Processing of personal data
Data subjects of the data processing operations
The persons concerned (hereinafter the "Data Subjects") by the data processing are: the customers of the data controller, the users of the website, the members of its professional networks. The Data Subjects acknowledge that they have read this policy and accept it without reservation.
Categories of data processed
The controller collects personal data directly from the data subjects. The categories of data processed are as follows:
For customers: data relating to the civil status, identity and identification data of customers (surname, first name, age, postal address, telephone, e-mail address), data relating to the personal life of customers (family situation, profession, eating habits, lifestyle, etc.), data relating to the health of customers, data relating to means of payment (if payment for services is made online).
For users of the website: data collected on the contact form (name, e-mail address), connection data (IP addresses, logs, time zone, pages consulted, certain cookies, etc.).
For members of its professional networks: identity-related data (surname, first name, telephone, e-mail address), professional data (position, company).
Purposes and legal basis for processing
The personal data collected by the data controller have specific, explicit and legitimate purposes. These purposes are as follows: management, processing and follow-up of customer files, management of customer invoicing and collection, management of a list of objections to the processing of personal data, management of lists of commercial proposals and the sending of various contents, etc. Our top priority is the security of customer data and, as such, we can only process minimal user data, only to the extent that is absolutely necessary to maintain the website. Automatically collected information is used only to identify potential cases of abuse and to compile statistical information about the use of the website. This statistical information is not otherwise aggregated to identify a particular user of the system. You can visit the website without telling us who you are or revealing any information by which anyone could identify you as a specific, identifiable individual. However, if you wish to use certain features of the website, or if you wish to receive our newsletter, you may provide us with personal data, such as your e-mail address. You may choose not to provide us with your personal data, but then you may not be able to take advantage of certain features of the website. For example, you will not be able to receive our newsletter or contact us directly from the website. If you are a European resident, you have the following rights in relation to your personal data: - The right to be informed, the right of access, the right of rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object, rights relating to automated decision making and profiling. If you wish to exercise this right, please contact us.
Duration of data storage
Personal data that is subject to processing is kept for a period not exceeding that necessary for the purposes for which it is recorded.
Management, processing and monitoring of Customer files: data kept for the duration of the contractual relationship and then for 5 years
Customer billing and collection management: data kept for 10 years
Accounting: data kept for 10 years
Constitution and management of Customer files: data kept for the duration of the contractual relationship and then for 3 years for commercial prospecting purposes from the date of collection or the last contact of the person concerned
Management of an opposition list to data processing: data kept for 3 years from the date of registration on the list.
Recipients of the data
The personal data collected are reserved for the use of the controller. Some data may, in certain cases, be communicated by the data controller to third party recipients, with the prior consent of the data subjects where necessary.
The Data Subjects are informed and accept, as part of a general authorisation, that the data controller may use subcontractors for their personal data. When using subcontractors, the data controller has concluded a written contract with each of them respecting the obligations of the Data Protection Act and the RGPD. Each processor acts only on the instructions of the data controller and undertakes to offer the same guarantees of personal data protection. Each processor implements the appropriate technical and organisational measures so that data processing complies with legal and regulatory requirements. The data controller undertakes to use only subcontractors: established in a country of the European Union or established in a country presenting a level of protection said to be adequate within the meaning of the European data protection authorities or having appropriate guarantees pursuant to Article 46 of the RGPD. Otherwise, the transfer of data can only be made in compliance with Article 49 of the GDPR.
The list of processors is as follows: (Zyro) Hostinger International Ltd. and Google Analytics. Their personal data processing policies can be consulted at the following links: https://zyro.com/fr/privacy-policy , https://policies.google.com/privacy . The list of processors is made available to Data Subjects upon written request. The controller undertakes to inform each Data Subject of the addition or change of processor by e-mail as soon as possible, if this change has a negative impact on the processing of his/her data. The Data Subject shall formulate any observations or objections in writing within fifteen days of receiving this information. In the absence of a response within this period, the Data Subject acknowledges that he or she has thus authorised the said processor. The data controller shall provide the Data Subject with any information that may help to establish the compliance of the processor with the requirements of the regulations.
Transfer of data outside the European Union
The data controller may transfer certain data outside the European Union, including to Canada, Singapore and the United States (where the information of the host, Hostinger, is collected). In this case, the data controller undertakes to ensure that data transfers are only made to countries with a level of protection that is said to be adequate within the meaning of the European data protection authorities or, failing that, to provide appropriate guarantees in accordance with Article 46 of the RGPD. Otherwise, the transfer of data may only be made in compliance with Article 49 of the GDPR. The Data Subjects shall, in any event, have enforceable rights and effective remedies.
The controller shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. The controller shall take measures to ensure that any natural person acting under the authority of the controller or the processor who has access to personal data shall not process them unless instructed to do so by the controller or unless he is obliged to do so. When the controller is required to process health data, it undertakes to exercise particular vigilance and shall put in place appropriate technical and organisational measures. In particular, the controller shall ensure that health data are stored on its own servers and that they are not hosted by a third party subcontractor.
Register of processing
The controller shall keep a register of processing operations when processing personal data relating to the health of its customers.
Fate of data after death - Right of access, rectification, deletion and portability of data
The Person concerned by a processing operation may define directives relating to the retention, deletion and communication of his/her personal data after his/her death. These directives may be general or specific. The Data Subject also has the right to access, object to, rectify, delete and, under certain conditions, port his or her personal data. The data subject has the right to withdraw consent at any time if consent is the legal basis for the processing. The request must indicate the surname and first name, e-mail or postal address of the person concerned, and be signed and accompanied by valid proof of identity. The Person concerned may exercise his/her rights by contacting: email@example.com & www.isabelle-malinge.fr .
The Person concerned by a processing of personal data has the right to lodge a complaint with the supervisory authority CNIL.
A cookie is a small text file (a tracer) that is placed or stored on the Internet user's terminal (computer, tablet or mobile device) when he visits the website. The cookie makes it possible to trace the navigation of the Internet user who connects to the website. This tracking can have different purposes: to allow the website to function, to provide secure connections, to remember the user's preferences, to measure the website's audience, to target advertising or to share content on social networks. There are several types of cookies. These may be internal cookies from the website or cookies placed on the website belonging to third parties (such as Google, Facebook or Linked'In). These third-party cookies are beyond the control of the data controller. The Internet user is invited to consult the data use policy and the rules for the use of third-party cookies by clicking on the following links:
Some cookies require the express prior consent of the Internet user (cookies used for advertising purposes, audience measurement and sharing on social networks). When the user accesses the site, an information and consent banner appears. This banner is maintained as long as the Internet user has not continued his or her navigation, i.e. as long as he or she has not gone to another page of the site or clicked on an element of the site. The information banner allows the Internet user to give his express consent or to object to cookies requiring consent. As long as the Internet user has not given his consent, these cookies are not deposited.
We will disclose any information we collect, use or receive if required or permitted by law, for example, to comply with a subpoena or similar legal process, and when we have a good faith belief that disclosure is necessary to protect our rights, your safety or the safety of others, to investigate fraud or to respond to a government request.