Security and protection of personal data
Warnings
This tool is made available to you free of charge. The tool is based on information based on the firm's professional analysis of RGPD compliance. However, as compliance is a dynamic process and every situation is specific, the information transmitted must be adapted and can in no way be considered exhaustive or accurate.
Unless you request a review and validation by the Cabinet, the document generated is considered as simple information. Consequently, you alone are responsible for interpreting the information provided, for the advice you deduce from it, and for the adaptations you make for your own business activity. The use and exploitation of the tool is therefore under your sole responsibility and at your own risk.
Definitions :
Publisher The person, physical or moral, who publishes online public communication services.
Site All sites, web pages and online services offered by the Publisher.
The User The person using the Site and its services.
Type of data collected
In the course of using the Sites, the Publisher may collect the following categories of data concerning its Users:
Civil status, identity and identification data...
Disclosure of personal data to third parties
No communication to third parties
Your data will not be disclosed to third parties. However, you are informed that your data may be disclosed in application of a law, regulation or decision by a competent regulatory or judicial authority.
Prior notification of the transfer of personal data to third parties in the event of a merger/absorption
Collection of opt-in (consent) prior to data transmission following a merger / acquisition
In the event that we take part in a merger, acquisition or any other form of transfer of assets, we undertake to obtain your prior consent to the transmission of your data.
Personal Data and to maintain the level of confidentiality of your personal data to which you have consented.
Identity data collection
Carry out customer management operations concerning
- Contracts; orders; deliveries; invoices; accounting, particularly accounts receivable management
- A loyalty program within one or more legal entities;
- Customer relations management, including satisfaction surveys, claims management and after-sales service.
- The selection of customers for studies, surveys and product tests (unless the consent of the persons concerned is obtained under the conditions set out in article 6, these operations must not lead to the establishment of profiles likely to reveal sensitive data - racial or ethnic origins, philosophical, political, trade-union or religious opinions, sex life or health of the persons concerned).
Sales statistics
The organization of contests, lotteries or any promotional operation, with the exception of online gambling subject to approval by the Autorité de Régulation des Jeux en Ligne.
Managing people's opinions on products, services or content
Data aggregation
Aggregation with non-personal data
We may publish, disclose and use aggregated information (information about all of our Users or specific groups or categories of Users that we combine in such a way that an individual User can no longer be identified or referred to) and non-personal information for industry and market analysis, demographic profiling, promotional and advertising purposes and other business purposes.
Aggregation with personal data available on the user's social accounts.
If you connect your account to another service's account for the purpose of cross-mailing, that service may share your profile and login information with us, as well as any other information you have authorized to be shared. We may aggregate information about all our other Users, groups, accounts, with personal data available about the User.
Identity data collection
Free consultation
Consultation of the Site does not require registration or prior identification. You do not need to provide any personal data (surname, first name, address, etc.). We do not record any personal data for the simple purpose of consulting the Site.
Collection of identification data
Use of user ID only for access to services
We use your electronic identifiers only for and during the execution of the contract.
Terminal data collection
No collection of technical data
We do not collect or store any technical data about your device (IP address, Internet service provider, etc.).
Cookies
Cookie retention period
In accordance with CNIL recommendations, cookies are kept for a maximum of 13 months after they are first stored on the user's terminal, as is the period of validity of the user's consent to the use of these cookies. The lifetime of cookies is not extended with each visit. The User's consent must therefore be renewed at the end of this period.
Purpose of cookies
Cookies may be used for statistical purposes, in particular to optimize services rendered to the user, based on the processing of information concerning access frequency, page personalization, operations carried out and information consulted.
You are informed that the Publisher may place cookies on your terminal. The cookie records information relating to your browsing on the service (the pages you have consulted, the date and time of consultation, etc.) which we can read during your subsequent visits.
Opt-in for cookies
We do not use cookies. Should we use cookies in the future, you will be informed in advance and given the opportunity to deactivate them.
Technical data retention
Technical data retention period
Technical data is kept for the time strictly necessary to achieve the above-mentioned purposes.
Personal data retention and anonymization periods
Data retention for the duration of the contractual relationship
In accordance with article 6-5° of French law no. 78-17 of January 6, 1978 on data processing, data files and individual liberties, personal data that is the subject of processing is not kept beyond the time required to fulfill the obligations defined when the contract was signed, or the predefined duration of the contractual relationship.
Retention of anonymized data beyond the contractual relationship / after account deletion
We keep personal data for the time strictly necessary to achieve the purposes described in these GTU. After this period, the data will be anonymized and kept exclusively for statistical purposes and will not be used in any way whatsoever.
Deleting data after account deletion
Data purging procedures are in place to ensure that data is effectively deleted as soon as the retention or archiving period required to fulfill the specified or imposed purposes has been reached. In accordance with the French Data Protection Act no. 78-17 of January 6, 1978, you also have the right to delete your data, which you may exercise at any time by contacting the Publisher.
Data deletion after 3 years of inactivity
For security reasons, if you have not logged in to the Site for a period of three years, you will receive an e-mail inviting you to log in as soon as possible, failing which your data will be deleted from our databases.
Account deletion
Account deletion on request
The User may delete his or her Account at any time, by simple request to the Publisher OR via the Account deletion menu in the Account settings, if applicable.
Account deletion in the event of a breach of the GCU
If you breach any provision of the TOS or any other document incorporated herein by reference, the Publisher reserves the right to terminate or restrict, without notice and at its sole discretion, your use of and access to the services, your account and all of the Sites.
Indications in the event of a security breach detected by the Editor
Informing the User in the event of a security breach
We undertake to implement all appropriate technical and organizational measures to guarantee a level of security appropriate to the risks of accidental, unauthorized or illegal access, disclosure, alteration, loss or destruction of your personal data. In the event that we become aware of unlawful access to your personal data stored on our servers or those of our service providers, or of unauthorized access resulting in the risks identified above, we undertake to :
- Notify you of the incident as soon as possible;
- Examine the causes of the incident and inform you;
- Take all reasonable steps to mitigate any adverse effects and damages that may result from the said incident
Limitation of liability
Under no circumstances may the undertakings set out above concerning notification in the event of a security breach be assimilated to any admission of fault or responsibility for the occurrence of the incident in question.
Transfer of personal data abroad
No transfer outside the European Union
The Publisher undertakes not to transfer the personal data of its Users outside the European Union.
Modification of the Terms of Use and Privacy Policy
In the event of modification of the present GCU, undertaking not to lower the level of confidentiality substantially without the prior information of the persons concerned.
We undertake to inform you in the event of substantial modification of the present GCU, and not to lower the level of confidentiality of your data in a substantial way without informing you and obtaining your consent.
Applicable law and remedies
Arbitration clause
You expressly agree that any dispute arising out of or in connection with these TOU, including, without limitation, any dispute arising out of or in connection with the interpretation or performance of these TOU, shall be submitted to arbitration in accordance with the rules of the mutually agreed upon arbitration platform to which you shall unreservedly adhere.
Data portability
The Publisher undertakes to offer you the possibility of having all your personal data returned to you on request. In this way, the user is guaranteed greater control over his or her data, and retains the possibility of reusing it. This data must be supplied in an open and easily reusable format.