Article 1 – Preamble
Personal data refers to any information about a physical person identified or identifiable, directly or indirectly, including by reference to a name, identification number, or one or more specific elements specific to his or her physical, physiological, genetic, psychological, economic, cultural or social identity.
It’s 1.1. Definitions
User (‘User’): Internet user logging in and using the site. Users are considered users all users who log on, browse, read, view and use the site.
Article 2 – Personal Data Management
The user is informed of the regulations concerning marketing communication, the law of 21 June 2014 for confidence in the Digital Economy, the Computer And Freedom Act of 06 August 2004 as well as the General Data Protection Regulation (RGPD: 2016-679).
Article 3 – Data collected
The data is collected and processed only with the consent of the user who owns the data and is limited to the bare minimum. Whenever personal data is collected, the user is told that his data is collected, and why his data is collected.
Data collection and processing is performed to meet one or more predetermined objectives, and only the data necessary to properly execute the site’s objectives is collected (data minimisation).
The personal data collected on the site is as follows:
This data is collected when the user performs one of the following operations on the site:
When the user logs on to the site
Article 4 – Finals of the data collected
Data collection and processing meet the following purposes:
The IP address is collected for statistical purposes, for the management of site optimization, to prevent and combat computer fraud in the event of deemed abnormal use of the site’s forms. The IP address is collected to determine the city from which the user connects. This is immediately anonymized after use and the publisher of the site can therefore in no way trace it back to a natural person.
Article 5 – Data Transmission
The publisher does not market users’ personal data, which is therefore only used by necessity or for statistical and analysis purposes. The personal data collected by the site is not transmitted to any third parties, and is only processed by the site’s publisher.
The publisher does not process, host or transfer information collected on its users to a country outside the European Union or recognised as « inadequate » by the European Commission without first informing users. However, the publisher remains free to choose its technical and commercial subcontractors, provided that they provide sufficient guarantees under the requirements of the General Data Protection Regulation (RGPD: No. 2016-679).
However, personal data can be shared with third-party companies, exclusively in the European Union, in the following cases:
When the site uses the services of providers to provide online payment assistance, advertising or services. These providers have limited access to user data, as part of the performance of these services, and have a contractual obligation to use it in accordance with the applicable provisions of the personal data protection regulations.
If required by law, the site may transmit data to respond to claims against the site and comply with administrative and judicial procedures.
Article 6 – Data retention
The publisher will keep user data in a secure environment for the duration necessary to achieve the purposes for which it was collected and in compliance with current regulations.
To the extent reasonably necessary or required to meet legal or regulatory obligations, settle disputes, prevent fraud and abuse, or apply terms and conditions, the publisher may also retain certain information for an additional period of time.
Article 7 – Data Security
The publisher undertakes to take all necessary precautions to preserve the security of information, including that it is not shared with unauthorized persons. However, if an incident affecting the integrity or confidentiality of users’ information is brought to the attention of the publisher, the publisher will have to inform users as soon as possible and communicate the corrective measures taken. The site also does not collect « sensitive data. »
Within their respective responsibilities and for the purposes recalled above, the main people likely to have access to user data are primarily the publisher’s customer service agents.
Article 8 – User Rights
In accordance with current EU regulations, users of the site have many rights related to personal data. In particular, users have the right to access their data, correct any errors, and the right to have personal data erased, to limit their processing or to object to it. Users also have the right to withdraw their consent, to object to the receipt of commercial prospecting documents in the future, and in certain circumstances, the right to ensure that the information is transferred to users or transferred to a third party.
Right of access, right of correction: The user has the right to access the personal data that the publisher holds about him, to have his personal data corrected if it is inaccurate, obsolete or incomplete.
Right to delete, right to be forgotten: The user has the right to have his data erased or deleted. However, this right may be limited by a legal reason or a legitimate interest of the publisher to retain personal data.
Right of objection: The user has the right to request the limitation or to object to the treatment of his data by the site, without the site being able to refuse, except to demonstrate the existence of legitimate and compelling grounds, which may prevail over the interests and rights and freedoms of the user.
The right to withdraw consent for the processing of data based on consent: The user may withdraw consent to the processing of his data at any time when this treatment is based on consent.
The right to data portability: The user has the right to move, copy or transfer data held by the site to another site. This right applies only to data provided by the user and where the data is processed automatically based on consent or contract.
The right to determine the fate of the data after death: The user can arrange what the fate of his data collected and processed should be if he dies and choose, if he wishes, whether the publisher will have to disclose his data to a third party that he has previously designated.
8.1. Rights applications
If the user wants to know how the publisher uses his personal data, or ask to correct it, oppose their processing or delete it, he can contact the Data Protection Delegate who is available to users for any questions relating to the protection of personal data.
Any application must be accompanied by a photocopy of a valid, signed ID and the address to which the publisher will be able to contact the applicant. The response will be sent within one month of receiving the request. This one-month period may be extended by 2 (two) months if the complexity of the application requires it.
Requests to delete personal data will be subject to the obligations imposed on the publisher by law, including the retention or archiving of documents.
In the event that the data handler decides not to respond to the user’s request, and the user wishes to challenge this decision, or, if he thinks that one of the rights listed above is infringed, he is entitled to refer the matter to the CNIL (National Commission for Information Technology and Freedoms) or any competent judge.
Users can file a complaint with the supervisory authorities, including the CNIL, at: https://www.cnil.fr/.
Article 9 – Data Protection Delegate
The role of the Data Protection Delegate and ensuring the proper implementation of national and supranational provisions on the collection and processing of personal data. He can also be appointed DPO (for Data Protection Officer).
The user is informed that the next person has been appointed Data Protection Delegate by the site’s publisher: PNM SARL. The data protection delegate can be reached by e-mail at firstname.lastname@example.org