Personal Data Policy
Aprolis, having its registered offices at 6, rue Claude Nicolas Ledoux - 94046 Créteil Cedex. (hereinafter the "Company" or "We"), acting as data controller, kindly requests that you take note of the terms and conditions of processing (i.e. collection, use and sharing) of your personal data, through this website (hereinafter the "Website") and the use of associated services such as the online quote request (hereinafter the "Services"), in accordance with the applicable laws and regulations on the protection of personal data, in particular:
(i) Act No. 78-17 of 6 January 1978 relating to information technology, files and freedoms and Law No. 2018-493 of 20 June 2018 relating to Information Technologies, Data Files and Civil Liberties protection; (ii) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, hereinafter the "GDPR"), which came into force on 25 May 2018; and (iii) any other normative act, decree, regulation or provision that would be enacted by a competent national or European personal data protection authority - hereinafter collectively referred to as the "Applicable Regulations". The Company is a company of the MONNOYEUR GROUP, a French Group whose holding company is located at 117, rue Charles Michels - 93200 Saint-Denis France.
1. What is the scope of this Policy?
2. What types of personal data do we collect?
The Company collects (1) data that you have voluntarily shared with the Company and (2) navigational data related to your access and use of the Website and Services. In particular, the Company collects the following information:
- Data you voluntarily share with the Company: the Company may collect your personal data (e.g., first name, last name, email, address, telephone number, etc.) when you submit a request via an online form on the Website or when you use our Services.
3. For what purposes do we collect your personal data?
We process data to:
a. Enable you to use the Website and the Services;
b. Evaluate and improve our Services and related functionality;
c. Improve your experience of using the Website and Services;
d. Provide you with customer support and respond to your enquiries;
e. Meet the Company's interests; in some cases, the Company may disclose your personal data, including when the Company believes in good faith that such data processing is necessary to:
(i) protect, exercise, or defend the rights, privacy, safety, or property of the Company or those of its employees, agents, and contractors (including the performance of our contracts and terms and conditions of use); (ii) protect the safety, privacy, and security of users of the Website, the Services, or the public; (iii) protect against fraud or for risk management purposes;
f. Comply with legal obligations (including obligations relating to the provision of the Services and consumer information), or to respond to requests from public and governmental authorities;
g. Perform a contract for the supply of goods and/or services;
h. Subject to your consent, carry out commercial prospecting operations and share your personal data with our trusted business partners, including other entities of the MONNOYEUR Group, in order to enable them to send you commercial messages.
4. On what legal basis do we process your data?
As an exception: if you log in to a personal account/customer area of the Website, as part of a service contract with the Company, the processing of the data of this personal account is based on the contract between you and the Company.
5. How long do we keep your data?
The Company retains your personal data for as long as is needed for the purposes described in section 3 above. Your data is kept:
- For the duration strictly necessary for the use of the Website, the Services, or for the needs of the Company, and for a maximum of 3 years from the date of collection if no contract is drawn up with the Company;
- In the event of a contract or an order going through, as part of the Services or otherwise, for the entire term of the contractual relationship, and then kept in intermediate archives for a period corresponding to the period of the guarantee, if any, to which is added the applicable legal prescription period (5 years in most cases);
- In the event of the Company fulfilling a legal obligation, your data is processed for the time necessary to fulfil this obligation and as provided for by law;
- In the context of commercial prospecting operations, for 3 years from your last contact with the Company;
- Until the withdrawal of your consent, in the event that the processing is based on your prior consent;
- For a period of 25 months from their implantation/creation in the case of cookies.
6. How do we process your data?
Data is processed both manually and electronically and is protected by appropriate security measures. In this respect, although the Company uses appropriate administrative, technical and organisational measures to protect personal data against theft, loss, unauthorised use, disclosure or modification, it cannot guarantee that it is able to protect itself against all existing IT risks.
7. Who has access to your data?
- Third party service providers, subcontractors (i.e. IT service providers, service providers related to the Services - by way of illustration, and without this list being exhaustive, experts, consultants and lawyers, companies involved in potential mergers, divisions or other transformations);
- Competent national authorities: in order to comply with the applicable law and with any administrative or judicial authority that may request it or that may need access to it regarding a possible inspection or dispute.
- Trusted business partners: subject to your consent.
8. Is your personal data transferred abroad?
Your personal data may be transferred to other entities of the MONNOYEUR Group and to service providers acting on their behalf which are located in France and/or within the European Union. We will not transfer personal data to non-EEA countries.
9. Minors under the age of 15
The Website is not directed at and does not offer Services to individuals under the age of 15, and the Company does not knowingly collect personal data from individuals under the age of 15 or from minors generally
10. Security measures
The Company implements all appropriate technical and organisational security measures to ensure a level of personal data security appropriate to the risk, and in particular to protect data against accidental or unlawful destruction, loss, damage, disclosure or unauthorised access.
The same level of protection is imposed by the Company on all its subcontractors by contract.
Any employee of the Company who, in the course of his or her duties, may have access to your personal data undertakes to hold it in strict confidence.
11. What are your rights in relation to personal data?
In accordance with the Applicable Regulations, you have, depending on the situation, the right to access, correct, delete, limit, portability and object to the processing of your data as well as the right to withdraw your consent at any time. You also have the right to send us your instructions in order to organise what happens to your data (conservation, deletion, communication to a third party, etc.) in the event of decease. You can exercise these rights by writing to the following e-mail address: firstname.lastname@example.org. However, your objection may, in practice and depending on the case, have an impact or make it impossible to take into account your request for information, registration or use of the Services offered on the Site. You also have the right to appeal to a supervisory authority such as the Commission Nationale de l'Informatique et des Libertés (CNIL) in the event of a breach of the regulations applicable to the protection of personal data and, in particular, of the European General Data Protection Regulation No. 2016-679 (GDPR), which has been in force since 25 May 2018.
12. Changes and updates
We regularly update our Personal Data Policy and will post any updates on the Website.
13. Data Protection Officer
The Company has appointed a Data Protection Officer (DPO) whom you may contact if you have any questions about the processing of your personal data and to exercise your rights. To contact the DPO write to: email@example.com