The Consumer Goods Forum (hereafter “we“, “us“, “our“, and “CGF”) considers the protection of personal data of the users (hereafter “you“, “your” and “Users“) of its online services (hereafter the “Services“) and the respect of your privacy to be of crucial importance. We pay particular attention to the confidentiality and security of your personal data.

Therefore, this privacy policy (hereafter the “Policy“) is intended to inform you about the processing of your personal data we carry out when you use the Services available on our website accessible at www.theconsumergoodsforum.com (hereafter the “CGF Website“).

1. WHO IS THE DATA CONTROLLER FOR THE PROCESSING OF YOUR PERSONAL DATA?

1.1 Data controller

We, The Consumer Goods Forum, act as the data controller of the processing of your personal data.

1.2 Contact us

To contact us, please refer to Section 11 of this Policy (How to contact us?)

2. WHICH PERSONAL DATA DO WE COLLECT?

When you use the CGF Website, we may collect, use, store and transfer the following categories of personal data about you:

  • Identification data: any identification data necessary to identify you when you access and/or use the CGF Website and/or Services (e.g., last name, first name, e-mail address, postal address, telephone number, login, password, company name, position);
  • Communication data: any personal data embedded in messages or communications exchanged between us when you contact us or subscribe to our communications, including where applicable, recipient actions such as email open rates through embedded links within the newsletters or other communications you receive from us;
  • Feedbacks related data: where applicable, your responses to our surveys and satisfaction polls to assess what you like about our Services and about products available on the CGF Website; and
  • User support related data: where applicable, any personal data included in any incident reports or support requests you make regarding problems you may encounter using the CGF Website or Services, for example the purpose of your support request.

In some cases, the provision of your personal data is mandatory, failing which we will not be able to provide you with the Services and information you request. For example, if you contact us through the CGF Website, you will need to communicate your email address so that we can answer back to you.

In any case, we will inform you when the communication of your personal data is mandatory.
Furthermore, if you provide us with third parties’ personal data, you undertake to ensure that such data subjects have been duly informed of the processing of their personal data according to this Policy and, if required, have consented to such processing.

3. WHY DO WE PROCESS YOUR PERSONAL DATA?

In the table below, you will find the various purposes for which we may process your personal data and the corresponding legal basis. Depending on the circumstances, we use different legal basis to process the same personal data for different purposes.

You also have specific rights depending on the legal basis applied. You always have the right to request access to, rectification of or deletion of your personal data. These are detailed in Section 9 of this Policy (What are your rights?).

We process your personal data for the following purposes and on the following legal basis:

PURPOSE

LEGAL BASIS

CATEGORIES OF DATA CONCERNED

To manage your User account on the CGF Website (e.g., create, manage and delete User account).

The processing of your personal data is necessary for the performance of a contract with you or in order to take steps prior to entering into a contract (e.g., acceptance of the Terms of Use).

  • Identification data
  • Communication data
  • User support related data

To manage your registration and membership to The Consumer Good Forum’s members directory.

 

The processing of your personal data is necessary for the performance of a contract with you.

  • Identification data
  • Communication data
  • User support related data

To manage our contractual relationship with you and fulfil our contractual obligations (e.g., to provide you with the Services you registered for, such as participation to events or access to tools, materials and documentation provided by us).

The processing of your personal data is necessary for the performance of a contract with you (e.g., if you wish to use one of the Services available on or from the CGF Website, we need your business or personal details which you will be asked to provide when registering to this Service).

  • Identification data
  • Communication data
  • User support related data

 

To respond to requests you may submit on the CGF Website, and, more broadly, to manage our relationship with Users of the CGF Website (e.g., providing information and advice regarding the use of the Services (welcome message, new features, developments, etc.)).

The processing of your personal data is based on our legitimate interest to ensure proper communication with the Users of our Services.

  • Identification data
  • Communication data
  • User support related data

 

To provide, customise and improve our Services (e.g., to ensure proper functioning of the Services, troubleshoot and correct any problems, test our new features and ensure their proper functioning, collect feedback on our features and Services, conduct surveys and other research to determine what you appreciate about our Services and the products offered for sale, and what can be improved, produce statistics).

The processing of your personal data is based on our legitimate interest to optimise our tools and solutions and ensure the satisfaction of the CGF Website’s Users and prospects.

  • Identification data
  • Communication data
  • Feedbacks related data
  • User support related data

 

 

To carry out commercial prospection actions for consumers (e.g., sending personalised communications about the Services we offer on the CGF Website when you subscribe to our blog, newsletters or webinars).

The processing of your personal data is based on your consent.

  • Identification data
  • Communication data

 

To carry out commercial prospection actions for professionals (e.g., sending personalised communications about the Services we offer on the CGF Website when you subscribe to our blog, newsletters or webinars).

The processing of your personal data is based on our legitimate interest to promote our Services.

  • Identification data
  • Communication data

 

To communicate information on changes and modifications of the CGF Website.

The processing is necessary, as the case may be, (i) to comply with legal obligations to which we are subject (e.g., updating necessary to maintain the compliance of the Services) or (ii) for the performance of a contract with you (e.g., updating not necessary to maintain the compliance of the Services).

  • Identification data
  • Communication data

To comply with legal and regulatory obligations that may apply to us.

The processing of your personal data is necessary for compliance with our legal obligations (e.g., to answer requests from the competent administrative or judicial authorities or data subjects’ requests or claims).

  • Identification data
  • Communication data
  • Feedbacks related data
  • User support related data

To manage any potential or actual disputes with you or third parties.

The processing of your personal data is based on our legitimate interest to defend our interests, including through legal proceedings.

  • Identification data
  • Communication data
  • Feedbacks related data
  • User support related data

In any case, please note that we will not process your personal data for any other purpose that is incompatible with the purposes listed above.

4. WHO DO WE SHARE YOUR PERSONAL DATA WITH?

In the context of processing your personal data in accordance with this Policy, we may communicate your personal data to the following categories of recipients, if necessary:

  • our service providers, external suppliers, agents and contractors, to the extent that they assist us in carrying out the purposes set out in this Policy (e.g., we use IT service providers to host your personal data on our behalf).
  • our partners for the events we organize (including, sponsors, organizers and co-organizers, services providers dedicated to the events and, to the extent you are a member, The Consumer Goods Forum members’ directory) for the purposes of organizing the events and, subject to your prior and express consent, receiving information about their products, services or events.
  • our affiliates, i.e., companies part of the CGF group (“Group”); and
  • to competent courts, public authorities, government agencies and law enforcement agencies (e.g., in cases where we are required to comply with legal or regulatory requests).

We will only communicate your personal data to any recipient on a need-to-know basis and only when the processing by the recipient is strictly limited to the purposes identified in this Policy.

We do not sell your personal data.

5. DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA?

For the purpose of processing your personal data as described in this Policy, we may have to transfer your personal data outside the European Economic Area (“EEA”).

In these cases, we implement appropriate transfer mechanism and safeguards to ensure that the personal data transferred benefit from the same level of protection as within the EEA.

In practice, this means that each of the envisaged transfer is at least based on one of the following mechanisms:

  • the existence of an adequacy decision issued by the European Commission for the country to which your personal data is transferred; or, failing that,
  • the conclusion of standard contractual clauses as adopted by the European Commission; or, failing that,
  • the existence of Binding Corporate Rules as adopted by the Group; or, failing that,
  • the existence of an exemption linked to one of the specific situations exhaustively provided for by the General Data Protection Regulation n°2016/679 (“GDPR”). For example, where you have explicitly given your consent to the proposed transfer after having been informed of the absence of safeguards, where the transfer is necessary for the performance of a contract between you and us, where the transfer is necessary for the conclusion or performance of a contract concluded, in your interest, between us and a third party, or where the transfer is necessary for the establishment, exercise or defence of our legal claims, etc.

You may request a copy of these documents by contacting CGF, please see Section 11 of this Policy (How to contact us?).

6. HOW LONG DO WE RETAIN YOUR PERSONAL DATA?

We retain your personal data only for as long as necessary for the purposes for which it has been collected and in accordance with the applicable law.
This means that the retention periods we apply may vary depending on the purpose for which we process your personal data. The table below shows you the retention period that will be applied to your personal data for each purpose:

PURPOSE

CATEGORIES OF DATA CONCERNED

RETENTION PERIOD

To manage your User account on the CGF Website (e.g., create, manage and delete User account).

  • Identification data
  • Communication data
  • User support related data

 

We will retain your personal data for a maximum of 3 years from your last use of the CGF Website, if you have not closed your User account.

OR

We will retain your personal data until your User account has been closed including if you have requested the deletion of your account.

To manage your registration and membership to The Consumer Good Forum’s members directory.

 

  • Identification data
  • Communication data
  • User support related data

 

We will retain your personal data for 3 years after your last contact with our Services.

To manage our contractual relationship with you and fulfil our contractual obligations (e.g., to provide you with the Services you registered for, such as participation to events or access to tools, materials and documentation provided by us).

  • Identification data
  • Communication data
  • User support related data

 

 

We will retain your personal data for a maximum of 3 years from your last use of the CGF Website, if you have not closed your User account.

OR

We will retain your personal data until your User account has been closed including if you have requested the deletion of your account.

OR

We will retain your personal data for 3 years after your last contact with our Services.

To respond to requests you may submit on the CGF Website, and, more broadly, to manage our relationship with Users of the CGF Website (e.g., providing information and advice regarding the use of the Services (welcome message, new features, developments, etc.)).

  • Identification data
  • Communication data
  • User support related data

 

 

We will retain your personal data for a maximum of 6 months from the last contact you initiated with us or earlier if you exercise your right to object.

To provide, customise and improve our Services (e.g., to ensure proper functioning of the Services, troubleshoot and correct any problems, test our new features and ensure their proper functioning, collect feedback on our features and Services, conduct surveys and other research to determine what you appreciate about our Services and the products offered for sale, and what can be improved, produce statistics).

  • Identification data
  • Communication data
  • Feedbacks related data
  • User support related data

 

 

We will retain your personal data for a maximum of 6 months, although in most cases, shortly after the processing, your personal data will be aggregated into non-identifiable statistics.

OR

We will retain your personal data until you exercise your right to object before the expiration of the 6-month period mentioned above.

To carry out commercial prospection actions for consumers (e.g., sending personalised communications about the Services we offer on the GFSI Website when you subscribe to our blog, newsletters or webinars).

  • Identification data
  • Communication data

 

We will retain your personal data for 3 years after your last contact with our Services.

OR

We will retain your personal data until you withdraw your consent to the processing of your personal data through your User account.

To carry out commercial prospection actions for professionals (e.g., sending personalised communications about the Services we offer on the GFSI Website when you subscribe to our blog, newsletters or webinars).

  • Identification data
  • Communication data

 

We will retain your personal data for 3 years after your last contact with our Services.

 

To communicate information on changes and modifications of the CGF Website.

  • Identification data
  • Communication data

We will retain your personal data for as long as we remain subject to the relevant legal or regulatory obligations.

OR

We will retain your personal data for a maximum of 3 years from your last use of the CGF Website, if you have not closed your User account.

OR

We will retain your personal data until your User account has been closed including if you have requested the deletion of your account.

To comply with legal and regulatory obligations that may apply to us.

  • Identification data
  • Communication data
  • Feedbacks related data
  • User support related data

We will retain your personal data as long as we are subject to the relevant legal or regulatory obligations.

To manage any potential or actual disputes with you or third parties.

  • Identification data
  • Communication data
  • Feedbacks related data
  • User support related data

In the event that you have violated our applicable terms and conditions, including Terms of Use, we will retain your personal data for a period of 2 years after the closure of your account, if you have requested the deletion of your account, or, for a period of 3 years in the absence of such a request.

OR

In the event that your account has been suspended or terminated, we will retain your personal data for a period of 2 or 10 years, depending on the seriousness of the breach, from the suspension date in order to prevent any circumvention of the applicable rules of the CGF Website.

In any case, at the end of the applicable retention period, we will irrevocably erase or anonymise your personal data so that you can no longer be identified.

7. DO WE USE COOKIES?

We use cookies on the CGF Website. However, pursuant to the applicable data protection regulation on cookies and other tracking technologies, please note that we will ensure that we have obtained, where necessary, your prior consent before placing them on your equipment.

To learn more about the cookies we use and their purposes, please see our Cookies Policy.

8. HOW DO WE PROTECT YOUR PERSONAL DATA?

We protect your personal data with physical, digital and administrative security measures to reduce the risk of loss, unauthorised access, disclosure or unauthorised modification in the collection, retention and communication of User personal data.

9. WHAT ARE YOUR RIGHTS?

In accordance with the applicable personal data protection regulation, including the GDPR, you have the following rights: right to access, request rectification, request deletion, object, limit the processing, data portability of your personal data and the right to provide instructions on the use of your personal data after your death, where the French data protection legislation applies.

When the processing of your personal data is based on your consent, you may withdraw it at any time.

  • Right of access
    You may request access to your personal data at any time. If you exercise your right of access, we will provide you with a copy of your personal data in our possession as well as all information relating to its processing.
  • Right of rectification
    You have the right to ask us to rectify or complete any personal data in our possession that you consider to be inaccurate or incomplete.
  • Right to erasure
    You can ask us to delete your personal data, for example if it is no longer necessary for the processing we carry out.
    We will make our best efforts to comply with your request. Please note, however, that we may have to retain some or all of your personal data if we are required to do so by applicable law or if the personal data is necessary for the establishment, exercise or defence of our rights.
  • Right to object
    You may object at any time, on grounds relating to your particular situation, if we use your personal data. We will then stop processing your personal data unless there are overriding legitimate grounds for continuing to process your personal data (for example, if your personal data is necessary for the establishment, exercise or defence of our rights or the rights of third parties in court proceedings). If we are unable to comply with your request to object, we will inform you of the reasons for our refusal.
    You can also object at any time to our processing of your personal data for marketing purposes.
  • Right to restrict processing
    You may also request that we restrict the processing of your personal data on grounds relating to your particular situation. For example, if you dispute the accuracy of your personal data or object to the processing of your personal data, you may also request that we do not process your personal data for the time necessary to verify and investigate your claims.
    In this case, we will temporarily refrain from processing your personal data until necessary verifications have been made or until we comply with your requests.
  • Right to data portability
    You may request portability of the personal data you have provided us with. At your request, we will provide you with your personal data in a readable and structured format so that you can easily re-use it.
    The portability of your personal data applies only to personal data that you have provided to us or that result from your activity on the CGF Website, under the condition that the disclosure of your personal data does not infringe the rights of third parties. If we are unable to comply with your request, we will inform you of the reasons for our refusal.
  • Right to withdraw consent
    You have the right to withdraw consent at any time for personal data processing based on consent. Withdrawing your consent prevents us from processing your personal data but does not affect the lawfulness of the processing carried out before the withdrawal.
  • Right to provide instructions on the retention and communication of your personal data after your death, where the French data protection legislation applies
    You can provide us with instructions on how to use your personal data after your death. For example, you can request that we retain, delete or transfer your personal data to a third party that you have designated.

10. HOW TO EXERCISE YOUR RIGHTS?

If you wish to exercise your rights, you may contact us by using the contact information provided in Section 11 of this Policy (How to contact us). To be able to process your request efficiently, we may ask you additional information to confirm your identity and/or to ease retrieval of personal data concerned by your request.

Please note that some of these rights are subject to specific conditions laid down in the applicable personal data protection regulation. Therefore, if your particular situation does not meet these conditions, we will unfortunately not be able to respond to your request. In this case, we will inform you of the reasons for our refusal.

In any case, please note that you can lodge a complaint with the French Data Protection Authority (Commission Nationale de l’Informatique et des Libertés (“CNIL”)).

11. HOW TO CONTACT US?

If you have any question regarding the processing of your personal data under this Policy, including the exercise of your rights as detailed above, you can contact us (i) by email ; or (ii) by post at the following address:
Consumer Goods Forum 47-53 Rue Raspail, 92300 Levallois-Perret, France.

12. WHEN AND HOW WILL YOU BE INFORMED IF THIS POLICY CHANGES?

We periodically review this Policy to ensure it is compliant and up to date with applicable data protection regulation.

You will be notified in case of substantial changes to the Policy (for example, if the modifications impact the categories of personal data processed or the purposes of processing), and we will send you a hyperlink to the updated Privacy Policy within 30 days before publication. This information will be provided to you by email or will be made available via a pop-up window displayed when visiting the CGF Website. This will give you the opportunity to review the updated Policy before you decide whether to continue using the CGF Website.