Amended on : 01/01/2022

Security and protection of personal data

Definitions :

The Publisher The natural or legal person who publishes the online public communication services.
The site All sites, web pages and online services offered by the Publisher.
The User The person using the Site and the services.

Type of data collected

When using the Sites, the Publisher may collect the following categories of data about its Users:

Civil status, identity and identification data...

Data relating to personal life (lifestyle, family situation, excluding sensitive or dangerous data)

Connection data (IP addresses, event logs, etc.)

Disclosure of personal data to third parties

No communication to third parties
Your data will not be disclosed to third parties. However, you are informed that your data may be disclosed in application of a law, regulation or by virtue of a decision by a competent regulatory or judicial authority.

Prior notification of the transfer of personal data to third parties in the event of a merger or takeover

Collection of opt-in (consent) prior to the transmission of data following a merger / acquisition
In the event that we take part in a merger, acquisition or any other form of transfer of assets, we undertake to obtain your prior consent to the transfer of your personal data and to maintain the level of confidentiality of your personal data to which you have consented.

Purpose of re-use of personal data collected

Carry out customer management operations relating to

  • contracts; orders; deliveries; invoices; accounting and, in particular, accounts receivable management
  • a loyalty programme within one or more legal entities;
  • monitoring customer relations, such as conducting satisfaction surveys and managing complaints and after-sales service
  • the selection of customers for studies, surveys and product tests (unless the consent of the persons concerned is obtained under the conditions set out in article 6, these operations must not lead to the creation of profiles likely to reveal sensitive data - racial or ethnic origins, philosophical, political, trade union or religious opinions, sex life or health of individuals)

Carry out prospecting operations

  • management of technical prospecting operations (including technical operations such as standardisation, enrichment and de-duplication)
  • the selection of individuals for loyalty-building, canvassing, surveys, product testing and promotional activities. Unless the consent of the persons concerned is obtained under the conditions set out in article 6, these operations must not lead to the creation of profiles likely to reveal sensitive data (racial or ethnic origins, philosophical, political, trade union or religious opinions, sex life or health of the persons concerned).
  • carrying out solicitation operations

Drawing up sales statistics

Managing people's opinions on products, services or content

Data aggregation

Aggregation with non-personal data
We may publish, disclose and use Aggregate Information (information about all of our Users or specific groups or categories of Users that we combine so that an individual User can no longer be identified or referred to) and Non-Personal Information for industry and market analysis, demographic profiling, promotional and advertising purposes and other business purposes.

Aggregation with personal data available on the User's social accounts
If you connect your account to another service's account for the purpose of cross-mailing, that service may share your profile and login information with us, as well as any other information you have authorized to be shared. We may aggregate information about all of our other Users, groups, accounts, with the personal data available about the User.

Collection of identity data

Free consultation
Consultation of the Site does not require prior registration or identification. You may do so without providing any personal data about yourself (surname, first name, address, etc.). We do not record any personal data simply for consulting the Site.

Collection of identification data

Use of the user ID only for access to services
We use your electronic identifiers only for and during the performance of the contract.

Collection of terminal data

No collection of technical data
We do not collect or store any technical data about your device (IP address, Internet access provider, etc.).

Cookies

Cookie retention period
In accordance with CNIL recommendations, cookies are kept for a maximum of 13 months after they are first placed on the User's terminal, as is the period of validity of the User's consent to the use of these cookies. The lifespan of cookies is not extended with each visit. The User's consent must therefore be renewed at the end of this period.

Purpose of cookies
Cookies may be used for statistical purposes, in particular to optimise the services provided to the User, by processing information concerning the frequency of access, the personalisation of pages, the operations carried out and the information consulted.
You are informed that the Publisher may place cookies on your terminal. The cookie records information relating to your browsing on the service (the pages you have visited, the date and time of the visit, etc.) which we will be able to read on your subsequent visits.

The User's right to refuse cookies
You acknowledge that you have been informed that the Publisher may use cookies. If you do not wish cookies to be used on your terminal, most browsers allow you to disable cookies via the settings options.

Retention of technical data

Technical data retention period
Technical data is kept for as long as is strictly necessary for the purposes set out above.

Personal data retention and anonymisation periods

Retention of data for the duration of the contractual relationship
In accordance with article 6-5° of law no. 78-17 of 6 January 1978 relating to information technology, files and civil liberties, personal data that is processed is not kept beyond the time required to fulfil the obligations defined when the contract was concluded or the predefined duration of the contractual relationship.

Retention of anonymised data beyond the contractual relationship / after account deletion
We keep personal data for the time strictly necessary to achieve the purposes described in these GTC. After this period, the data will be anonymised and kept exclusively for statistical purposes and will not be used in any way whatsoever.

Deleting data after account deletion
Data purging procedures are in place to ensure that data is effectively deleted as soon as the retention or archiving period required to fulfil the specified or imposed purposes has been reached. In accordance with the French Data Protection Act no. 78-17 of 6 January 1978, you also have the right to delete your data, which you may exercise at any time by contacting the Publisher.

Deletion of data after 3 years of inactivity
For security reasons, if you have not logged on to the Site for a period of three years, you will receive an e-mail inviting you to log on as soon as possible, failing which your data will be deleted from our databases.

Deleting an account

Account deletion on request
The User may delete his/her Account at any time, by simple request to the Publisher OR via the Account deletion menu in the Account settings, if applicable.

Deletion of the account in the event of a breach of the GCU
If you breach any provision of the TOS or any other document incorporated herein by reference, the Publisher reserves the right to terminate or restrict, without notice and at its sole discretion, your use of and access to the services, your account and all the Sites.

Indications in the event of a security vulnerability detected by the Publisher

Informing the User in the event of a security breach
We undertake to implement all appropriate technical and organisational measures to guarantee a level of security appropriate to the risks of accidental, unauthorised or illegal access, disclosure, alteration, loss or destruction of your personal data. In the event that we become aware of unlawful access to your personal data stored on our servers or those of our service providers, or of unauthorised access resulting in the risks identified above, we undertake to :

  • Notify you of the incident as soon as possible;
  • Examine the causes of the incident and inform you;
  • Take the necessary measures within reasonable limits to mitigate the negative effects and damage that may result from the said incident

Limitation of liability
Under no circumstances may the undertakings set out in the point above relating to notification in the event of a security breach be assimilated to any acknowledgement of fault or responsibility for the occurrence of the incident in question.

Transfer of personal data abroad

No transfer outside the European Union
The Publisher undertakes not to transfer the personal data of its Users outside the European Union.

Modification of the GTCU and the confidentiality policy

In the event of modification of these Terms and Conditions of Use, an undertaking not to lower the level of confidentiality substantially without first informing the persons concerned
We undertake to inform you in the event of any substantial modification to these GCU, and not to lower the level of confidentiality of your data substantially without informing you and obtaining your consent.

Applicable law and recourse procedures

Application of French law (CNIL legislation) and jurisdiction of the courts
These GCU and your use of the Site are governed by and construed in accordance with the laws of France, and in particular with Law no. 78-17 of 6 January 1978 relating to information technology, files and civil liberties. The choice of applicable law does not affect your rights as a consumer under the applicable law of your place of residence. If you are a consumer, you and we agree to submit to the non-exclusive jurisdiction of the French courts, which means that you may bring an action relating to these TOS in France or in the EU country in which you live. If you are a professional, any action against us must be brought before a court in France.

In the event of a dispute, the parties shall seek an amicable solution before taking any legal action. If these attempts fail, any disputes concerning the validity, interpretation and/or performance of these GCU must be brought before the French courts, even in the event of multiple defendants or third-party proceedings.

Data portability

Data portability
The Publisher undertakes to offer you the possibility of having all your personal data returned to you on request. In this way, the User is guaranteed greater control over his or her data and retains the possibility of re-using it. This data must be provided in an open and easily reusable format.