Supplier Privacy Notice
Your privacy is important to Asmodee Group, of which Access+ is one of the studios. This Privacy Notice explains how we handle and treat your personal data when you use the products or services that Asmodee provides. This Privacy Notice explains our approach to any personal data that we collect from you or that we have obtained about you from a third party and the purposes for which we process your personal data. It also sets out your rights in respect of our processing of your personal data. We may collect personal data from you in the course of our business, including through your use of our B to B websites/platforms, when you contact or request information from us, or as a result of your relationship with one or more of our staff or partners
- 1. Who is responsible for your personal data?
- 2. What personal data do we collect about you?
- 3. How do we use your personal data?
- 4. Who do we disclose your personal data to?
- 5. How long do we retain your personal data?
- 6. Security of your personal data
- 7. What are your rights?
- 8. Contact and complaints
- 9. Changes to this Privacy Notice
Who is responsible for your personal data?
ASMODEE GROUP, a French “Société par actions simplifiée à associé unique” with registered office at 18 rue Jacqueline Auriol, Quartier Villaroy, 78280 Guyancourt, registered with the Commerce and Companies Register of Versailles under number 399 899 806 (“Asmodee” or “we”) is the controller of your personal data.
What personal data do we collect about you?
We collect information regarding you, such as:
- Identification data, including your name and job title, birthdate, registration number, etc.,
- Skype address,
- Contact information including the identity and contact information of the company you work for and your email address, where provided,
- Invoicing and payment information,
- Information you provide to us for the purposes of attending meetings and events, including dietary restrictions,
- Relevant information as required by Anti-Money Laundering and Anti-Bribery Regulations in the context of the Know Your Supplier personal data processing carried out as part of our suppliers intake procedures. This may possibly include documents obtained from you, and possibly information obtained from third party sources online or offline, and
- Other information relevant to provision of services.
How do we use your personal data?
We use your personal data for the purposes listed below. Whenever we process your personal data, we do so on the basis of a lawful "justification" (or lawful basis) for processing, which we have identified in the table below.
|Purpose for processing||Lawful basis|
|1.||To carry out administrative operations relating to agreements (including their execution), orders, receipt of deliveries, invoices, payments, accounting in relation to vendor accounts management, etc.||This processing is necessary to perform the contract between you and Asmodee.|
|2.||To prepare payment instruments (checks, bills of exchange, drafts, promissory notes).||This processing is necessary to perform the contract between you and Asmodee.|
|3.||To establish financial statistic and turnover statistics per vendor.||We consider that we have a legitimate interest in conducting analysis regarding our activities to help us take business decisions.|
|4.||To provide a selection of vendors for the needs of Asmodee.||We consider that we have a legitimate interest in maintaining a list of our vendors to conduct our business operations.|
|5.||To maintain a documentation on vendors.||We consider that we have a legitimate interest in maintaining such a documentation to conduct our business operations.|
|6.||To comply with any applicable law, court order, other judicial process, or the requirements of a regulator.||This processing is necessary to comply with our legal obligations.|
|7.||To enforce our agreements with you.||We consider that we have a legitimate interest in ensuring that our contracts are performed correctly and in defending our rights where necessary.|
|8.||To enforce our legal rights and obligations, and for any purposes in connection with any legal claims made by, against or otherwise involving you.||We consider that we have a legitimate interest in protecting our organization from breaches of legal obligations owed to it and to defend itself from litigation.|
|9.||To protect the rights of third parties.|
This processing is necessary for the compliance with legal obligations to which Asmodee is subject.
This processing is also necessary for the purpose of the legitimate interests pursued by Asmodee. We consider that we have a legitimate interest in ensuring our activities do not violate any third parties’ rights.
|10.||In contemplation of and/or in connection with a business transaction such as a merger, or a restructuring, or sale.||We consider that we have a legitimate interest as we need to be able to make decisions relating to the future of our business in order to preserve our business operations or grow our business.|
|11.||Organization of promotional / marketing activities including meals or other events where information on food restrictions may be collected.||We rely on your consent to collect information for the organization of marketing activities where you may be involved, to better serve you|
|12.||To comply with our legal obligations in terms of suppliers verifications (including any Know Your Supplier, Anti-Money Laundering or Anti-Bribery regulations), conflicts or similar obligations including, but without limitation, maintaining regulatory insurance.|
This processing is necessary to comply with our legal obligations.
However, where such legal obligations result from laws other than EU or Member State law, then we consider that we have a legitimate interest in complying with such legal obligations when non-compliance may result in sanctions or other adverse consequences for our organization or the Asmodee group in general.
If you are an employee of one of Asmodee’s corporate customers, we only use your contact information for the management of the relationship with your employer. We consider that we have a legitimate interest in ensuring we can communicate with you and preserve our business operations with your employer.
Who do we disclose your personal data to?
We may share your personal data with a variety of the following categories of third parties as necessary:
- Other entities of the Asmodee group (the list of Asmodee affiliates is available here),
- Third party service providers (maintenance, storage, payment, logistics, marketing services, reputation audits, etc.), for the purposes described in Section 3. above,
- Our professional advisers such as lawyers and accountants, auditors,
- Government or regulatory authorities,
- Professional indemnity or other relevant insurers,
- Regulators/tax authorities/corporate registries,
- Partners, and
Please note this list is non-exhaustive and there may be other examples where we need to share with other parties where justified by our legitimate interest, permitted by applicable law, or necessary for compliance with a legal obligation to which we are subject.
In this context, your personal data may be transferred outside the European Economic Area (EEA), to countries not offering a level of protection of personal data equivalent to that offered within the EEA, such as China, USA, Canada, etc. In the absence of an adequacy decision of the European Commission, the transfer of your personal data will be made pursuant to the standard contractual clauses adopted by the European Commission or pursuant to any other legal protection mechanism in accordance with applicable law.
How long do we retain your personal data?
Our general approach is to retain your personal data only for as long as required to fulfil the purposes for which it was collected. We generally retain your personal data for the duration strictly necessary for the management of our relationship with you. However, unless you object, we retain your personal data used for marketing purposes for an additional 3-years period after the end of our relationship with you.
However, we may in addition retain personal data for longer periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or where such data is necessary to establish the existence of a right or contract. In that case, your personal data will be archived and retained for the duration imposed by applicable law, or for the duration of the applicable statute of limitations.
When your personal data will no longer be necessary, we will delete or anonymize them.
Security of your personal data
We are committed to keeping your personal data secure and we have implemented appropriate information security policies, rules and technical measures to protect it from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss.
All of our partners, employees, consultants and data processors, who have access to, and are associated with the processing of personal data, are obliged to respect its confidentiality.
What are your rights?
You have a number of rights in relation to your personal data. More information about each of these rights is set out below:
- Withdrawal of consent. You can withdraw at any time your consent in respect of any processing of personal data based on your consent, without affecting the lawfulness of processing based on your consent before its withdrawal.
- Access. You can ask us to confirm whether we process your personal data and, as the case may be, inform you of the characteristics of such processing, allow you to access such data and give you a copy of it.
- Rectification. You can ask us to rectify or complete inaccurate or incomplete personal data.
- Erasure. You can ask us to erase your personal data in the following cases: where it is no longer necessary for the purposes for which it was collected; you withdrew your consent; you objected to the processing of your personal data; your personal data has been processed unlawfully; or to comply with a legal obligation. We are not required to comply with your request notably if the processing of your personal data is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims.
- Restriction. You can ask us to restrict the processing of your personal data (i.e., keep but not use your personal data) where: the accuracy of your personal data is contested; the processing is unlawful, but you do not want it erased; it is still necessary to establish, exercise or defend legal claims; to verify the existence overriding grounds following the exercise of your right of objection. We can continue to use your personal data following a request for restriction, where: we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.
- Portability. You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it 'ported' directly to another data controller, but only where the processing is based on your consent or on the performance of a contract with you, and the processing is carried out by automated means.
- Digital legacy. You have the right to define (general or specific) directives regarding the fate of your personal data after your death.
- Right to object to processing justified on legitimate interest grounds. Where we are relying upon legitimate interest to process personal data (see Section 3), then you have the right to object to that processing. If you object, we must stop that processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defense of legal claims.
- Right to object to processing for marketing purposes. Where we process personal data for direct marketing purposes, then you have the right to object to that processing at any time.
You also have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes applicable law. In France, the supervisory authority for the protection of personal data is the CNIL (www.cnil.fr).
Contact and complaints
For further information regarding your rights or if you have any questions regarding the processing of your personal data, please contact firstname.lastname@example.org.
Changes to this Privacy Notice
We may occasionally change this Privacy Notice, for example, to comply with new requirements imposed by the applicable laws, technical requirements or good commercial practices. We will notify you in case of material changes.
Last update: December 22th, 2021.