WEBSITE PRIVACY POLICY
ARTICLE 1 : PREAMBLE
This privacy policy applies to the site: aserti.com and all of its subdomains. The purpose of this confidentiality policy is to expose users of the site to:
The way in which their personal data is collected and processed. All data capable of identifying a user must be considered personal data. This includes the first and last name, age, postal address, email address, location of the user or even their IP address;
What are the rights of users regarding this data;
Who is responsible for the processing of personal data collected and processed;
To whom this data is transmitted;
Possibly, the site’s policy regarding “cookie” files.
This confidentiality policy supplements the legal notices that users can consult at the following addresses: Legal notices: https://aserti.com/privacy-policy/
ARTICLE 2 : GENERAL PRINCIPLES REGARDING DATA COLLECTION AND PROCESSING
In accordance with the provisions of Article 5 of European Regulation 2016/679, the collection and processing of data from users of the site respects the following principles:
Lawfulness, loyalty and transparency: data can only be collected and processed with the consent of the user who owns the data. Each time personal data is collected, the user will be informed that their data is being collected, and for what reasons their data is being collected;
Limited purposes: the collection and processing of data is carried out to meet one or more objectives determined in these general conditions of use;
Minimization of data collection and processing: only the data necessary for the proper execution of the objectives pursued by the site are collected;
Retention of data reduced over time: data is retained for a limited period, of which the user is informed. If the shelf life cannot be communicated to the user;
Integrity and confidentiality of data collected and processed: the data controller undertakes to guarantee the integrity and confidentiality of the data collected.
In order to be lawful, and in accordance with the requirements of Article 6 of European Regulation 2016/679, the collection and processing of personal data can only take place if they comply with at least one of the conditions below. after listed:
- The user has expressly consented to the processing;
- The processing is necessary for the proper performance of a contract;
- The processing meets a legal obligation;
- The processing is explained by a necessity linked to the protection of the vital interests of the data subject or of another natural person;
- The processing may be explained by a necessity linked to the execution of a mission of public interest or which relates to the exercise of public authority;
- The processing and collection of personal data is necessary for the purposes of the legitimate and private interests pursued by the controller or by a third party
ARTICLE 3 : PERSONAL DATA COLLECTED AND PROCESSED IN THE CONTEXT OF BROWSING THE SITE
DATA COLLECTED AND PROCESSED AND METHOD OF COLLECTION
The personal data collected on the contract-factory.com site are as follows:
The information given by the user in the contract preparation forms (surname, first name, address, etc.) allowing the creation of their legal file or to contextualize their approach,
The technical characteristics of the means of connection to the website (screen size, IP address, etc.),
And possibly information relating to the use of the site: number of orders, time spent, articles viewed, etc.
This data is collected when the user performs one of the following operations on the site:
- registers on the site,
- saves a document,
- buys a product on the site,
- consults an information article,
- subscribes to a newsletter,
- requires technical or legal assistance online or by telephone.
Furthermore, when paying on the site, proof of the transaction including the order form and invoice will be kept in the site publisher’s computer systems. The data controller will keep in its computer systems of the site and under reasonable security conditions all the data collected for a period of: between 1 day and 3 years, for simple visits, up to 5 years if the user validates an order. The collection and processing of data serves the following purposes in particular:
- creation and control of access to customer accounts,
- creation of documents,
- completion of formalities,
- followed by payment and invoicing,
- connection with third party partners,
- sending marketing and commercial information.
And more generally all activities related to the sale of services or products related to the information presented on the website.
2. TRANSMISSION OF DATA TO THIRD PARTIES
2.1. Sharing your personal data with third-party companies
When browsing the Site, users’ personal data may be transmitted to external service providers. These third parties provide a service on our behalf and in our name with the aim of enabling the proper functioning of credit card payments and other Services, or may offer their services or products to users.
Personal data may be transferred to countries outside the European Union (such as the United States) for the purpose of processing your requests and securing personal data.
In accordance with the GDPR, all transfers of personal data to a country located outside the European Union and/or not offering a level of protection considered sufficient by the European Commission have been the subject of cross-border flow agreements. in accordance with the standard contractual clauses decreed by the European Commission and declared to the CNIL. Other transfers of personal data to the United States, particularly for customer relationship management (CRM), are governed by the E.U. – U.S. PRIVACY SHIELD (European Union-United States Data Protection Shield): Click here for more information.
We will never share, without obtaining your prior consent, your personal data with third party companies for marketing and/or commercial purposes.
2.2. Sharing with authorities
We may disclose your personal data to administrative or judicial authorities when their disclosure is necessary for the identification, arrest or prosecution of any individual likely to harm our rights, any other user or a third party. Finally, we may be legally required to disclose your personal data and cannot object to this in this case.
2. DATA HOSTING
The aserti.com site is hosted by: OVH, whose head office is located at the following address:
140, quai du Sartel – 59100 Roubaix
The host can be contacted at the following telephone number: 08 99 701 761 (1,349 Euros including tax per call, and 0.337 Euros including tax/min.)
The data collected and processed by the site are exclusively hosted and processed in France.
ARTICLE 4: DATA PROCESSING RESPONSIBLE AND DATA PROTECTION DELEGATE
1. THE DATA PROCESSOR
The person responsible for processing personal data is: Christophe POULLAIN.
He can be contacted as follows:
By email at contact@aserti.com Monday to Friday from 9:30 a.m. to 5:30 p.m.
The data controller is responsible for determining the purposes and means used to process personal data.
OBLIGATIONS OF THE DATA PROCESSOR
The data controller undertakes to protect the personal data collected, not to transmit them to third parties without the user having been informed and to respect the purposes for which these data were collected.
The site has an SSL certificate to guarantee that the information and data transfer passing through the site are secure.
An SSL certificate (“Secure Socket Layer” Certificate) aims to secure the data exchanged between the user and the site.
In addition, the data controller undertakes to notify the user in the event of rectification or deletion of the data, unless this entails disproportionate formalities, costs and procedures for the user.
In the event that the integrity, confidentiality or security of the user’s personal data is compromised, the data controller undertakes to inform the user by any means
ARTICLE 5: USER RIGHTS
In accordance with the regulations concerning the processing of personal data, the user has the rights listed below.
In order for the data controller to grant his request, the user is required to communicate to him: his first and last name as well as his email address, and if relevant, his account or personal space number or subscriber.
The data controller is required to respond to the user within a maximum of 30 (thirty) days.
PRESENTATION OF USER RIGHTS REGARDING DATA COLLECTION AND PROCESSING
1. Right of access, rectification and right to erasure
The user can read, update, modify or request the deletion of data concerning him, by respecting the procedure set out below:
the user must send an email to the person responsible for processing personal data, specifying the subject of their request and using the contact email address provided above
If he has one, the user has the right to request the deletion of his personal space by following the following procedure:
the user must send an email to the person responsible for processing personal data, specifying their personal space number. The request for deletion of data will be processed within 30 working days
2. Right to data portability
The user has the right to request the portability of his personal data, held by the site, to another site, by complying with the procedure below:
the user must make a request for portability of their personal data to the data controller, by sending an email to the address provided above
3. Right to restriction and opposition to data processing
The user has the right to request the limitation or to oppose the processing of his data by the site, without the site being able to refuse, unless he demonstrates the existence of legitimate and compelling reasons, which can prevail over the interests and the rights and freedoms of the user.
In order to request the limitation of the processing of their data or to formulate an opposition to the processing of their data, the user must follow the following procedure:
the user must make a request to limit the processing of their personal data to the data controller, by sending an email to the address provided above
4. Right not to be subject to a decision based exclusively on an automated process
In accordance with the provisions of Regulation 2016/679, the user has the right not to be the subject of a decision based exclusively on an automated process if the decision produces legal effects concerning him, or significantly affects him in a way similar way.
5. Right to determine the fate of data after death The user is reminded that he can organize what should happen to his data collected and processed if he dies, in accordance with law no. 2016-1321 of October 7, 2016. 6. Right to refer the matter to the competent supervisory authority In the event that the data controller decides not to respond to the user’s request, and the user wishes to contest this decision, or, if he believes that one of the rights listed above, he is entitled to refer the matter to the CNIL (Commission Nationale de l’Informatique et des Libertés, https://www.cnil.fr) or any competent judge.
PERSONAL DATA OF MINORS
In accordance with the provisions of Article 8 of European Regulation 2016/679 and the Data Protection Act, only minors aged 15 or over can consent to the processing of their personal data.
If the user is a minor under 15 years of age, the consent of a legal representative will be required so that personal data can be collected and processed.
The site editor reserves the right to verify by any means that the user is over 15 years old, or that he or she has obtained the consent of a legal representative before browsing the site.
ARTICLE 6: CONDITIONS FOR MODIFICATION OF THE CONFIDENTIALITY POLICY
This privacy policy can be consulted at any time at the address indicated below:
The site editor reserves the right to modify it in order to guarantee its compliance with current law.
Consequently, the user is invited to regularly consult this confidentiality policy in order to stay informed of the latest changes that will be made to it.
The user is informed that the last update of this confidentiality policy took place on: 05/25/2023.
ARTICLE 7: USER ACCEPTANCE OF THE CONFIDENTIALITY POLICY
By browsing the site, the user certifies having read and understood this confidentiality policy and accepts its conditions, particularly with regard to the collection and processing of their personal data.