Personal Data Protection Policy

Last updated: February 28, 2025

This website (hereinafter the “Site”) is the website of the Société de Distribution de Produits Maraîchers et Horticoles du Maroc Disma International, operating under the trade name “Azura” (hereinafter “DISMA,” “we,” or “our”).

As part of accessing, browsing, and/or using the Site, you may be required to provide DISMA with personal data concerning you.

We kindly ask you to read this policy carefully, as it explains how your personal data is used by DISMA within the framework of the Site, and how you can exercise your rights regarding this data. This policy complements any document or informational notice that refers to it.

If needed, you may direct any questions to DISMA by sending an email to: protectiondesdonnees@azura-group.com

Who is responsible for processing your personal data?

  • As the publisher of the Site, DISMA is the data controller for the personal data collected in the context of the administrative, operational, and commercial management of the Site, including facilitating contact between you and DISMA.
  • As a recruiter, DISMA is also the data controller for the personal data collected for the purposes of processing your application, where applicable.

What personal data may be processed by DISMA?

All data that you enter on the Site or when communicating with DISMA, namely:

CATEGORIES OF DATA

EXAMPLE OF DATA

Identification data

Title, last name, first name

Contact details

Email address, postal address, phone number

Data related to your interactions with DISMA

Exchanges with DISMA’s departments (date, time, subject, content)

Data related to your job application

Current situation, position applied for, education level, availability, mobility, CV, cover letter, video, and any other information voluntarily provided as part of your application

Some of this data is mandatory, while others are optional in order to access the services offered on the Site. The mandatory or optional nature of the personal data to be provided is indicated on the online forms. If you refuse to provide the required mandatory data, DISMA will not be able to process your request (such as your contact request or your job application).

Additionally, certain data is automatically collected by the Site via cookies and other trackers, namely:

CATEGORIES OF DATA

EXAMPLE OF DATA

PURPOSE

Login and browsing data

Date and time of visit, IP address, device, browser, operating system, system configuration data, pages viewed

These data are necessary for the proper technical functioning of the Site, as well as for audience measurement. For more information on cookies and other trackers, please refer to the Site’s Cookie Management Policy.

WHY DOES DISMA USA YOUR PERSONAL DATA?

DISMA uses your personal data solely for the following reasons:

PURPOSES

EXAMPLE OF HOW YOUR PERSONAL DATA IS USED

LEGAL GROUNDS

Processing your contact request

to process and respond to your contact request

Legitimate interest of DISMA in processing contact requests directed to it

Data related to your job application
  • To review your application
  • If applicable, to forward your application
  • If your application is successful, to arrange an interview to assess your ability to perform the job and your professional skills
  • To contact you again if necessary

Pre-contractual measures

Creation of a CV database

To contact you regarding any new job offers that may interest you and match your profile

Your consent

Commercial prospecting exclusively for professionals

To send you, as a professional, communications about DISMA’s activities that may interest you

Legitimate interest of DISMA in developing its business with professionals

Organization of contests

• To manage the list of participants in the contests
• To select or randomly draw the winner
• To award the prize, if applicable

Performance of the contract

Improvement of the Site, as well as your user experience on the Site

• To evaluate and improve the Site
• To facilitate your navigation on the Site
• To ensure the security of the Site

Legitimate interest of DISMA in improving the Site and your user experience on the Site

Management of pre-litigation or litigation

• To sanction any identified violation
• To manage any dispute or litigation

Legitimate interest of DISMA in defending its rights and interests

Compliance with legal and regulatory obligations

• To comply with legal and regulatory obligations
• To respond to your requests for the exercise of rights

Legal and regulatory obligations imposed on DISMA

WHO CAN ACCESS YOUR PERSONAL DATA?

In the context of accessing, browsing, and/or using the Site, your personal data may be shared with the following recipients:

RECIPIENTS

PURPOSES

DISMA and its authorized personnel

For administrative, operational, and commercial management of the Site as specified in Section 3 of this policy

DISMA

If applicable, for the purpose of forwarding your application, so it can be reviewed and you may be contacted, if necessary

DISMA’s subcontractors (hosting provider, IT solution and service providers, IT maintenance contractors, etc.)

For purely technical or logistical purposes related to the administrative, operational, and commercial management of the Site

Administrative or judicial authorities

Only in the case of an express and justified request from them or in the event of a proven violation of legal or regulatory provisions

External advisors

Only in the context of managing potential disputes and other legal matters, if applicable

Other third parties

Following or in the course of DISMA’s restructuring, reorganization, acquisition, loan financing, merger, sale of assets, or a similar transaction, as well as in cases of insolvency, bankruptcy, or receivership, where personal data is transferred to one or more third parties as assets of DISMA

ARE YOUR PERSONAL DATA TRANSFERRED OUTSIDE OF THE EUROPEAN ECONOMIC AREA?

As far as possible, your data is processed within the European Union (EU)/European Economic Area (EEA). However, some entities of the group to which DISMA belongs, as well as some of DISMA’s service providers, are located in countries outside the EU/EEA, and therefore, your personal data may be transferred to a third country.

In the event that the third country does not provide a level of protection for personal data equivalent to that of the European Union, DISMA takes all necessary measures to ensure the protection of your personal data based on appropriate safeguards (notably the standard contractual clauses of the European Commission). You can directly obtain further information by contacting DISMA via email at protectiondesdonnees@azura-group.com.

HOW DOES DISMA PROTECT YOUR PERSONAL DATA?

DISMA has implemented technical and organizational measures to protect your personal data, particularly against potential breaches that could lead to the accidental or unlawful destruction, loss, alteration, unauthorized access, or disclosure of your personal data. These measures ensure an appropriate level of security for personal data, considering the state of knowledge, the costs of implementation relative to the risks, and the nature of the personal data to be protected. Specifically, on all pages of the Site that require the entry of personal data, standard SSL (Secure Sockets Layer) encryption is applied.

DISMA also ensures that its staff members, as well as anyone involved in processing your personal data, comply with the internal rules and procedures related to personal data protection, including the technical and organizational security measures implemented to protect your personal data. In this regard, DISMA’s practices are regularly reviewed and updated to ensure the confidentiality of personal data and to ensure compliance with internal policies.

If you identify a vulnerability or wish to report a security incident, we encourage you to directly contact DISMA by sending an email to protectiondesdonnees@azura-group.com.

How long are your personal data retained?

In general, your personal data will only be retained for as long as necessary to achieve the purposes for which the data was collected or to comply with applicable legal or regulatory requirements.
Unless exceptions apply:

  • Data collected in the context of your online contact requests will be retained until they are fully processed;
  • Data collected in the context of your job application will be retained:
    • In case of recruitment: for the retention periods applicable to DISMA employees;
    • In case of an unsuccessful application:
      • for three (3) months from the refusal decision, so that you can obtain explanations regarding the reasons for the decision if necessary; or
      • for two (2) years from your last active contact with DISMA, if you consent to be included in our CV database, so we can inform you of any new job offers that may interest you;
  • Login and browsing data is retained for thirteen (13) months.

Beyond these periods, your personal data is retained:

  • For three (3) years for data retained for commercial prospecting purposes (only if you are a professional);
  •  For five (5) years for data retained for evidentiary purposes.

What are your rights regarding your personal data?

In accordance with data protection regulations, you have the following rights regarding your personal data:

YOUR RIGHTS

SCOPE OF YOUR RIGHTS

Right of access

You have the right to request:

  • Confirmation of whether DISMA processes your personal data or not;
  • Clear, transparent, and understandable information on how DISMA uses your personal data and your rights (as provided in this policy);
  • A copy of your personal data.

Right to rectification

You have the right to request the rectification of your personal data, allowing you to obtain the modification of your personal data if it is outdated, inaccurate, or incomplete.

Right to erasure

You have the right to request the erasure of your personal data (or the right to be forgotten) when one of the following reasons applies:

  • You object to the processing of your personal data, and there is no compelling legitimate reason justifying the continuation of this processing (such as DISMA’s obligation to retain certain documents containing personal data);
  • You object to direct marketing operations;
  • You decide to withdraw your consent on which the processing is based;
  • When your personal data is no longer necessary for the original purposes for which it was collected or processed;
  • The use of your personal data is not in compliance with applicable legal or regulatory provisions.

Right to restriction

You have the right to request the temporary restriction of the processing of your personal data, notably in order to carry out verifications, namely:

  • When you dispute the accuracy of your information, for the time DISMA needs to verify that it is correct;
  • If the processing is unlawful, and instead of requesting erasure, you prefer to limit its use;
  • If DISMA no longer needs the data for processing, but they are still necessary for you to establish, exercise, or defend a legal claim;
  • If you object to the processing under your right to object, during the verification period to confirm that DISMA’s legitimate grounds prevail over yours

Right to data portability

You have the right to request the portability of your personal data, allowing you to receive the personal data provided in a structured, commonly used, machine-readable format, and for it to be transmitted to a third party if technically feasible. This right does not apply in all circumstances; it only applies if it meets all of the following conditions:

  • It concerns only your personal data, excluding anonymous data or data from third parties;
  • It does not affect the rights and freedoms of DISMA (especially business secrets) or third parties (especially intellectual property rights);
  • It concerns personal data processed automatically (paper files are therefore not concerned);
  • The processing is based on your consent or the performance of a contract concluded with DISMA (to verify this, you can refer to section 3 of this policy).

Right to Object

You have the right to object to the processing of your personal data when it is based on DISMA’s legitimate interest. In this case, DISMA will cease the processing unless there are legitimate and compelling grounds that override your interests, rights, and freedoms (such as compliance with a legal obligation or the establishment, exercise, or defense of a legal claim).

Right to Withdraw Consent

You have the right to request the withdrawal of your consent when it has been obtained, without affecting the legality of the processing that has been carried out before the withdrawal.

It is specified that the exercise of these rights depends on the legal basis for processing, as indicated in the table below:

ACCESS

RECTIFICATION

ERASURE

LIMITATION

PORTABILITY

OPPOSITION

CONSENT

yes

yes

yes

yes

yes

Withdrawal of consent

PRE-CONTRACTUAL MEASURES

yes

yes

yes

yes

no

no

CONTRACT

yes

yes

yes

yes

no

no

LEGITIMATE INTEREST

yes

yes

yes

yes

yes

yes

LEGAL OBLIGATIONS

yes

yes

no

yes

no

no

As a French resident, you also have the right to set guidelines, either general or specific, regarding your personal data in the event of your death (for example, their deletion or transfer to a person of your choice). You can revoke these guidelines at any time.

In certain circumstances, DISMA may ask you for specific information to confirm your identity and ensure the exercise of your rights. This is another appropriate security measure to ensure that personal data is not disclosed to someone who is not entitled to receive it.

For any questions or to exercise your rights, you can directly contact DISMA by sending an email to: protectiondesdonnees@azura-group.com.

If needed, you can file a complaint with the National Commission on Informatics and Liberty (CNIL) via their website or by mail: 3, Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07. This right can be exercised at any time for free, except for postage fees, and any potential assistance or representation fees if you choose to seek help from a third party in this process.

Update of this policy

This personal data protection policy is dated and may be modified and updated by DISMA at any time, particularly in the event of changes to the services offered on the Site or applicable law. Therefore, we recommend that you review this policy each time you access the Site. If required by applicable law, the updated policy will be communicated to you by any appropriate means.