[CUSTOMER'S COMPANY NAME] processes personal data (hereinafter “Personal Data)” concerning you in the context of the use of this website (hereinafter the “Site”).
As data controller, we respect privacy and protect the personal data of users of our Site.
This policy aims to inform you of the methods of collection, processing and use of Your Personal Data and of your rights in terms of protection of personal data with regard to the applicable provisions in this matter, in particular Law 78-17. of January 6, 1978 relating to data processing, files and freedoms known as "Data processing and freedoms" in its latest version and with the RGPD (General Data Protection Regulation) in application since May 25, 2018.
Article 1 - Scope of this personal data protection policy
This Policy sets out the principles and guidelines for the protection of Your Personal Data, which includes Personal Data collected on - or through - the Site.
[CUSTOMER'S COMPANY NAME] collects Personal Data (online, including by e-mail, or offline); this policy applies regardless of the method of collection or processing.
The notion of Personal Data refers to any information relating to an identified or identifiable natural person. A person is “identifiable” when he can be identified, directly or indirectly, in particular by reference to an identification number or to one or more elements which are specific to him.
“Non-Personal Data” corresponds to information that does not allow a person to be identified.
Article 2 - Places of storage of Personal Data
All Personal Data is stored exclusively in France, by our web hosting provider:
[COMPANY NAME AND HOST ADDRESS]
Article 3 - Data controller
The person responsible for processing Your Personal Data is: [COMPANY NAME AND CUSTOMER ADDRESS]; certain technical services [TECHNICAL SERVICES] are entrusted to our technical service providers [TECHNICAL SERVICE PROVIDERS]. In accordance with Article 28 of the RGPD, this service provider is bound by a strict confidentiality clause which prohibits any use of the data entrusted to it not provided for in the service contract and which requires it to implement technical measures and that meet the requirements of security and protection of personal data.
Article 4 - Data collected
Personal Data may include the following:
And any other Personal Data that may be relevant for the purposes set out below.
Note for visitors and users of the Site: certain functions and characteristics of the Site can only be used if You provide [CUSTOMER'S COMPANY NAME] certain Personal Data when You visit or use the Site. You are free to provide or not, all or part of Your Personal Data.
However, if You choose not to provide them, such a decision could prevent the achievement or satisfactory achievement of the objectives described below, certain services and certain features of the Site may not function properly and / or You will be refused the access to certain pages of the Site.
Cookies and other trackers
Cookies can be permanent (and remain after Your disconnection from the Site in order to be used during Your subsequent visits to the Site) or temporary (and disappear as soon as You disconnect from the Site).
- allowing a service to recognize Your equipment, so You will not have to provide the same information several times in order to perform the same task;
- recognizing the username and password You have already provided so that You do not have to re-enter them on each web page that requests them.
- measure the number of users of the services, thus making them easier to use and ensuring their ability to respond quickly to Your requests;
- help [CUSTOMER'S COMPANY NAME] understand how users interact with the services in order to improve them.
[CUSTOMER'S COMPANY NAME] may also use the services of third-party providers for the purposes of performing the services on its behalf and in particular for:
- analyze Your browsing habits and measure the audience of the Sites and Applications;
- analyze Your areas of interest and offer You targeted marketing or advertising offers;
- allow you to share the content of the Applications' Sites with other people on social networks or to let these other people know what You are watching or what You think (eg the "Like" button on Facebook)
In this case, invisible "pixels" and cookies provided by these third-party providers could be used and stored. When transmitting the information generated by these cookies, the cookie settings ensure that the IP address is made anonymous before geolocation and before storage. Our service providers will use this information for the purposes of evaluating Your use of the Site, compiling reports on Site activity for [CUSTOMER'S COMPANY NAME], and providing You with better services and advertising targeted to Your needs. They will not associate your IP address with any other of their data.
When you browse the Site, cookies are enabled by default and data can be read or stored locally on your hardware. You will be notified the first time You receive a cookie and You can thus decide to accept or reject it. By continuing to use the Sites, You expressly agree to [CLIENT'S COMPANY NAME] use of such cookies.
If you wish to modify or delete your information, please refer to Article 8: Your rights.
You can access your cookie management panel to configure the storage and reading of cookies.
By type of data:
- Civil status data (name, first name, postal address, etc.): 3 years max. ;
- Connection data: 3 years max. ;
- Location data = 48h;
We only keep Your Personal Data for a period of time necessary and proportionate to the purpose for which it was collected, namely for a maximum period of 3 years from the last exchange you had with us and carried out at your initiative.
Beyond the aforementioned periods, your data will be purely deleted or anonymized.
Article 5 - Purposes of the collection of personal data
As indicated above, You provide Your Personal Data on a voluntary basis.
Personal Data is generally collected for the needs of the activity of [CUSTOMER NAME OF THE CUSTOMER] such as improving the marketing and advertising efforts of [NAME OF THE CUSTOMER], better adaptation of the products and services of [NAME OF THE CUSTOMER] CUSTOMER] to customer needs or compliance with statutory reporting obligations, and other similar activities.
[CUSTOMER'S COMPANY NAME] collects and uses Personal Data concerning You for the needs of its activity and in particular for the following purposes:
We process your data in whole or in part for the purposes of:
[PURPOSES OF TREATMENTS]
Subject to applicable local legislation, by providing Your e-mail address, You expressly authorize [CUSTOMER'S COMPANY NAME] to use it with other Personal Data useful to send You commercial or marketing messages.
[CUSTOMER'S COMPANY NAME] may also use Your email address for administrative or other non-marketing purposes (for example, to notify You of important changes to the Site).
Article 6 - Conditions for processing and storing personal data
The "processing" of Personal Data includes in particular the use, conservation, recording, transfer, adaptation, analysis, modification, declaration, sharing and destruction of Personal Data depending on what is necessary in view of the circumstances or legal requirements.
All Personal Data collected is kept for a limited period depending on the purpose of the processing and only for the period provided for by the applicable legislation.
All Personal Data collected is stored in mainland France.
Article 7 - Links to websites not controlled by [CUSTOMER COMPANY NAME]
The Site may provide links to third party websites that may be of interest to You.
[CUSTOMER'S COMPANY NAME] has no control over the content of third-party sites or the practices of these third parties in terms of the protection of Personal Data that they may collect. Consequently, [CUSTOMER'S COMPANY NAME] declines any responsibility concerning the processing by these third parties of Your Personal Data. It is your responsibility to find out about the personal data protection policies of these third parties.
Article 8 - Transfer of personal data
Your Personal Data may be disclosed within [CUSTOMER'S COMPANY NAME] for the purposes set out in Article 3 of this Policy.
[CUSTOMER'S COMPANY NAME] may transfer Your Personal Data outside the European Union, provided that it ensures, before transferring them, that entities outside the European Union offer an adequate level of protection, in accordance with current European legislation.
If [CUSTOMER COMPANY NAME] learns that a third party to whom [CUSTOMER COMPANY NAME] has communicated Personal Data for the purposes set out in Article 3 above, is using or disclosing Personal Data without complying with this Policy or in violation of applicable law, [CUSTOMER'S COMPANY NAME] would take all reasonable steps to prevent or terminate such use or disclosure.
You also have the right to authorize or not [CUSTOMER'S COMPANY NAME] to use Your Personal Data for a purpose other than those for which this Personal Data was initially collected. You can object to this use by referring to Article 8 below.
[CUSTOMER'S COMPANY NAME] may also be required to transfer Your Personal Data to third parties if [CUSTOMER'S COMPANY NAME] considers that such a transfer is necessary for technical reasons (for example, for hosting services by a third party ) or to protect its legal interests (for example, in the event of sale of assets to a third party company, change of control or total or partial liquidation of [CUSTOMER COMPANY NAME]).
In addition, [CUSTOMER'S COMPANY NAME] may share Your Personal Data with the reseller on which You depend or assigned to the territory in which You are located for the purposes of the activity of [CUSTOMER'S COMPANY NAME]. [CUSTOMER'S COMPANY NAME] may also share your Personal Data with business partners when [CUSTOMER'S COMPANY NAME] and the business partner jointly sponsor an event or together participate in a marketing promotion in which You engage.
[CUSTOMER'S COMPANY NAME] may disclose Your Personal Data if required by law or if [CLIENT'S COMPANY NAME] considers in good faith that such disclosure is reasonably necessary to comply with a legal process (for example, warrant, subpoena or other court order) or to protect the rights, property or personal safety of [CLIENT'S COMPANY NAME], our clients or the public.
If the applicable legislation allows it, [CUSTOMER'S COMPANY NAME] may also share Your Personal Data with third parties in order to provide You with targeted marketing or advertising offers.
These transfers may take place via the Internet or by any other method deemed appropriate by [CUSTOMER'S COMPANY NAME] in accordance with applicable legislation and the Group's internal security policies [CUSTOMER'S COMPANY NAME].
Article 9 - Your rights
Your right to access and rectify your data
You have the right to access and have your personal data corrected.
You can ask us that your personal data be, depending on the case, rectified, completed if they are inaccurate, incomplete, equivocal or out of date.
Your right to have your data deleted
You can ask us to erase your personal data when one of the following reasons applies:
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- you withdraw the consent previously given;
- you object to the processing of your personal data for legitimate reasons;
- the processing of personal data does not comply with the provisions of applicable law and regulations.
Nevertheless, the exercise of this right will not be possible when the conservation of your personal data is necessary with regard to the legislation or the regulations and in particular for example for the establishment, the exercise or the defense of rights in court.
Your right to limit data processing
You can request the limitation of the processing of your personal data in the cases provided for by law and regulation.
Your right to object to data processing
You have the right to object to the processing of personal data concerning you when the processing is based on the legitimate interest of the controller.
Your right to the portability of your data
Since May 25, 2018, you will have the right to the portability of your personal data.
The data on which this right can be exercised are:
- only your personal data, which excludes anonymized personal data or data that does not concern you;
- declarative personal data as well as the personal operating data mentioned above;
- personal data which does not infringe the rights and freedoms of third parties, such as those protected by business secrecy.
This right is limited to processing based on consent or on a contract as well as personal data that you have personally generated.
This right does not include derived data or inferred data, which is personal data created by [CUSTOMER COMPANY NAME].
Your right to withdraw your consent
When the data processing that we carry out is based on your consent, you can withdraw it at any time. We then stop processing your personal data without the previous operations for which you had consented being called into question.
Your right to lodge an appeal
You have the right to lodge a complaint with the CNIL on French territory, without prejudice to any other administrative or judicial appeal.
Your right to set post-mortem guidelines
You have the possibility to define guidelines relating to the conservation, erasure and communication of your personal data after your death and this with a trusted third party, certified and responsible for ensuring that the will of the deceased is respected in accordance with the requirements of the applicable legal framework.
How to exercise your rights
All the rights listed above can be exercised:
- by post to the following address: [CUSTOMER ADDRESS], enclosing a copy of your identity card and proof of address;
- via our email address [GENERIC CUSTOMER MAIL ADDRESS RGPD@CLIENT.FR]. A procedure will then be sent to you in order to validate your identity.
Note: the documents sent within the framework of this procedure will be purely destroyed, and the data potentially collected during the procedure will be definitively deleted, at the end of the latter.
Also note that any requests that do not meet these guidelines will be ignored.
We undertake to respond to these requests within 1 month of receipt of the request. This period may be extended by 2 months depending on the complexity and the number of requests received, i.e. 3 months in total.
If you have an account, you can exercise Your rights of access and rectification by logging into your account.
However, with regard to the exercise of the right to information, we may not have the obligation to act on it if:
- you already have this information;
- the recording or communication of your personal data is expressly provided for by law;
- communication of information proves impossible;
- providing information would require disproportionate effort.
Article 10 - Data security and recipients
[CUSTOMER'S COMPANY NAME] takes care to protect and secure the Personal Data that You have chosen to communicate to it, in order to ensure their confidentiality and prevent them from being distorted, damaged, destroyed or disclosed to unauthorized third parties.
[CUSTOMER'S COMPANY NAME] has taken physical, electronic and organizational protection measures to prevent any loss, misuse, unauthorized access or dissemination, alteration or possible destruction of this Personal Data. Among these protection measures, [CUSTOMER'S COMPANY NAME] incorporates technologies specially designed to protect Personal Data during their transfer. However, despite the efforts of [CUSTOMER COMPANY NAME] to protect Your Personal Data, [CUSTOMER COMPANY NAME] cannot guarantee the infallibility of this protection due to inevitable risks that may arise during the transmission of Personal Data.
All Personal Data being confidential, their access is limited to employees and service providers of [CUSTOMER COMPANY NAME] who need it in the performance of their mission. All persons having access to Your Personal Data are bound by an obligation of confidentiality and are exposed to disciplinary measures and / or other sanctions if they do not comply with these obligations.
However, it is important that You exercise caution to prevent unauthorized access to Your Personal Data. You are responsible for the confidentiality of Your password and the information contained in Your account. Consequently, You must ensure that You close Your session in the event of shared use of the same computer or the same terminal.
Article 11 - Conflict resolution
Although [CLIENT'S COMPANY NAME] has taken reasonable steps to protect Personal Data, no transmission or storage technology is completely foolproof.
However, [CUSTOMER'S COMPANY NAME] takes care to guarantee the protection of Personal Data. If You have reason to believe that the security of Your Personal Data has been compromised or that they have been misused, You are invited to contact [CUSTOMER'S COMPANY NAME] at the following address: [ GENERIC EMAIL ADDRESS OF THE TYPICAL CUSTOMER RGPD@CLIENT.FR].
[CLIENT'S COMPANY NAME] will investigate complaints regarding the use and disclosure of Personal Data and attempt to resolve them in accordance with the principles set out in this Policy.
Unauthorized access to Personal Data or its misuse may constitute an offense under local law.
Article 12 - Contact
For any questions concerning this Policy, to no longer receive information from [CUSTOMER COMPANY NAME] or for any request for rectification, addition, update or deletion of Your Personal Data, You can send an email to the following email address: [GENERIC CUSTOMER MAIL ADDRESS RGPD@CLIENT.FR].
Article 13 - Date of entry into force and revisions of the personal data protection policy
This Policy may be updated based on the needs of [CLIENT'S COMPANY NAME] and the circumstances or as required by law. We therefore invite you to regularly take note of the updates.
Last modification: [DATE OF LAST MODIFICATION OF THE DOCUMENT]