Skip to main content

Generix Launches Solochain Now – Packaged Solution to Deploy a Complete SaaS WMS in as Little as 16 weeks View the press release

Search

PRIVACY POLICY

I. Introduction

This policy was updated on February 28, 2025.

Generix Group SAS and the entities of the group (hereinafter “Generix” or “we”) are likely, during their activities, to process your personal data (or “personal information”). This policy establishes a standard for the protection of privacy, personal data or personal information (hereinafter referred to as “personal data” or “DCP”). This Policy does not, however, supersede applicable national laws and regulations regarding data privacy in the countries in which Generix operates. Local laws will be respected at all times.
Generix undertakes that the collection and processing of said DCP will be carried out in accordance with the General Data Protection Regulation (GDPR), the French Data Protection Act No. 78-17 of January 6, 1978 relating to modified information technology, files and freedoms, in its current version, as well as the recommendations issued by the French Data Protection Authority (CNIL).
Generix also undertakes to comply with any other law on the protection of personal data that may be applicable to its activities, such as:

  • Quebec’s Act respecting the protection of personal information in the private sector, as amended by the Act to modernize legislative provisions respecting the protection of personal information, known as Bill 25;
  • Brazilian Law 13.709/2018 (General Law on Personal Data Protection known as LGPD).
  • Portuguese national law no. 58/2019 of August 8, 2019 on the protection of personal data
  • And any other regulations that may apply.

II. Scope of application

This policy provides you with information on how Generix handles personal data. It is regularly updated to consider legislative and regulatory developments, and any changes in Generix’s organization.

However, this policy does not cover:

  • Personal data that is processed in accordance with Generix’s website policy, which includes links to social networks, cookie management and processing specific to the use of the site. To find out more, consult our policy at the following link: Privacy policy – Generix (generixgroup.com).
  • Personal data processed as part of the recruitment process. To find out more, please consult our Candidate Privacy Policy.

III. Generix’s commitments

Generix undertakes to comply with the applicable regulations for the processing of personal data that it carries out. In particular, Generix undertakes to comply with the following principles:

  1. Process your personal data lawfully, fairly and transparently;
  2. To collect your personal data for specific, explicit and legitimate purposes and not to process them in a way incompatible with these purposes;
  3. Ensure that personal data processed is adequate, relevant and limited to what is necessary for the purposes for which it is processed;
  4. an appropriate level of security for said data.

    5. Each processing operation will be carried out taking into account the principles of data protection, in order to comply with the principles of data protection by design and by default.

    These commitments are expressed as follows:

    1. Respecting your privacy ;
    2. Generix guarantees the protection and security of your personal data;
    3. Work with trusted partners who offer sufficient guarantees regarding the implementation of technical and organizational measures to ensure that processing meets the requirements of current regulations;
    4. Respect your rights as a data subject and make every effort to respond to your requests as soon as they are justified.

    IV. Generix’s commitments as data controller

    Generix, when acting in its capacity as data controller, is responsible for the personal data you provide directly or indirectly (i.e. via third-party sources).

    1) Information to be provided when collecting personal data

    When collecting personal data, Generix undertakes to inform you, in simple and clear terms, in particular of the following elements:

    • The purposes for which personal data is collected,
    • Personal data collected,
    • The means by which personal data is collected,
    • Rights regarding personal data,
    • Where applicable, the legal basis,
    • Where applicable, the data subject is informed of the name of the third party on whose behalf the data is being collected,
    • The names of third parties or categories of third parties to whom it is necessary to communicate personal data,
    • The possibility that information may be disclosed outside the European Union or Quebec,
    • The categories of persons who have access to this information within Generix,
    • How long this information will be kept,
    • Contact information for the Data Privacy Officer.

    In addition to this information, in the event of the use of a technology with functions for identifying, locating or profiling, the following information must be given in advance:

    • the use of such technology,
    • the means available to activate functions for identifying, locating or profiling.

    2) Categories of personal data processed

    In the context of personal data processing, Generix collects and processes the following categories of data in particular:

    • Identification data: title, surname, first name, date of birth, gender, photograph, specimen signature,
    • Contact data (private or business): postal address, e-mail address, telephone number,
    • Data on family situation: marital status, number of children,
    • Data relating to education and employment: e.g. level of study, job, name of employer, educational background,
    • Customer, prospect, candidate, employee, partner,
    • Data collected in the context of your interactions with Generix: comments, suggestions, needs collected, voice and image for example during videoconferences, participation in webinars or workshops, discussion by e-mail, exchanges on our website, pages on social networks and your latest claims/complaints,
    • Technical data: IP address, browser type and version, operating system used,
    • Connection and tracking data: cookies and trackers on our websites, solutions and social networking pages,
    • Depending on the location of the Generix group entity acting as data controller, Generix may be required to collect additional personal data due to a legal, regulatory or contractual obligation incumbent on us and more particularly by virtue of an agreement or commitment made to regulators or concluded in the context of litigation of any kind.

    3) Data recipients

    Your personal data will only be communicated to authorized and specified recipients.
    Recipients may include :

    • Our company as data controller,
    • Our authorized personnel,
    • Establishments and member companies of the group to which we belong, as subcontractors or for the purposes of establishing, concluding and managing contracts, to facilitate the necessary updates and rectifications and, where applicable, to manage operational risks (risk assessment, security and prevention of non-payment and fraud) and meet their regulatory obligations.

    The following may also be sent to:

    • Service providers and subcontractors performing services on our behalf, such as our hosts, suppliers of goods and services,
    • The trusted partners whose products and services we distribute,
    • Banks,
    • Duly authorized judicial and/or administrative authorities, arbitrators and mediators and certain regulated professions such as lawyers, notaries or auditors, when specific circumstances so require (litigation, audit, etc.) as well as any current or potential stakeholder in Generix companies or activities or its insurers.

    4) Purposes and basis of processing

    Generix processes personal data for explicit, legitimate and specific purposes.
    The legal basis for the collection and use of your personal data depends on the personal data collected and the context in which it is collected.

    If you are located in the European Union (EU) or if EU regulations otherwise apply to you, your PDS may be processed for the following purposes in particular:

    • Purposes whose legal basis is the undertaking of pre-contractual steps, the conclusion and performance of contracts concluded with you and in particular,
      • Presentation of the characteristics of the products and services sold by Generix and its partners,
      • Establish the contract and manage the contractual relationship, invoicing, monitoring the contractual relationship,
      • Management and performance of services for products and services to which you have subscribed,
      • Collect our receivables,
    • Purposes for which the legal basis is the need for processing for the purposes of legal and regulatory compliance, in particular:
      • Combating tax fraud,
      • Combating money laundering and the financing of terrorism,
      • Fighting corruption,
      • Tax and return audits,
      • Risk assessment, particularly in terms of security, prevention of non-payment, fraud and anti-money laundering,
      • Compliance with payroll obligations (in particular keeping the personnel register, organizing staff elections, payroll management, declarations to public bodies),
      • Manage your rights,
      • Execution of payment transactions,
      • Official requests from duly authorized public or judicial authorities,
      • Managing insolvency proceedings.
    • The legal basis for these purposes is the pursuit of legitimate interests, in particular:
      • To present the characteristics of the products and services within the framework of the software and solutions sold by Generix and its partners to communicate the news of the offers and services proposed by Generix,
      • Carry out prospecting and sales promotion, through information campaigns on our databases, and concerning different types of support such as online conferences, white papers, events and documentation on Generix products and solutions, and thus communicate to you and offer you products and services similar and/or complementary to those you already have or that might be of interest to you in the context of your job, within the framework defined by applicable regulations,
      • Offer games, competitions and commercial events such as trade shows and conferences,
      • Manage social networks: promote events and paid promotional campaigns via LinkedIn and share Generix news.
      • Preservation of proof of our exchanges, operations and transactions, processing of claims and elements of defense in the event of litigation,
      • Conduct opinion and satisfaction surveys.

    These processing operations are carried out considering your interests and your fundamental rights.

    • Purposes whose legal basis is consent, in particular:
      • To communicate and propose our offers to you electronically (e-mail for services that you do not have or outside your usual activity). You can let us know at any time that you no longer wish to receive commercial communications directly in the aforementioned communication or in the manner set out in the “exercising your rights” article,
      • If you ask us to stop receiving communications or if you wish to receive these communications again, we will keep a computer trace of these requests as proof.

    For new processing operations set up for purposes other than those described above. In this case, we will inform you and, if necessary, ask for your consent.

    If you are not located in the EU, it is possible that the applicable legislation in your country of residence:

    • Requires your consent to collect and process your personal data. If this is the case, we will ask you to consent to the collection and processing of your data in accordance with applicable law,
    • Allow us to collect, use or disclose your data on a legal basis other than that stated.

    5) Data retention

    The personal data collected may be stored:

    • For the time necessary to achieve the purpose for which it was collected, or
    • Where personal data is collected for several purposes, until the longest retention or archiving period has elapsed, or
    • To meet legal or contractual obligations, or
    • For the duration of the existing relationship between you and Generix, increased by the applicable legal prescription,
    • Or may be archived for a longer period to manage claims and/or litigation, to meet our regulatory obligations, or to satisfy the request of duly authorized judicial or administrative authorities.

    Thus, for the purpose of billing management, for our customers, depending on their nature and the applicable legislation, data may be kept for up to 10 years after the end of the relationship or operation for France.

    For prospective customers, their data may be kept for a period of 3 years from the date of collection or last contact with you for France.

    Your personal data is therefore kept for the time necessary to achieve the purposes for which it was collected and processed. It will then be securely destroyed or made anonymous.

    As Generix is a group, retention periods vary according to the entity responsible for processing and local regulations where applicable.

    6) Safety measures

    The personal data collected by Generix is processed according to the most demanding security standards, and we take all appropriate measures to protect the confidentiality of your personal data. However, Generix cannot guarantee the confidentiality of messages you may send via an open telecommunications network.
    Safety is essential to our business. When we use subcontractors or service providers, we choose them based on the quality and safety criteria they are able to offer.

    To this end, we impose safety rules on our subcontractors and service providers that meet our own high standards.

    7) Transfer of personal data

    In view of the Group’s international organization and activities, personal data may be transferred outside your country of residence, in accordance with the purposes of the processing, to Group entities, service providers, subcontractors or partners located in a European Union country, outside the European Union, in Quebec or outside Quebec, in Brazil or outside Brazil.

    In all cases, Generix will ensure that such cross-border data processing is protected by adequate safeguards, in accordance with applicable law, and that it complies with applicable law.

    In the event of a transfer to a country outside the EU, Quebec or Brazil, rules have been put in place to ensure the protection and security of this information. In particular, to secure this type of transfer, we have put in place appropriate legal protection tools, in compliance with applicable laws, such as:

    • Give preference to “safe” countries, i.e. countries offering adequate protection of your Personal Data, according to the criteria of our national supervisory authority;
    • If the level of protection has not been recognized as equivalent by our national supervisory authority, we rely on the implementation of appropriate guarantees, notably contractual, such as standard contractual clauses approved by the European Commission or binding company rules.

    When required by applicable law, Generix performs a privacy impact assessment (“PIA”), or impact analysis, to ensure that DCP would benefit from adequate protection, particularly with respect to generally recognized privacy principles. A written agreement must be drawn up, taking into account the results of the assessment and, where applicable, the terms and conditions agreed to in order to mitigate the risks identified during the assessment.

    8) Exercising your rights

    In connection with the processing of personal data, you are entitled to certain rights under the applicable regulations.

    Depending on the applicable law, Generix informs you that you have rights in relation to your personal data. For example, you may have the right to access, rectify or withdraw your consent. Where applicable, and depending on the applicable law, you may also have other rights such as the right to portability, erasure or restriction of the processing of your personal data. You may also benefit from a right to object, on legitimate grounds, to the processing of data concerning you, and you also have the right to define directives concerning the fate of your DCP after your death (Law for a Digital Republic, France).

    Generix also informs you that you can manage your e-mail communication preferences via the preference center. Please note that if you withdraw your consent, you may not be able to receive the alerts or newsletters to which you have subscribed.

    Please bear in mind that these rights are not absolute and that the exercise of each of them is subject to certain conditions in accordance with applicable regulations. In any case, if the personal data we collect is no longer required for any purpose and we are not required by applicable regulations to retain it, we will do our utmost to delete or anonymize it.

    Any request to exercise a right will be analysed by GENERIX and must:

    • In writing,
    • Must be signed by the applicant,
    • Include the address to which the reply should be sent, and
    • Be accompanied by proof of identity.
    • For European residents:
      For any information or to exercise your rights concerning the processing of personal data managed by GENERIX, you can contact its Data Protection Officer (DPO): dpo@generixgroup.com, or send a letter to the following address:

      Generix Group
      For the attention of the DPO
      Tour Légende
      20 place de la Défense
      92800 – Puteaux
      France
    • For Canadian/Quebec residents:
      For any information or to exercise your rights regarding the processing of information managed by GENERIX, you may contact the person responsible for the protection of personal information (RPRP) for any request or question regarding the protection of personal information in Quebec or Canada: noram-rens.pers@generixgroup.com or send a letter to the following address:

      GENERIX GROUP NORTH AMERICA
      To the attention of the Chief Privacy Officer (CPO)
      1360 Rue Ropery
      #201, Montreal,
      QC H3K 2X3

    Depending on your country of residence, GENERIX entities may provide for local specificities, in particular to adapt to regulatory requirements. These will be explained to you on a case-by-case basis by the entities concerned.
    Finally, you have the right to lodge a complaint with a supervisory authority or body:

    V. Generix’s commitments as a Data Processor

    1) Status of data processor and basis for processing

    Generix, in its capacity as publisher, offers its customers – data controllers – several services, notably in SaaS mode, through which said customers collect, analyze, share or process your personal data via our solutions, applications and services.

    When using the solution, Generix acts on the customer’s instructions as a data processor, based on the contract signed between Generix and its customer, within the framework of a mainly business-to-business (“B to B”) commercial relationship.

    2) Categories of personal data processed

    The following personal data may be collected depending on the requests of the customers responsible for processing:

    • Supply Chain Execution, i.e. supply chain execution [warehouse management, transportation, yard management, collaborative procurement, resource planning] (depending on the solution chosen by the customer):
      Identification and contact data of customers to be delivered (such as surname, first name, e-mail and telephone number, address, selected carrier, lines of customer orders placed, delivery appointments, delivery instructions) or of warehouse operators and/or truck drivers (warehouse operator number, name of manager, surname, first name, e-mail address (nationality, language spoken, contractual status of person concerned, license plate), proof of delivery, truck geolocation data, team and individual performance data, team and individual planning, free text fields.
    • B2B integration [paperless invoicing, data exchange, collaborative portal] (depending on the solution chosen by the customer):
      Identification data, such as first and last names; contact data, such as telephone and e-mail; location data, such as postal address on a document; connection and content data, such as IP or connection identifiers, user records; free text fields.
    • Omnichannel Sales (depending on the solution chosen by the customer):
      Identification data, such as first and last name, date of birth; contact data, such as telephone and e-mail; location data, such as postal address; loyalty-related data: recruitment date, recruiting store, home store, last interaction date, last update date, kitty and kitty management; economic and financial data: shopping cart information: transaction number, date and time, store, purchase details (item, quantity, price, discounts, ….), salesperson or cashier number; payment information: payment method, amount, currency, document number for certain payment methods (credit notes, down payments, gift cards, …); additional dynamic zones that the customer can set according to his or her needs; free text zones.
    • When you use our solutions, technical cookies may be placed to improve the efficiency of our solutions, and only for the time necessary to deliver the services to the Customer (data controller), it being specified here that the data cannot be used by Generix.

    3) Purposes

    When using Generix solutions and applications, Generix customers may process or ask us to process your personal data for the following purposes:

    • Supply Chain Execution (depending on the solution chosen by the customer):
      Management of warehouse operations (storage management, reception/returns, preparation, packing, dispatch, scheduling, yard management), management of transport operations (transport planning, optimization of rounds and truck loads, chartering, making transport appointments, document management, dematerialization of the driver mission, monitoring of execution and management of incidents and disputes, transport costing and invoicing), load forecasting and resource planning, stock replenishment calculation, statistics, performance analysis, maintenance and support.
    • B2B Integration (depending on the solution chosen by the customer):
      Customer/supplier data flow management => Invoicing, file transfers, inter-application exchanges (EAI, ESB), maintenance and support.
    • Omnichannel Sales or omnichannel sales strategy (depending on the solution chosen by the customer):
      Customer loyalty management, customer database management, promotions management, loyalty program management, sales recording, marketing targeting, file transfers, inter-application exchanges via API, ticket dematerialization and archiving, maintenance and support.

    4) Processing operations

    In the context of the use of the solutions, the processing operations carried out by Generix on behalf of the data controller may include the following processing operations:

    • Generic operations:
      Collection, hosting, storage, maintenance, support, recording, access, communication by transmission, extraction/replication for analysis on business analytics solutions, deletion and destruction.
    • Operations specific to the supply chain (depending on the solution chosen by the customer):
      Edition of the delivery address, generation of loading data for the carrier, feedback to the sales department or other external systems via outgoing exchanges, data analysis for organization and management or order preparation, packaging and dispatch, authorization to connect to the system and to the various system processes, tracing of operators’ connection to the system as well as operations carried out via radio frequency or voice terminals, distance travelled, photo and geolocation.
    • Operations specific to B2B Integration (depending on the solution chosen by the customer):
      Control data flows linked to B2B processes, tax-compliant dematerialization of invoices and archiving (dematerialization is carried out by Generix Group, as a subcontractor, via a contractual mandate), benefit from interoperability standards for exchanges with business partners.
    • Operations specific to Omnichannel Sales, i.e. the omnichannel sales strategy (depending on the solution chosen by the customer):
      Recording and modification of end-customer data (including dynamic additional fields that the customer can set according to his needs), data import and export, data exchange via API, data display, calculation and memorization of customer benefits (loyalty points, discounts, coupons, prize pools, etc.), regularization of loyalty points, recording of customer baskets (e.g. pending sales, quotations, etc.), recording of finalized customer sales (paid sales, down to the finest detail, including terms of payment and name of salesperson and cashier), consultation of customer baskets (finalized/unfinalized), e-mailing of finalized ticket to customer.

    5) Data retention

    The personal data collected are kept for the time necessary to achieve the purpose for which they were collected, or to meet legal or contractual obligations, or for the entire duration of the existing relationship between the Customer and Generix, plus the legal prescription in force.

    6) Safety measures

    The personal data collected and processed by Generix are treated in accordance with the highest security standards, and we take all appropriate measures to protect the confidentiality of your personal data. However, Generix cannot guarantee the confidentiality of messages you may send via an open telecommunications network.
    Safety is essential to our business. When we use subcontractors or service providers, we choose them based on the quality and safety criteria they are able to offer.
    To this end, we impose safety rules on our subcontractors and service providers that meet our own high standards.

    7) Transfer of personal data

    As an international group, the personal data collected may be accessible by each entity and subsidiary belonging to GENERIX, in accordance with the applicable regulations.

    The personal data collected is hosted and processed by:

    • In the European Economic Area, for the majority of GENERIX customers. However, if you use a subcontractor, your data may be transferred to a country outside the European Union. If this is the case, we guarantee to implement all appropriate measures to guarantee a sufficient level of protection for your data, such as:
      • Give preference to “safe” countries, i.e. countries offering adequate protection of your Personal Data, according to the criteria of our national supervisory authority;
      • If the level of protection has not been recognized as equivalent by our national supervisory authority, we rely on the implementation of appropriate safeguards such as standard contractual clauses approved by the European Commission or binding corporate rules.

    When GENERIX NORTH AMERICA is your co-contractor, data is hosted in Quebec, the USA or the European Economic Area, depending on the solution chosen by the customer. In the event of a transfer outside Quebec or the European Union, we implement all appropriate measures to guarantee a sufficient level of protection for your data in accordance with applicable law. In addition, when required by applicable law, Generix performs a privacy impact assessment (“PIA”), or impact analysis, to ensure that DCP would benefit from adequate protection, in particular with respect to generally accepted privacy principles. A written agreement must be drawn up, taking into account the results of the assessment and, where applicable, the terms and conditions agreed upon to mitigate the risks identified during the assessment.

    8) Further information and exercising your rights

    If you would like more detailed information, please contact the Customer responsible for the processing directly.

    As we can only access a customer’s data on the Customer’s instructions, if you wish to exercise the rights you have under applicable data protection laws (access, rectification, opposition, deletion and portability depending on your location), please enquire directly with the Generix Customer data controller.

    You may also submit a complaint to your supervisory authority.