The French companies of the ARMOR Group inform you that your Personal Data are collected and processed in accordance with EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data or GDPR and the French Data Protection Act no. 78-17 (the “Regulations”).
The purpose of this policy is to provide you with information on the Processing of your Personal Data and on the conditions under which they are protected by the ARMOR Group.
The internal Personal Data protection policy may be updated from time to time: we recommend that you review this policy regularly.
The purpose of this policy is to provide you with information on the processing your Personal Data undergoes and on the conditions under which it is protected by the Group ARMOR.
The following definitions will help you to understand all of the concepts used in this document concerning the protection of your Personal Data.
Data subject | An identified or identifiable natural person, either directly or indirectly, whose Personal Data is subject to Processing. |
Personal Data | Any information enabling your identification, including a name, a professional email address, an identification number, an online identification, or one or several specific elements relating to your physical, economical, cultural or social identity. |
Sensitive Data | Any Personal Data relating to racial or ethnic origins, political, philosophical or religious opinions, affiliation with a trade union, health, criminal convictions or offenses or social security number. |
Recipients | A person authorized to access your Personal Data recorded in a file or subject to a Processing, by reason of their professional duties. |
DPO | Data Protection Officer. |
Controller | ARMOR group’s French entity which determines the purpose and the means of a Processing. |
Processor | A natural person or legal person (company or governmental institution) which processes your Personal Data on behalf of the Controller, as part of a service or contractual commitment. |
Processing | Any operation or set of operations performed on your Personal Data, irrespective of the means or processes employed (collection, recording, organization, storage, adaptation, editing, extraction, consultation, use, disclosure by transmission or communication, or any other form of making available or reconciliation). |
The Personal Data collected by the French entities of the ARMOR Group concerning you mainly include:
Exceptionally, in order to comply with our legal obligations under anti-corruption and anti-money laundering regulations, we may process information regarding the status of politically exposed persons among some executives, as well as any criminal convictions recorded against them.
When visiting certain facilities operated by the ARMOR Group, we may process a copy of your identity document depending on the facility visited. This copy will be deleted within a few days following your visit.
As part of recruitment processes, we may process sensitive data, such as recognition of a disability status by the MDPH (French Department for Disabled Persons), or any criminal convictions, in accordance with the obligations of the certification as an Authorized Economic Operator (AEO).
Your Personal Data may be collected :
Access to your Personal Data is strictly limited to Armor Group employees who have a legitimate need to access such information in the performance of their professional duties.
Your Personal Data are processed for the purposes listed below:
Purposes | Assessment of applications for the proposed position
//
Verification of the information provided in the application |
Legal basis | Legitimate interest: for mandatory Data marked with an asterisk, for the purpose of getting to know the candidate
//
Consent: for non-mandatory Data |
Recipients | Authorized personnel from Human Resources departments, support services involved in negotiations, the relevant line manager, other interested Armor Group companies, and recruitment agencies. |
Purposes | Prospecting
//
Commercial, marketing and accounting management of the customer relationship
|
Legal basis | Legitimate interest: for the purpose of prospecting potential and existing clients, and managing commercial, marketing and accounting activities. |
Recipients | Authorized personnel from the transport, IT and warehouse departments, as well as customers, suppliers, carriers, and other service providers. |
Purposes | Management of the supply chain for the French companies within the Group
//
Management of deliveries to customers and between the Group’s sites
|
Legal basis | Legitimate interest: for the purpose of prospecting potential and existing clients, and managing commercial, marketing and accounting activities. |
Recipients | Authorized personnel from the transport, IT and warehouse departments, as well as customers, suppliers, carriers, and other service providers. |
Purposes | Prospecting and selection of suppliers
//
Management of the supplier relationship
|
Legal basis | Legitimate interest in establishing and maintaining a supplier database and managing procurement activities. |
Recipients | Authorized personnel from the purchasing, accounting, logistics, legal, quality, HSE and IT departments, other interested Armor Group companies, and other service providers (including IT providers). |
Purposes | Management of contracts and legal documents |
Legal basis | Legitimate interest: managing legal documents and contracts |
Recipients | Authorized personnel from the IT, legal, purchasing, management control, regulatory monitoring and intellectual property departments, senior officers of interested Armor Group companies, authorized representatives of the contracting entity, and other legal service providers. |
Purposes | Prevent frauds |
Legal basis | Legitimate interest: managing legal documents and contracts |
Recipients | Authorized personnel from the consolidation and internal control, purchasing, finance and sales departments of Armor Group companies.
In the event of an audit: the French Anti-Corruption Agency. |
Purposes | Access control for visitors and external partners
//
Video surveillance of the Chevrolière and Cordon Bleu plants
|
Legal basis | Legitimate interest: reception and access control for visitors, monitoring on-site presence, ensuring the safety of persons and property, protecting intellectual property, and contributing to Authorized Economic Operator certification. |
Recipients | Authorized personnel responsible for evacuation and safety at the site, or authorized personnel from general services, IT, human resources, senior officers, or external emergency or investigative services in the event of an incident, as well as other service providers. |
Processing activities relating to individuals who are employees within the ARMOR Group are described in the internal Personal Data Protection Policy, which is available in the documentary resources.
Your Personal Data is not retained for longer than necessary, based on:
For further information, please contact the Data Protection Officer (DPO).
As a matter of principle, your Personal Data is not transferred outside the EU. The only Personal Data that may be transferred outside the EU to Group companies and certain Sub-processors (including suppliers, customers, and carriers) relates to the management of intra-group communications, contract administration, and the management of procurement, deliveries, and orders.
In the event of a transfer of Personal Data outside the EU to a country that does not provide an adequate level of protection within the meaning of the applicable Regulation, the relevant Group company or Sub-processor undertakes to implement all appropriate safeguards, including, without limitation, Standard Contractual Clauses, a code of conduct, or binding corporate rules.
The controller responsible for the Processing of your Personal Data is one of the following ARMOR Group companies, which determines the purposes and means of such Processing and is identified at the time of collection and processing of the Personal Data:
ARMOR SAS (“ARMOR-IIMAK”)
20 rue Chevreul – 44100 Nantes – France
R.C.S. Nantes 857 800 692
ARMOR BATTERY FILMS SAS
20 rue Chevreul – 44100 Nantes – France
R.C.S. Nantes 892 311 937
ARMOR PRINT SOLUTIONS SAS (« ALTKIN »)
17 Boulevard de Chantenay – 44100 Nantes – France
R.C.S. Nantes 892 312 067
ARMOR SMART FILMS SAS
20 rue Chevreul – 44100 Nantes – France
R.C.S. Nantes 922 404 322
Several ARMOR Group companies act as joint Controllers where they jointly determine the purposes and means of Processing your Personal Data. ARMOR is a joint Controller for the following Processing activities together with all other subsidiaries listed above:
You have the right to access, rectify, object to, port, erase your Personal Data, or request a restriction of its processing. You may exercise these rights by contacting the Data Protection Officer (DPO) by email at: dpo@armor-group.com or by postal mail at the following address: ARMOR, For the attention of the DPO, 20 rue Chevreul, 44110 NANTES, France, specifying:
Your request will be processed within one month from its receipt. This period may be extended by two additional months, prior to the expiry of the initial month, depending on the complexity and number of requests. In the absence of a satisfactory response from ARMOR, you also have the right to lodge a complaint with the supervisory authority: CNIL, 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07, or online at www.cnil.fr/fr/plaintes.
The French entities of the ARMOR Group implement technical and organizational security measures as outlined in a General Information Systems Security Policy.
These measures are proportionate to the sensitivity of the Personal Data and are designed to protect such data against destruction, loss, alteration, unauthorized disclosure, or unauthorized access.
In the event of a breach affecting your Personal Data, we will inform you and report the Personal Data breach to the competent supervisory authority.
Updated in December 2025
