or application user/visitor. |
“Website” | means either (1) the website where this privacy policy appears at the footer or (2) the Application where this policy is linked. |
WEBSITE IDENTITY AND CONTACT DETAILS
Sodexo Live!
915 Meeting Street, Suite 1500
North Bethesda, MD 20852
privacy.noram@sodexo.com
REQUESTS
If you have questions about use of your Personal Data or a request regarding your Personal Data, you can contact us by writing to us at the following address - privacy.noram@sodexo.com. Please state your last name, first name and provide your question or request. We will most likely ask you for additional information in order to identify you and to enable us to handle your request.
If you are dissatisfied with our response, you may then seek further recourse by contacting the competent Supervisory Authority or the relevant competent court. You may also contact our lead Supervisory Authority, the French Supervisory Authority (the “CNIL”, www.cnil.fr).
COLLECTION AND SOURCE OF PERSONAL DATA
We will most likely collect your Personal Data directly (via the data collection forms on our Website) or indirectly (via our service providers, via your business organization providing your contact information, and/or technologies on our Website).
We undertake to obtain your consent and/or to allow you to refuse the use of your data for certain purposes whenever necessary.
You will in any event be informed of the purposes for which your data are collected via the various online data collection forms and via the Cookie Policy.
TYPES OF PERSONAL DATA COLLECTED AND USED BY US
We may process, use, and disclose your Personal data for certain purposes, as detailed below, connected to your use of the Site and to the services we provide.
We will collect and process your Personal data as detailed below (without this list being exhaustive) where necessary to provide you an access to the Site, or when it is necessary for compliance with a legal obligation to which we are subject. We will also collect and process your Personal data for Sodexo Live!’s legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms. Where legitimate interests do not apply as a lawful basis for the Processing of Personal data under the applicable data protection laws, prior explicit consent will be alternatively collected if required by law.
We may specifically collect and process the following types of Personal Data:
- Information that you provide when filling in the forms on this Website (for example, for subscription purposes, to participate in surveys, for marketing purposes, when downloading the application, etc.);
- Records and copies of your correspondence (including business addresses), if you contact us;
- Information that you provide for authentication purposes or to verify your age when you purchase age restricted items;
- Information that you provide for order fulfillment or for a service;
- Data relating to your purchases such as products, quantity, price, billing, and delivery address;
- Transaction information such as credit/debit card data & payment information that is transmitted directly to third parties who process your requests;
- Health information about you, only where you volunteer and consent to this, for example if you report any specific food allergies;
- Information provided via “posts”, comments or other content that you post on the Website;
- Information provided from you when you use the chat function on our Website.
- Information you provide for the purposes of managing your job application and, where applicable, your recruitment process (e.g.: CV, information relating to your education, your professional experience, awards, diplomas, certificates, attestations, languages spoken, salary expectations, etc.);
- Information for human resource management including hiring, deployment, compensation, benefits, leave management, performance management, discipline and termination, as well as emergency contact;
- Your preferences in receiving marketing from us and our third parties and your communication preferences;
- Usage, viewing, technical, and device data when you visit our Website, use our applications on third-party sites or platforms, or open emails we send, including your browser or device type, unique device identifier, search queries, and IP address; and
- Information collected through Cookies as defined in our Cookie Policy.
Personal Data identified by an asterisk in data collection forms are compulsory as these are necessary to fulfill any orders placed. In the absence of this compulsory information, these transactions cannot be processed.
SENSITIVE PERSONAL DATA
As a general rule, we do not collect Sensitive Personal Data via our Website.
In the event that it would be strictly necessary to collect such data to achieve the purpose for which the processing is performed, we will do so in accordance with local legal requirements for the protection of Personal Data and, in particular, with your explicit prior consent and under the conditions described in this policy.
PURPOSES FOR WHICH WE USE PERSONAL DATA
Data Processing Activities | Purposes | Categories of Personal Data that may be Processed | Legal Basis for Processing |
---|
Cookies | Personalization of Our Website and enhancement of the experience | | Consent Legitimate Interest |
Data Analytics | Monitoring the User’s activity for statistical purposes | | Legitimate Interest |
Customer Relationship Management | Account creation, responding to requests such as requests for information, interaction with customer service | - Name
- Email address
- Telephone
| Legitimate Interest |
Marketing Management | To tailor the experience to Users, to keep them up to date on new offerings related to their interests, to enhance a more personal interaction with the Website and related experiences
Choose and deliver content and tailored advertising including information about new products, events, third-party products, to support the marketing and advertising of our Services and measure the effectiveness of our campaigns | - Usage data
- Marketing and advertising data
- Email address
- Telephone
| Consent (where required under applicable law) Legitimate Interest (to improve our business, promote products, drive customer engagement) |
Complying with legal and regulatory obligations | To be in compliance with the law and relevant regulatory guidance | - Account data
- Customer services and communications information
- Contact information (email, phone, name)
| Legal Obligation |
Protect our legal rights, for example to establish, exercise, or defend our rights in legal claims | Protect our legal rights, for example to establish, exercise, or defend our rights in legal claims | - Any information potentially relevant or relevant to a dispute or legal proceeding affecting us
| Legitimate interests (to protect our business interests) |
We may process, use, and disclose your Personal data for certain purposes, as detailed below, connected to your use of the Site and to the services we provide.
We will collect and process your Personal data as detailed below (without this list being exhaustive) where necessary to provide you an access to the Site, or when it is necessary for compliance with a legal obligation to which we are subject. We will also collect and process your Personal data for Sodexo SA’s legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms. Where legitimate interests do not apply as a lawful basis for the Processing of Personal data under the applicable data protection laws, prior explicit consent will be alternatively collected if required by law.
We may use Your Personal Data specifically for the following purposes:
- to present Our Website and its contents to you;
- to respond to Your requests such as requests for information, searches, the newsletter or other content;
- to provide the services, products, and offers ordered on Our Website and/or in one of Our establishments;
- to conduct surveys and gather statistics;
- to personalize and enhance your experience on Our Website;
- to notify You when Website updates are available, and of changes to any products or services We offer or provide though it;
- to offer You Our products and services and/or Our partners’ products and services;
- to manage the employment relationship;
- to manage the application process to join Our organization as an employee; and
- any other purpose of which We will inform You, if applicable, when We collect Your data.
DISCLOSURE OF PERSONAL DATA
The security and confidentiality of your Personal Data is of great importance to us. This is why we restrict access to your Personal Data only to members of our staff, only to the extent strictly necessary to process your orders or to provide the requested Services. We ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
We will not disclose your Personal Data to any unauthorized third parties. We may, however, share your Personal Data with entities within Sodexo Live! and with authorized service providers (for example: technical service providers, consultants, etc.) whom we may call upon for the purpose of providing our Services.
We do not sell or rent Personal Data to third parties and we do not share Personal Data.
We ensure that every disclosure of your Personal Data to an authorized service provider is framed by a data processing agreement, reflecting the commitments laid out in this policy. We do not authorize our service providers to use or disclose your data, except to the extent necessary to deliver the Services on our behalf or to comply with legal obligations. Furthermore, we may share your Personal Data (i) if the law or a legal procedure requires us to do so, (ii) in response to a request by public authorities or other officials or (iii) if we are of the opinion that transferring these data is necessary or appropriate to prevent any physical harm or financial loss or for an investigation concerning a suspected or proven unlawful activity.
STORAGE PERIOD OF YOUR PERSONAL DATA (Retention Period)
We will store your Personal Data only for as long as necessary to fulfill the purposes for which it was collected and processed. This period may be extended, if applicable, for any amount of time prescribed by any legal or regulatory provisions that may apply.
To determine the retention period of your Personal Data, we take into consideration several criteria such as:
- The purpose for which we hold your Personal Data (e.g. when you purchase products on our Website, we keep your Personal Data for the duration of our contractual relationship);
- Our legal and regulatory obligations in relation to that Personal Data (e.g. accounting reporting obligations);
- Whether you are an active user of our Services, you continue to receive marketing communications, or you regularly browse or purchase off our Website or whether you do not open our emails or visit our Website; For instance, if you have agreed to receive marketing communications, we keep your Personal Data until you: (i) unsubscribe from receiving marketing communications (ii) request we delete your Personal Data, or (iii) after a period of inactivity (i.e. where you have not interacted with us for a period of time). This period is defined in accordance with local regulations and guidance;
- Any specific requests from you in relation to the deletion of your Personal Data or Account;
- Any statutory limitation periods allowing us to manage our own rights, for example the defense of any legal claims in case of litigation; and
- Any local regulations or guidance (e.g. regarding cookies).
LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
We process your Personal Data as part of the performance and management of our contractual relationship with you, in our legitimate interest to improve the quality and operational excellence of the Services we offer to you or in compliance with certain regulatory obligations depending on the purpose of processing.
Your Personal Data may also be processed based on your prior consent in the event that under certain circumstances, your consent would be requested (e.g regarding health data or for certain types of Cookies).
PERSONAL INFORMATION AND CHILDREN
The Website is for use by adult persons who have the capacity to conclude a contract under the legislation of the country in which they are located.
This Website is not directed towards children under 16 years of age. No one under age 16 may provide any information to the Website. We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on this Website or through any of its features/register on the Website, including your name, address, telephone number, or email address. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at privacy.noram@sodexo.com.
PERSONAL DATA THAT WE AUTOMATICALLY COLLECT
We collect some information automatically when you visit the Website to personalize and enhance your experience. We collect this information using various methods such as:
Cookies
A “cookie” is a small information file sent to your browser when you visit our Website and stored on your computer. This file contains information such as the domain name, the internet access provider and the operating system as well as the date and time of access by the user. Cookies cannot damage your computer in any way.
Cookies are not used to determine the identity of an individual who visits our Website. Cookies allow us to identify, in particular, your geographic location and the display language in order to improve your online browsing experience. They also enable us to process information about your visit to our website, such as the pages viewed and the searches made, in order to improve our Website content, to follow your areas of interest and offer you more suitable content.
If you do not want to receive cookies from our Website, you can adjust your browser settings accordingly. To manage your choices, each browser has a different configuration. These configurations are described in your browser’s help menu, which will explain how to change the settings to your desired cookies configuration.
We recommend, however, that you do not deactivate our cookies. Keep in mind that if you block, turn off or reject our cookies, some of our webpages will not display correctly or you will no longer be able to use some of the services we offer. In this case, we cannot be held liable for any consequences related to the reduced functionality of our services arising from our inability to store or consult the cookies required for its functioning and which you have declined or deactivated.
Lastly, by clicking on the dedicated icons of social networks such as Twitter, Facebook, Linkedin, etc., if these are displayed on our Website, and if you have agreed that cookies may be downloaded while you are browsing our Website, the social networks in question may also download cookies to your devices (computer, tablet or mobile phone). These types of cookies are downloaded to your device only on condition that you have given your consent by continuing to browse our Website. You can, however, at any time revoke your consent to these social networks downloading these types of cookies.
For more information, please consult our Cookie Policy.
IP adresses
An IP address is a unique identifier used by some electronic devices to identify and communicate with each other on the internet. When you consult our Website, we can use the IP address of the device used by you to connect you to the Website. We use this information to determine the general physical location of the device and to know in which geographical areas visitors are located.
Statistics
The Website uses Google Analytics to generate statistical reports. These reports tell us, for example, how many users consulted the Website, which pages were visited and in which geographical areas Website users are located. The information gathered via the statistics may include, for example, your IP address, the Website from which you arrived at our Website and the type of device that you used. Your IP address is hidden on our systems and will only be used if necessary to resolve a technical problem, for Website administration and to gain insight into our users’ preferences. Website traffic information is only accessible to authorized staff. We do not use any of this information to identify visitors and we do not share this information with third parties.
TRANSFER OF PERSONAL DATA
As Sodexo Live! is an international group, your Personal Data may be transmitted to internal or external recipients that are authorized to perform services on our behalf and that are located in countries outside the country where data was collected (such as in the United States or Canada). In the event that Personal Data is transferred internationally, the government, courts, law enforcement or regulatory agencies of the transferred to jurisdiction may be able to obtain disclosure of the data through the laws of that jurisdiction.
To guarantee the security and confidentiality of Personal Data thus transmitted, we will take appropriate measures to ensure that these data receive adequate protection, such as signing European Commission standard contractual clauses or other equivalent measures.
SECURITY
We implement various technical and organizational security measures to ensure security and confidentiality in processing your Personal Data.
To this end, we take precautions given the nature of the Personal Data and the risks related to its processing, in order to maintain data security and in particular to prevent distortion, damage or unauthorized third-party access (physical protection of the premises, authentication procedures with personal, secured access via identifiers and confidential passwords, a connection log, encryption of certain data, etc.).
In addition, if we contract with Processors for all or part of the Processing of your Personal Data, we require a contractual agreement from our service providers to guarantee the security and confidentiality of the Personal Data that we transmit to them or that they collect on our behalf, in accordance with the applicable regulations on the protection of Personal data.
We regularly conduct audits to verify the proper operational application of the rules relating to the security of your Personal Data.
Nevertheless, you also have a responsibility to ensure the security and confidentiality of your Personal Data so we invite you to remain vigilant, especially when using an open system such as the internet.
YOUR RIGHTS
Sodexo Live! is committed to ensure protection of your rights under applicable laws. You will find below a table summarizing your different rights:
- Right of access and rectification
- You can request a copy of the Personal data we hold about you. You may also request rectification of inaccurate Personal data, or to have incomplete Personal data completed.
- Right to erasure
- Your right to be forgotten entitles you to request the erasure of your Personal data in cases where:
- the data is no longer necessary for the purpose for which it was collected;
- you choose to withdraw your consent;
- you object to the processing of your Personal data;
- your Personal data has been unlawfully processed;
- there is a legal obligation to erase your Personal data;
- erasure is required to ensure compliance with applicable laws.
- Right to restriction of Processing
- You may request that processing of your Personal data be restricted in the cases where:
- you contest the accuracy of your Personal data;
- Sodexo Live! no longer needs your Personal data for the purposes of the processing;
- you have objected to processing for legitimate reasons.
- the processing of your Personal data is unlawful and you prefer the restriction of their use instead of their deletion
- Right to data portability
- You can request, where applicable, the portability of your Personal data that you have provided to Sodexo Live!, in a structured, commonly used, and machine-readable format you have the right to transmit this data to another Controller without hindrance from Sodexo Live! where:
- the processing of your Personal data is based on consent or on a contract; and
- the processing is carried out by automated means.
- You can also request that your Personal data be transmitted to a third party of your choice (where technically feasible).
- Right to object to Processing
- You may object (i.e. exercise your right to “opt-out”) to the processing of your Personal data particularly in relation to profiling or to marketing communications. When we process your Personal data on the basis of your consent, you can withdraw your consent at any time.
- Right not to be subject to automated decisions
- You have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal affect upon you or significantly affects you.
- Right to lodge a Complaint
- You can choose to lodge a Complaint with the Data Protection Supervisory Authority in the country of your habitual residence, place of work or place of the alleged infringement, regardless of whether you have suffered damages.
- You have also the right to lodge your Complaint before the courts where Sodexo Live! has an establishment or where you have your habitual residence.
- Right to define post-mortem directives
- In accordance with the French Data Protection Act, you have the possibility to define directives relating to the conservation, deletion and communication of your Personal data after your death.
These directives can be registered with a trusted digital third party, certified by the CNIL and responsible for enforcing your wishes in accordance with the requirements of the applicable regulations on the protection of Personal data.
You may, at any time, exercise any of the above rights or contact us with any data protection related queries or concerns by completing the request form and sending it to Privacy.noram@sodexo.com as indicated in the privacy notices and/or the privacy policies provided to you at the time of the collection of your Personal Data or by completing and submitting the dedicated request webform.
SOCIAL NETWORKS
You have the option to click on the dedicated icons of social networks such as Twitter, Facebook, Linkedin, etc. that appear on our Website. Clicking on those links or enabling those connections may allow the social network to collect or share data about you. We do not control these third-party websites and we encourage you to read the privacy notice of every website you visit.
Social networks create a friendlier atmosphere on the Website and assist in promoting the Website via sharing. Video sharing services enrich the video content of the Website and increase its visibility.
When you click on these buttons, we may have access to the personal information that you have made public and accessible via your profiles on the social networks in question. We neither create nor use any separate databases from these social networks based on the personal information that you have published there and we do not process any data relating to your private life through these means.
If you do not want us to have access to your personal information published in the public spaces of your profile or your social accounts, then you should use the procedures provided by the social networks in question to limit access to this information.
LINKS TO OTHER SITES
Occasionally, we provide links to other websites for practical and informative purposes. These websites are mostly Sodexo Live! websites, however some of them operate independently from our websites and are not under our control. These websites are run by third parties with their own confidentiality recommendations or terms of use which we strongly advise you to read. We do not accept any liability with regard to the content on these sites, for the products and services that may be offered there or for any other use thereof.