Order items
Checkout
Added
Effective June 28, 2024
ROCKWOOL FRANCE SAS (“ROCKWOOL”) is committed to protecting your privacy. The protection of personal data is important to us and we process this type of data exclusively in compliance with data protection requirements, in particular those of the General Data Protection Regulation (“GDPR”). For this reason, ROCKWOOL has implemented a set of Binding Corporate Rules (the “BCR” for Binding Corporate Rules ) which define the obligations that ROCKWOOL must fulfil with regard to data protection worldwide.
In the course of our business activities, we process, as data controller, the personal data of our customers, our suppliers, users of our websites and applications as well as our visitors and other third parties described in more detail in Section C.
In this data security policy, we inform you about the personal data we process, how we collect it, the legal basis and purpose of this processing, as well as the duration of data storage. We also inform you about the rights you have as a data subject.
ROCKWOOL FRANCE SAS
111, rue du Château des rentiers
75 013 PARIS
France
Email: dataprotectionswe@rockwool.com
Company registered under number: RCS Paris 305 394 397
If you have any questions regarding this data security policy and/or the processing of your personal data, please do not hesitate to contact us:
T: +33 (0)1 40 77 82 82
E-mail : dataprotectionswe@rockwool.com
Depending on your relationship with the ROCKWOOL Group entities, different types of personal data are processed for different purposes. Below you will find an overview of the types of personal data we process, the purposes for which we process them, the legal bases on which this processing is based and the period for which we retain the data in our systems.
|
Who? |
Types of personal data |
Purposes of processing |
Legal basis |
Retention periods |
|
Customers and their employees
|
First and last name, gender, address, telephone number, email address, position and place of work. |
Ensuring day-to-day customer relations, i.e. payment management, general communication, management of daily operations in accordance with legitimate and fair business practices (including planning, execution and management of cooperation; statistics, analyses). |
Performance of a contract (Article 6(1)(b) GDPR).
|
10 years from the last purchase of products or services.
|
|
Provide customer service and support (including satisfaction surveys). |
Legitimate interest in ensuring customer satisfaction and improving our products and services (Article 6 (1) (f) of the GDPR). | |||
|
Obtain information about our customers and how they use our products and services (for example, by asking them to respond to satisfaction surveys or market research). | ||||
|
Prevent fraud. |
Legitimate interest to protect the interests of the company (Article 6 (1) (f) of the GDPR). | |||
|
Establish, defend or exercise a legal right. | ||||
|
Prospects and their collaborators |
First and last name, gender, address, telephone number, email address, position and place of work. |
Create business contacts.
|
Legitimate interest to promote ROCKWOOL and sell our products and services (Article 6 (1) (f) GDPR). |
3 years from last interaction.
|
|
Statistical purposes. |
Legitimate interest in measuring the effectiveness of our activities (Article 6 (1) (f) of the GDPR). | |||
|
Create business contacts. |
Measures preparatory to the conclusion of a contract (Article 6 (1) (b) of the GDPR). | |||
|
Suppliers and their collaborators |
Name and surname, company telephone number, email address, position and place of work |
Ensuring the day-to-day supplier relationship, i.e. managing payments, general communication, managing day-to-day operations in accordance with legitimate and fair business practices (including planning, executing and managing cooperation, carrying out creditworthiness assessments and developing statistics and analyses). |
Performance of a contract (Article 6(1)(b) GDPR) – if you are self-employed, legitimate interest in performing the contract with the person who employs you (Article 6(1)(f) GDPR). |
10 years from the end of the accounting year to which the data relates if they are considered to be accounting data. 5 years from the date of receipt for non-accounting data if there has been no activity with the supplier. |
|
Search and locate suppliers. |
Legitimate interest in meeting the needs of the business and carrying out its usual business activity (Article 6 (1) (f) of the GDPR). | |||
|
Visitors to our physical sites |
First and last name, telephone number, email address, place of work, license plate number, if applicable, date and time of your visit. |
To ensure the security of our sites and to prevent and resolve breaches occurring on our sites. |
Legitimate interest in ensuring security on premises and protecting employees, visitors and property (Article 6(1)(f) GDPR). |
5 years from registration |
|
CCTV recordings (photos and videos) on our premises. |
Legitimate interest in ensuring security on premises and at physical sites and, where necessary, to protect ROCKWOOL’s interests in the event of criminal acts (Article 6 (1) (f) GDPR). |
10 days from the day of the visit or as long as necessary for the purposes of an ongoing matter. | ||
|
Recipients of emails and/or SMS – direct marketing. |
First and last name, gender (title and title), position, place of work, email address and/or telephone number.
|
To distribute commercial prospecting messages based on the information collected and the consent given. |
Legitimate interest in sending messages to interested professionals Consent to direct marketing based on valid consent to electronic communications (Article 6(1)(f) GDPR). |
3 years from the last interaction or until withdrawal of consent to commercial prospecting. A copy of this consent is kept for 2 years after withdrawal of consent for evidentiary purposes. |
|
Contact Form Users |
First and last name, email address, telephone number, subject and date of the request. |
Communicate with you for the purpose of marketing, promoting and selling ROCKWOOL products and services, and providing you with support. |
If your request concerns the (potential) formation of a contract, the legal basis will be taking steps necessary for entering into that contract or for the performance of an existing contract (Article 6 (1) (b) GDPR). If your request does not relate to a contract, the legal basis will be our legitimate interest in processing your request, communicating with you and marketing, promoting and developing our products and services (Article 6(1)(f) GDPR). |
3 years from the date they were obtained or from your last interaction if the use of your personal data was not in connection with the purchase of our products or services. |
|
Account Users |
First and last name, email address, username, fingerprints, password and your profile activity. |
Provide you with our services on/on our websites or applications. |
Performance of a contract for the provision of electronic services (Article 6 (1) (b) GDPR). |
Until the account is closed. |
|
Manage created user accounts; statistical and analytical purposes. |
Legitimate interest in establishing statistics and carrying out analyses for the purpose of improving the user experience (Article 6 (1) (f) of the GDPR). |
Until the account is closed. | ||
|
Social Media Profile Visitors |
Information available on your profile, including your name, gender, marital status, place of employment, interests, image and the city where you live; whether you “like” or post other reactions to our profile; comments you leave on our posts ; content you share with ROCKWOOL in a desire to interact; |
Improve our products and services, including our social media profiles and pages; * Platform providers may process your personal data for their own purposes independently of our processing. |
Legitimate interests in being able to communicate with you and send you direct marketing messages on our social media profiles, as well as our legitimate interest in improving our products and services (Article 6 (1) (f) GDPR). |
Retention periods are set by social media platform providers and are indicated in their data security policies: Meta (Instagram, Facebook) Google (YouTube) X (ex-Twitter) |
|
Description |
When? |
Types of personal data |
Purposes of processing |
Legal basis |
Retention periods |
|
Cookies, pixels, social media tools and other technologies |
When you visit our websites or applications and give us your consent regarding cookies. |
IP address, MAC address, browser type and devices, web page that referred you to the website or app, search terms entered into a search engine that referred you to the website, browsing history, click behavior, use of and navigation on websites and apps. * categories vary depending on the consent given in the cookie banner. This consent can be changed at any time here . |
Carry out commercial prospecting actions, in particular to facilitate your use of websites and applications; development of services, statistics and analyses; provision of personalized content and research |
Legitimate interest in providing a functioning website and application, marketing, developing and providing statistics, evaluating, promoting and selling our products and services through first-party cookies (Article 6 (1) (f) GDPR). Consent to the processing of personal data in connection with marketing cookies and third-party statistical cookies (Article 6 (1) (a) of the GDPR). Additionally, we always ask for and obtain valid consent for cookies, except for cookies and other strictly necessary technologies. |
data obtained through cookies, pixels, similar technologies and social media tools are deleted in accordance with our Cookie Statement . |
|
Facebook Custom Audiences/Lookalike Audiences |
When you subscribe to our newsletters, create a user account and accept our cookies, pixels or similar technologies, we send in some cases non-reversible hashed information to Facebook (Meta). |
Email address and in some cases, information about the product(s) you are interested in |
Create audiences for future ads through Facebook. |
Legitimate interest in making our products and services known, including to other persons who may have a similar interest in our products and services (Article 6 (1) (f) of the GDPR). |
As long as you do not object to the processing of your personal data. You can change the settings in your Facebook account . |
|
Email Tracking |
Emails that we send to you for marketing purposes based on your marketing consent or for events for which you have registered may contain tracking technologies that allow us to know whether you received the email, opened it or clicked on a link in it. |
Tracking information about your interaction with our email. |
Provide personalized content, analytics and statistics. |
Legitimate interest to develop, evaluate, promote and sell our products and services (Article 6 (1) (f) GDPR). |
If you have given your consent for commercial prospecting: as long as you do not withdraw this consent. A copy of the consent to commercial prospecting is kept for 2 years after the withdrawal of consent for evidentiary purposes. If you have not given your consent for commercial prospecting: 2 years after your last interaction (e.g. participation in the event or clicking in an email). |
The personal data collected may be transferred from one country to another, between ROCKWOOL Group entities, for the purposes for which it was collected provided that such transfer is not prohibited or restricted by law. All transfers between EU/EEA ROCKWOOL Group entities and non-EU/EEA ROCKWOOL Group entities are governed by ROCKWOOL ’s Binding Corporate Rules (BCR) which constitute the legitimate basis for the transfer of your personal data.
An overview of the ROCKWOOL Group entities can be found at:
https://www.rockwool.com/group/privacy-statements-of-rockwool-companies/
To achieve the purposes described above, we may provide access to your personal data to third parties providing services to ROCKWOOL Group entities within the framework of a contractual relationship.
These service providers, considered as subcontractors, may be:
Furthermore, your personal data is generally not transferred to third parties without your consent. However, in certain cases and in accordance with the law, it may be necessary to transfer them to data controllers belonging to the following categories:
|
Categories of recipients |
Type of personal data |
Legal basis |
|
Government authorities, law enforcement authorities, courts, lawyers and external auditors. |
Relevant information regarding a specific dispute, including, in some cases, purchases made. |
Article 6(1)(f) GDPR (legitimate interest). Article 6(1)(c) GDPR (legal obligation to send a description of the damage to the authorities). |
|
Payment service providers. |
Payment information. |
Article 6(1)(b) (contract) of the GDPR. |
Your personal data may also be transferred to third parties without the prior consent to the use of cookies provided for in our cookie policy and the terms relating to consent to the use of cookies.
If we transfer your personal data to recipients (data controllers and processors) whose registered office is located in a third country for which the European Commission has not adopted an adequacy decision, this transfer is based on the Data Privacy Framework (for companies based in the United States) or on the standard contractual clauses of the European Commission (for other countries), which we will send to you upon simple request at the telephone number or email address indicated above.
ROCKWOOL is committed to implementing appropriate security measures necessary to ensure the security of your personal data and our website has security measures designed to protect the personal data under our control from loss, misuse and/or alteration.
Cooperation with social media platform providers.
Facebook, Instagram and LinkedIn
For Facebook and Instagram (which are owned by Meta), ROCKWOOL and the social media providers are jointly responsible for the processing of personal data collected in the context of your interactions with the profiles, including posts about an interaction with the profiles on the ROCKWOOL page. However, Meta acts as a data controller on behalf of ROCKWOOL when it processes your personal data for the purpose of creating target groups (custom and lookalike audiences).
For LinkedIn, ROCKWOOL and the platform provider are jointly responsible for the processing of personal data for statistical purposes.
ROCKWOOL and the providers of LinkedIn, Instagram and Facebook have concluded agreements on the division of tasks regarding the protection of personal data. According to these agreements, the entities (such as ROCKWOOL) and the social media providers are each responsible for the tasks associated with the processing carried out. An overview of the division of responsibilities is available here:
YouTube
ROCKWOOL also uses Google as a data controller in connection with its use of YouTube and, in this regard, shares with YouTube certain information about your interactions, interests, etc. for the purpose of optimising marketing and the service, including our videos, on YouTube.
ROCKWOOL is the controller of personal data in connection with the management of its account on X (Twitter), and X (Twitter) is a separate controller for the personal data it processes. However, in some cases, X (Twitter) acts as a controller for ROCKWOOL, for example when uploading custom audiences to the platform.
National Commission for Information Technology and Civil Liberties (CNIL)
3 Place de Fontenoy
75 007 PARIS
France
Phone number: +33 (0)1 53 73 22 22
Website: https://www.cnil.fr/fr/plaintes
Right to restriction of processing (Article 18 GDPR): You have the right to restrict the processing of your personal data where one of the conditions specified in Article 18(1) GDPR is met.
Due to technical developments and/or changes in legal requirements, we reserve the right to adapt this data security policy. To the extent that changes to the data security policy are considered substantial and significant , you will be informed about this on our website and/or by means of our electronic signature in your correspondence with one of ROCKWOOL's employees. The latest version of this Data Security Policy can be consulted at any time at the following address: https://en.rockfon.international/legal-information/privacy-statement/
We provide customers with a complete acoustic ceiling system offering, combining sound absorbing ceiling tiles and wall panels with suspension grid systems and accessories.