PERSONAL DATA PROTECTION POLICY
Concerned about the protection of its Users’ personal data (the “Personal Data”), AOEDE has implemented a policy allowing it to collect and process some of them in compliance with their rights and with the regulations in force. This policy is based on the principles described below, of which it intends to inform Users.
ARTICLE 1 - Scope of the personal data protection policy
AOEDE is committed to ensuring that any User has the highest level of protection of his or her Personal Data, in accordance with the regulations in force, namely Law n° 78-17 of January 6, 1978 relating to information technology, files and freedoms, as amended by Law n° 2018-493 of June 21, 2018 relating to the protection of personal data, Decree No. 2019-536 of May 29, 2019 taken for its application, and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “GDPR”).
The policy on the protection of personal data applies to all the Users of the Site and to all uses that they will be led to make of it, in accordance with the present GCU.
ARTICLE 2 - Identity of the Data Controller
According to the RGPD, the Data Controller is the natural or legal person, public authority, department or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data. AOEDE, which is the publisher of the Site, is therefore the person in charge of the processing of Personal Data that it implements within the framework of the said Site, during its use by Users.
Users are informed that they can, at any time, contact AOEDE at the addresses and numbers mentioned in the Legal Notice.
ARTICLE 3 - Nature of the Personal Data collected
According to the RGPD, Personal Data is any information relating to an identified or identifiable natural person, by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
The User is an “identified or identifiable natural person”, of whom AOEDE requests certain information in compliance with the regulations in force and in accordance with these GTC.
AOEDE collects and processes Personal Data collected via the contact form sent by the User, and in particular the following Personal Data collected about the User: last name / first name / email address.
AOEDE draws the attention of the Users to the fact that the Personal Data they provide must be accurate, both at the time of their registration and at any time during their use of the Site. Each User therefore undertakes to provide accurate information about him or herself when submitting the contact form to AOEDE, and to update it if necessary. The User guarantees the truthfulness, accuracy and completeness of the information provided and will be solely responsible for any failure, error or omission to update.
AOEDE does not collect or process any personal data known as “sensitive” within the meaning of the RGPD (racial or ethnic origin, political opinion, religious or philosophical beliefs or trade union membership, as well as the processing of genetic or biometric data for the purpose of uniquely identifying a natural person, data concerning health, sex life or sexual orientation of a person).
ARTICLE 4 - Legality of the processing of Personal Data
When using the Site, AOEDE collects and processes certain Personal Data, provided that at least one of the following conditions is met:
- when the User has given his/her express consent to the collection and processing for the purposes referred to in ARTICLE 5 of this Privacy Policy, it being specified that he/she has the possibility, in accordance with Article 7 of the RGPD, to withdraw his/her consent at any time without this compromising the lawfulness of the processing carried out by AOEDE on the basis of the consent prior to such withdrawal;
- when the processing is necessary for the purposes of the legitimate interests pursued by AOEDE within the framework of its legal activity, the User having the possibility of exercising his right of opposition, as defined in ARTICLE 8.10 of the present GTU.
- when the processing is necessary to comply with a legal obligation to which AOEDE is subject.
ARTICLE 5 - Purposes of the processing of Personal Data
In accordance with the principle of data minimization set forth in Article 5 of the GDPR, AOEDE undertakes to collect only Personal Data that is adequate, relevant and limited to what is necessary for the purposes for which it is processed.
The Personal Data collected by AOEDE are processed for the following purposes:
- access to the Site and all its features and contents, as well as their consultation or use by the Users;
- the follow-up of the relationship with the Users, and in particular the sending of newsletters or e-mails related to the activity of AOEDE;
- accounting;
- the implementation of assistance to Users and the management of their complaints;
- the management of Users’ requests relating to the exercise of their rights as defined in ARTICLE 8.10 of this Data Privacy Policy;
- the management of possible disputes with any User;
- the management of the security of the Site;
- the constitution by AOEDE or on its behalf of a customer file;
- the production by AOEDE, on its behalf, of statistics, in an anonymous manner, on the activity of the Site in order to measure the satisfaction of Users and the quality of its contents and functionalities and, in so doing, to ensure the improvement and optimization of the Site, its contents and functionalities.
AOEDE may also use the Personal Data for administrative purposes or for any other purpose imposed by the legislation in force.
ARTICLE 6 - Recipient of Personal Data
The Personal Data of the Users collected by AOEDE may, in the context of the processing of which they are the object, be transmitted to the following recipients
partners, service providers and contractual subcontractors, which AOEDE may need to call upon for the purposes mentioned in ARTICLE 8.5 of these GTU;
public authorities when the processing is necessary to comply with a legal obligation to which AOEDE is subject and in particular when, in application of a legal or regulatory provision, an administrative or judicial authority makes a request for communication of the Personal Data of one or more Users.
ARTICLE 7 - Duration of storage of Personal Data
In accordance with Article 5 of the RGPD, the Personal Data collected by AOEDE are kept for a period not exceeding that necessary for the purposes for which they are processed. In particular:
Customer Data is kept for the duration of the contractual relationship and for the applicable statute of limitations (five (5) years), or longer if necessary for the follow-up of the legal services provided, in particular in the context of litigation proceedings, in which case the data is kept until all avenues of appeal are exhausted.
Data required for accounting purposes is retained for a total of ten (10) years to comply with applicable accounting and tax requirements.
Prospect Data is kept for a period of three (3) years following the last contact with the prospect;
Data collected for commercial prospecting and analysis purposes are kept for three (3) years following the last contact with the person;
Personal Data collected via Cookies, under the conditions of ARTICLE 7 of this Privacy Data Policy, are kept for a period of thirteen (13) months from their collection.
In case of collection and processing of Personal Data in the context of a dispute with the User, or more generally, in the context of a litigation procedure, of any nature whatsoever, the said Data are kept for the entire duration of the applicable legal or regulatory requirements.
ARTICLE 8 - Security of personal data processing
AOEDE undertakes to take all necessary precautions, taking into account the state of knowledge, the costs of implementation and the nature and scope of the context and purposes of the processing, to preserve the confidentiality and security of the Personal Data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorized third parties. To this end, AOEDE undertakes, in accordance with Article 32 of the GDPR, to implement all appropriate technical and organizational measures.
When, in the context of the purposes referred to in ARTICLE 6.5 of this Privacy Data Policy, AOEDE transmits the Personal Data collected to partners, service providers and/or subcontractors, it undertakes to use only partners, service providers and/or subcontractors presenting sufficient guarantees as to the implementation of the aforementioned measures.
In accordance with Article 33 of the RGPD, in case of violation of Personal Data, AOEDE undertakes to notify the French Commission Nationale de l’Informatique et des Libertés (CNIL) as soon as possible.
ARTICLE 8 - Security of Personal Data processing
AOEDE undertakes to take all necessary precautions, taking into account the state of knowledge, the costs of implementation and the nature and scope of the context and purposes of the processing, to preserve the confidentiality and security of the Personal Data and, in particular, to prevent them from being distorted, damaged or accessed by unauthorized third parties. To this end, AOEDE undertakes, in accordance with Article 32 of the GDPR, to implement all appropriate technical and organizational measures.
When, in the context of the purposes referred to in ARTICLE 6.5 of this privacy Data Policy, AOEDE transmits the Personal Data collected to partners, service providers and/or subcontractors, it undertakes to use only partners, service providers and/or subcontractors presenting sufficient guarantees as to the implementation of the aforementioned measures.
In accordance with Article 33 of the RGPD, in case of violation of Personal Data, AOEDE undertakes to notify the Commission Nationale de l’Informatique et des Libertés (CNIL) as soon as possible.
ARTICLE 9 - No transfer of Personal Data outside the European Union
AOEDE informs the Users that the Personal Data collected will not be transferred to any country outside the European Union.
ARTICLE 10 - Users’ rights
Each User has the following rights:
- a right of access: the right for the User to obtain from AOEDE confirmation that his/her Personal Data are or are not being processed, and if necessary, to obtain communication of the same in an understandable format;
- a right of rectification: the User has the right to ask AOEDE to correct his Personal Data if they are inaccurate or to complete his Personal Data in relation to the purpose of the processing if they are incomplete;
- a right to object: the User has the right to object to being included in a file with AOEDE; it is specified that the exercise of this right must be motivated by reasons relating to the User’s particular situation;
- a right of deletion: the User has the right to ask AOEDE to delete his or her Personal Data in the cases provided for by the regulations;
- a right to portability: the User has the right to ask AOEDE to transmit his Personal Data to him, for personal use or to transmit them to any third party of his choice;
- a right to limitation of processing: in addition to the above-mentioned rights, the User has the right to ask AOEDE to temporarily freeze the use of his Personal Data, in other words to ask AOEDE to keep them but not to use them anymore;
- a right to digital death: the right of the User to define directives concerning the fate of his/her Personal Data after his/her death.
In order to exercise his rights, any User may contact AOEDE at the address mentioned in the Legal Notice. AOEDE will then respond to the User in accordance with Article 12 of the GDPR.
Any User may also file a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL) as soon as possible.
ARTICLE 11 - Cookies
The use of cookies (a “Cookie” or “Cookies”) constitutes processing of Personal Data.
A Cookie is a series of information, generally small in size and identified by a name, which can be transmitted to the User’s browser by a website to which he/she connects and deposited on the User’s terminal. The web browser will keep it for a certain period of time, and will send it back to the web server each time the User reconnects.
When browsing the Site and the Application, several types of cookies may be used by AOEDE Essentially, the following cookies:
Browsing cookies: these are cookies that allow the proper functioning of the Site;
Functionality cookies: these are cookies that allow us to keep track of the preferences and settings of Users and thus improve their browsing experience on the Site;
Performance cookies: these are cookies that make it possible to monitor and measure the activity of Users on the Site, in order to develop the Site according to their expectations and to improve their browsing experience.
The first time the User browses the Site, a banner explaining the use of Cookies will appear. The User will then be invited to accept the use and the deposit of Cookies on his terminal, or on the contrary to refuse it.
Users are reminded that Cookies do not damage their devices.
Users are also reminded that, according to the recommendations of the Commission Nationale de l’Informatique et des Libertés (CNIL), the period of validity of consent to the deposit of Cookies is thirteen (13) months, at the end of which consent must be obtained again. Consequently, the Cookies used on the Site have a maximum life of thirteen (13) months from their first deposit in the User’s terminal equipment (following the expression of his consent).
At any time, the User may withdraw his consent, specifically deactivate the Cookies, by using the settings of his browser. Since the purpose of Cookies is to improve the User’s browsing experience, deactivating Cookies may degrade this experience, by restricting or even eliminating access to certain formalities. AOEDE cannot be held responsible for the degraded functioning of the Site resulting from the deactivation of Cookies.
For more information on the use, management and deletion of Cookies, for any type of browser, AOEDE invites Users to consult the following link (in french) https://www.cnil.fr/fr/cookies-et-autres-traceurs/comment-se-proteger/maitriser-votre-navigateur