This charter describes the data processing implemented by MALOU-FOOD MARKETING, a company with a capital of €1,520.22, registered in the Commercial and Companies Registry of CRETEIL, under the number 832 965 255, with its registered office located at 35 Avenue du Maréchal de Lattre de Tassigny, 94220 Charenton-le-Pont, (hereinafter "Malou"), in the context of the use of the website https://malou.io/ (the "Site") and the implementation of its digital marketing solution for restaurateurs ("the Application").
For the purposes of this document, "personal data" or "personal data" shall have the meaning defined in Article 4 of the "General Data Protection Regulation" (GDPR).
These data are collected, recorded, and stored in compliance with the provisions of the law relating to data processing, files, and freedoms of January 6, 1978, in its current version, as well as with the provisions of Regulation (EU) No 2016/679 (GDPR).
Nature of the main processing provided as data controller and applicable legal bases:
| PURPOSE | DATA NATURE | INDIVIDUALS CONCERNED | BASIS | RETENTION PERIOD |
|---|---|---|---|---|
| Customer Relationship Management | Name, First Names, Position, Employer Contact Information, Professional Coordinates (email/phone/employer's name/address), Content of Exchanges (emails, meeting notes, etc.) | Physical persons representatives of clients | Contract / Pre-contractual measures | Duration of the contract |
| Prospect Management and Solicitation | Same as above | Physical persons representatives of prospects/leads | Consent, Legitimate interest | 3 years after last contact |
| Newsletter Subscription | Name, first name, position, Email | Client restaurateur representatives | Consent | Until consent withdrawal, max 3 years after last newsletter open |
| Newsletter Tracking | Newsletter opening, Time spent on newsletter, Selection of a link in the newsletter | Client restaurateur representatives | Legitimate interest | Until consent withdrawal, max 3 years after last newsletter open |
| White Paper Downloads Tracking | First name, last name, establishment name, phone number, email, city, postal code | Physical persons representatives of prospects/leads | Consent | 3 years after last contact |
| Webinars Organization | Name, first name, position, Email, phone number, webinar participation data (date and time, theme, actual connection) | Physical persons representatives of prospects/leads | Consent | 3 years after last contact |
| Contact Requests Management | Name, first names, Position/employer, Content of the request | Physical persons representatives of prospects/leads | Consent | 3 years after last contact |
| Marketing Campaigns Management | Audience data (number of views, consultations, profile of people who saw/received the communication) | Physical persons representatives of prospects/leads | Legitimate interest | 3 years after last contact |
| Improvement of the Solution and Statistics | Technical data, usage data | Client restaurateur representatives | Legitimate interest | Anonymized data |
| Account Creation and Monitoring | Professional contact details: Email, phone number, password. Name, first name, position, employer data. Password. Account creation date | Client restaurateur representatives | Contract / Pre-contractual measures | Duration of the contract |
| Assistance Requests Management | Same as Customer Relationship Management | Client restaurateur representatives | Contract / Pre-contractual measures | Duration of the contract |
| Billing | Restaurateur client identification data, banking data | Client restaurateur representatives | Contract / Pre-contractual measures | 10 years (accounting documents) |
Malou does not transfer personal data outside the European Union.
In the event that a client or subcontractor is located outside the European Union or a country benefiting from an adequacy decision, Malou will conclude standard contractual clauses of the European Commission with this client or subcontractor to frame the conditions of the transfer and access to personal data.
Malou takes all necessary measures to ensure that access to personal data is strictly limited to individuals who need to access it as part of the provision of its services.
In particular, Malou ensures that individuals authorized to process personal data for the purpose of providing services undertake to respect a confidentiality obligation or are subject to a suitable confidentiality obligation.