ARTICLE 1: INTRODUCTION
The GDPR and you…
Personal data protection is one of our major concerns. The privacy policy fits into a legal framework centred on the European Union’s General Data Protection Regulation (EU Regulation 2016/679 of 27 April 2016), in force since 25 May 2018, and the French IT and Freedoms Law (Loi Informatique et Libertés) No. 78-17 of 6 January 1978, as amended, relating to information technology, files, and civil liberties.
The purpose of this data protection policy is to present you with:
– The controller of personal data
– How your data are collected and processed
– Your rights concerning the use of your personal data
– Recipients with whom your data is shared
– The website’s cookie management policy
This privacy policy supplements the legal notice on the website.
ARTICLE 2: DEFINITIONS
Just to be clear…
Personal Data is any information relating to an identified or identifiable person, i.e. that enables that person to be identified directly (e.g. first name and surname) or indirectly (e.g. cookies).
Processing of Personal Data is any operation or set of operations (whether automated or not) applied to Personal Data or sets of Personal Data, such as: the collection, recording, organisation, storage, or transmission of data, etc.
The Data Controller determines the purposes (objectives of the processing operation) and means of the processing operations.
The Data Processor processes Personal Data on behalf of the Data Controller and under their instructions.
ARTICLE 3: GENERAL PRINCIPLES
We have legal obligations aplenty!
In accordance with the provisions of Article 5 of the General Data Protection Regulation (GDPR), the collection and processing of your personal data complies with the following principles:
– Lawfulness, fairness, and transparency: personal data may only be collected and processed on a previously defined legal basis (performance of a contract, legal obligation, consent, legitimate interest, protection of vital interests)
– Limited purposes: personal data are collected and processed for one or more defined purposes
– Minimisation of data collection and processing: only data that are strictly necessary for the fulfilment of the defined purposes are collected
– Time-limited data retention: the data controller is obligated to define retention durations for the personal data processed
– Integrity and confidentiality of the data collected and processed: the data controller undertakes to guarantee the integrity and confidentiality of the data collected
– Accuracy of data: the data controller undertakes to take all reasonable measures to keep the data they process up to date, including to update inaccurate data and delete obsolete data.
ARTICLE 4: DATA CONTROLLER
Don’t worry: we have everything under control!
As the data controller, SPL undertakes to comply with the obligations arising from the GDPR and the amended French IT and Freedoms Law concerning the collection and processing of personal data. In accordance with Article 32 of the GDPR, we implement all necessary technical and organisational measures to ensure the protection of your personal data.
ARTICLE 5: PERSONAL DATA COLLECTED AND PROCESSED: WHICH DATA?
What do we know about you?
In accordance with the principle of minimisation, we only collect data that are necessary for the performance of our tasks. Thus, as part of the management of our website, SPL may collect and process the following information:
– Identity: name.
– Work information: company affiliation, work email address, work telephone number, country, region.
– Connection data: IP address, logs, login information.
– Internet: cookies, trackers, browsing data, audience measurement.
– Personal information: personal telephone number, personal email address.
In managing the website, we do not collect any sensitive data such as religion, trade union membership, racial or ethnic origin, criminal convictions, or health-related data.
ARTICLE 6: PERSONAL DATA COLLECTED AND PROCESSED: FOR WHAT REASONS?
Let us explain!
In all these situations, SPL acts as a “Data Controller” as defined by the GDPR.
Data collected when visiting the website: Identity, personal information, work information, connection data, internet.
We use these data to (legal basis = consent):
– Send you sales communications (if you have asked us to do so),
– Send you our quotes (if you have asked us to do so),
– Contact you when you fill in the contact form,
– Carry out audience analyses or produce statistics (if agreed);
or in order to (legal basis = legitimate interest):
– Offer you personalised services,
– Monitor and improve our website,
– Secure our website,
– Send you information.
Your browsing data on our website is kept for a maximum duration of 13 months. Data collected via the form are kept for 3 years from the date of collection or the date of last contact from the prospective customer.
ARTICLE 7: PERSONAL DATA: WHO HAS ACCESS TO YOUR PERSONAL DATA?
We don’t share your information with just anyone!
SPL undertakes not to share your personal data with anyone other than those people authorised internally and with authorised third parties such as tax, customs, or economic authorities, justice authorities, or local or national police.
SPL may share your personal data with data processors, such as:
– OPEN STUDIO: webmaster;
– DATA SEARCH: digital agency.
The use of these service providers is necessary for the proper provision of our services. We undertake to verify and guarantee their compliance with the GDPR and the amended French IT and Freedoms Law.
With the exception of the recipients listed above, SPL undertakes not to share your personal data with third parties or external organisations without your express consent.
SPL does not and will not sell, transfer, or disclose your personal data to unauthorised third parties.
SPL does not make any automated decisions on the basis of your personal data. No profiling is carried out during processing, and the data we collect will never be used without human involvement.
ARTICLE 8: YOUR RIGHTS
You hold all the cards!
8.1 Your rights
In accordance with regulations in force, you have the following rights with regard to your personal data:
- Right of access: You can access your personal data held by us at any time.
- Right of rectification: You may make a request to complete, correct, or clarify your personal information.
- Right of opposition: You retain the right to object at any time to the use of your personal data for the activities carried out by our company relating to the processing of your data.
- Right of limitation: You may demand restrictions on the future processing of your personal data under certain conditions.
- Right of deletion: You may also ask us to delete your personal data.
- Right of portability: You have the right to receive your personal data in a structured, commonly used, and computer-readable format. You can also ask us to transfer your personal data to another organisation.
- Digital death: You may decide what happens to your digital personal data after your death.
8.2 The GDPR point of contact
SPL has appointed a GDPR point of contact within its organisation. To exercise your rights, you can contact our internal GDPR contact at the following address:
SPL, CD 113, Allée des Lauriers, 78630 ORGEVAL – France.
RCS Versailles B 328 031 026
8.3 Complaints to the CNIL
You may, at any time, lodge a complaint with the appropriate authority, in this case the Commission Nationale de l’Informatique et des Libertés (CNIL), by following this link: https://www.cnil.fr/fr/plaintes.
ARTICLE 9: SECURITY MEASURES
You entrust us with your data; we take care of it!
SPL is concerned about the security of personal data, which it undertakes to process securely and only for as long as is necessary to achieve the intended purpose.
SPL has implemented technical and organisational measures to ensure a level of data protection appropriate to the nature and purpose of the processing.
As such, in accordance with Article 32 of the GDPR, relating to the security of data processing, SPL has implemented:
– Means to guarantee the constant confidentiality, integrity, availability, and resilience of processing systems and services.
However, the security obligation remains an obligation of means, i.e. we do everything in our power to guarantee the confidentiality and integrity of your personal data. All the people who have access to your personal data have been made aware of best practices for data protection. They are bound by an obligation of confidentiality, and are liable to disciplinary action if they fail to comply with said obligation.
ARTICLE 10: TRANSFERS OF DATA TO OUTSIDE THE EUROPEAN UNION
In managing our website and your requests, we do not transfer your data outside the European Union.
However, if your personal data are transferred outside the European Union, we will ensure that the countries of destination guarantee a sufficient and appropriate level of data protection.
We undertake to inform you in advance of the possibility of transferring data outside the European Union and to inform you of the guarantees put in place to ensure a sufficient and appropriate level of protection.
ARTICLE 11: COOKIES
Care for a biscuit?
As with most websites, our website uses cookies, which can be divided into two categories:
– PERFORMANCE / ANALYTICS: These cookies collect anonymous information about your use of our site. The information collected by these cookies is used solely to improve your use of our site and never to identify you. Sometimes these cookies are placed by third-party providers of web traffic analysis services.
– STRICTLY NECESSARY: These cookies are essential to enable you to browse our websites and use their features.
If you wish to limit tracking of your visits, we recommend that you refuse them by default via the cookie management banner that we have set up on our website.
You will also find in our cookies policy the procedure for accepting, customising, or refusing cookies by expressing your choice using the widget that appears at the bottom left of your screen.
ARTICLE 12: UPDATE OF THE DATA PROTECTION POLICY
Keep going, you’re almost to the finish line of this text!
This personal data protection policy may change over time.
The last update was made on 21 December 2023 by Optimex Data.