Privacy Policy

As part of its activity, the Publisher (whose identity and address appear in the legal notices) is required to process data and information concerning you (contact form, online badge request, by browsing this site, etc.).

The Client is informed of the regulations in force, in particular the law of June 21, 2014 for confidence in the Digital Economy, the Data Protection Act of August 6, 2004 as well as the General Data Protection Regulation (GDPR: n° 2016-679).

Within the framework of this confidentiality policy, the Publisher uses the visitor’s data in the cases provided for by the regulations in force.

The personal data you provide is intended for the management of requests, quotes, and orders, and for the execution of Services. It may also be used to supplement the customer file for commercial prospecting purposes. It may not be distributed to third parties. It is collected by the Carso Group, which is responsible for processing it. The data is stored and used for a period in accordance with current legislation. In accordance with Law 78-17 of January 6, 1978, as amended, and European Regulation No. 2016/679/EU of April 27, 2016, you have the right to access, rectify, and object. This guarantee does not apply to processing for statistical purposes, as these only process the data anonymously and in aggregate form. You may, subject to the production of valid proof of identity, exercise your right by sending your request by email to the address : dpo@groupecarso.com or by post to the address of the company’s registered office indicated in the legal notices. The response will be sent within one month of receipt of the request.

1. Responsible for the collection of personal data

The controller of the processing mentioned in this privacy policy is the Publisher, mentioned in the legal notices.

Concerning the personal data collected as part of the creation of the User’s personal account or their browsing on the Site, the person responsible for processing the personal data is : dpo@groupecarso.com

As the controller of the data it collects, the Publisher undertakes to comply with the framework of the legal provisions in force.

It is in particular responsible for establishing the purposes of data processing and providing prospects and customers, based on the collection of their consent, with full information on the processing of their personal data and maintaining a register of processing operations that is accurate.

Whenever the Publisher processes Personal Data, it takes all reasonable steps to ensure its accuracy and relevance to the purposes for which it is processed.

2. Type and purpose of data collected

Regarding users of this Site, the Publisher collects data essential to the operation of the service. The data will be kept for a period in accordance with legal provisions or proportional to the purposes for which they were recorded.

The Publisher may process all or part of the data :

• To enable navigation on the Site, manage and track the services ordered by the user: connection and Site usage data, invoicing, order history, etc.,
• To prevent and combat computer fraud (spamming, hacking, etc.): computer equipment used for browsing, IP address, password (hashed),
• To improve navigation on the Site: connection and usage data,
• To conduct optional satisfaction surveys on this site: email address
• To conduct communication campaigns (text messages, email): telephone number, email address.

The Publisher does not sell personal data, which is therefore only used for commercial purposes to place an order or a commercial contract or for statistical and analytical purposes. The Publisher also collects information that helps improve the user experience and offer contextualized advice: Google Analytics – Cookies for visitor statistics.

We use Matomo software to track website navigation.

3. Retention period of personal data

The data collected is kept only for the period necessary to achieve the purposes described herein, within the limits of the limitation periods in force.

Categories of Data	Purposes	Retention Period
Prospect-related data : all data	Constitution and management of a file	3 years from last data collection
Active customer-related data : all data	Management of customer accounts, orders, deliveries, invoices, payments	During the entire duration of the contractual relationship
Inactive customer-related data : data related to contract execution	Management of customer accounts, orders, deliveries, invoices, payments	10 years after the end of the contract or last contract from the inactive customer
Identification and contact data	Sending information about the evolution of our publication and offers	5 years after the end of the contract or the last contact from the inactive customer
Identification and contact data – Inactive customers	Sending information about the evolution of our publication and offers	5 years after the end of the contract or the last contact from the inactive customer 10 years for the last name, first name and postal address
Digital identification data	Sending information about the evolution of our offers	5 years after the end of the contract or the last contact from the inactive customer
Identification and contact data – Newsletter subscribers	Sending information about the evolution of our publication and offers	3 years from the unsubscribe date or the last contact from the customer
Identification and contact data – Web subscribers	Sending information about the evolution of our publication and offers	3 years from the unsubscribe date or the last contact from the customer
Data generated by cookies related to your navigation on our online services	Functioning and optimization of services, traffic measurement, personalization of content and advertisements	13 months maximum
Data retained in the context of fiscal obligations	Constitution and management of a file	10 years in accordance with the provisions of the Tax Procedures Code and the Commercial Code

4. Right of access, rectification and opposition

In accordance with current European regulations, Users have the following rights:

• Right of access: the right to request information regarding data processing (Article 15 of the GDPR).
• Rectification: the right to complete or modify your information (article 16 of the GDPR),
• Completeness of User data rights to block or erase User personal data, when they are inaccurate, incomplete, ambiguous, outdated, or whose collection, use, communication or storage is prohibited. The right to request the erasure of one’s data (article 17 of the GDPR).
• Right to withdraw consent at any time (Article 13-2c of the GDPR),
• Droit à la Right to restrict processing of User data: the right to request an organization to temporarily “freeze” the use of some of your data. (Article 18 of the GDPR),
• Right to object to the processing of User data: a person may object to the processing of their data (except in specific cases if the law requires the processing). (article 21 of the GDPR),
• Right to portability of data that Users have provided, when this data is subject to automated processing based on their consent or on a contract: this is the right to request a copy of their data to allow the user to change supplier without losing data. (article 20 of the GDPR),
• Right to define the fate of Users’ data after their death and to choose to whom the Publisher must communicate (or not) their data (third parties that they will have previously designated). As soon as the Publisher becomes aware of the death of a User and in the absence of instructions from them, the Publisher undertakes to destroy their data, unless their retention proves necessary for evidentiary purposes or to meet a legal obligation.

If the User wishes to know how the Publisher uses his Personal Data, wishes to request to rectify them or oppose their processing, the User can send a request in writing to the following address:

dpo@groupecarso.com or by post to the following address :

Groupe Carso
4 Avenue Jean Moulin
69200 Vénissieux

To the attention of the Data Protection Officer (DPO)

In this case, the user must indicate the Personal Data that he wishes to correct, update or delete by identifying himself precisely with proof of identity.

Requests for deletion of Personal Data will be subject to the obligations imposed on the Publisher by law, in particular regarding the retention or archiving of documents. Finally, the User may file a complaint with the supervisory authorities, in particular the CNIL

(https://www.cnil.fr/fr/plaintes).

If you have any difficulties with the management of your personal data, you can contact the National Commission for Information Technology and Civil Liberties (CNIL) by writing to them at the following address :

Commission nationale de l’informatique et des libertés (CNIL)
3 Place de Fontenoy
TSA80715 75334 PARIS CEDEX 07

Or on the site : https://www.cnil.fr/fr/plaintes

5. Non-disclosure of personal data

The Publisher shall not process, host or transfer the information collected to a country located outside the European Union or recognized as “inadequate” by the European Commission without first informing the customer. However, the Publisher remains free to choose its technical and commercial subcontractors on the condition that they provide sufficient guarantees with regard to the requirements of the General Data Protection Regulation (GDPR: No. 2016-679).

The Publisher undertakes to take all necessary precautions to preserve the security of the Information and in particular to ensure that it is not communicated to unauthorized persons. If an incident impacting the integrity or confidentiality of the Client’s Information is brought to the Publisher’s attention, it must inform the Client as soon as possible and inform them of the corrective measures taken. Furthermore, the Publisher does not collect any “sensitive data”.

The User’s Personal Data may be processed by the Carso group and by subcontractors (service providers) exclusively in order to achieve the purposes of this policy, with whom the Publisher has entered into a specific GDPR subcontracting contract and in order to ensure compliance and respect for the chain of co-responsibility.

Within the limits of their respective responsibilities and for the purposes mentioned above, the main persons likely to have access to the data of the Publisher’s Users are mainly the Group’s employees.

6. Incident notification

Despite best efforts, no method of transmission over the Internet, and no method of electronic storage, is completely secure.

The Publisher cannot therefore guarantee absolute security. If a security breach were to come to the Publisher’s attention, it would notify the affected users so that appropriate measures could be taken.

Incident reporting procedures take into account legal obligations, whether at national or European level.

The Publisher undertakes to fully inform users of all matters relating to the security of their account and to provide them with all the information necessary to help them comply with their own regulatory obligations.

No personal information of the user of this site is published without the user’s knowledge, exchanged, transferred, assigned or sold on any medium whatsoever to third parties not part of the Carso group. Only the hypothesis of the acquisition of the Publisher and its rights would allow the transmission of said information to the potential purchaser who would in turn be bound by the same obligation to store and modify data with regard to the user of this site.

7. Security

To ensure the security and confidentiality of Personal Data, the Publisher uses networks protected by standard devices such as firewalls, pseudonymization, encryption and passwords.

When processing Personal Data, the Publisher takes all reasonable measures to protect it against loss, misuse, unauthorized access, disclosure, alteration or destruction.

8. The legal basis for data processing

Consent : We may process certain data with your consent, which you are free to withdraw at any time. This may include sending marketing communications, including digitally, when your consent is required. This may include placing cookies, both through our Services and certain third-party sites and services, when your consent is required. In this case, you have the right to data portability and to withdraw your consent.

Legal obligations : In some cases, we are required by laws that require us to process your data with judicial authorities or for law enforcement.

Contractual obligations : Your data may be processed to enable the proper performance of a contract. Contractual necessity applies to all users who accept our Terms of Use.