The policy set out below applies to the collection and processing of data personal data made by our company, registered with the company number 518 762 687, having its registered office 78 avenue des Champs Elysées, bureau 562, 75008 Paris – email@example.com - Tél : 0661727964. This policy defines the main commitments of our company in protection of personal data, the activity of which is intended for professionals (or individuals).
1 - The legal framework - compliance with the GDPR and French law
The Data Controller declares that he performs data processing in accordance with Regulation (EU) 2016/679 of the European Parliament and of Council of April 27, 2016, relating to the protection of individuals with regard to processing of personal data and the free movement of this data (hereinafter referred to as the GDPR) and French law n ° 78-17 of January 6, 1978 relating to IT, files and freedom (modified on May 25, 2018).
2 - Collection and processing of personal data
> Legal basis for collection Each collection of personal data by the Data Controller meets the conditions defined by the regulations in force, in particular:
- Information of the data subject relating to data processing carried out;
- Obtaining the consent of the data subject to the transfer of their data to third parties.
> Type of personal data collected Depending on the purpose pursued by the collection, the Data Controller is likely to collect the following data: title, first name, last name, telephone number, address e-mail address.
> Purpose of processing The purpose of the treatments carried out is in particular:
- The delivery of the services subscribed by the person concerned;
- The communication to the data subject of information concerning the news or offers related to his company's activity sector;
- Improving communication with the people concerned (relevant content, planning the dispatch of offers as needed);
3 - Storage of personal data
> Shelf life The data are kept for the duration necessary for the purposes for which they are collected and processed. By default, this duration is set at 6 years from the date of data collection or the last interaction between the data subject and the Data Controller.
> Security and confidentiality The Data Controller undertakes to take all appropriate measures in order to guarantee a level of protection adapted to the risk in terms of confidentiality, integrity, availability and resilience of the systems and in particular, in order to prevent personal data from being distorted, damaged or communicated to unauthorized third parties.
4 - The exercise of the rights of the person whose data is collected
In accordance with the regulations in force, the person whose personal data are collected has the right, at any time, to exercise their rights of access, rectification, deletion of data concerning him and his rights of limitation and opposition to processing and portability of his personal data. Any request to exercise these rights must be addressed to the Data Controller in writing to the following address: Company: CHRONO-SHOP, 78, avenue des Champs Elysées, bureau 562, 75008 PARIS– France.In addition, each of the communications from the Data Controller contains a link unsubscribe allowing the person concerned to no longer receive the offer to which she unsubscribes. You can also send an email to this email address: firstname.lastname@example.org
5 - Access to personal data
The people likely to have access to personal data are:
- the staff of the Data Controller;
- subcontractors carrying out the processing on behalf of the Data Controller in accordance with its instructions;
- subject to the consent of the persons concerned, trusted third parties (affiliates, agencies, lead generation companies and companies looking for customer acquisition and / or online visibility).
In this context, the Data Controller ensures with his subcontractors and trusted third parties that they have put in place the necessary measures to ensure the confidentiality and security of the data.
6 - Transfer of personal data
No transfer of personal data to a country outside the European Union is only performed by the Data Controller.