Last updated on Jul 4, 2022.
Purpose of this document
The purpose of this document is to inform you about how we collect and use your personal data, as well as the means at your disposal to control its use.
As part of the operation of our website, we collect and process information, some of which is described as "personal data". We undertake to comply with the regulations concerning the protection of personal data, namely the Data Protection and Freedoms Act No. 78-17 of 6 January 1978, as well as the European regulation 2016/679 "General Data Protection Regulation" of 27 April 2016.
The concept of "personal data" means any information relating to an identified or identifiable natural person. A person is identifiable when he or she can be identified, directly or indirectly, in particular by reference to an identification number or to one or more elements specific to him or her.
Means of data collection
We may collect personal data in the following ways:
Automatically collected data
During a visit to our website, your browser automatically transmits us a certain amount of information, some of which is qualified as personal data.
Data you send us
When you visit our website, you may take a number of actions, some of which require you to provide us with information qualified as personal data. This is for example the case if you send us a message via the contact form or sign up through the registration form.
Exclusion of sensitive data
We do not collect or process any sensitive data. The following are considered to be sensitive data within the meaning of the General Data Protection Regulation: Racial or ethnic origin, political opinions, religious or philosophical beliefs, union membership, health data or sexual orientation.
Categories of data collected
We may collect the following categories of personal data:
- Connection data: IP address of your Internet connection;
- Identification data: First name, last name, email address and password;
- Contact data: Full name and email address;
Data retention period
The maximum retention period of the data depends on the category to which it belongs, and are as follows:
- Connection data is kept for a period of 15 days;
- Identification data is for the entire lifetime of your account;
- Contact data is kept for the period necessary to process your request;
Legal basis for the processing
The legal basis for processing of personal data we collect depends on the category to which it belongs, and are as follows:
The processing of connection data is based on Article 6.1.c of the General Data Protection Regulation: «The processing is necessary to comply with a legal obligation to which the controller is subject». We collect this data in order to comply with the legal obligation to ensure the security of personal data and to prevent the destruction, loss, alteration, or unauthorised disclosure of such data. The collection of this data is mandatory.
The processing of identification data is based on Article 6.1.a of the General Data Protection Regulation: «The data subject has consented to the processing of his or her personal data for one or more specific purposes». We collect and process this data for the purpose of providing you with access to a user account. We collect your consent as a check box on the account creation form. Refusal of consent results in inability to use the functionality.
The processing of contact data is based on Article 6.1.a of the General Data Protection Regulation: «The data subject has consented to the processing of his or her personal data for one or more specific purposes». We collect and process this data in order to provide you with a response when we receive a message via our contact form. We collect your consent in the form of a check box on the contact form. Refusal of consent results in inability to use the functionality.
The personal data we collect is intended for the controller, its service providers, and any authority legally authorised to access the personal data in question.
The personal data we collect is hosted on the technical infrastructure of our hosting provider:OVH SAS
2 rue Kellermann
Data transfer outside the European Union
The personal data we collect may be transferred outside the European Union to the technical infrastructure of our service providers:Functional Software
Inc. dba Sentry
45 Fremont Street
We ensure that we only work with companies that protect your personal data and comply with applicable law in the same way we do. In accordance with Article 28 of the General Data Protection Regulation, access to your personal data by our service providers is subject to the signature of a written agreement that allows us to monitor and control the way they process your personal data.
We implement all applicable technical and organisational measures to ensure the security of the personal data we collect.
Rights of data subjects
In accordance with the General Data Protection Regulation, you have a number of rights regarding your personal data and the use made of it.
To exercise these rights, you may contact us specifying the nature of the right you wish to exercise and the reasons why you wish to exercise it:
We may ask you for additional information, such as proof of identity, in order to guarantee the protection of your personal data.
Right to access
In accordance with Article 15 of the General Data Protection Regulation, you have the right to obtain confirmation that personal data concerning you are or are not processed and, when they are processed, access to such data and the following information:
- The purposes of the processing;
- The categories of personal data concerned;
- The recipients to whom the personal data has been or will be communicated;
- The retention period of this data, or if it is not known, the criterion for defining it;
- The existence of the right to request from the controller the rectification or erasure of personal data concerning you, the right to request a limitation of their processing, or the right to object to such processing;
- The existence of the right to lodge a complaint with a supervisory authority.
Right to correct
In accordance with Article 16 of the General Data Protection Regulation, you have the right to have your personal data corrected by the controller as soon as possible.
Right to deletion
In accordance with Article 17 of the General Data Protection Regulation, you have the right to request the deletion of your personal data by the controller as soon as possible when one of the following reasons applies:
- Your personal data is no longer necessary for the purposes for which it was collected;
- You withdraw the consent on which the processing of your personal data is based and there is no other legal basis for the processing of your personal data;
- You object to the processing of your personal data and there is no compelling legitimate reason for its retention;
- Your personal data has been unlawfully processed;
- Your personal data must be deleted to comply with a legal obligation.
Right to limitation of processing
In accordance with Article 18 of the General Data Protection Regulation, you have the right to obtain from the controller the limitation of the processing of your personal data where one of the following reasons applies:
- You dispute the accuracy of your personal data. The processing shall then be suspended for a period allowing the controller to verify its accuracy;
- The processing of your personal data is unlawful, you oppose their deletion and instead demand the limitation of its use;
- The controller no longer needs your personal data for the purposes of the processing, but it is still necessary for you to establish, exercise or defend legal rights;
- You objected to the processing of your personal data. The processing shall then be suspended during the verification to determine whether the legitimate reasons pursued by the controller prevail over yours.
Right to portability
In accordance with Article 20 of the General Data Protection Regulation, you have the right to obtain from the controller a copy of the personal data concerning you that you have provided to him, in a structured format, commonly used and machine readable, when one of the following reasons applies:
- Processing is based on your consent;
- Processing is performed using automated processes.