- The manner in which their personal data are collected and processed. Any data capable of identifying a user should be considered personal data. These include the first and last name, age, postal address, email address, the user’s location or their IP address;
- What rights users have regarding these data;
- Who is responsible for processing the personal data collected and processed;
- To whom these data are transmitted;
ARTICLE 2: GENERAL PRINCIPLES FOR DATA COLLECTION AND PROCESSING In accordance with the provisions of Article 5 of European Regulation 2016/679, the collection and processing of user data on the site respect the following principles:
- Lawfulness, fairness, and transparency: data can only be collected and processed with the consent of the user, the owner of the data. Every time personal data is collected, it will be indicated to the user that their data is being collected, and for what reasons their data is being collected;
- Limited purposes: the collection and processing of data are carried out to fulfill one or more objectives determined in these general terms and conditions of use;
- Data minimization: only the data necessary for the proper execution of the objectives pursued by the site are collected;
- Data retention reduced in time: data is kept for a limited period, of which the user is informed. When this information cannot be provided, the user is informed of the criteria used to determine the retention period;
- Integrity and confidentiality of collected and processed data: the data processing manager commits to guarantee the integrity and confidentiality of the collected data. To be lawful, and in accordance with the requirements of Article 6 of European Regulation 2016/679, the collection and processing of personal data may only occur if they comply with at least one of the conditions listed below:
- The user has expressly consented to the processing;
- The processing is necessary for the proper execution of a contract;
- The processing meets a legal obligation;
- The processing is explained by a necessity related to the safeguarding of the vital interests of the concerned person or another physical person;
- The processing can be explained by a necessity linked to the performance of a mission of public interest or which falls under the exercise of public authority;
- The processing and collection of personal data are necessary for the purposes of the legitimate and private interests pursued by the data processing manager or by a third party.
ARTICLE 3: PERSONAL DATA COLLECTED AND PROCESSED IN THE FRAMEWORK OF NAVIGATION ON THE SITE A. COLLECTED AND PROCESSED DATA AND METHOD OF COLLECTION The personal data collected on the Ethic Manosque site are as follows: First name, last name, email address, postal address, location These data are collected when the user performs one of the following operations on the site: When a form is entered and during navigation on the site Furthermore, during a payment on the site, proof of the transaction including the order form and the invoice will be kept in the site editor’s computer systems. The data processing manager will keep all the data collected in the site’s computer systems under reasonable security conditions for a duration of: 5 years. The collection and processing of data serve the following purposes: Location data and IP address are recorded to better target the advertisements offered to the user. The user’s age allows filtering the content accessible to them.
B. TRANSMISSION OF DATA TO THIRD PARTIES The data may be transmitted to the following third party(ies): Certain collected data may be transferred to Google.
C. DATA HOSTING The ethicmanosque.fr site is hosted by: OVH, whose head office is located at the following address: 2 rue Kellermann – 59100 Roubaix – France The host can be contacted at the following phone number: 1007 The data collected and processed by the site are exclusively hosted and processed in France.
ARTICLE 4: DATA PROCESSING MANAGER AND DATA PROTECTION OFFICER A. THE DATA PROCESSING MANAGER The manager of personal data processing is: Jérôme ROUBAUD. He can be contacted as follows: The data processing manager can be contacted by phone at 0972473833, from 8 am to 6 pm, from Monday to Friday. The data processing manager is responsible for determining the purposes and means used for the processing of personal data.
B. OBLIGATIONS OF THE DATA PROCESSING MANAGER The data processing manager commits to protect the collected personal data, not to transmit them to third parties without the user having been informed and to respect the purposes for which these data were collected. The site has an SSL certificate to guarantee that the information and data transfer via the site are secure. An SSL (“Secure Socket Layer” Certificate) is intended to secure the data exchanged between the user and the site. Furthermore, the data processing manager commits to notify the user in case of correction or deletion of the data, unless this entails disproportionate formalities, costs, and procedures for him. In the case where the integrity, confidentiality, or security of the user’s personal data is compromised, the data processing manager commits to inform the user by any means.
C. DATA PROTECTION OFFICER Furthermore, the user is informed that the following person has been appointed Data Protection Officer: Jérôme ROUBAUD. The role of the Data Protection Officer is to ensure the correct implementation of national and supranational provisions related to the collection and processing of personal data. He is sometimes called DPO (for Data Protection Officer). The data protection officer can be contacted as follows: By phone at 0972473833, from Monday to Friday from 9 am to 6 pm; By email: [email protected].
ARTICLE 5: USER RIGHTS
In accordance with regulations concerning the processing of personal data, the user has the rights listed below. To enable the data controller to comply with the user’s request, the user is required to provide them with their first and last names, email address, and, if relevant, their account number or personal or subscriber space. The data controller is required to respond to the user within a maximum of 30 (thirty) days.
A. PRESENTATION OF THE USER’S RIGHTS IN TERMS OF DATA COLLECTION AND PROCESSING
a. Right of access, rectification, and erasure The user can learn about, update, modify, or request the deletion of their data by following the procedure set out below: The user must send an email to the personal data controller, specifying the subject of their request and using the contact email address provided above. If the user has one, they have the right to request the deletion of their personal space by following the procedure below: The user must send an email to the data controller, specifying their personal space number. The request for data deletion will be processed within 10 working days.
b. Right to data portability The user has the right to request the portability of their personal data, held by the site, to another site, by following the procedure below: The user must request the portability of their personal data from the data controller by sending an email to the address provided above.
c. Right to limit and object to data processing The user has the right to request the limitation or to object to the processing of their data by the site, without the site being able to refuse, except to demonstrate the existence of legitimate and compelling reasons that may override the interests and rights and freedoms of the user. To request the limitation of their data processing or to formulate an objection to their data processing, the user must follow the procedure below: The user must make a request for limitation of the processing of their personal data to the data controller by sending an email to the address provided above.
d. Right not to be subject to a decision based solely on automated processing In accordance with the provisions of Regulation 2016/679, the user has the right not to be subject to a decision based solely on automated processing if the decision has legal effects concerning them or significantly affects them in a similar way.
e. Right to determine the fate of data after death The user is reminded that they can organize what should happen to their collected and processed data if they die, in accordance with Law No. 2016-1321 of October 7, 2016.
f. Right to refer to the competent supervisory authority In the event that the data controller decides not to respond to the user’s request, and the user wishes to contest this decision, or if they believe that one of the rights listed above has been violated, they are entitled to refer to the CNIL (National Commission for Data Protection and Liberties, https://www.cnil.fr) or any competent judge.
B. PERSONAL DATA OF MINORS In accordance with the provisions of Article 8 of European Regulation 2016/679 and the Data Protection Act, only minors aged 15 or over can consent to the processing of their personal data. If the user is a minor under the age of 15, the agreement of a legal representative is required so that personal data can be collected and processed. The site publisher reserves the right to verify by any means that the user is over 15 years old, or that they have obtained the agreement of a legal representative before browsing the site.
ARTICLE 6: USE OF “COOKIES” FILES
The site may use “cookies” techniques. A “cookie” is a small file (less than 4 KB), stored by the site on the user’s hard drive, containing information about the user’s browsing habits. These files allow it to process statistics and information on traffic, facilitate navigation, and improve the service for user comfort. For the use of “cookies” files involving the saving and analysis of personal data, the user’s consent is necessarily requested. This user consent is considered valid for a maximum period of 13 (thirteen) months. After this period, the site will ask the user again for permission to save “cookies” files on their hard drive.
a. User’s objection to the use of “cookies” files by the site The user is informed that they can object to the recording of these “cookies” files by configuring their browsing software. For information, the user can find at the following addresses the steps to follow to configure their browsing software to oppose the recording of “cookies” files:
- Chrome: https://support.google.com/accounts/answer/61416?hl=en
- Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Safari: http://www.apple.com/legal/privacy/en-ww/
- Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- Opera: http://www.opera.com/help/tutorials/security/cookies/ In the event that the user decides to deactivate the “cookies” files, they can continue to browse the site. However, any malfunction of the site caused by this manipulation could not be considered as being due to the site editor.
b. Description of “cookies” files used by the site The site editor draws the user’s attention to the fact that the following cookies are used during their browsing: Cookie Name: Google, Issuer: Google While browsing the site, the user is informed that third-party “cookies” files may be recorded. These are particularly the following third parties: Google In addition, the site includes social network buttons, allowing the user to share their activity on the site. “Cookies” files from these social networks are therefore likely to be stored on the user’s computer when they use these features. The user’s attention is drawn to the fact that these sites have their own privacy policies and terms and conditions that may be different from the site. The site editor invites users to consult the privacy policies and terms and conditions of these sites.