Data protection charter

Data Protection Charter

Collected through the Groupe-jja.com website
Updated on 13/02/2026

In order to respect the privacy of visitors to the website https://Groupe-jja.com (hereinafter the “Website”), JJA undertakes to process the personal data of the individuals concerned (hereinafter the “Users” or “Applicants”) in compliance with the provisions of Regulation (EU) 2016/679: the General Data Protection Regulation (“GDPR”).

This Personal Data Protection Charter (hereinafter the “Charter”) aims to inform Users and Applicants about the methods of processing personal data collected on the Website and about the rights they have regarding their personal data.

The Charter applies only to natural persons whose personal data is being processed.

Personal data is any information relating to an identified or identifiable natural person (referred to as the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

1. IDENTITY OF THE DATA CONTROLLER

JJA is the data controller for data collected through the Website.

Contact details: JJA, headquartered at:
4, rue de Montservon - 95500 GONNESSE, France, registered with the Trade and Companies Register of NANTERRE under number 308 972 181.

The companies listed below belonging to the JJA Group may receive the data and may also process the data if they are involved in responding to the User's request (contact request, order tracking, contract conclusion, processing of a job application):

Dépôt Bingo: ZAC Belle Assises, LD Sous la Grance - 2, rue de la Ferme, OURSEL-MAISON, France, registered with the BEAUVAIS Trade Register under number 491 127 254.
Easy Logistique: ZAC Des Bornes du Temps, Allée du Vieux Berger, 80470 ARGŒUVES, France, registered with the AMIENS Trade Register under number 491 127 254.
Stof: ZI De La Gravoux, 42380 La Tourette, France, registered with the SAINT-ETIENNE Trade Register under number 340 143 916.
Luance: 17 Rue de la Rotonde, 42153 Riorges, France, registered with the ROANNE Trade Register under number 450 676 663.
Tendance: 27 boulevard des Etines, 42120 LE COTEAU, France, registered with the ROANNE Trade Register under number 450 676 663.
DSTORE RETAIL, S.A.: Rua das Casas Queimadas 97 4415-439 Grijó, Portugal, registered under number 506 452 581.
JJA Shanghai, Hongqiao the place zunyi road 150 building C, room 1806-08, Changning district Shanghai, China.

JJA and the aforementioned companies are collectively referred to as the “JJA Group”.

2. Data Protection Officer (DPO)

The JJA Group has appointed a Data Protection Officer (DPO), whose contact details are:

Maître Daphnée SPINETTI - Lawyer at the Lille Bar - Espace TWEEN - 32 Place de la Gare - 59 000 LILLE, France.
Email: dpo@spinetti-avocat.eu

3. CATEGORIES OF DATA COLLECTED AND SOURCE OF DATA

The following personal data may be collected through the Website and processed by the JJA Group:

3.1. Data collected through the contact form:

Identification data: company name, title, last name, first name, email address, company postal address, telephone number, message content.

3.2. Data collected in the context of a contract with the JJA Group:

If your contact request results in the conclusion of a contract with the JJA Group, the following data of the contact persons dedicated to contract performance will be collected and processed:

Identification data: last name, first name, company name, professional email, professional landline and/or mobile number, professional postal address.
Where applicable: badge issuance data, JJA application login data, expense reimbursement data including bank details, WeChat number if applicable, CCTV images when visiting the premises.

3.3. Data collected for newsletter subscription:

Last name, first name, email address, category (employee, prospect, or customer).

3.4. Data collected for recruitment purposes:

3.4.1. Indirect data collection:

Applicants may apply via WTTJ, LinkedIn, or directly on the relevant JJA Group company website.

Data collected via WTTJ and transmitted to the JJA Group include:

Profile photo (optional),
First and last name,
Email, phone number,
Professional experience: current position,
Website (optional),
Social media pages (LinkedIn, X),
CV - Cover letter,
Availability dates,
Salary expectations.

The JJA Group may also collect data from public sources such as LinkedIn (education, experience, qualifications).

3.4.2. Additional data collected during interviews:

Information communicated during interviews,
Interview dates and reports,
Recruitment outcome,
Where applicable: CACES certification,
Salary expectations,
Proposed contract type and duration.

If the application is accepted, additional information will be required for employment contract preparation (civil status, home address, social security number, bank details, emergency contacts, dependents, etc.).

4. Data collected through cookies

Site visit and behavior data,
User origin data,
Browsing history,
Unique visitor identifier,
Social media interaction statistics.

5. PURPOSES OF PROCESSING AND LEGAL BASES

Details on purposes include:

Contact request management,
Contractual relationship management,
Newsletter and marketing communications,
Recruitment management,
Talent pool creation (CV database),
Complaint and dispute management,
Rights request management (GDPR),
Cookie and audience measurement management.

All legal bases include pre-contractual measures, contract execution, legitimate interest, consent, and legal obligations (depending on the purpose).

6. DATA RETENTION PERIODS

Contact requests: processing time + 3 years
Contractual data: duration of the contract + 10 years for accounting documents
Newsletter: 3 years after last contact
Recruitment data & CV database: recruitment duration + 2 years (unless opposed)
Dispute management: duration of litigation
Rights requests: 5 years
Cookies: per durations listed under section 5.8.2.

7. RIGHTS OF DATA SUBJECTS

Users and Applicants have the following rights:

Right of access
Right to rectification
Right to erasure
Right to withdraw consent
Right to object
Right to data portability
Right to restriction
Right not to be subject to automated decision-making
Right to issue post-mortem directives
Right to lodge a complaint with a supervisory authority

Requests must be addressed to the DPO.

8. DATA SECURITY

JJA implements security measures including:

HTTPS website,
SFTP transfers restricted to certified IPs,
Confidentiality obligations for employees and service providers.

Users should remain vigilant regarding fraudulent websites and scams.
JJA will never request bank details via email or unsolicited calls.

Fraud victims should file a report on THÉSÉE:
https://www.masecurite.interieur.gouv.fr/fr/demarches-en-ligne/plainte-en-ligne-arnaques-internet-thesee

9. RECIPIENTS OF DATA

Depending on the context, data may be communicated to:

Authorized JJA staff,
JJA Group companies,
HR departments,
Service providers (hosting, maintenance),
Administrative or judicial authorities,
Partners involved in cookie management,
Transporters, banks, distributors, suppliers, professional clients.

10. DATA HOSTING & INTERNATIONAL TRANSFERS

Data is hosted on servers located in France.
For applications to the China subsidiary, data may be transferred to China under appropriate safeguards.

11. CHARTER UPDATES

The Charter may be updated due to new processing activities or legislative changes (CNIL, EDPB, case law).
Users should consult the latest version before providing personal data.

12. GOVERNING LAW & DISPUTE RESOLUTION

This Charter complies with the GDPR.
In case of dispute, the parties will first attempt amicable resolution.
Users may file complaints with the CNIL or their local data protection authority.
Failing amicable resolution, competent courts will apply depending on residence or the controller's establishment.