索迪斯数据保护声明
-
Sodexo Privacy Policy (MAINLAND CHINA)
Sodexo.com隐私政策
Sodexo.com Privacy Policy本政策的目的
Purpose of this Policy
我们向您提供以下信息是为了让您了解索迪斯在个人资料保护方面的承诺。
The following information is provided to you to inform you of Sodexo commitments in terms of Personal data protection.索迪斯在相互信任的基础上与其客户、合作伙伴和消费者建立牢固、持久的关系,确保他们的个人资料的安全和保密是索迪斯的绝对优先事项。
Sodexo builds strong, lasting relationships with its customers, partners, and consumers based on mutual trust, making sure that their Personal data is safe and remains confidential is an absolute priority for Sodexo.索迪斯承诺遵守所有关于保护个人资料的适用法规和法律规定。
Sodexo is committed to complying with all applicable regulatory and legal provisions governing the protection of Personal data.索迪斯执行非常严格的隐私政策,以确保那些使用其网站、门户、应用程序和平台的用户的个人资料受到保护。
Sodexo enforces a very strict privacy policy to guarantee the protection of the Personal data of those who use its websites, portals, applications, and platforms索迪斯执行非常严格的隐私政策,以确保那些使用其网站、门户、应用程序和平台(我们的“网站”)的用户的个人资料受到保护。
Sodexo enforces a very strict privacy policy to guarantee the protection of the Personal data of those who use its websites, portals, applications, and platforms (our “Sites”):▬ 用户仍然可以控制自己的资料。数据是以透明、保密和安全的方式处理的。
Users remain in control of their own data. The data is processed in a transparent, confidential and secure manner.
▬ 索迪斯承诺遵守与个人信息相关的所有适用的法律,继续努力保护用户的个人资料。
Sodexo is committed to a continuing quest to protect its users’ Personal data in accordance with any applicable legislation relating to Personal Information.
▬ 索迪斯设有资料保护官员和地方数据保护联络员,如有任何问题,您可以与其联系。
Sodexo has a data protection officer and local DP SpoC that you can contact in case of question.请仔细阅读本政策,以熟悉需要收集和处理的个人资料的类别、我们如何使用这些个人资料,以及我们可能与谁共享这些资料。本政策还描述了您的权利,以及您如何与我们联系以行使这些权利,或向我们咨询任何与保护您的个人资料有关的问题。
Please read the Policy carefully to familiarize yourself with the categories of Personal data that are subject to collection and Processing, how we use this Personal data, and with whom we are likely to share it. This policy also describes your rights and how you can get in touch with us to exercise these rights or to ask us any questions you might have concerning the protection of your Personal data.本政策可能会进行修改、补充或更新,特别是为了遵守可能出现的任何法律、法规、判例法或技术发展。但是,您的个人资料将始终按照收集资料之时生效的政策进行处理,除非强制性法律规定另有规定或必须追溯执行。
This policy may be amended, supplemented, or updated, in particular to comply with any legal, regulatory, case law, or technical developments that may arise. However, your Personal data will always be processed in accordance with the policy in force at the time of the data collection, unless a compulsory legal prescription determines otherwise and must be enforced retroactively.数据控制者的身份和联系方式
Identity and contact details of the Controller
数据控制者是:
The Data Controller is:索迪斯
Sodexo SA注册办事处:255,quai de la Bataille de Stalingrad-92130 Issy-les- Moulineaux-法国
Registered office: 255, quai de la Bataille de Stalingrad - 92130, Issy-les-Moulineaux – France商标注册:301 940 219 RCS Nanterre
Trade register: 301 940 219 RCS Nanterre增值税号码: FR 40301940219
VAT number: FR40301940219电话:0130857500
Tel.: 01 30 85 75 00法定代表人: 苏菲·白龙(Sophie Bellon)
Legal Representative: Sophie Bellon定义
Definitions控制者 在个人信息处理活动中自主决定处理目的、处理方式的组织、个人。本政策中,控制者为索迪斯。
“Controller” Means any organization or individual that independently determines the purpose and method of processing in their activities of processing of personal information. In this policy, Controller means Sodexo.“个人资料” 系指以电子或者其他方式记录的与已识别或者可识别的自然人有关的各种信息,包括但不限于自然人的姓名、出生日期、身份证号码、个人生物识别信息、住址、电话号码等,但不包括匿名化处理后的信息。
“Personal data” Means any kind of information related to an identified or identifiable natural person as electronically or otherwise recorded, such as name, data of birth, ID number, personal biological identification information, address, and telephone number of the natural person, while excludes information that has been anonymized.“处理” 系指对个人信息或个人信息集执行的任何操作或一组操作,无论其是否通过自动化方式进行,例如收集、记录、组织、结构化、存储、改编或更改、检索、查阅、使用、通过传输披露、传播或其他方式提供、匹配或组合、限制、删除或销毁。
“Processing” Means any operation or set of operations which is performed on Personal information or on sets of Personal information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.“处理者” 代表控制者处理个人数据的法人主体。
“Processor” A legal person which processes Personal data on behalf of the Controller.“我们”或“我们的” 作为控制方的索迪斯实体。
“us” “we” or “our” Sodexo acting as Controller“您”或“用户” 任何网站的用户/访问者或服务的受益人。
“you” or “Users” Any Site user/visitor or beneficiary of the Services.您的个人资料将如何收集?您或其他人是否必须提供您的个人资料?
How will your Personal data be collected? Is it mandatory that you or others provide your Personal data?
我们可以通过下列方式收集您的个人资料:
We may collect your Personal data in the ways listed below:
▬ 直接向您收集您的个人资料,例如当您在我们网站上填写表格时;以及
Collection of your Personal data directly from you, such as when you complete forms on our Sites ; and
▬ 在您浏览本网站时,或通过我们的服务供应商和/或我们网站上的技术间接地收集您的个人资料。
Collection of your Personal data indirectly during your navigation on the Site or via our service providers and/or technologies on our Sites.
如果适用的当地法律要求收集您的个人资料,或在本网站上履行服务所必需的情况下,我们将强制性地收集您的个人资料。
We will collect your Personal data on a mandatory basis where this is required by applicable local laws or where this is necessary for the performance of the Services on the Site.如果我们无法收集这些强制性的个人资料,我们将无法管理您对本网站的访问。
If we are unable to collect these mandatory Personal data items, we will not be able to manage your access to the Site.
我们将基于哪些目的和法律基础收集和处理您的个人资料?索迪斯持有哪些个人资料?
For which purposes and on which legal basis will your Personal data be collected and processed? What Personal data does Sodexo hold?
我们可能会为某些与您使用本网站和我们提供的服务有关的目的处理、使用和披露您的个人资料,详情如下所述。
We may process, use, and disclose your Personal data for certain purposes, as detailed below, connected to your use of the Site and to the services we provide.我们将在向您提供访问本网站的权限时,或在履行我们必须遵守的法律义务时,收集和处理您的个人资料详情如下(本清单并非详尽无遗)。我们还将为索迪斯(Sodexo)的合法利益而收集和处理您的个人资料,除非您的利益或基本权利和自由优先于上述合法利益。当现行数据保护法律下的合法利益无法作为处理个人数据的合法基础时,我们将在法律要求的情况下征求您的明确同意。
We will collect and process your Personal data as detailed below (without this list being exhaustive) where necessary to provide you an access to the Site, or when it is necessary for compliance with a legal obligation to which we are subject. We will also collect and process your Personal data for Sodexo’s legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms. Where legitimate interests do not apply as a lawful basis for the Processing of Personal data under the applicable data protection laws, prior explicit consent will be alternatively collected if required by law.数据处理活动
Data Processing activities 目的
Purposes 个人资料的类别
Categories of Personal data 法律依据
Legal basis
Cookies
Cookies 网站的个性化和增强用户体验。
Personalization of the Site and Enhancement of the experience. IP地址
- IP address
Cookies
- Cookies
统计数据
- Statistical data 同意
Consent
合法利益
Legitimate Interest
网站导航
Site navigation 遵守法律义务
Compliance to Legal Obligations 身份信息(姓名、图像—如果由您提供)
- Identification Data (name, surname, image - if you provided it)
技术数据(连接时间和日期、元数据)
- Technical data (time and date of connection, meta data) 法律义务
Legal Obligation
闭路电视
CCTV 财产和人身安全
Security of Property and persons 闭路电视录像(图像)
- CCTV footage (images) 合法利益和法律义务
Legitimate Interest and Legal Obligation
我们在收集您个人资料时向您说明并在具体隐私政策中描述的其他目的
Any other purpose that we may specify to you at the time of collection and described in a specific privacy policy 在收集您个人资料时确定并在具体隐私政策中描述
- Determined at the time of collection and described in a specific privacy policy 在收集您个人资料时确定并在具体隐私政策中描述
Determined at the time of collection and described in a specific privacy policy
您的个人资料将被披露给谁?
To whom will your Personal data be disclosed?
索迪斯为索迪斯集团的任何成员公司、合伙企业或其他实体或组织。
Sodexo is part of an international group under the brand Sodexo.
您的个人资料有可能在索迪斯集团内部或外部转移。
There is a possibility of transfers of your Personal data within ou outside of the Sodexo group.▬ 在索迪斯集团内部
Within Sodexo对我们来说,您个人资料的安全和保密性非常重要。这就是为什么我们只允许我们的成员和员工在处理您的个人资料或提供本网站所需服务的严格必要范围内接触您的个人资料。我们确保有权处理个人资料的人员已承诺保密或负有适当的法定保密义务。
The security and confidentiality of your Personal data is of great importance to us. This is why we restrict access to your Personal data only to members of our and staff only to the extent strictly necessary to process your Personal data or to provide the services necessary for the Site. We ensure that the persons authorized to process the Personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
中华人民共和国个人信息保护法不允许将个人资料转移到中国大陆以外不能确保充分的数据保护水平的第三国。索迪斯实体开展业务的一些第三国位于中国大陆以外,不能提供与您居住国相同的数据保护水平。对于这些转移,索迪斯已根据相关的数据保护法律和规则实施了适当的保护措施。
PIPL does not allow the transfer of Personal data to third countries outside the China mainland that do not ensure an adequate level of data protection. Some of the third countries in which Sodexo entities operate are located outside of the China mainland and do not provide the same level of data protection as the country in which you reside. For those transfers, Sodexo has implemented the appropriate safeguards in accordance with the relevant Data Protection laws and rules.索迪斯在索迪斯集团内部实施了索迪斯约束性企业规则(BCRs)。因此,即使索迪斯实体运营的第三国位于欧洲经济区以外,您的个人数据也会受到与位于欧洲经济区内的任何实体同等的保护。
Sodexo has implemented the Sodexo’s Binding Corporate Rules (BCRs) within Sodexo Group. Therefore, even if the third countries in which Sodexo entities operate are located outside of the European Economic Area, your Personal data is protected in the same way that they would have been by any entity located within the European Economic Area.▬ 在索迪斯集团外部
Outside of Sodexo我们不会将您的个人资料披露给任何未经授权的第三方。但是,我们在遵守适用的数据保护法的情况下,为实现上述目的我们可能与我们可能聘请的授权服务提供商(例如,技术服务提供商[托管、维护]、顾问等)分享您的个人资料。
We will not disclose your Personal data to any unauthorized third parties. We may, however, share your Personal data with authorized service providers (for example, technical service providers [hosting, maintenance], consultants, etc.) whom we may call upon for the purpose listed above in compliance with the applicable data protection laws.我们向其披露和转移您的个人资料的所有第三方服务提供商均已与索迪斯或索迪斯集团实体签订了具有约束力的保密和数据处理协议,根据该协议,上述第三方只能按照索迪斯或索迪斯集团实体的指示行事。
All third-party service providers to whom we have disclosed and transferred your Personal data have been engaged under a binding confidentiality and data processing agreement with Sodexo or the Sodexo group’s entities, whereby said third party may act only upon the instruction of Sodexo or Sodexo Group’s entities.该第三方服务提供商和/或其他承包商,视情况而定,可能位于数据保护法提供的保护水平无法与中国法律相当的国家。如果索迪斯或索迪斯集团实体向该等接收者披露您的个人资料,该等披露仅限于灾难恢复之目的或应我们的要求提供协助之目的,在收到您的任何个人资料之前,我们将确定和/或确认为您的个人资料提供充分的保护水平,包括适当的技术和组织安全措施。特别是,如果有关接收者位于不能提供充分保护水平的国家,索迪斯或索迪斯集团实体还将执行其他适当的措施,包括标准合同条款,以确保该等转移符合适用的法律。如果您希望获得相关文件的副本,请发送电子邮件至dpo.china@sodexo.com。
This third-party service provider and/or other contractors, as the case may be, may be located in countries, where data protection laws may not provide a level of protection equivalent to Chinese law. If Sodexo or Sodexo group’s entities disclose your Personal data to such recipients, which shall be only for disaster recovery purposes or for the purpose of providing assistance on our request, we will establish and/or confirm that, prior to receiving any of your Personal data, they will provide an adequate level of protection for your Personal data, including appropriate technical and organizational security measures. In particular, if the recipients concerned are located in a country that does not provide an adequate level of protection, Sodexo or Sodexo group’s entities will also implement other appropriate measures, including standard contractual clauses, to secure such transfer in compliance with applicable law. If you want to access a copy of the relevant documentation, please send an email to dpo.china@sodexo.com.此外,我们可能在以下情况下分享您的个人资料:(i)法律或法律程序要求;(ii)应公共机构或其他官员的要求;或(iii)如果我们认为转移该等资料对于防止任何人身伤害或经济损失或涉及涉嫌或已证实的违法行为的调查是必要的或适当的。
Furthermore, we may share your Personal data (i) if the law or a legal procedure requires us to do so, (ii) in response to a request by public authorities or other officials, or (iii) if we are of the opinion that transferring this data is necessary or appropriate to prevent any physical harm or financial loss, or in respect of an investigation concerning a suspected or proven unlawful activity.第三方受益权
Third party beneficiary rights
如果您所在国家适用,您可以行使索迪斯BCR赋予您的第三方受益人权利。
If applicable in your country, you can enforce the third-party beneficiary rights afforded to you by the Sodexo BCRs.您的个人资料将保留多久?
How long will your Personal data be held?
我们将仅为实现收集和处理您的个人资料的目的所必需的时间存储您的个人资料,如上文所列。如适用,该期限可按适用的任何法律或法规规定的时间予以延长。
We will store your Personal data only for as long as necessary to fulfill the purposes for which it was collected and processed, as listed above. This period may be extended, if applicable, for any amount of time prescribed by any legal or regulatory provisions that may apply.为实现其目的, Cookie最多只能保存13个月。
Cookies will only be kept for a maximum of 13 months in order to fulfill their purposes.与您使用本网站有关的资料将根据处理的需要保存。
The data related to your use of the Site, will be kept for as long as necessary for the Processing.对于视频监控,资料最多保存30天。
For video surveillance, the data will be kept for a maximum of 30 days.最后,请注意,我们可能会对您的个人资料进行匿名处理,使您无法被识别,并继续将该等资料用于统计目的。用于统计目的的资料一旦进行了适当的匿名处理,则不再被归类为个人资料。
Finally, please note that we may anonymize your Personal data in such a way that you can no longer be identified and continue to use it for statistical purposes. Data used for statistical purposes is no longer classified as Personal data once it has been duly anonymized.敏感个人资料
Sensitive Personal data
作为一般规则,我们不会通过本网站或为提供服务而收集敏感个人资料。“敏感个人资料”是指与个人的种族或民族血统、政治观点、宗教或哲学信仰、工会成员资格、健康资料、或与自然人的性生活或性取向有关的资料。本定义也包括与刑事定罪和违法行为有关的个人资料。
As a general rule, we do not collect sensitive Personal data via our Site or to provide our services. “Sensitive Personal data” refers to any information concerning a person’s racial or ethnic origins, political opinions, religious or philosophical beliefs, union membership, health data, or data relating to the sexual life or the sexual orientation of a natural person. This definition also includes Personal data relating to criminal convictions and offenses.如确实有必要收集该等资料以达到进行本网站处理的目的,我们将根据保护个人资料的本地法律要求,特别是在获得您明确的事先同意的情况下,根据本政策所述的条件来收集该等资料。
In the event that it would be strictly necessary to collect such data to achieve the purpose for which the Processing is performed, we will do so in accordance with local legal requirements for the protection of Personal data and, in particular, with your explicit prior consent and under the conditions described in this policy.
您的隐私权
Your Privacy Rights
我们所持有的您的个人资料是准确的和最新的,这一点非常重要。如果您的个人资料发生变更,请通过更新您的网站账户来通知我们。
It is important that the Personal data we hold about you is accurate and current. Please keep us informed if your Personal data changes by updating your account on the Site.索迪斯承诺根据现行法律保护您的隐私权。下表总结了现行数据保护法下您所拥有的隐私权,该法适用于所有在本网站上处理的个人数据。
Sodexo is committed to ensuring protection of your privacy rights under applicable laws. You will find below a table summarizing your privacy rights under the applicable data protection law, which applies to all Personal data processed on the Site.数据保护权
Data Protection right 权利描述
Description of the rightRight of access and rectification
访问、更正和补充权 You can request access to your Personal Information we hold about you. You may also request rectification of inaccurate Personal Information, or to have incomplete Personal Information completed.
您可以请求访问我们所持有的您的个人信息,也可以请求更正不准确的个人信息,同时也可以将不完整的个人信息补充完整。
Right of copies
复制权 You can reasonably request copies of your personal information that we have in possession, we will try our best to provide you such copies if technology permits.
您可以合理要求我们提供我们所掌握的关于您的个人信息的副本,如技术允许,我们将会尽可能地向您提供该等副本。
Right to object
提出异议的权利 You can object to the processing of your personal information for legitimate reasons, unless the data processing is implemented in accordance with mandatory provisions of applicable law or for the fulfillment of specific contract.
如果拥有合法的理由,那么您可就您个人信息的处理向我们提出反对,但个人信息系按照适用法律的强制规定、或为履行特定合同之目的而必须处理的情况除外。
Right to delete
删除权 You can request to delete your Personal Information we hold about you.
您可以请求删除我们所持有的您的个人信息。
Right to change the scope of your authorization
改变授权范围 You can contact us through the contact information listed in this policy to change or withdraw the scope of our collection and processing of your Personal Information. When you withdraw your authorization, we will no longer process the corresponding Personal Information. Please note that your decision to withdraw your authorization will not affect our previous Personal Information processing activities based on your authorization. If the scope of the Personal Information you withdraw includes the Personal Information which we must collect in order to provide you with products and/or services, it may affect your normal usage of the corresponding products and/or services. In addition, with regard to the Personal Information we collect to fulfill our obligations under laws and regulations, if you request to change the scope of your authorization, we may not be able to respond to your such request.
您可以通过本政策中列明的联系方式联系我们以改变或者撤回我们收集和处理您的个人信息的范围,当您撤回授权时,我们将不再处理相应的个人
信息。请注意,您撤回授权的决定不会影响我们此前基于您的授权而开展的个人信息处理活动。如果您撤回的个人信息范围包含了我们为向您提供产品和/或服务而必须收集的个人信息,可能会影响您对相应产品和/或服务的正常使用。另外,对于我们为履行法律法规规定的义务而收集的个人信息,如果您要求改变您的授权范围,我们可能无法响应您的该项请求。
Right to lodge a complaint with the Supervisory Authorities
向监管机构投诉的权利 You can choose to lodge a Complaint with the relevant Supervisory Authorities regardless of whether you have suffered damages. You also have the right to lodge your Complaint before the courts where the Sodexo entity has an establishment or where you have your habitual residence.
无论您是否受到损害,您都可以选择向相关监管机构提出投诉。 您还有权向索迪斯实体设有营业场所或您常住地所在的法院提出投诉。
Right not to be subject to automated decisions
不受自动化决策约束的权利 You have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal affect upon you or significantly affects you.
您有权不受仅基于对您有法律影响或有重要影响的自动化决策(包括分析)的约束。You may, at any time, exercise any of the above rights or contact us with any data protection related queries or concerns:
您可以在任何时候行使上述权利,或就任何与数据保护相关的问题与我们联系:
- by completing the Request form and send it to the generic email address as indicated in the privacy notices and/or the privacy policies provided to you at the time of the collection of your Personal Data or,
填写申请表并将其发送至隐私声明和/或收集您的个人数据时提供给您的隐私政策中规定的通用电子邮件地址,或,
- by completing and submitting the dedicated Request webform;
填写并提交专用申请网络表单;
For more details, consult the Sodexo Data Protection Rights Management Policy (Mainland China)
有关更多详细信息,请参阅我们的《索迪斯数据保护权利管理政策(中国大陆地区)》。• 通常无需费用
No fee usually required在访问您的个人资料(或行使任何其他权利)时,您无需支付费用。但是,如果您的访问请求明显缺乏理由或过分,我们可能会收取合理的费用。或者,在该等情况下,我们可以拒绝遵守您的请求。
You will not have to pay a fee to access your Personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.• 我们可能需要您提供什么
What we may need from you我们可能需要您提供特定信息,以帮助我们确认您的身份并确保您访问信息的权利(或行使您的任何其他权利)。这是另一项适当的安全措施,以确保不会向任何无权接收个人资料的人士披露个人资料。
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal data is not disclosed to any person who has no right to receive it.
我的个人资料将如何得到保护?
How will my Personal data be protected?
我们实施所有可能的技术和组织安全措施,以确保处理您的个人资料时的安全和保密。
We implement all possible technical and organizational security measures to ensure security and confidentiality in Processing your Personal data.为此,我们考虑到个人资料的性质和与处理个人资料有关的风险,采取所有必要的预防措施,以维护数据安全,尤其是防止失真、损坏或未经授权的第三方访问(地点的实际保护、个人身份验证程序、通过标识符和保密密码的安全访问、连接日志、某些数据的加密等)。
To this end, we take all necessary precautions, given the nature of the Personal data and the risks related to its Processing, in order to maintain data security and, in particular, to prevent distortion, damage, or unauthorized third-party access (physical protection of the premises, authentication procedures with personal, secured access via identifiers and confidential passwords, a connection log, encryption of certain data, etc.).此外,如果我们与处理者订立合同,处理您的个人资料的全部或部分,我们将要求我们的服务提供商签署一份合同协议,以保证我们向他们传送或他们代表我们收集的个人资料的安全和保密,并遵守有关保护个人资料的适用条例。
In addition, if we contract with Processors for all or part of the Processing of your Personal data, we require a contractual agreement from our service providers to guarantee the security and confidentiality of the Personal data that we transmit to them or that they collect on our behalf, in accordance with the applicable regulations on the protection of Personal data.我们定期进行审计,以核实与您的个人资料安全有关的规则的正确应用。
We regularly conduct audits to verify the proper operational application of the rules relating to the security of your Personal data.然而,您也有责任确保您的个人资料的安全和保密,因此我们请您保持警惕,尤其是在使用诸如互联网之类的开放系统时。
Nevertheless, you also have a responsibility to ensure the security and confidentiality of your Personal data so we invite you to remain vigilant, especially when using an open system such as the Internet.与其他网站/平台的链接
Links to other sites/platforms
出于实用和提供信息的目的,我们偶尔会提供与其他平台的链接。这些平台独立于我们的网站运行,并且不在我们的控制之下。这些平台有其自己的隐私政策或使用条款,我们强烈建议您仔细阅读。对于这些平台上的内容、可能在这些平台上提供的产品和服务,或其任何其他用途,我们不承担任何责任。
Occasionally, we provide links to other platforms for practical and informative purposes. These platforms operate independently from our Sites and are not under our control. These platforms have their own privacy policies or terms of use, which we strongly advise you to read. We do not accept any liability with regards to the content on these platforms, for the products and services that may be offered there, or for any other use thereof.
如果您的个人资料的用途发生变化,我们将如何通知您?
How will you be notified if the uses of your Personal data change?
我们可能在需要时更新或修改本政策。在这种情况下,修改仅在修改之日起30个工作日后生效。如果您希望了解任何可能的变化,请随时查阅本页面。
We may update or amend this policy as and when needed. In this case, amendments will only become applicable after a period of 30 business days from the date of the amendment. Please consult this page from time to time if you want to be informed of any possible changes.如果您对本政策有任何问题或意见,请随时通过以下地址与我们联系:dpo.china@sodexo.com。
If you have any questions or comments with regard to this policy, please do not hesitate to contact us at the following address: dpo.china@sodexo.com.
-
索迪斯數據保障聲明 (中國香港地區)
Sodexo.com Privacy Policy
Purpose of this Policy
The following information is provided to you to inform you of Sodexo commitments in terms of Personal data protection.Sodexo builds strong, lasting relationships with its customers, partners, and consumers based on mutual trust, making sure that their Personal data is safe and remains confidential is an absolute priority for Sodexo .
Sodexo is committed to complying with all applicable regulatory and legal provisions governing the protection of Personal data.
Sodexo enforces a very strict privacy policy to guarantee the protection of the Personal data of those who use its websites, portals, applications, and platforms
Sodexo enforces a very strict privacy policy to guarantee the protection of the Personal data of those who use its websites, portals, applications, and platforms (our “Sites”):
▬ Users remain in control of their own data. The data is processed in a transparent, confidential and secure manner.
▬ Sodexo is committed to a continuing quest to protect its users’ Personal data in accordance with the Personal Data (Privacy) Ordinance (PDPO).
▬ Sodexo has a data protection officer that you can contact in case of question.Please read the Policy carefully to familiarize yourself with the categories of Personal data that are subject to collection and Processing, how we use this Personal data, and with whom we are likely to share it. This policy also describes your rights and how you can get in touch with us to exercise these rights or to ask us any questions you might have concerning the protection of your Personal data.
This policy may be amended, supplemented, or updated, in particular to comply with any legal, regulatory, case law, or technical developments that may arise. However, your Personal data will always be processed in accordance with the policy in force at the time of the data collection, unless a compulsory legal prescription determines otherwise and must be enforced retroactively.
Identity and contact details of the Data User
The Data User is:Sodexo SA
A Société Anonyme with a capital of
Registered office: 255, quai de la Bataille de Stalingrad - 92130, Issy-les-Moulineaux - France
Trade register: 301 940 219 RCS Nanterre
VAT number: FR40301940219
Tel.: 01 30 85 75 00
Legal Representative: Sophie BellonDefinitions
“Data User” Means a person who, either alone or jointly or in common with other persons, controls the collection, holding, processing or use of the data.
“Personal data” Means any data- (a) relating directly or indirectly to a living individual; (b) from which it is practicable the identity of the individual to be directly or indirectly ascertained; and (c) in a form in which access to or processing of the data is practicable.
“Processing” Means in relation to Personal Data, includes amending, augmenting, deleting or rearranging the data, whether by automated means or otherwise.
“Processor” A person who-(a) processes personal data on behalf of another person; and (b) does not process the data for any of the person’s own purposes.
“us” “we” or “our” The Sodexo entity acting as Data User
“you” or “Users” Any Site user/visitor or beneficiary of the Services.
How will your Personal data be collected? Is it mandatory that you or others provide your Personal data?
We may collect your Personal data in the ways listed below:
▬ Collection of your Personal data directly from you, such as when you complete forms on our Sites ; and
▬ Collection of your Personal data indirectly during your navigation on the Site or via our service providers and/or technologies on our Sites.
We will collect your Personal data on a mandatory basis where this is required by applicable local laws or where this is necessary for the performance of the Services on the Site.If we are unable to collect these mandatory Personal data items, we will not be able to manage your access to the Site.
For which purposes and on which legal basis will your Personal data be collected and processed? What Personal data does Sodexo hold?
We may process, use, and disclose your Personal data for certain purposes, as detailed below, connected to your use of the Site and to the services we provide.We will collect and process your Personal data as detailed below (without this list being exhaustive) where necessary to provide you an access to the Site, or when it is necessary for compliance with a legal obligation to which we are subject. We will also collect and process your Personal data for Sodexo ’s legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms. Where legitimate interests do not apply as a lawful basis for the Processing of Personal data under the applicable data protection laws, prior explicit consent will be alternatively collected if required by law.
Data Processing activities Purposes Categories of Personal data Legal basis
Cookies Personalization of the Site and Enhancement of the experience. - IP address
- Cookies
- Statistical data Consent
Legitimate Interest
Identity Authentication purposes - Identification Data(civil status, identity, images – if you provided it) Legitimate Interest Consent
Any other purpose that we may specify to you at the time of collection and described in a specific privacy policy - Determined at the time of collection and described in a specific privacy policy Determined at the time of collection and described in a specific privacy policy
To whom will your Personal data be disclosed?
Sodexo is part of an international group under the brand Sodexo.
There is a possibility of transfers of your Personal data within ou outside of the Sodexo group.▬ Within Sodexo
The security and confidentiality of your Personal data is of great importance to us. This is why we restrict access to your Personal data only to members of our and staff only to the extent strictly necesssary to process your Personal data or to provide the services necessary for the Site. We ensure that the persons authorized to process the Personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.Some of the third countries in which Sodexo entities operate are located outside of the Hong Kong and do not provide the same level of data protection as Hong Kong For those transfers, Sodexo has implemented the appropriate safeguards in accordance with the relevant Data Protection laws and rules.
Sodexo has implemented the Sodexo’s Binding Corporate Rules (BCRs) within Sodexo Group. Therefore, even if the third countries in which Sodexo entities operate are located outside of the European Economic Area, your Personal data is protected in the same way that they would have been by any entity located within the European Economic Area.
▬ Outside of Sodexo
We will not disclose your Personal data to any unauthorized third parties. We may, however, share your Personal data with authorized service providers (for example, technical service providers [hosting, maintenance], consultants, etc.) whom we may call upon for the purpose listed above in compliance with the applicable data protection laws.
All third-party service providers to whom we have disclosed and transferred your Personal data have been engaged under a binding confidentiality and data processing agreement with Sodexo or the Sodexo group’s entities, whereby said third party may act only upon the instruction of Sodexo or Sodexo Group’s entities.
This third-party service provider and/or other contractors, as the case may be, may be located in countries where data protection laws may not provide a level of protection equivalent to Hong Kong. If Sodexo or Sodexo group’s entities disclose your Personal data to such recipients, which shall be only for disaster recovery purposes or for the purpose of providing assistance on our request, we will establish and/or confirm that, prior to receiving any of your Personal data, they will provide an adequate level of protection for your Personal data, including appropriate technical and organizational security measures. In particular, if the recipients concerned are located in a country that does not provide an adequate level of protection, Sodexo or Sodexo group’s entities will also implement other appropriate measures, including standard contractual clauses, to secure such transfer in compliance with applicable law. If you want to access a copy of the relevant documentation, please send an email to dpo.hk@sodexo.com or dpo.group@sodexo.com.
Furthermore, we may share your Personal data (i) if the law or a legal procedure requires us to do so, (ii) in response to a request by public authorities or other officials, or (iii) if we are of the opinion that transferring this data is necessary or appropriate to prevent any physical harm or financial loss, or in respect of an investigation concerning a suspected or proven unlawful activity.
How long will your Personal data be held?
We will store your Personal data only for as long as necessary to fulfill the purposes for which it was collected and processed, as listed above. This period may be extended, if applicable, for any amount of time prescribed by any legal or regulatory provisions that may apply.Cookies will only be kept for a maximum of 13 months in order to fulfill their purposes.
The data related to your use of the Site, will be kept for as long as necessary for the Processing.
Finally, please note that we may anonymize your Personal data in such a way that you can no longer be identified and continue to use it for statistical purposes. Data used for statistical purposes is no longer classified as Personal data once it has been duly anonymized.
Your Privacy Rights
It is important that the Personal data we hold about you is accurate and current. Please keep us informed if your Personal data changes by updating your account on the Site.Sodexo is committed to ensuring protection of your privacy rights under applicable laws. You will find below a table summarizing your privacy rights under the applicable data protection law, which applies to all Personal data processed on the Site.
Data Protection right Description of the right
Right Of Access And Rectification You have the right to make a “data access request” pursuant to the Data Protection Law. This right enables you to request a copy of the Personal Data we hold about you. You may also request rectification of inaccurate Personal Data after you have been provided with a copy of your Personal Data following a data access request.
Right To Opt-Out From Direct Marketing Activities We are required to notify you and obtain your consent before using your Personal Data in any direct marketing activities or transferring your data to a third party for direct marketing activities.
We will not provide your personal data to third parties for direct marketing or other unrelated purposes without your consent.
Right to lodge a Complaint If You have a privacy-related complaint against Us, You may complete and submit the Request/Complaint Form (available in Our Data Protection Policy). If You are unsatisfied with our response, You can choose to lodge a Complaint with the Commissioner, in compliance with the Data Protection Law. A complaint must be in writing in Chinese or English and must specify the act or practice complained of and the data user involved.
Please visit the website of the Office of the Privacy Commissioner for Personal Data, Hong Kong at the following address: https://www.pcpd.org.hk/tc_chi/complaints/introduction/introduction.html for the various complaint channels available. You can also notably contact Sodexo SA’s lead Supervisory Authority, the French Supervisory Authority (the “CNIL”, www.cnil.fr ).
In addition, You have also the right to lodge your Complaint before the courts where the Sodexo entity has an establishment or where you have your habitual residence.To exercise these rights, You can send your Request or Complaint by sending an email to your Local Data Protection Special Point of Contact at the following email address dpo.hk@sodexo.com or with the Group Data Protection Officer at the following email address dpo.group@sodexo.com.
• No fee usually required
You will not have to pay a fee to access your Personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
• What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal data is not disclosed to any person who has no right to receive it.
Third party beneficiary rights
If applicable in your country, you can enforce the third-party beneficiary rights afforded to you by the Sodexo BCRs.
How will my Personal data be protected?
We implement all possible technical and organizational security measures to ensure security and confidentiality in Processing your Personal data.To this end, we take all necessary precautions, given the nature of the Personal data and the risks related to its Processing, in order to maintain data security and, in particular, to prevent distortion, damage, or unauthorized third-party access (physical protection of the premises, authentication procedures with personal, secured access via identifiers and confidential passwords, a connection log, encryption of certain data, etc.).
In addition, if we contract with Processors for all or part of the Processing of your Personal data, we require a contractual agreement from our service providers to guarantee the security and confidentiality of the Personal data that we transmit to them or that they collect on our behalf, in accordance with the applicable regulations on the protection of Personal data.
We regularly conduct audits to verify the proper operational application of the rules relating to the security of your Personal data.
Nevertheless, you also have a responsibility to ensure the security and confidentiality of your Personal data so we invite you to remain vigilant, especially when using an open system such as the Internet.
Links to other sites/platforms
Occasionally, we provide links to other platforms for practical and informative purposes. These platforms operate independently from our Sites and are not under our control. These platforms have their own privacy policies or terms of use, which we strongly advise you to read. We do not accept any liability with regards to the content on these platforms, for the products and services that may be offered there, or for any other use thereof.
How will you be notified if the uses of your Personal data change?
We may update or amend this policy as and when needed. In this case, amendments will only become applicable after a period of 30 business days from the date of the amendment. Please consult this page from time to time if you want to be informed of any possible changes.If you have any questions or comments with regard to this policy, please do not hesitate to contact us at the following address: dpo.hk@sodexo.com.