Collected via the website Groupe-jja.com

Updated on October 14, 2025

To respect the privacy of visitors to the website https://Groupe-jja.com (hereinafter the “Website”), JJA undertakes to process the personal data of data subjects (hereinafter the “Users” or “Candidates”) in compliance with Regulation (EU) 2016/679, the General Data Protection Regulation (“GDPR”).

This Personal Data Protection Charter (hereinafter the “Charter”) informs Users and Candidates about how personal data collected on the Website are processed and about their rights over their personal data.

The Charter applies only to natural persons whose personal data are processed.

Personal data means any information relating to an identified or identifiable natural person (“data subject”); an “identifiable natural person” is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

1. IDENTITY OF THE CONTROLLERS

JJA is the controller for data collected via the Website.

Contact details: JJA, principal establishment located at:
• 4, rue de Montservon – 95500 GONNESSE, registered with the Nanterre Trade and Companies Register (RCS) under number 308 972 181.

The companies listed below belonging to the JJA Group may receive data and may also process data if they are concerned by the User’s request (contact request, order follow-up, entering into a contract, processing a job application):

• Dépôt Bingo: ZAC Belle Assises, LD Sous la Grance – 2, rue de la Ferme, OURSEL-MAISON, France, registered with the Beauvais RCS and the National Business Register under number 491 127 254.
• Easy Logistique: ZAC Des Bornes du Temps, Allée du Vieux Berger, 80470 ARGŒUVES, France, registered with the Amiens RCS and the National Business Register under number 491 127 254.
• Stof: ZI De La Gravoux, 42380 La Tourette, France, registered with the Saint-Étienne RCS and the National Business Register under number 340 143 916.
• Luance: 17 Rue de la Rotonde, 42153 Riorges, France, registered with the Roanne RCS and the National Business Register under number 450 676 663.
• Tendance: 27 boulevard des Etines, 42120 LE COTEAU, registered with the Roanne RCS and the National Business Register under number 450 676 663.

JJA and the aforementioned companies are jointly referred to as the “JJA Group.”

 

2. DATA PROTECTION OFFICER

The JJA Group has appointed a Data Protection Officer (“DPO”):

Maître Daphnée SPINETTI – lawyer at the Lille Bar – Espace TWEEN – 32 Place de la Gare – 59000 LILLE.
E-mail: dpo@spinetti-avocat.eu

 

3. CATEGORIES AND SOURCES OF DATA COLLECTED

The following personal data may be collected via the Website and processed by the JJA Group:

 

3.1. Data collected via the contact form

• Identification data: company name, title, last name, first name, email address, company postal address, telephone number, content of the message addressed to the JJA Group.

 

3.2. Data collected in connection with a contract with the JJA Group

If your contact request leads to the conclusion of a contract with the JJA Group, the following data of the contact persons dedicated to performance of the contract will be collected and processed by the JJA Group company with which you contract:

• Identification data: last name, first name, employing company, professional email address, professional landline and/or mobile numbers, professional postal address,
• If an access badge is issued: data relating to badge issuance,
• If you are authorized to access JJA applications: login data for JJA applications,
• If necessary: data relating to expense reimbursements and the provider’s bank details (RIB) for reimbursement,
• Where applicable: WeChat number assigned depending on the applications used,
• For on-site visits: CCTV images.

3.3. Data collected for newsletter subscriptions

If the User subscribes to the newsletter to receive news about the JJA Group’s activities and products, the following data are collected

• Last name, first name, email address, category (employee, prospect or customer).

 

3.4. Data collected for recruitment

 

3.4.1. Indirect collection

Candidates may apply for a job via the partner Welcome to the Jungle (WTTJ) or via LinkedIn.

If applying via Welcome to the Jungle, the following data are collected on the dedicated web page and transmitted to the JJA Group and, where applicable, to the recruiting company:

• Candidate profile photo (optional),
• Last name, first name,
• Email, telephone,
• Professional experience: current position,
• Any website,
• Any social media pages (LinkedIn, X),
• CV – Cover letter,
• Availability dates,
• Salary expectations.

When a Candidate creates a profile on Welcome to the Jungle, account creation and profile management data are collected under WTTJ’s responsibility; the Candidate is invited to read the Candidate Privacy Policy available on the site: https://www.welcometothejungle.com/fr/pages/privacy-policy

The above data may also come from temp agencies, recruitment firms, schools and universities, APEC, France Travail, and JJA Group companies in case of internal mobility.

The JJA Group may also collect data from publicly accessible sources, such as professional social networks, in particular LinkedIn. The following data are then collected:

• Data appearing on the LinkedIn profile: professional background, degrees, training, work experience, desired position.

 

3.4.2. If the application proceeds and during interviews, the following personal data are collected directly by JJA

• Data provided spontaneously or collected during interviews,
• Date(s) and interview report(s),
• Outcome of the application,
• Where justified by the nature of the position: request to present a CACES certificate,
• Salary positioning and expected remuneration,
• Type and duration of the contract proposed in case of a positive response,
• JJA may also request references from the Candidate’s former employers or other JJA Group companies in the event of internal mobility.

All information collected in this section constitutes the application file.

If the application is successful, the JJA Group will request additional information at the time of hiring for the purposes of performing the employment contract and meeting social obligations (e.g., civil status, home address, social security number, bank details, emergency contacts, beneficiaries for social actions, etc.). Providing the requested information is a condition for concluding the employment contract.

 

4. Data collected through the placement of trackers (cookies)

• Data relating to visits to the Website and on-site behavior,
• Data relating to the User’s origin/referral,
• Data relating to browsing history on the Website,
• Unique identifier of the Website visitor,
• Statistical data related to interactions on social media pages.

 

5. PURPOSES AND LEGAL BASES OF PROCESSING

The JJA Group performs the following processing operations—collection, sorting, organization, consultation, hosting, retention, communication, deletion—for the purposes and reasons set out below:

 

5.1. Managing requests via the contact form

Users may contact the JJA Group through the “Contact us” page form, by post, or by telephone using the details on the “Legal Notice & Terms” page.

Purpose: to enable the JJA Group to respond to the User’s request. If all requested data are not provided or are incorrect, the relevant company may be unable to respond.

Legal basis: the handling of a pre-contractual request from the User and, where applicable, performance of a contract if the request leads to a contract with the JJA Group.

 

5.2. Managing the contractual relationship with the JJA Group

In the event of a contract with the JJA Group (distributor, supplier, customer, partner, service provider), data of contact persons dedicated to managing the contractual relationship are collected and processed to ensure proper contract performance (contract execution and monitoring, invoicing, payment, compliance with social, accounting and tax obligations).

Legal basis: performance of the contract, and compliance with legal obligations for data collected for accounting and tax reasons.

 

5.3. Managing commercial prospecting – sending the newsletter

Commercial prospecting consists of sending the JJA Group newsletter by email.

The User may object to receiving the newsletter at any time by clicking the unsubscribe link at the bottom of each marketing email or by writing to the DPO using the contact details above.

Legal basis: the User’s consent to receive the newsletter, expressed by submitting the dedicated form.

 

5.4. Managing recruitment

We collect data to manage recruitment within the JJA Group and to assess a candidate’s suitability for a job or internship following a job posting response or a spontaneous application.

To apply for a position at JJA or one of its Group companies, you must complete the online questionnaire on the dedicated Welcome to the Jungle page. Mandatory/optional fields are indicated on the page. You may also send your cover letter and CV via LinkedIn. Incomplete responses may prevent your application from being reviewed.

Legal basis: performance of pre-contractual measures at the Candidate’s request to evaluate the application.

 

5.5. Creating a CV database for future opportunities

If an application is unsuccessful, the JJA Group may wish to retain the application file to offer the Candidate future opportunities.

Legal basis: the JJA Group’s legitimate interest in building a pool of potential Candidates.

The Candidate may object to retention of their application file by ticking the relevant box on the data collection form or at any time by simply contacting the DPO using the details in Section 2.

If the Candidate objects, their data will be deleted from the CV database and they will no longer be contacted for new openings.

 

5.6. Managing complaints and disputes

The JJA Group may also retain data in the event of a dispute following a rejected application, or to preserve evidence in contractual disputes.

 

5.7. Managing requests to exercise data rights

The JJA Group processes data to manage requests to exercise personal data rights in accordance with the GDPR.

Legal basis: compliance with a legal obligation.

 

5.8. Managing trackers (cookies) – data generated by browsing the site

Cookies are small files placed on the User’s device when visiting a website or mobile app. They may include:

• First-party cookies: placed at the request of the website being visited. These may be necessary for the website to function properly and to allow optimal browsing.
• Third-party cookies: placed by a company other than the website publisher, often by social networks when a plug-in such as a “like” button appears on the site. These cookies are used to analyze your online activity and serve personalized ads.

The User is informed via a banner on the Website homepage, allowing them to accept, refuse, or manage preferences by cookie type on the dedicated web page.

The following cookies may be set when browsing the Website:

 

5.8.1. Technical cookies for browsing

These cookies are essential for browsing the Website and for using the services offered. They also optimize the Website’s ergonomics and the browsing experience.
They include, for example:
• Cookies preserving the User’s choice regarding the placement of marketing cookies (acceptance or refusal).

Without these cookies, the Website cannot function properly and they therefore cannot be disabled.
User consent is not required for these cookies; data collected are anonymous. You can configure these cookies in your browser as indicated in Section 5.8.4 below, but doing so may prevent access to certain services or degrade your user experience.

 

5.8.2. Audience measurement and marketing cookies

Audience measurement cookies assess Website usage and performance and compile anonymous statistics on traffic, performance, and use of Website services.
Analytics cookies allow review and analysis of visit statistics, evaluate marketing performance, content, products, etc.
The data generated by cookies concern the User’s use of the Website (including IP address). These data are used to evaluate site usage, compile reports on activity, and provide other services related to Website activity and Internet usage.

Use of marketing cookies is subject to the User’s consent, which can be withdrawn at any time via the Cookie Preferences page on the Website. The purposes of each cookie are described on the Cookie Preferences page and below:

• Cookie used to store referrer information (the site initially used to visit the Website), enabling identification of the visitor’s origin (e.g., click from Google or from an email). Retention: 6 months.
• Short-lived cookie used to temporarily store visit data (e.g., to remember certain information while navigating from page to page). Retention: 30 minutes.
• Cookie used to store information about the user, such as a unique User ID, enabling recognition of a visitor navigating across multiple pages. Retention: 13 months.
• Short-lived cookie used to temporarily store visit data, remembering what the User views during the visit but deleted when the browser is closed. Retention: 30 minutes.

 

5.8.3. Cookies from pages administered on social networks

JJA administers “fan pages” on Instagram, Pinterest, TikTok, Facebook, YouTube, and LinkedIn.
In administering these pages, JJA may receive anonymous statistics on page traffic and interactions.
Use of social network cookies is subject to the User’s consent, which can be withdrawn at any time via the Cookie Preferences page on the Website.
Social networks also collect data from fan page users to conduct advertising and statistics. The data and processing performed by the social network providers are defined in their own privacy policies available on their respective fan pages.

 

5.8.4. Browser configuration

Browsers are set by default to accept cookies. Users may disable cookies by selecting the appropriate browser settings and may also delete cookies and browsing data via the Options/Settings/Preferences menu, depending on the browser:

• Microsoft Edge: https://support.microsoft.com/fr-fr/windows/g%C3%A9rer-les-cookies-dans-microsoft-edge-afficher-autoriser-bloquer-supprimer-et-utiliser-168dab11-0753-043d-7c16-ede5947fc64d#:~:text=de%20votre%20navigateur.-,S%C3%A9lectionnez%20Param%C3%A8tres%20%3E%20Cookies%20et%20autorisations%20de%20site.,pour%20bloquer%20tous%20les%20cookies.
• Google Chrome: https://support.google.com/chrome/answer/95647?hl=fr
• Mozilla Firefox: https://support.mozilla.org/fr/kb/protection-renforcee-contre-pistage-firefox-ordinateur
• Safari: https://www.apple.com/legal/privacy/fr-ww/cookies/

 

6. DATA RETENTION PERIODS

Data are retained for the periods indicated below:

 

Data collected via a contact request

• For the time needed to process the request, and for 3 years from the request date if the User has had no interaction with the JJA Group during that period.
• If there is interaction with the JJA Group (catalog request, click on a link in an email), the 3-year period runs from the last contact.

 

Data collected under a contract with the JJA Group

• For the duration of the contractual relationship.
• Accounting records, supporting documents and related data are kept for 10 years from the close of the financial year related to the contract end date.
• Where applicable in the event of a dispute: for the duration of the proceedings and any appeals.

 

Newsletter

• If no contract has been concluded with the JJA Group, data are retained for 3 years from the last contact from the User, i.e., from the latest of: newsletter subscription date; date of last contact with JJA (sending an email via the contact form or a call); click on a link in an email.

 

Application file data for recruitment management and the CV database

• For the duration of the recruitment process and 2 years from its outcome, unless the Candidate objects to retention. The 2-year period may be renewed with the Candidate’s consent.

 

Managing complaints and disputes in the context of recruitment

• For the duration of the proceedings and any appeals.

 

Exercising personal data rights

• 5 years from the rights request.

 

Data collected via cookies

• See cookie lifetimes in Section 5.8.2 above.

7. DATA SUBJECT RIGHTS AND HOW TO EXERCISE THEM

Users and Candidates have the following rights over their personal data:

(i) Right of access: to obtain the list of personal data concerning the User processed by the JJA Group.
(ii) Right to rectification: to have inaccurate or incomplete information corrected.
(iii) Right to erasure (“right to be forgotten”): to request deletion of personal data on legitimate grounds, except where the JJA Group must retain data for legal reasons or for the establishment, exercise or defense of legal claims.
(iv) Right to withdraw consent: to withdraw consent to processing at any time.
(v) Right to object: to object, on grounds relating to one’s particular situation, to the use of personal data.
(vi) Right to data portability: to obtain and reuse personal data for personal purposes and to request their transfer to another company where technically feasible.
(vii) Right to restriction: (i) to contest the accuracy of personal data and request that the JJA Group stop processing during verification; (ii) to limit use in case of unlawful processing; (iii) to retain personal data to allow the User or Candidate to establish, exercise or defend legal claims.
(viii) Right not to be subject to a decision based solely on automated processing, including profiling, and the right to obtain human intervention from the controller, express one’s point of view and contest the decision.
(ix) Right to define instructions after death: to give instructions regarding the retention, deletion and communication of personal data after death. Instructions may be sent to the controller or recorded with a trusted third party certified by the CNIL.
(x) Right to lodge a complaint: to file a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL) or any competent supervisory authority.

All the above rights may be exercised directly with the JJA Group’s DPO using the contact details in Section 2.

If the request is made electronically, the information will be provided by the same means, unless the data subject requests another means.

To provide the requested information, the DPO may need to verify the requester’s identity and, if necessary, request identification. If identity cannot be verified or if the request is excessive or abusive (ill-defined scope or repeated requests), the request may be refused.

 

8. DATA SECURITY

 

8.1. Measures implemented by the JJA Group

The JJA Group takes steps to ensure the confidentiality and security of data.

JJA implements security measures against loss, fraudulent intrusion, misuse and alteration of personal data entrusted to it.

The Website uses full HTTPS; SFTP is used for transfers with access limited to whitelisted IPs.

JJA Group employees, as well as service providers and processors, have access to personal data only where necessary to perform their duties. Each is subject to a confidentiality obligation.

 

8.2. User vigilance against online scams and fraudulent sites

The website https://Groupe-jja.com is the official site presenting the JJA Group’s activities and companies.

Be vigilant about fraudulent websites (“mirror sites”). These copy https://Groupe-jja.com but are not published by JJA and aim solely to capture your personal data for identity theft. Beware of spelling mistakes, typos, inconsistencies, or subscription/account-opening buttons.

Likewise, the JJA Group will never call you proactively, nor send emails asking for your bank card number.

As soon as JJA detects a fraudulent site, teams work to have it taken down as quickly as possible, but JJA cannot be held responsible for consequences for the User.

If you are a victim of fraud, file a complaint on the THESEE online platform:
https://www.masecurite.interieur.gouv.fr/fr/demarches-en-ligne/plainte-en-ligne-arnaques-internet-thesee

If necessary, in case of payment-method fraud risk, call your bank to block your card.

9. CATEGORIES OF DATA RECIPIENTS

• Authorized JJA personnel handling the request,
• Authorized personnel of the JJA Group company concerned by the request or contract performance,
• Group HR department, the HR manager of the relevant JJA Group company, and the managers interested in your application at JJA and within JJA Group companies,
• Processors engaged to process data on behalf of and under JJA’s instructions, such as hosting and Website maintenance providers,
• Administrative authorities to comply with legal obligations,
• Judicial authorities upon a lawful request,
• Processors and partners involved in cookie placement, the list and links to their privacy policies being available on the Website’s “Cookie Preferences” page.

In the context of a commercial relationship with the JJA Group:

• Carriers,
• Banks,
• Official distributors,
• Suppliers,
• Professional customers.

 

10. DATA HOSTING LOCATIONS – INTERNATIONAL TRANSFERS

Data are hosted on servers located in France.

For applications to the subsidiary located in China, data may be transmitted to the manager based in China. In such cases, JJA implements appropriate safeguards to secure data transfers and respect Candidates’ rights.

 

11. UPDATES AND AMENDMENTS TO THE CHARTER

This Charter may change. Modifications may concern new data processing or purposes, or updates following legislative developments such as CNIL recommendations, guidelines, recommendations and best practices of the European Data Protection Board (EDPB), and court rulings.

Users are invited to consult this Charter before providing any data to the JJA Group.

12. APPLICABLE LAW AND DISPUTE RESOLUTION

This Charter is drafted in compliance with the GDPR. Any dispute relating to its interpretation and performance will be subject to the provisions of those texts.

In the event of a dispute arising from performance of this Charter, the parties will use their best efforts to resolve it amicably. In case of a complaint, the User may contact JJA’s DPO.

Users may also lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL) or contact their local data protection authority if they do not reside in France.

Failing an amicable solution, disputes will be submitted to the competent courts. Any action against a controller shall be brought before the courts of the Member State where the controller has its registered office or, at the data subject’s choice, before the courts of the Member State where the data subject has their habitual residence.

Users may also use any alternative dispute resolution method, such as conventional mediation.