This privacy notice sets out the policy of SOFIPROTEOL SA (the “Company”) with respect to personal data on the website https://www.sofiproteol.com/ (the “Website”). This Notice applies to all the information that you provide, or that we collect while you browse our website, in accordance with all applicable regulations in France relating to personal data such as those under French Law no. 78-17 of January 6, 1978 on information technology, data files and civil liberties, referred to as the “Information technology and civil liberties” law and Regulation (EU) 2016/679 of 25 May 2018 on data protection referred to as the “GDPR”.
The purpose of this privacy notice is to inform persons accessing the services offered on our Website (hereinafter referred to as the “Users”) about how we collect, utilise and share their personal data.
Any amendment to or update of this privacy notice will be brought to your attention. Your active consent to this new privacy notice will be required to continue using the services offered by the Company.
1. Who is responsible for your personal data?
The data controller, who collects and manages your data, is the company SOFIPROTEOL SA, SA, ith a share capital of € 265.933.200 egistered with the trade and companies register of Paris under no. 804 808 095 00017, with registered offices at 11/13, rue de Monceau 75008 – PARIS, represented by Jean-Philippe PUIG.
2. What personal data is collected?
You are reminded that personal data is any information relating to a directly or indirectly identified or identifiable natural person.
When browsing the Website and using the different services offered by the Company, you are consenting to our collection of the following categories of data:
- Personal details: Surname, First name, Mailing address, Email address, Telephone number;
- Professional life: Line of business, CV;
- Login details: IP address, Password, Corporate account details;
(Hereinafter referred to as “Personal data”).
You agree to provide personally identifiable information that is up-to-date and valid, with respect to the information required on the Website, and warrant that you will not provide any false or inaccurate information.
3. How and why is your Personal data collected?
3.1. Methods of Personal data collection
You are consenting to the Company’s collection of your Personal data when you complete the following documents:
- Online registration form;
3.2. Legal basis for collecting and processing the data
Your Personal data is collected on the basis of the following legal grounds:
- Specific, free and informed consent of the User (particularly with respect to the Newsletter subscription);
- The fulfillment of a legal obligation incumbent upon the Company;
- The performance of a contract concluded between the Company and the User (particularly with respect to the fulfillment of general terms and conditions for use/sale);
- The Company’s legitimate interest (particularly to ensure the security of transactions)
4. For what purposes is your Personal data collected?
4.1. General considerations
Mandatory Personal data is data that is strictly required for processing purposes or for your requests. Failing communication of said data, the User is informed that he will not be able to access certain services offered by the Company. You are informed about the mandatory nature of the information required when it is collected.
Optional Personal data collected by the Company is intended to get to know you better and enhance your browsing experience on the Website.
4.2. List of purposes
Your Personal data is collected and processed in order to fulfill the following purposes:
- Creating your User account;
- Contacting you and providing support;
- Carrying out operations relating to the management of services (contracts, bills, orders, etc.);
- Accessing the personal area on the Website (accessible using a login and a password);
- Monitoring internet use and messaging;
- Managing recruitment;
- User Experience
The Users are informed that, subject to their prior specific and positive consent, it will be possible for the Personal data transmitted to be transferred to our business partners from the AVRIL Group, so that they can inform the Users about their offers and services.
5. Who has access to your Personal data?
5.1. The Company’s personnel
Your Personal data is intended for use by persons within the Company who are duly authorised to process them, particularly, and depending on the type of processing and the type of data, the persons in charge of the sales, customer service, marketing, administrative, logistic and information technology departments.
5.2. The Company’s subcontractors
Within the framework of conducting its activities and the provision of its services, the Company makes use of subcontractors. They:
- process your Personal data on the Company’s behalf, and under its instructions;
- provide adequate guarantees with respect to the implementation of relevant technical and organisational measures to maintain the security and confidentiality of your data.
In cases where the Company uses subcontractors based in countries offering levels of protection that are not equivalent to those in the European Union, the Company undertakes to ensure that the transfer is secured by the Privacy Shield established between the European Union and the United States or by the signing of standard contractual clauses established by the European Commission or by the implementation of binding corporate rules (“BCR”).
6. How long is your Personal data stored?
The Company keeps your Personal data for the time that is strictly necessary to accomplish the purposes for which it was collected and processed, such as managing the commercial relationship or payment.
Beyond this period, your Personal data may also be archived to provide regulated, limited and justified access for the time required (i) to fulfill the Company’s legal and regulatory obligations, and/or (ii) to assert its rights through the courts, and before it is permanently deleted.
7. How does the Company maintain the security and confidentiality of your Personal data?
The Company undertakes to process your Personal data in a manner that is:
- inside the strict framework of the aims pursued and stated,
- for the duration required for the processing operations established
The Company is implementing and updating relevant technical and organisational measures to maintain the security and confidentiality of your Personal data by preventing it from being garbled, damaged or disseminated to unauthorised third parties.
8. What are your rights concerning your Personal data?
You may, by simple written request, access your Personal data, ask that it be modified or rectified, or require that it no longer appear in the Company’s database.
Under the right of access, you are authorised, pursuant to Article 15 of the GDPR, to contact the Company so that (i) your Personal data is communicated to you in an accessible form, (ii) you obtain confirmation on whether your Personal data is or is no longer being processed, (iii) the purposes of the processing, personal data categories processed and the recipients of your Personal data are communicated to you and (iv) you obtain information on how long your Personal data is stored or the criteria used to determine this duration.
Pursuant to Article 16 of the GDPR, the right of rectification confers on you the right to require that the Company rectify, complete or update your Personal data when it is inaccurate, incomplete, equivocal or expired.
Under the conditions provided for in Article 17 of the GDPR, you have a right to the erasure of your Personal data, which enables you to request that the Company erase your Personal data without undue delay, particularly when it is no longer required for the purposes for which it was collected.
In addition, you have a right to restriction of processing of your Personal data in the cases identified in Article 18 of the GDPR. You may therefore request that your Personal data be stored solely for the purposes of:
- checking the accuracy of the Personal data that you are disputing;
- being of use to you with respect to the establishment, exercise or defense of your legal claims, and although the Company no longer has any use for it;
- verifying whether the legitimate aims pursued by the data controller will prevail over yours assuming you object to the processing of your data based on the legitimate interest of the Company;
- fulfilling your request to restrict the use of your data – rather than erasing it – assuming that the processing of your data is lawful.
Under the circumstances provided for in Article 20 of the GDPR, you have a right to the portability of your Personal data, allowing you to retrieve Personal data you provided from the Company, in a structured, commonly used, machine-readable format, for the purposes of transmitting it to another data controller.
In accordance with Article 21 of the GDPR, you have the right to object, at any time, to the processing of your Personal data for the purposes of business development
To exercise your aforementioned right of access, rectification, erasure, restriction, portability and objection, you may simply send your request by email to the following address: firstname.lastname@example.org
The Company will provide the person who exercises one of these rights with information on the measures taken, without undue delay and, in any event, within one (1) month from the receipt of the request. This period may be extended by two (2) months, considering the complexity and number of the requests.
If the Company does not intend to fulfill the request, it will inform the person, without undue delay, and at the latest within one (1) month from the receipt of the person’s request for the reasons for its refusal and the possibility of filing a complaint with the supervisory authority and lodging an appeal.
Exercising these rights is free of charge. However, in cases of manifestly unfounded or excessive requests, the Company reserves the right to (i) require the payment of expenses including administrative costs, or (ii) refuse to fulfill these requests.
You can also request the recovery or deletion of your personal data via a form.
9. What recourse do you have if your Personal data is misused?
In the case of a misuse of your Personal data protection rights likely to pose a risk to your rights and liberties, the Company will report this violation to the CNIL (the French Data Protection Authority) in an expeditious manner, and, if possible 72 hours at the latest after being notified. The Company will also inform the User, without undue delay, in accordance with the provisions set forth in Article 34 of the GDPR.
Without prejudice to any other administrative or legal remedy, the User who considers that the processing of his Personal data constitutes a violation of applicable legal provisions may lodge a complaint with the competent supervisory authority such as the French Data Protection Authority (CNIL).
10. To whom do you address your questions?
For any questions concerning the processing of their personal data and the exercise of their rights, the Users may contact our dedicated service at the following address: email@example.com