1 Name and address of the controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States and other legal data protection provisions is:
2 Name and address of the Data Protection Officer
The Data Protection Officer of the controller is:
3 General provisions about data processing
3.1 Scope of the processing of personal data
We collect and use the personal data of our users strictly only insofar as this is necessary to make a functioning website available and for our content and services. The collection and use of personal data from our users will generally only occur with the consent of the user. An exception will apply in cases where it has not been possible to obtain prior consent for practical reasons and the data processing is permitted by legal provisions.
3.2 Legal basis for the processing of personal data
Where we obtain consent from a data subject for the purposes of processing personal data, Art. 6, para. 1 a) of the EU General Data Protection Regulation (GDPR) is the legal basis for the processing of personal data.
Where processing of personal data is necessary for the performance of a contract to which the data subject is party, Art. 6, para. 1 b) GDPR is the legal basis. This also applies to processing methods which are necessary for the implementation of pre-contractual measures.
Where processing of personal data is necessary to comply with a legal requirement to which our business is subject, Art 6, para. 1 c) GDPR is the legal basis.
Where processing is necessary in order to protect the vital interests of the data subject or of another natural person, Art 6, para. 1 d) GDPR is the legal basis.
Where processing is necessary to protect a legitimate interest of our business or of a third party and the interests or fundamental rights and freedoms of the data subject do not override this interest, Art 6, para. 1 f) GDPR is the legal basis.
3.3 Data erasure and duration of storage
The personal data of a data subject will be erased or blocked as soon as the purpose of storage no longer applies. Storage beyond this may occur when this is provided for by European or national legislators in EU regulations, laws or other provisions to which the controller is subject. Blocking or erasure of the data may also occur where a prescribed retention period under the above-named rules expires, unless an additional requirement to retain the data arises from the conclusion of a contract or performance of a contract.
4 Availability of the website and creation of log files
4.1 Description and scope of the data processing
With each visit to our website, our system collects automated data and information from the computer system of the computer making contact.
The following data is collected:
(1) IP address
(2) Date and time of the query
(3) Time zone difference to Greenwich Mean Time (GMT)
(4) Content of the query (specific page)
(5) Access status/HTTP status code
(6) applicable amount of transferred data
(7) website from where the query originates
(9) Operating systems and their interfaces
(10) Language and version of the browser software
The data will also be stored in the log files of our system. The data is not stored together with other personal data of the user.
4.2 Legal basis for the data processing
The legal basis for the temporary storage of data and log files is Art. 6, para. 1 f) GDPR.
4.3 Purpose of the data processing
Log files are used for storage in order to ensure the functioning of the website. In addition, the data is used for optimising the website and to ensure the security of our information technology systems. Data is not evaluated for marketing purposes in connection with this.Our legitimate interest in the data processing under Art. 6, para 1 f) GDPR is also part of the purpose.
4.4 Duration of storage
Data is stored in log files for seven days at most. A longer storage period is possible. In this case, the IP address of the user will be erased or distorted in order to ensure that it can no longer be attributed to the contacting client.
4.5 Option to object and to remove
The collection of data for the availability of the website and storage of the data in log files is essential for the operation of the website. As a consequence the user has no right to object to this.
5.1 Description and scope of the data processing
The following data is stored and transferred by the cookies:
(1) Language settings
(2) Login information
5.2 Legal basis for the data processing
5.3 Purpose of the data processing
We require cookies for the following applications:
(1) Acquisition of language settings
(2) Recording search terms
The user data collected by technically essential cookies is not used for the creation of user profiles. Our legitimate interest in the processing of personal data under Art. 6, para. 1 f) GDPR is also part of these purposes.
5.4 Duration of storage, opportunity to object and to remove
6 Google Analytics
6.1 Description and scope of the data processing
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files which are stored on the user’s computer. The information extracted about your use of this website by the cookies will generally be transferred to a Google server in the USA and stored there. Where IP anonymisation is activated on this website, your IP address will be shortened in advance by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. The full IP address will only be transferred to a Google server in the USA and shortened there in exceptional circumstances. Google will use this information on behalf of the operator of this website in order to evaluate your use of this website, to create reports about website activities and to provide further services to the website operator connected to website and internet use. The IP address of your browser that is transferred to Google Analytics will not be linked to other data from Google.
6.2 Legal basis for the data processing
The legal basis for the temporary storage of data and transfer to Google is Art. 6, para. 1 f) GDPR.
6.3 Purpose of the data processing
The use of Google Analytics enables an analysis of use of the website by the user.
6.4 Duration of storage
Google removes the last octet of the IP addresses of users of our website. This means that personal data of the user is unidentifiable. The process of making data unidentifiable occurs through a further evaluation of the IP address in the course of the services provided by Google Analytics. Prior to this process of making data unidentifiable, it is not possible to rectify, block or erase the data. Following removal of the last octet of the IP address, no personal data of users of our website is available for rectification, blocking or erasure.
6.5 Opportunity to object and to remove
You can avoid the storage of cookies through the relevant setting on your browser software, however, we would advise you that in this case it may not be possible to use fully all the functions of this website. Furthermore, you can avoid the capture by Google of data related to the use of our website by the cookie (including your IP address) as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link tools.google.com/dlpage/gaoptout.
7.1 Description and scope of the data processing
It is possible to subscribe to a free newsletter via our website. Data from the input screens is transferred to us upon application for the newsletter.
(1) User email address
(2) Newsletter requested
(3) User contact details (optional)
In addition, the following data is collected upon application
(1) IP address of the computer accessing the site
(2) Date and time of registration
During the course of application your consent to the processing of data is obtained and you are referred to this Data Privacy Notice.
In relation to data processing for the purpose of sending newsletters, your data is not transferred onwards to third parties. The data is used exclusively for sending the newsletter.
7.2 Legal basis for the data processing
The legal basis for the processing of data following an application for a newsletter by the user is subject to the consent of the user under Art. 6, para. 1 a) GDPR.
7.3 Purpose of the data processing
Obtaining the email address of the user enables the newsletter to be provided.
Obtaining other personal data in the course of the application process helps to ensure that misuse of the service, or the email address used is prevented.
7.4 Duration of retention
Data is erased as soon as it is no longer required for the purposes for which it was obtained. The email address will accordingly only be stored for as long as the subscription to the newsletter is active.
Other data collected in the course of the application process will generally be erased after a period of seven days.
7.5 Opportunity to object and to remove
Subscription to the newsletter can be terminated by the relevant user at any time. There is a link for this purpose in each newsletter. This also enables consent to retention of the personal data obtained during the application process to be withdrawn.
8 Contact form - email contact - account contact form
8.1 Description and scope of the data processing
There is a contact form on our website which may be used for making contact electronically. If a user does so, the data entered into the input screens is transferred to us and stored. This data is:
(1) Email address
When the report is sent, the following data is additionally stored:
(1) IP address of the user
(2) Date and time of transfer
During the course of submission, your consent to the processing of data is obtained and you are referred to this Data Privacy Notice
Alternatively, contact can be made via the email address provided. In this case, the personal data of the user that is sent with the email will be stored.
There is a account creation form on our website which may be used for allowing the user to save their contact details for placing an order on our online store. If a user does so, the data entered into the input screens is transferred to us and stored. This data is:
(2) First name and surname / company
(3) Date of birth
(4) Street, House number, town
(5) Email address
(6) Telephone number
During the course of submission, your consent to the processing of data is obtained and you are referred to this Data Privacy Notice
The data is not transferred onwards to third parties in this case. The data is used exclusively for processing the conversation.
8.2 Legal basis for the data processing
The legal basis for the processing of data is the consent of the user under Art. 6, para. 1 a) GDPR.
The legal basis of the processing of data which is transferred by the sending of an email, is Art. 6, para. 1 f) GDPR.
8.3 Purpose of the data processing
Processing of personal data from the input screens is used solely to process the enquiry. In the case of an email enquiry, the necessary legitimate interest in processing the data also applies.
Other data processed during the sending process helps to prevent misuse of the contact form and to ensure the security of our information technology systems.
8.4 Duration of storage
Data is erased as soon as it is no longer required for the purposes for which it was obtained. In relation to personal data obtained through the input screens of the contact form and which is sent by email, this will be the case when the relevant conversation with the user has ended. The conversation will be at an end when it can be assumed from the circumstances that the relevant content has been conclusively clarified.
Other additional data collected in the submission process will be erased after a period of seven days.
Personal data collected during an order is kept within six years for billing purposes. Personal data collected during a customer account creation not followed by an order is kept within three years for marketing purposes.
8.5 Opportunity to object and to remove
The user has the right to withdraw his or her consent to the processing of personal data at any time. If the user contacts us by email, he or she can object to the storage of his personal data at any time. In this situation, the conversation cannot be continued further.
All personal data which has been stored in the course of the enquiry will be erased in this case.
9 Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights in relation to the controller:
9.1 Right to information
You may request confirmation from the controller as to whether personal data relating to you is processed by us.
If such processing occurs, you may request the following information from the controller:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data which are processed;
(3) the recipient or categories of recipients to whom your personal data has been or will be disclosed;
(4) the planned duration of the storage of your personal data or, where specific details are not possible, the criteria for establishing the storage duration;
(5) the existence of the right to rectification or erasure of your personal data, a right to restriction of the processing by the controller or the right to object to this processing;
(6) the existence of a right to complain to a regulatory authority;
(7) all available information about the origin of the data, where the personal data was not collected from the data subject;
(8) the existence of a decision based on automated processing including profiling pursuant to Art. 22, para. 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved and the breadth and consequences of such processing for the data subject.
You have the right to request information about whether your personal data will be transferred to a third country or an international organisation. In this context, you may request information about the appropriate safeguards pursuant to Art. 46 GDPR in relation to the transfer.
9.2 Right to rectification
You have the right to rectification or completion of processed personal data about you by the controller that is inaccurate or incomplete. The controller must rectify the data promptly.
9.3 Right to restriction of processing
You may request the restriction of processing of your personal data under the following conditions:
(1) if you dispute the accuracy of the personal data about you, for a period which enables the controller to check the accuracy of the personal data;
(2) the processing is unlawful and you refuse erasure of the personal data and instead request restriction of the use of the personal data;
(3) the controller no longer requires the personal data for the purposes of the processing, however, you require this for the establishment, exercise or defence of legal claims or
(4) if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been established whether the legitimate grounds of the controller override your grounds.
If the processing of your personal data has been restricted, this data - with the exception of its storage - may only be processed with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the right of another natural or legal person, or on the grounds of an important public interest of the European Union or a Member State.
If the restriction of processing has been restricted pursuant to the conditions set out above, you will be informed by the controller prior to the restriction being lifted.
9.4 Right to erasure
9.4.1 Duty to erase
You may request that the controller erases your personal data without delay and the controller is required to erase this data without delay where one of the following grounds applies:
(1) The personal data about you is no longer necessary for the purposes for which it was collected or processed in other ways.
(2) You withdraw your consent upon which the processing was based pursuant to Art. 6, para. 1 a) or Art. 9, para. 2 a) GDPR and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21, para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21, para. 2 GDPR.
(4) Your personal data was unlawfully processed.
(5) The erasure of your personal data is necessary for compliance with a legal obligation under European Union law or the law of its Member States, to which the controller is subject.
(6) Your personal data was collected in connection with the offer of information society services pursuant to Art. 8, para.1 GDPR.
9.4.2 Information to third parties
If the controller has disclosed your personal data and is required to erase it pursuant to Art. 17, para. 1 GDPR, it must take appropriate measures, including technical measures and taking into account the available technology and implementation costs, to inform the controllers which are processing the personal data that you as a data subject have requested the erasure of all links to this personal data, or have requested copies or replications of this personal data.
The right to erasure does not apply where the processing is necessary
(1) to exercise the right to freedom of speech and information;
(2) for compliance with a legal obligation which requires the processing under European Union law or the law of its Member States, to which the controller is subject, or for the carrying out of an activity which is in the public interest or is required of the controller in the exercise of public office.
(3) for reasons of public interest in the area of public health pursuant to Art. 9, para. 2 h) and i) and Art. 9, para. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89, para. 1 GDPR, to the extent that the right set out under section a) does not make the realisation of the aims or this processing impossible or seriously affect them or,
(5) for the establishment, exercise or defence of legal claims.
9.5 Right to notification
Where you have exercised your right to rectification, erasure or restriction of processing in relation to the controller, the controller must inform all recipients to whom your personal data has been disclosed about the rectification, erasure of the data or restriction on processing, unless this is not possible or only with disproportionate effort.
You have the right to require the controller to notify you about these recipients.
9.6 Right to data portability
You have the right to receive the personal information which you have made available to the controller in a structured, accessible and machine-readable format. In addition, you have the right to transmit those data to another controller without hindrance from the controllers to which the personal data have been provided, to the extent that
(1) the processing is based on consent pursuant to Art. 6, para. 1 a) GDPR or Art. 9, para. (2) a) or on a contract pursuant to Art. 6, para. 1 b); and
(2) the processing is carried out by automated means.
In exercising this right, you additionally have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others.
The right to data portability does not apply to the processing of personal data which is necessary for performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
9.7 Right to object
You have the right on grounds relating to your particular situation to object to processing of your personal data which is based on Art. 6, para 1 e) or f) GDPR; this also applies to profiling based on these provisions.
The controller will no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
If your personal data is processed for the purposes of direct marketing, you have the right to object to the processing of your personal data for the purposes of such marketing; this also applies to profiling, in so far as it is connected to direct marketing.
If you object to processing for the purposes of direct marketing, your personal data will no longer be processed for these purposes.
You have the right in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.
9.8 Right to withdraw written consent given under data protection law
You have the right to withdraw your written consent given under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.
Automated individual decision including profiling
You have the right not to be subject to a decision made on an exclusively automated basis, including profiling, which has legal effect upon you or which significantly impacts you in a similar way. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the controller,
(2) is permitted on the basis of legal provisions of the European Union or the Member States which the controller is subject to and these legal provisions contain appropriate measures to safeguard your rights and freedoms and your legitimate interests or
(3) is made with your express consent.
However, such decisions must not relate to special categories of personal data pursuant to Art. 9, para. 1 GDPR, where Art 9., para. 2 a) or g) do not apply and appropriate measures to safeguard your rights and freedoms and your legitimate interests have been taken.
In respect of the situations described in (1) and (3) above, the controller will take appropriate measures to safeguard your rights and freedoms and your legitimate interests, as a minimum the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
9.9 Right to complain to a regulatory authority
Notwithstanding any other administrative law or judicial legal remedies, you have the right to complain to a regulatory authority, in particular in the Member State where you are resident, your place of work or the place of the alleged breach, if you consider that the processing of your personal data breaches the GDPR.
The regulatory authority which has received the complaint will notify the complainant about the position and outcomes of the complaint including the possibility of a judicial legal remedy pursuant to Art. 78 GDPR.
10 Security measures implemented
We have implemented the following security measures to ensure the protection of personal data collected:
- Access to personal data is restricted to authorized persons, namely co-managers AUFFRAY Jean-Marc and CROLET Christophe.
- Access to personal data is secured by a password.
- Personal data is backed up regularly and securely.
- The OVH hosting site - 2 rue Kellermann - 59100 Roubaix (France) is itself secure and in compliance with the requirements of the General Regulation on the Protection of Personal Data (EU) 2016/679 of 27 April 2016.
- Adequate measures and techniques are implemented to guarantee a high level of security for our users' data (data encryption, pseudonymisation, encryption).
11 Security breach notification
In the event of a security breach concerning the access to personal data collected, we notify the supervisory authority at the latest within 72 hours: Commission Nationale de l'Informatique et des Libertés (National Commission for Computing and Liberties - CNIL) - 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07 - Tel. : 01 53 73 22 22.
If the breach is likely to create a high risk for the rights and freedoms of the user, we will also notify them.