GENERAL PERSONAL DATA PROTECTION POLICY

IFO, SARL, whose registered office is located at L’ANGUICHERIE, 49140 SEICHES-SUR-LE-LOIR France, registered under the number RCS Angers B 380317610, a subsidiary of the TERRENA Group (hereinafter IFO) processes Personal Data (as defined below) as part of its activity.

This Privacy Policy (the “Policy”) describes how IFO collects, uses and processes your personal data in accordance with applicable regulations. Your privacy is important to IFO and we are committed to protecting and preserving your privacy rights.
This Policy applies to the personal data that we may collect from our customers, suppliers and service providers in the performance of all types of commercial contracts. It also applies to the personal data of users of our various websites, of persons wishing to apply for our job vacancies and of all other persons whom we may legitimately contact in the course of the IFO Group’s activities.
Under the regulations applicable to the protection of personal data, and in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such personal data, and Law No. 78-17 of 6 January 1978 on information technology, files and freedoms, as amended (hereinafter together the “Personal Data Regulations“), the company responsible for your personal data is IFO.
IFO may modify this Policy from time to time. Please visit this page regularly to check for any changes.
If you do not agree with certain aspects of our Policy, you have legal rights which are indicated to you where necessary.

1 Introduction
2 Definitions
3 Collection of personal data
4 Protection of the personal data of minors
5 Purposes of collecting personal data
6 Recipients of personal data
7 Transfer of personal data outside the European Union
8 Security of personal data
9 Data rights
10 Easier contact for exercising rights
11 Policy update

1- Introduction

The personal data protection policy is based on the following non-exhaustive principles:

To comply with the optional application standards and recommendations of the Commission Nationale de l’Informatique et des Libertés (CNIL) and the Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI), while meeting IFO’s operational requirements;
Apply data protection rules from the design and implementation stage (“Privacy-by-design”, “Privacy-by-default”) of new products designed to process personal data, and reduce data collection to the strict minimum (“minimisation”).
Continuously monitor IFO’s compliance with its legal obligations and commitments throughout the life of its electronic data processing systems;
To ensure the greatest possible transparency in data processing, with the exception of information whose disclosure could compromise security;
Strengthening people’s rights and making it easier for them to exercise them.

2- Definitions

“Personal data“: any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.

“Data subject“: natural person whose personal data is processed as indicated in Article 4.

“Data Controller“: Natural or legal person who, alone or jointly with other entities, determines the purposes of the processing and the means it uses. The Data Controller is, as a general rule, the Terrena entity that collected the Personal Data. In the event that the Terrena cooperative, the parent company of the Terrena Group, provides this entity with technical, administrative, marketing or commercial assistance, the Terrena cooperative may also be considered as the Data Controller.

“Data processing“: Operations carried out on personal data, whether or not by automatic means, which consist in particular in the collection, recording, use, transmission or communication.

“Sub-processor“: natural or legal person, public authority, department or any other body that processes Personal Data on behalf of the Controller.

“Recipient“: the natural or legal person, public authority, internal or external department or any other body that receives communication of Personal Data.

“TERRENA“: The cooperative company Terrena and its subsidiaries.

3- Collection of personal data

The Personal Data that IFO is likely to collect varies according to the purpose of the processing. Its main purpose is to enable the identification of individuals in the context of their relations with IFO.

In any event, the Personal Data collected will be limited to that which is necessary for the purposes set out in Article 5 below.

People concerned

The persons concerned by the processing carried out by IFO are :

Visitors, users and customers of its websites
Customers (members and non-members) of SCA Terrena and its subsidiaries
Participants in surveys, polls or panels
Recipient of a promotion, online canvassing or commercial operation
Suppliers and service providers
Candidates and employees

Collection of personal data

Data may be collected directly from Data Subjects in various ways, including via :

Contracts signed with IFO ;
Quotations as part of pre-contractual relations ;
Events;
Paper or web forms on websites;
Cookies placed on the Internet browser of the persons concerned.

In the event of indirect collection of data from third parties (e.g.: purchase of files, sources accessible to the public), IFO undertakes to inform the Data Subjects at the time of first contact and, at the latest, within 1 month, unless the Data Subjects already have this information.

Note to visitors and users of its websites: certain functions and features of its websites can only be used if certain personal data is provided. Users are free to choose whether or not to provide all or part of the personal data requested. However, if the user decides not to provide them, such a decision may prevent the satisfactory achievement of the objectives described in Article 5 below, certain services and features of our websites may not function correctly and/or the user may be denied access to certain pages of the sites.

Customer data (members and non-members) :

The data that IFO collects about its customers is limited. As a general rule, IFO needs the contact details of its customers or prospects (in particular their name, telephone number, e-mail and postal address) in order to be able to execute the contracts concluded with its customers. In the context of customer satisfaction surveys, IFO also holds information relating to customers’ needs or constraints, which IFO may then use to ensure that marketing communications to them are relevant and timely. IFO may also hold additional information that customer contacts have chosen to communicate, particularly through loyalty programmes. In certain circumstances, when customers interact with certain IFO departments or divisions, calls may be recorded, depending on applicable local laws and requirements.

Data relating to suppliers and service providers :

IFO also collects data about its suppliers and service providers. In the interests of good management of our commercial relations, IFO collects information from its contacts within the supplier or service provider company, such as their name, telephone number and e-mail and postal addresses. IFO may also hold additional information that contacts within the supplier or service provider company have chosen to communicate.

Data relating to personnel management :

For candidates applying for IFO job vacancies, various types of information are collected to enable analysis of applications in relation to the positions offered, including identity, personal details, career history, qualifications and motivations.

IFO also collects all information useful for the proper management of its staff, in particular identity, marital status, personal details, professional background, diplomas, bank details, social security and administrative information in accordance with legal and regulatory provisions.

Data relating to users of its various websites:

IFO collects personal data from the users of its various websites, which is used to enable it to improve the use made of its websites and to manage the services that IFO provides. This information includes how its sites are used, the frequency with which the user accesses them, the type of browser, the location from which users visit IFO sites, the language used and the times when the sites are most visited.

4- Protection of the personal data of minors

IFO products and services are reserved for adults and are not intended to be marketed to minors. IFO does not voluntarily collect or store Personal Data from minors, except in the context of information relating to the management of its personnel.

5- Purposes of collecting personal data

Personal Data is collected for the purposes of IFO’s activity, such as the performance of contracts concluded with its customers (members or non-members), its suppliers and other service providers or any third party, for the purposes of its legitimate interests or the fulfilment of reporting obligations provided for by law, as well as for the recruitment of employees and the management of IFO employees.

IFO collects and uses Personal Data for the purposes of its activities and in particular to enable the following activities to be carried out:

Goals	Legal basis	Duration of storage
Concerning use of the websites
Make available the webites and the products and services offered on the websites	Execution of pre-contractual measures taken at the request of Users and/or Customers and/or performance of the contract	Duration necessary to achieve the purpose of the processing and for a further period of five (5) years
Responding to requests made via the forms or using the contact methods available on the websites	Execution of pre-contractual measures taken at the request of Users and/or Customers and/or performance of the contract	Duration required to achieve the purpose of the processing and for a further period of five (5) years
For all customers for customer relationship management
Create and manage current business accounts to enable quotations to be issued, orders to be managed, reservations to be made, deliveries to be made and invoices to be issued for products, services and solutions	Execution of pre-contractual measures taken at the request of Users and/or Customers and/or performance of the contract	Five (5) years from the date of the Customer’s last activity, then transferred to the archive for a further five (5) years.
Managing requests, questions and complaints	Execution of pre-contractual measures taken at the request of Users and/or Customers and/or performance of the contract	Five (5) years from the date of each request, question or complaint.
Find out about and characterise customers, monitor the relationship, improve and personalise communications, offers and advice, and carry out statistical studies.	Legitimate interest	Five (5) years from the date of the last Customer activity, followed by a further five (5) years in the archives.
To use personal data as a customer in order to be recognised as such by other services offered by other companies in the Terrena Group.	Legitimate interest	Five (5) years from the date of the last Customer activity, followed by a further five (5) years in the archives.
Provide digital tools, financial activity management services and regulatory data, and maintain the security of these tools	Legitimate interest	Five (5) years from the date of the last Customer activity, followed by a further five (5) years in the archives.
Manage commercial canvassing by post and telephone or electronic canvassing for similar products and services	Legitimate interest	Ten (10) years from your last activity, then destruction
For all suppliers
Managing purchasing and supplies: * Order management * Monitoring and management of purchases and stocks * Performance management and management of the operating account * Store supply management * Invoice generation	Legitimate interest	Five (5) years from the date of the last Supplier activity, then transferred to the archives for a further five (5) years.
Marketing and prospecting
To send promotions and offers, personalised or otherwise, by electronic means.	Consent	Ten (10) years from the last activity.
Participation in competitions, lotteries and prize draws.	Execution of pre-contractual measures taken at your request and/or performance of the contract	Three (3) years from the end of the competition concerned.
Carrying out profiling for the purpose of improving customer knowledge (establishing your profile, combining purchasing and informational data collected online and offline, segmentation, carrying out studies and analyses to better understand people’s expectations in terms of services, products or offers).	Legitimate interest	Personal data from online and offline purchases used for this purpose is stored for 24 months from the date of your purchase. The other personal data used for this purpose is stored for as long as you have a customer or loyalty account, and for no longer than 5 years from the date of your last activity.
For all candidates
Analysis of applications in relation to positions offered	Legitimate interest	1 month if candidate not selected but possibility of inserting CV library for a maximum of 2 years
With regard to compliance with legal and regulatory obligations, defending its rights, safeguarding its interests and combating fraud
Accounting and tax: Storage of invoices and other documents required for general accounting and tax purposes.	Compliance with legal and regulatory obligations	Personal data processed for accounting and tax management purposes is stored for a period corresponding to the current financial year plus one (1) year, after which it is transferred to an archive for a period of ten (10) years.
Exercising the rights of Users and/or Customers: Management of requests to exercise rights (communications, extracts of information required)	Compliance with legal and regulatory obligations	Personal data relating to requests to exercise rights are stored for three (3) or six (6) years from the date of the request, depending on the right exercised. Where proof of identity is required, it is deleted as soon as it has been verified.
Defence of IFO’s rights and the fight against fraud: Establishment and storage of the means of proof necessary for the defence of IFO’s rights in the context of actions and claims brought against it by Users and/or Customers and the fight against fraud.	Legitimate interest	The personal data required to establish and store the evidence needed to defend rights is stored for the duration of the applicable legal provisions, or for the duration of the dispute or litigation, should one arise, and until a final and binding decision has been handed down.
Public and judicial authorities: Management of requests from public or judicial authorities and communications with the authorities	Legitimate interest	Personal data relating to the management of requests from authorities is stored for the duration of the proceedings before the authority concerned, and until a final and binding decision has been handed down.

If IFO is required to process the personal data of Users and/or Customers for purposes other than those listed in the tables above, IFO will take any additional steps that may be necessary to ensure the legal compliance of all such processing.

6- Recipients of personal data

In order to achieve the purposes described above and only to the extent necessary for the pursuit of those purposes, the personal data we collect may be transmitted to some or all of the following recipients:

Within the Terrena Group :

Terrena Group subsidiaries in charge of placing, managing and executing contracts and orders;
Terrena Group subsidiaries in charge of marketing, customer relations, complaints, canvassing, administrative services, IT services, online advertising or commercial canvassing;
Terrena Group subsidiaries responsible for the centralised management of our customers’ databases;
To any other subsidiary of the Terrena Group whose intervention may be necessary to carry out the processing implemented in accordance with this policy.

Outside the Terrena Group :

Our service providers involved in all or part of the identified processing operations (in particular IT service providers responsible for maintaining the site, partners in the field of online advertising and personalised communications, and those responsible for the routing and delivery of products);
To our partners who operate services available on our site or services accessible through the use of loyalty programmes;
Our partners who sell products or services directly from our site;
Our partners involved in producing and sending commercial prospecting campaigns;
Our partners involved in the process of distributing personalised online advertising or commercial prospecting;
To the suppliers of products and services of the Terrena Group’s partners who may receive your personal data is available here.

7- Transfer of personal data outside the European Union

IFO is committed to ensuring that data is stored and transferred securely. Accordingly, data that is occasionally transferred outside the European Economic Area or EEA (comprising the Member States of the European Union, plus Norway, Iceland and Liechtenstein) will only be transferred to countries that comply with data protection legislation and where the means of transfer provide adequate protection for your data.

To ensure that personal information receives an adequate level of protection, appropriate procedures are put in place with third parties with whom personal data is shared to ensure that personal information is processed by these third parties in a consistent manner and in compliance with data protection legislation.

8- Security of personal data

The “processing” of Personal Data includes in particular the use, storage, recording, transfer, adaptation, analysis, modification, declaration, sharing and destruction of Personal Data in accordance with what is necessary in view of the circumstances or legal requirements.

8.1 Data security by TERRENA

TERRENA attaches particular importance to the security of Personal Data.

TERRENA implements technical and organisational measures, taking into account the degree of sensitivity of the Personal Data, to ensure the integrity and confidentiality of the data and to protect them against any malicious intrusion, loss, alteration or disclosure to unauthorised third parties.

Wherever possible and necessary, the following measures are taken:

Encryption ;
Anonymisation ;
Pseudonymisation ;
Deployment of resources to guarantee the confidentiality, integrity and availability of systems;
Deployment of resources to restore availability and access to your personal data in the event of a technical incident.

As all Personal Data is confidential, access to it is restricted to employees, subcontractors or business partners who need it to carry out their duties.

8.2 Data security by Data Recipients

In the event that Terrena uses applications, services or products provided by third parties, Terrena checks with their publishers to ensure that they comply with legal requirements and ensure the protection of the data processed.

In accordance with its commitments, Terrena chooses its subcontractors and service providers carefully and requires them to :

A level of personal data protection at least equivalent to its own;
Use of Personal Data solely for the purposes of managing the services they are required to provide;
Strict compliance with applicable legislation and regulations on confidentiality, banking secrecy and personal data;
The implementation of all appropriate measures to ensure the protection of Personal Data that they may be required to process;
Definition of the technical and organisational measures required to ensure security.

If you suspect any misuse, loss or unauthorised access to your personal information, please inform us immediately.

9- Data rights

Article 15 of the General Data Protection Regulation recognises the right of any individual to obtain from the Data Controller confirmation as to whether or not personal data relating to him or her is being processed and, where such data is being processed, access to it.

IFO has put in place appropriate Personal Data protection measures to ensure that Personal Data is used in accordance with the purposes set out above and to ensure that it is accurate and kept up to date.

Right to object :

You may object to us processing your personal data at any time.

Your request to object will be dealt with promptly and we will cease the activity to which you object. However, we reserve the right not to cease the activity in question if :

We can demonstrate that we have compelling legitimate grounds for processing your data which override your interests; or
We process your data for the purposes of establishing, exercising or defending a legal claim.

If your refusal relates to direct marketing, we must act in accordance with your opposition by ceasing this activity as far as you are concerned.

Where we have obtained your consent to process your personal data for certain activities other than those for which consent is not required, you may withdraw that consent at any time and we will cease to carry out the particular activity to which you had consented, unless we consider that there is some other reason why we should continue to process your data for that purpose, in which case we will inform you of that situation.

Access requests :

You may ask us to confirm the information we hold about you at any time, and you may ask us to amend, update or delete it. We may ask you to verify your identity and request further information about your request. If we give you access to the information we hold about you, we will not charge you for that access unless your request is “manifestly unfounded or excessive”. If you ask us for further copies of this information, we may charge you a reasonable administration fee where permitted by law. Where permitted by law, we may refuse your request. If we do so, we will always justify our refusal.

Right of erasure :

You have the right to request that we delete your personal data in certain circumstances.

In principle, the information in question must meet one of the following criteria:

The data is no longer necessary for the purposes for which it was originally collected and/or processed;
You have withdrawn your consent to the processing of your data and there are no other valid reasons for us to continue processing it;
The data have been processed unlawfully;
The data must be deleted to comply with our legal obligations as data controller; or
Where we process data because we consider it necessary for the purposes of our legitimate interests, you object and we are unable to demonstrate that there is a compelling legitimate reason for further processing.

We would be entitled to refuse to respond to your request only for one of the following reasons:

Exercising the right to freedom of expression and information ;
Comply with legal obligations;
For public health reasons in the public interest ;
For archival, research or statistical purposes; or
Exercising or defending a right in court.

When we respond to a valid request to delete data, we will take all appropriate practical steps to delete the data in question.

Right to limit processing :

You have the right to request that we restrict the processing of your personal data in certain circumstances. This means that we may only continue to store your data and may only carry out further processing activities in one of the following circumstances: (i) resolution of one of the circumstances listed below; (ii) your consent; or (iii) further processing is necessary for the establishment, exercise or defence of legal claims, for the protection of the rights of another person, or on important grounds of public interest of the European Union or a Member State.

You have the right to request that we restrict the processing of your personal data in the following cases:

If you dispute the accuracy of the personal data we process about you. In this case, our processing of your personal data will be limited while we verify the accuracy of the data;
When you object to our processing of your personal data for our legitimate interests. You may request that the data be restricted while we verify our grounds for processing your personal data;
Where your data has been unlawfully processed by us, but you simply prefer us to restrict its processing rather than delete it; and
When we no longer need to process your personal data but you request it in order to establish, exercise or defend legal claims.

If we have disclosed your personal data to third parties, we will inform them of the limited processing unless this proves impossible or involves disproportionate effort. We will, of course, inform you before lifting any restrictions on the processing of your personal data.

Right of rectification :

You also have the right to request that we rectify inaccurate or incomplete personal data that we hold about you. If we have disclosed this personal data to third parties, we will inform them of the rectification unless this proves impossible or involves disproportionate effort. Where appropriate, we will also tell you to which third parties we have disclosed inaccurate or incomplete personal data. If we believe that it is reasonable not to comply with your request, we will give you the reasons for this decision.

Right to data portability :

If you wish, you have the right to transfer your personal data from one controller to another. In practical terms, this means that you are able to transfer the data to another online platform. To enable you to do this, we will provide you with your data in a readable format. This right of portability applies to the following data: (i) personal data that we process automatically (i.e. without human intervention); (ii) personal data that you provide; and (iii) personal data that we process on the basis of your consent or in the performance of a contract.

The right to define general or specific directives relating to the storage, deletion or communication of personal data after the death of a User and/or Customer:

You have the option of defining general or specific directives concerning the manner in which you wish your rights under the applicable regulations to be exercised after your death.

The general directives concern all your personal data, and you may revoke them at any time. They may be registered with a trusted digital third party certified by the Commission Nationale de l’Informatique et des Libertés.

Specific directives concern the processing mentioned in these directives and are registered with Us: they are subject to your specific consent and you may revoke them at any time.

Right to lodge a complaint with a supervisory authority :

If, after contacting us in this respect, you consider that your rights with regard to your personal data have not been respected, you may submit a complaint to the Commission Nationale de l’Informatique et des Libertés (3 place de Fontenoy – TSA 80715 – 75334 Paris cedex 07 – telephone: 01 53 73 22 22 or https://www.cnil.fr/fr/plaintes).

It is important that the personal information we hold about you is accurate and correct. Please inform us of any changes to your personal information during the period in which we hold your data.

10- Easier contact for exercising rights

Although IFO has taken reasonable measures to protect Personal Data, no transmission or storage technology is totally infallible.

However, IFO is concerned to guarantee the protection of Personal Data. If you have reason to believe that the security of your Personal Data has been compromised or that it has been misused, you are invited to contact IFO at dataprotection[@]ifo-fruit.com.

You may exercise your rights at any time, and contact the Data Protection Officer at the following address:

By post to the following address IFO (Terrena Group), Data Protection/DPO, 7 avenue Jean Joxé, CS 20248, 49002 ANGERS, France, or
By e-mail to the following address: dataprotection[@]ifo-fruit.com

11- Policy update

This Policy may be updated according to IFO’s needs and circumstances or if required by law. We therefore invite you to read the updates regularly.

IFO undertakes to comply with legal and regulatory developments in the area of personal data.

In this respect, IFO reserves the right to modify its processing and security measures at any time, and to adapt its data confidentiality policy accordingly.

This general policy for the protection of personal data is drawn up in French and is subject to the application of French law for all questions that may arise in connection with its interpretation and execution. If, for any reason whatsoever, this policy were to be translated or drafted in another language, only the French version would be deemed authentic in the event of a dispute.

Updated on 24/02/2025