DNP Photo Imaging Europe SAS is a French company located at 22, avenue des Nations, Immeuble
Raphaël, Villepinte, 95948 ROISSY CDG Cedex, France and registered in the Register of Trade and
Companies of Bobigny under number B 312 273 550 (hereinafter “DNP”).
 
DNP markets certain items of photographic equipment, spare parts and accessories and sells its
products to professional clients so that its products can be resold to professional users.
 
DNP attaches great importance to the protection of personal data and compliance with the applicable
legislation, including the principles laid down in General Data Protection Regulation No 2016/679 of
27 April 2016 (hereinafter “GDPR”) and in Law no. 78-17 of 6 January 1978 (known as the “Data
Processing and Freedoms” law) as amended.
 
This Personal Data Protection Policy applies to all personal data collected and processed by DNP, as 
data controller, through its website and also through other channels, including trade fairs,
communication on social networks, contact and dialogue with clients or prospects in all European
countries.
 
Information gathered through cookies on our website is subject to special clauses which are set out in
the General Terms of Use (GTU).
 
 
What data do we collect?
 
DNP may collect and process personal data during the course of its activities such as:
 
- surname, first name
- work email address
- work telephone number
- business cards or position held within a company
- country of residence
- CVs which are sent to us
- photographs
 
When DNP collects personal data, data subjects are informed by means of remarks on the forms
intended for this purpose, in accordance with the applicable legislation.
 
In situations where the subject’s consent is required in accordance with GDPR principles, DNP
undertakes to obtain this consent by the appropriate means so that it is free and informed and to
respect the right of all persons to withdraw their consent at any time.
 
 
For what purposes is personal data collected?
 
DNP may use collected personal data for the following purposes:
 
- to register orders and supply the corresponding products or services;
- to manage requests, orders, payments, deliveries and returns/exchanges of products or services;
- to provide customer support in order to resolve a technical problem reported by a partner;
- to give access to its website or information or services accessible in reserved parts of the site;
- to send a newsletter in order to communicate with regard to its products and services;
- to communicate with regard to promotional actions concerning its products and services;
- to carry out statistical studies regarding the use and relevance of its sites, offers, products and
services;
- to reply to anyone who sends their CV or an application for the purposes of collaboration;
- to add to its social network accounts by posting photographs in accordance with the right of
the persons concerned to their image;
- to make it possible to purchase or provide software licences relating to products and services
offered by DNP;
- to respond to any contact requests or questions sent to it.
 
Some of the types of processing carried out by DNP for the purposes stated above are necessary to
enable DNP:
 
- to fulfil its contractual obligations towards its customers, partners and suppliers;
- to perform its statutory obligations, including in terms of guarantees, after-sales service, tax
and accounting;
- for certain legitimate interests relating to the management of its commercial activities among
other things.
 
In all other cases, the types of processing carried out by DNP are possible provided that the data subject
has explicitly consented to them.
 
DNP does not use personal data for the purpose of selling it on to third parties.
 
 
To whom is the personal data collected sent?
 
DNP may send the personal data that it collects to other companies within the DNP group including
the parent company in Japan. Transfers to Japan are governed by standard contractual clauses drawn
up by the European Commission, in accordance with the applicable legislation.
 
DNP may also send personal data which it collects to subcontractors, partners or service providers
located in Europe when it hires a third party to perform a service for one of the purposes described
above (e.g. delivery of a product). In this event, a contract will be entered into with each subcontractor,
partner or service provider so that the latter undertakes to guarantee the security and confidentiality
of the data transferred to it and to comply with the applicable regulations, and the GDPR in particular.
 
 
For how long is personal data kept?
 
DNP keeps the personal data that it processes for the period necessary for the purposes described
above, in accordance with the principles laid down in the GDPR, without prejudice to legislative or
regulatory provisions applicable to certain categories of data requiring a special retention period or
erasure of this data.
 
Personal data relating to customers or prospects will not be kept for longer than the retention period
that is strictly necessary for the management of the business relationship, with the exception of data
which is necessary to prove that a right or contract exists.
 
Personal data is retained by DNP for the following periods:
 
- Data relating to customers: 
The entire duration of the business relationship + 36 months from the last contact
 
- Data relating to prospects:
36 months following the last communication
 
- Bank details:
13 months after they are provided
 
- ID provided in order to exercise GDPR rights:
1 year following communication
 
- Archived data in relation to which the right to object to processing has been exercised:
6 years following archiving
 
- DNP website connection data:
36 months following the latest connection
 
- DNP cookies:
13 months following installation
 
CVs and applications:
2 years following the latest contact from the applicant
 
Once the above-mentioned retention period has ended, DNP may then archive, for up to 10 additional
years, data which is subject to a legal obligation of retention or which is of administrative significance
(handling of any disputes, tax proceedings, etc.).
 
 
What are DNP’s undertakings in relation to security?
 
DNP undertakes to take all technical and organisational measures required to maintain the protection
and security of personal data, in particular against any loss, alteration, distribution or illegal use.
 
DNP ensures that such measures are implemented in all operations performed during the course of its
processing, including during the collection, storage and hosting of personal data.
 
DNP also ensures that third parties whom it may hire (technical service providers, suppliers, etc.)
comply with this personal data protection requirement by implementing appropriate measures, in
accordance with the GDPR.
 
 
What are your rights and how can you exercise them?
 
In accordance with the GDPR and the “Data Processing and Freedoms” law as amended, anyone can
access personal data relating to them and have it communicated to them and, where necessary,
corrected or erased, by contacting DNP. You can also, for legitimate reasons, object to the processing
of data which relates to you.
 
In addition, as stipulated by the GDPR, we remind you that you have the right to have your personal
data erased when it is no longer needed for the purposes for which it was collected, the right to restrict
processing if you notice that your data is inaccurate, and the right to portability of your data.
 
For any requests, you can contact DNP by sending an email to Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser. or write
to: DNP - 22, avenue des Nations, Immeuble Raphaël, Villepinte, 95948 ROISSY CDG Cedex, France.
 
All requests must be accompanied by a photocopy of a form of ID of the data subject; this document
will only be kept for identification purposes and in order to process the response. DNP will have a
period of one (1) month following receipt of the full request in which to respond.
 
You also have the right to make a complaint to CNIL (www.cnil.fr) or any competent authority.
 
 
Amendments to this Personal Data Protection Policy
 
This Personal Data Protection Policy may be revised at any time by DNP, in line with changes in
legislation or the activities of our company.
 
If the Personal Data Protection Policy is amended, the new version in force will apply from the time
when it is posted online on the website www.dnpphoto.eu
 
In the event of a dispute, the applicable Privacy Policy will be the one that is in force at the time of the
acts giving rise to the dispute.
 
 
Version dated November 15th, 2018