TASTER PRIVACY POLICY – 2024

At TASTER, protecting your personal data is a priority. We adhere to practices that comply with the General Data Protection Regulation (GDPR) (European Regulation 2016/679 of April 27, 2016), UK GDPR and the French Data Protection Act (as amended by Law No. 2018-493 of June 20, 2018). This policy explains how we collect, use, and protect your data.

We encourage you to regularly review this policy, available on our website (www.taster.com), as it may be updated.

 

INTRODUCTION

This Privacy Policy (“Policy”) describes how TASTER processes personal data from its clients, prospects, partners, and users of its services (websites, mobile applications, and other digital platforms).

We are committed to maintaining a long-term, trustworthy relationship with our business partners and users by adopting practices that respect your rights and freedoms.

Note: If you interact with TASTER franchisees, please note that they manage their own privacy policies and are not subject to this Policy.

 

WHO ARE WE?

TASTER is a simplified joint-stock company with a capital of €2,705,000, registered with the Paris Trade and Companies Register under number 830 345 286. Our head office is located at 47 Boulevard de Courcelles, 75008 Paris.

 

If you have any questions regarding your personal data, you can contact us:

  • By mail: TASTER, Data Protection Officer, 47 Boulevard de Courcelles, 75008 Paris
  • By email: [email protected]

 

PURPOSES AND LEGAL BASES FOR PROCESSING

Why Do We Process Your Data?

 

Managing Business Relationships:

  • Processing orders, managing user accounts, and loyalty programs.
  • Communicating about your orders and complaints.
  • Creating user profiles for optimized B2B interactions, including analyses of partner needs.
  • Legal basis: performance of a contract.

 

Improving Our Services:

  • Analyzing your use of our platforms to personalize your experience.
  • Producing statistical reports to evaluate business performance and optimize offerings for our partners.
  • Developing initiatives tailored to the needs of collaborating companies.
  • Legal basis: legitimate interest or consent (e.g., for cookies).

 

Recruitment:

  • Managing applications and building a talent database for our B2B operations.
  • Providing personalized tracking of candidate journeys for sustainable collaborations.
  • Legal basis: legitimate interest.

 

Security and Legal Compliance:

  • Protecting against fraud and complying with legal obligations.
  • Ensuring the security of data exchanged within partnerships and joint projects.
  • Legal basis: legal obligation or legitimate interest.

 

DATA COLLECTED

We collect the following data, depending on your interactions with us:

  • Identity*: name, first name, position within the company.
  • Contact details*: postal address, professional email, phone number.
  • Transactional data: order history, payment methods.
  • Connection data*: IP addresses, activity logs, username, password.
  • Browsing data: preferences expressed on our websites or applications.
  • Professional data*: company, job title, past commercial interactions, specific needs identified during exchanges.

Some data (marked with *) may be essential for providing our services. You are free to refuse to provide this data, but doing so may limit your access to certain services.

 

RETENTION PERIODS

Your data is retained as long as necessary for the purposes for which it was collected, within the limits imposed by law:

  • Commercial data: up to 3 years after the last interaction or contract termination.
  • Data related to tax obligations: 10 years.
  • Candidate data: 2 years after the last contact, unless opposed.

 

DATA TRANSFERS AND SHARING

Your data may be transferred and/or shared with:

  • Internal TASTER teams (sales, marketing, etc.).
  • Our service providers (delivery, IT hosting, consultants for B2B optimization).
  • Authorities in the event of a legal obligation.
  • Our business partners as part of specific collaborations or franchises (with your consent).

 

We certify that we never sell your data to third parties.

Example of Partnership: When a franchise partner requests an analysis of consumption trends to optimize their local offering, aggregated and anonymized data may be shared with their consent.

 

YOUR RIGHTS

As a data subject, you have various rights. These rights are not absolute and are subject to specific conditions as outlined under the GDPR and applicable national laws (in France, the “Informatique et Libertés” Act of January 6, 1978, as amended; in the UK, the “UK GDPR”).

  • Right of Access: You have the right to obtain confirmation from us as to whether your personal data is being processed and, if so, to access this data and certain additional information (similar to what is provided in this Privacy Policy) regarding its use. You may also request a copy of your personal data. This allows you to verify that we are processing your information in compliance with data protection laws. We may refuse to provide such information where it would involve disclosing personal data about another person or otherwise adversely affect another person’s rights.
  • Right to Rectification: You may ask us to take steps to correct your personal data if it is inaccurate or incomplete (e.g., if we have an incorrect name or email address).
  • Right to Erasure: Also known as the “right to be forgotten,” this allows you to request the deletion or removal of your personal data where, for example, there is no compelling reason for us to continue using it or where its use is unlawful. However, this is not a general right to erasure, and exceptions apply, such as when the information is needed to defend a legal claim or to comply with a legal obligation.
  • Right to Restrict Processing: You have the right to “block” or suppress further use of your personal data in certain circumstances, such as while we evaluate a rectification request or as an alternative to erasure. When processing is restricted, we may still store your personal data but will not use it further.
  • Right to Data Portability: You have the right to obtain and reuse certain personal data for your own purposes across different organizations (separate data controllers). This applies only to personal data you have provided to us, which we process based on your consent or a contract and by automated means. In such cases, we will provide your data in a structured, commonly used, and machine-readable format or, where technically feasible, transmit it directly to another data controller at your request.
  • Right to Object: You have the right to object to certain types of processing, based on your particular situation, at any time, where such processing is conducted for the legitimate interests pursued by TASTER. However, we may continue to process your personal data if we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or if it is required for the establishment, exercise, or defense of legal claims. If you object to the processing of your personal data for direct marketing purposes, we will cease such processing immediately.
  • Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw your consent at any time. However, withdrawing your consent does not affect the lawfulness of any processing conducted prior to such withdrawal.
  • Right to Provide Post-Mortem Instructions: You have the right to provide us with instructions regarding the use of your personal data after your death (e.g., its retention, deletion, and disclosure). You may amend or revoke your instructions at any time.
  • Right to Lodge a Complaint: You have the right to file a complaint with:
    • The French Data Protection Authority (CNIL) in France, without prejudice to any other administrative or judicial remedy. You can contact them by mail at: CNIL – Service des Plaintes, 3 Place de Fontenoy – TSA 80715 – 75334 Paris CEDEX 07 or online via the following link: https://www.cnil.fr/fr/plaintes.
    • The Information Commissioner’s Office (ICO) in the UK via their online complaints portal: www.data-protection-complaints.

To exercise your rights, you may contact us using the details provided above.

 

DATA SECURITY

We place a high priority on the security of personal data. Appropriate technical and organizational measures are implemented to ensure that data is processed in a manner that guarantees protection against loss, destruction, or accidental damage that could compromise its confidentiality or integrity.

During the development and design stages, or when selecting and using tools that process personal data, we ensure that these tools meet optimal data protection standards. This includes implementing measures that comply with the principles of data protection by design and by default.

When engaging a service provider, we only share personal data after obtaining their commitment and guarantees regarding their ability to meet our security and confidentiality requirements. In compliance with our legal and regulatory obligations, we formalize these commitments in contracts that clearly define the conditions and methods for processing personal data.

In the event of a data breach, we will notify the CNIL or the ICO and, if necessary, the affected individuals.

 

DATA TRANSFERS OUTSIDE THE EU

Your data may be transferred outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place (e.g., European Commission standard contractual clauses).

 

CONTACT AND REMEDIES

In case of questions or disputes, you can:

 

GOVERNING LAW

This Policy is governed by French law. In case of disputes, only French courts will have jurisdiction.

TASTER remains at your disposal for any additional questions regarding your personal data.