logo logo_ygnis

Confidentiality and personal data protection policy

Version updated on 22 February 2019

[Ygnis is a GROUPE ATLANTIC brand]

Protecting your privacy and personal data is one of our key concerns. GROUPE ATLANTIC applies the following basic principles with regard to confidentiality and personal data protection:

  • We only ask you for or process personal information if it is essential or if you have given us your consent to do so.
  • We do not share your personal data with anybody, unless this is required by law, to help you, to protect our rights, or if you have given us your express agreement to do so.

GROUPE ATLANTIC obeys all of the personal data protection laws and regulations in force in the countries where it operates, including in particular, but not limited to, European Regulation 2016/679 of 27 April 2016 (the General Data Protection Regulation, often known as GDPR).

By using the services offered by GROUPE ATLANTIC, you accept the practices described in this personal data processing policy.

Who is the controller of my personal data?

The controller is the company that defines for what purpose and how your personal data will be used.

The personal data collected on the site, mobile applications and when you place an order are controlled by:

Atlantic Société Française de Développement Thermique RCS La Roche Sur Yon 562 053 173

Head office: 44 boulevard des Etats-Unis, 85 000 La Roche Sur Yon, FRANCE

Hereafter referred to as “GROUPE ATLANTIC”


What personal data is collected?

GROUPE ATLANTIC undertakes to only collect personal data that is strictly necessary for the performance of the services subscribed to, such as:

  • Surname, first name, address, email address and telephone number of the user, the recipient of the order or quote, the customer or the job applicant;
  • Order and/or customer delivery address if different;
  • Address for collection of a product if it has to be returned;
  • Connection data (IP address, connection log);
  • SIREN (company identification) number for our loyalty schemes for business customers;
  • Date and place of birth and social security number for our loyalty schemes for employees of our business customers;
  • Data contained in job applicants’ CVs and covering letters;
  • In some cases, location data, in order to facilitate the configuration of your devices or services, or to find a business nearby;
  • Information and measurements relating to our products and services (connected devices and applications);
  • In some cases, your Wi-Fi network identifiers (SSID and password) in order to pair your Wi-Fi devices and control them remotely.

Why do we collect personal data?

GROUPE ATLANTIC processes personal data for the following purposes:

  • Managing our customers and prospects;
  • Managing online orders on our web sites;
  • Managing after-sales service for our products;
  • Managing our loyalty schemes;
  • Providing our customers and prospects with assistance, particularly regarding product selection, installation and configuration;
  • Studying and analysing the use of our services, particularly for improvement purposes;
  • Managing recruitment;
  • Conducting surveys and improving our products and services;
  • Managing and coordinating our business networks;
  • Participation in games and competitions.


GROUPE ATLANTIC thus processes the personal data concerning you on the following legal bases:

  • pursuant to the contractual relationship between you and GROUPE ATLANTIC or
  • due to the legitimate interest that GROUPE ATLANTIC has in processing your personal data (if GROUPE ATLANTIC has a commercial interest in processing your data that is justified, proportionate and does not interfere with your privacy) or
  • when you have given us your consent for us to process your personal data, or
  • as part of the processing of personal data that is mandatory pursuant to legislation.


What are my rights and how can I exercise them?

As a customer or user of GROUPE ATLANTIC’s services, you have the right:

  • to request that the processed data concerning you is erased from our files. If you exercise your right to be forgotten, and you have access to a customer area on a web site, this access will then be suspended as your login will be erased from our files. We cannot erase your data while you have an order outstanding or a dispute exists between you and us or, more generally, while we need your data to perform a contract or fulfil one of our obligations;
  • to object to the collection and processing of data concerning you when they are not strictly necessary;
  • to access the data collected concerning you and receive them in a commonly used machine-readable format;
  • to obtain the rectification of the data concerning you;
  • to request restriction of the processing of the data concerning you – for example by refusing any use for canvassing purposes.


These rights can be exercised by contacting us:

  • By email: dpo@groupe-atlantic.com
  • By post (with a copy of your identification document if you are exercising your rights) at the following address:


A l’attention du délégué à la protection des données (DPO)

44 boulevard des Etats-Unis

85000 La Roche-sur-Yon


You also have the right to lodge a complaint with a supervisory authority and seek a judicial remedy, particularly if no action has been taken on your requests to exercise your rights within a period of one month after they were made.

How long do we retain your data for?

The personal data collected by GROUPE ATLANTIC are retained only for as long as necessary to achieve the purpose for which they were collected or to comply with legal and regulatory provisions. GROUPE ATLANTIC undertakes not to retain your personal data beyond the period necessary for the provision of the service.

Where do we store your personal data?

The processing of personal data by GROUPE ATLANTIC takes place in data centres hosted in the European Union.

If personal data is transferred to Group companies or processors outside the European Union, GROUPE ATLANTIC undertakes to ensure that these recipients comply with the provisions of Regulation (EU) 2016/679.

Who has access to your personal data?

GROUPE ATLANTIC may disclose the personal data that you have provided or that it has collected to its subsidiaries, employees, service providers or affiliated bodies

that need to know this information in order to process it on behalf of GROUPE ATLANTIC or provide services for the purposes mentioned above, and

that have agreed not to disclose them to third parties.

GROUPE ATLANTIC will not rent or sell personal data to third parties. Apart from its employees, service providers and affiliated bodies, as stated above, GROUPE ATLANTIC only discloses personal data when required to do so by law.


How do we canvass our customers?

If you have given us your email address or mobile telephone number and have consented to receive communications from us, or if you have placed an order with us, GROUPE ATLANTIC may send you emails or text messages to tell you about our offers, give you information about new features and products, ask for your opinion or simply keep you abreast of news and offers from GROUPE ATLANTIC brands. You can object to all canvassing of this type at any time, by unsubscribing via the link in each email, replying with STOP to a text message or contacting our DPO at one of the addresses given above.


How are your personal data protected?

GROUPE ATLANTIC takes all reasonable measures necessary to protect the personal (or potentially personal) data processed against unauthorised access, use, modification or destruction.

We have undertakings relating to the security of our services and have put in place physical, administrative and technical measures aimed at preventing unauthorised access to your data. Our security policies cover security management for internal operations and our services. These policies govern all areas of security applicable to the services and apply to all GROUPE ATLANTIC employees, as well as our service providers and subcontractors who need to have access to this data.

If we establish that your data has been misappropriated or otherwise acquired erroneously by a third party, we will inform both you and the supervisory authority (CNIL in France) as soon as possible.


How are personal data concerning minors collected?

Although GROUPE ATLANTIC does not seek to collect personal data concerning minors, some services may be used by minors. In this case, it is up to the parents or any person with parental responsibility to decide whether their minor child is permitted to use the GROUPE ATLANTIC services.


Changes to the confidentiality policy

GROUPE ATLANTIC may change its personal data processing policy at any time. The use of any GROUPE ATLANTIC service after changes have been made to its confidentiality policy constitutes acceptance of those changes.