Privacy policy

French

PRIVACY POLICY

PREAMBLE

Article 1. Parties to this act

Between the undersigned:
1 ° EUPROLINK, registered with URSSAF under the number of SIRET 809 188 303000 14. (Hereinafter “EUPROLINK”) whose registered office is located at 28 rue de Nogent, 61130 Belleforêt-en-Perche, France
Hereinafter referred to as the “Data Controller”,
Firstly,

And

2 ° Any natural person
Browsing the website of the Data Controller;
Hereinafter referred to as the “Data Subject”,
On the other hand,
The following has been stated and agreed:

Article 2. Purpose

This Privacy Policy applies, without restriction or reservation, between the Data Subject and the Data Controller.

Its purpose is to provide information concerning the way in which the Data Controller collects and processes certain personal data relating to the Data Subject, in accordance with the legislation in force and in particular European Regulation n ° 2016/679 and the law n ° 78-17 (hereinafter referred to as “Legislation”), in connection with the use of the website https://euprolink.eu/ (hereinafter referred to as the “Site”) by the Person concerned.

Article 3. Definitions

Supervisory authority means the National Commission for Data Protection (CNIL), an independent French public authority regulating data protection;

Consent means any expression of will, free, specific, informed and unequivocal by which the Data Subject accepts, by a declaration or by a clear positive act, that Data concerning him / her is subject to Processing by the Data Controller.

Cookie designates a file used to trace the course of the Person concerned on the Site.

Recipient means any natural or legal person, public authority, service or other body that receives communication of the Data, whether or not it is a Third Party. However, the public authorities which are likely to receive communication of the Data, within the framework of a fact-finding mission, are not considered as Recipients within the meaning of this definition.

Data (s) means any information relating to the Data Subject.

File means any structured set of Data accessible according to determined criteria, whether this set is centralized, decentralized or distributed functionally or geographically.

Legislation means any law and regulation relating to Data protection, and in particular European Regulation n ° 2016/679 and law n ° 78-17.

Navigation means the consultation, knowledge and contact on the Site by the Person concerned.

Subject means any natural person who browses the Site, as soon as they can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, a identifying online, or one or more specific elements specific to their physical, physiological, genetic, psychic, economic, cultural or social identity.

Pseudonymization means the processing of Data in such a way that they can no longer be attributed to the Data Subject without having recourse to additional information.

Controller designates EUPROLINK, whose registered office is located at 28 rue de Nogent, 61130 Belleforêt-en-Perche, France.

Site means the infrastructure developed by the Data Processing Manager according to the computer formats usable on the Internet including data of different natures, and in particular texts, sounds, fixed or animated images, videos, databases, intended to be consulted by the Data Subject to find out, book and contact the Data Controller.

Processor means any natural or legal person, public authority, service or other body than the Data Controller who processes Data on behalf of the Data Controller.

Third party means any natural or legal person, public authority, service or other body than the Data Controller.

Processing means any operation or any set of operations carried out or not using automated processes and applied to Data or data sets, such as collection, recording, organization, structuring, conservation, l adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection, limitation, erasure or destruction.

CONVENTION

Article 4. Principles relating to Processing

In accordance with the Legislation, the Data Controller undertakes to respect the following principles for each Processing:

Legality;
Loyalty;
Transparency;
Purpose limitation;
Minimization of Data;
Accuracy;
Limitation of conservation;
Integrity;
Confidentiality;
Responsibility.

Article 5. Data processed

Within the framework of Navigation, the Data Controller is required to collect and process a certain number of Data, and in particular:

Personal information (name, first name, sex, postal address, age, present professional situation, projected professional situation, email address, telephone number, messages and requests sent to the Data Controller);

Technical information (browsing behavior on the Site, IP address, consent).

Article 6. Context of the Processing

Data may be collected and processed by the Data Controller on different occasions, and in particular:

– Contact with the Data Controller;
– Purchase of products and / or services on the Site;
– Creation of a member account;
– Newsletter Sign-Up ;
– Navigation on the Site;
– Request to exercise data rights.

Purpose of Processing

Data concerned

Legal basis of Processing

Duration of data storage

Securing and improving the Site

IP address, Browsing data

Legitimate interest of the Data Controller to improve the Site and manage the Site, secure and administer the Site, prevent fraud and malicious acts.

13 months

Management of contact

surname, first name, sex, postal address, age, present professional situation, forecast professional situation, email address, telephone number, messages and requests sent to the data controller, IP address, consent collection

Personal consent concerned

3 years from the last contact by the Data Subject

Management of purchases of products and / or services, invoicing and accounting standards

First name, last name, email address, postal address, telephone number, order placed, tracking number, means of payment

Contract, legal obligation and legitimate interest of the Manager processing to establish, exercise and defend legal rights

10 years from the transaction

Creation and management of member accounts

First name, last name, email address, telephone number, date of creation of member account, date of deletion of member account, collection of consent IP address

Consent of the Person concerned

3 years from the last connection of the Person concerned to their Client account

Management of requests to exercise data rights

Email address, telephone number

Consent of the data subject

5 years from receipt of the request

Newsletter management

Email address, surname, first name, telephone number, consent collection

Consent of the data subject

3 years from my unsubscribe request

Site statistics and personalized advertising

IP address, Browsing data, consent collection

Consent of the Data

Subject 13 months

Article 7. Details of the Processing

The Data Controller reserves the right to anonymize the Data that is the subject of Processing before deleting it.

The anonymized data can then be processed for statistical purposes.

Article 8. Recipients of Data

In principle, the Data Controller is the sole Recipient of the Data.

However, the Data Controller may be required to transfer the Data to Recipients and / or to any public authority which requests it, within the framework of a fact-finding mission.

The following companies or categories of recipients may be Data Recipients:

– Marketing subcontractor
– Accommodation subcontractor

This list of Processor Processors is subject to change at any time.

The Data Controller undertakes to require from its Processors sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the Processing meets legal and regulatory requirements and guarantees the protection of the rights of the Data subject, in particular in the event of transfer of Data outside the European Union.

In addition, the Data Controller may communicate to any Recipient or Third Party the Data which is the subject of Processing when a legal obligation to do so exists or when the Data Controller considers in good faith that this is necessary for:

– Respond to any complaint against it;
– Comply with the requirements of the judiciary and / or administrative order and / or the Supervisory Authority;
– Enforce any contract to which the Data Subject is a party;
– Safeguard the vital interests of any natural person;
– The performance of a public interest mission.

In the event of a third party’s purchase of the Data Controller, the Data Controller reserves the possibility of sharing the Data with the third-party buyer subject to compliance with this Privacy Policy by this Third Party.

Article 9. Rights of the Data Subject

The Data Subject has a certain number of rights on the Data which he can in particular assert, except for applicable legislative or regulatory exceptions, by making a request to EUPROLIK by email at the following address: info@euprolink.eu

In the event of reasonable doubt as to the identity of the Data Subject making a request to exercise their data rights, EUPROLINK may request to attach a copy of an official identity document in support of the request.

The requests will be treated as soon as possible and at the latest in accordance with the deadlines set by the Legislation.

Article 9.1. Permission to access

The Data Subject has the right to obtain from the Data Controller confirmation that Data is or is not being processed and, when they are, access to said Data as well as the following information:

– The purposes of the processing;
– Data categories;
– The Recipients or categories of Recipients to whom the Data have been or will be communicated,
– Recipients who are established in third countries or international organizations;
– Where possible, the data retention period or, when this is not possible, the criteria used to determine this period;
– The existence of the right to ask the Data Controller for the rectification or erasure of Data, or a limitation of the processing of Data, or the right to oppose this processing;
– The right to lodge a complaint with a supervisory authority;
– When the Data are not collected from the Data Subject, any available information as to their source;
– The existence of automated decision-making, including profiling, and, at least in such cases, useful information regarding the underlying logic, as well as the importance and expected consequences of this processing for the Data Subject.

The Data Controller provides a copy of the Data subject to Processing and reserves the right, in return for providing this copy, the payment of reasonable costs based on administrative costs for any additional copy requested by the Person concerned.

Article 9.2. Right to erasure and rectification

The Data Subject has the right to obtain from the Data Controller the rectification and / or erasure of inaccurate or obsolete Data as soon as possible unless the situation prevents the exercise of this right, and in particular:

– The exercise of the right to freedom of expression and information;
– Compliance with a legal obligation;
– Public interest in the field of public health, archives, scientific or historical or statistical research;
– The establishment, exercise or defense of legal claims.

Article 9.3. Right to object

The data subject has the right to object at any time, for reasons relating to his particular situation, to a Data Processing based on the performance of a public interest mission or the need for the legitimate interest of the Processing manager.

The Data Controller then undertakes to no longer process the Data, unless he demonstrates that there are legitimate and compelling reasons for the Processing which prevail over the interests and rights and freedoms of the Data Subject, or for the establishment, exercise or defense of legal claims.

Furthermore, the Data Subject has the right to object at any time to the Data Processing carried out for prospecting purposes by the Data Controller, to the extent that the Data Subject is linked to such prospecting.

Finally, when Data is processed for scientific or historical research or for statistical purposes, the Data Subject has the right to object, for reasons relating to his particular situation, to the processing of the Data, unless the Processing is only necessary for the performance of a public interest mission.

Article 9.4. Right to limitation

The Data Subject has the right to obtain from the Data Controller the limitation of Data Processing when:

The accuracy of the Personal Data is disputed by the Data Subject, for a period allowing the Data Controller to verify the accuracy of the Data;
The processing is unlawful and the Data Subject opposes its erasure and requires instead the limitation of their use;

The Data Controller no longer needs the Data for the purposes of the Processing but these are still necessary for the Data Subject for the establishment, exercise or defense of legal claims;

The Data Subject has objected to the Processing in accordance with Article 9.3, during the verification of whether the legitimate grounds pursued by the Data Controller prevail over those of the Data Subject.

The Data Subject who has obtained the limitation of Data Processing is informed by the Data Controller before the limitation of processing is lifted.

Article 9.5. Right to data portability

The Data Subject has the right to receive the Data they have provided to the Data Controller, in a structured, commonly used and machine-readable format, and has the right to transmit this data to another data controller without the Data Controller processing is an obstacle when:

The Processing is based on the Consent of the Data Subject or on the performance of a contract to which the Data Subject is a party;

Processing is carried out using automated processes.

The Data Subject, when exercising their right to Data portability, has the right to obtain that the Data is transmitted directly from the Data Controller to another data controller, when technically possible.

Article 9.6. Right to lodge a complaint with the Supervisory Authority

The Data Subject has the right to lodge a complaint with the Supervisory Authority if he considers that he is subject to illegal Data Processing by the Data Controller.

Article 9.7. Right to define directives on the fate of Data

The Data Subject has the right to define directives on the fate of the Data after his death to the Data Controller who will use all his technical means to enforce this will.

Article 10. Modification of the Privacy Policy

The Data Controller reserves the right to occasionally modify this Privacy Policy, in particular the list of Recipients presented in Article 8.

In the event of a substantial modification of this Privacy Policy, the Data Subject will be personally informed of the new Privacy Policy.

The Data Subject is invited to regularly consult this Privacy Policy to become aware of any modifications to it.

The Data Subject can send their questions about this Privacy Policy to the following address: info@euprolink.eu

Article 11. Invalidity of the Privacy Policy

If any of the stipulations of this Privacy Policy turns out to be void with regard to a rule of law in force or a judicial decision which has become final, it will then be deemed unwritten, without however nullifying the entire Privacy Policy or alter the validity of its other provisions.

Article 12. Management of cookies

When browsing the Site, the Data Subject is required to consent or refuse the installation of Cookies on their computer terminal.

In general, Cookies record information relating to the navigation of computers on the Site (the pages consulted, the date and time of the consultation, etc.), information which can be read during subsequent visits by the Person concerned on the Site with transmission of Data to the Data Controller.

The installation of these Cookies requires the consent of the Data Subject.

Certain Cookies are essential for the proper functioning of the Site and do not require the consent of the person concerned before they are installed, this is called Functional Cookies.

In accordance with Article 7. of this Privacy Policy, Cookies are automatically deleted within thirteen (13) months of their installation if the Data Subject does not renew their consent before the expiration of this period.

French