CHARTER RELATING TO THE PROTECTION OF PERSONAL DATA
Applicable from November 02, 2020
Applicable from November 02, 2020
<strong>Article I. </strong> PREAMBLE
CREA DIGIT COMPANY SAS wishes to place the protection of personal data at the heart of its commitments.
This charter relating to the protection of personal data (hereinafter referred to as the « Charter ») aims to define the terms and conditions for the collection, use and sharing of personal data (hereinafter referred to as the « Data » for the specific needs of this Charter) that CREA DIGIT COMPANY SAS, a Simplified Stock Company, with a capital of 1000 euros, registered with the Trade and Companies Register of Grasse
under the number RCS B 882 590 862, hereinafter referred to as CREA DIGIT COMPANY SAS, is required to collect as part of the performance of the Services that it provides to its Users and Customers in the context of the use of its Site .
CREA DIGIT COMPANY SAS therefore undertakes, through this Data Protection Charter, to comply with the regulations on the protection of personal data for its customers and prospects in accordance with European Regulation 2016/679 of April 27, 2016 relating to the protection of individuals with regard to the processing of personal data (RGPD) and Law n ° 78-17 of January 6, 1978 relating to information technology, files and freedoms.
<strong>Article II. </strong> DEFINITIONS
Each of the contractual terms defined within the T & Cs and / or the T & Cs are deemed to have the same meaning within the framework of these presents, except in contradiction with the definitions listed below which will be pre-washed.
For the purposes of this Charter, the following terms will be used:
« AIPD » • Data Protection Impact Analysis.
« CNIL » • National Commission for Information Technology and Freedoms.
« Charter » • means the terms and conditions for the collection, use and sharing of Data that CREA DIGIT COMPANY SAS is required to collect in connection with the performance of the Services it provides.
« Cookies » • The « cookies » (or cookies) are small text files of limited size that allow your computer, tablet or mobile to be recognized in order to personalize the services offered.
« Receveir » • The natural or legal person, public authority, service or any other body that receives communication of personal data, whether or not it is a third party.
« Personal data »• Any information directly or indirectly identifying a natural person within the meaning of Regulation No. 2016/679, known as the General Regulation on the Protection of Personal Data which entered into force on May 25, 2018 (here- after designated the « GDPR »). Any information relating to an identified or identifiable natural person; is deemed to be a “ identifiable natural person ” a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or one or more specific elements specific to their physical, physiological, genetic, psychological, economic, cultural or social identity.
« Internet user » • Anyone connecting to the site.
« Concerned person » • The natural person to whom the personal data subject to the processing relates.
« GDPR » • European Regulation 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data.
« Regulations in force “• Refers to the combined application of the provisions of the RGPD and the Data Protection Act of 6 January 1978 as amended.
« Data controller » • The natural or legal person, public authority, service or other body
which, alone or jointly with others, determines the purposes and means of the processing.
« Website » • The Website https://e-tellyou.net
« Subcontracting » • The natural or legal person, public authority, department or other body which processes personal data on behalf of the controller.
« Third » • A natural or legal person, public authority, department or body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or processor , are authorized to process personal data.
“Processing ” • Toany operation or any set of operations carried out or not using automated processes and applied to data or sets of personal data, such as collection, recording, organization, structuring, storage , adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, reconciliation or
interconnection, limitation, erasure or destruction within the meaning of the GDPR.
<strong>Article III. </strong> APPLICATION DOMAIN
CREA DIGIT COMPANY SAS reserves the right to modify this Charter as necessary, depending on the evolution of the Services offered or the evolution of legislation, at its sole discretion. The Data management policy by CREA DIGIT COMPANY SAS is always subject to the most recent version of the Charter. The User is invited to
consult this Charter as often as necessary.
In any case, any significant modification will be the subject of a notification sent by email or by any other means at least 30 (thirty) days before their effective application in order to obtain its agreement.
<strong>Article IV. </strong> OBJECTIVES
Through this Data Protection Charter, CREA DIGIT COMPANY SAS expressly undertakes to:
• Comply with the recommendations and, more broadly, the CNIL doctrine on the protection of personal data, or to justify any difference;
• Comply with the recommendations of the National Agency for the Security of Information Systems (ANSSI);
• Anticipate any project implementing personal data in accordance with the so-called Privacy by Design and Privacy by Default principles defined in Article 25 of the GDPR;
• Set up internal procedures to monitor compliance with legal obligations and commitments made by CREA DIGIT COMPANY SAS;
• Facilitate the exercise of the rights recognized to the persons concerned;
• Ensure the greatest transparency on the processing of personal data implemented.
<strong>Article V. </strong> INFORMATION COLLECTED
The information collected by CREA DIGIT COMPANY SAS contains in particular the User Data collected when accessing the Services, as well as the recipient’s contact details, such as:
▪ In the event that the User is a company:
– Personal data of persons representing the User, such as their legal representative, their employees, whether or not they are employees, and more particularly:
– Their first name,
– Their name,
– The name of the User’s company,
– The function of the person whose Data is collected in the User’s company.
▪ In the event that the User is an individual:
– Her name,
– His first names as known to civil status,
– His date and place of birth.
– His postal address,
– His email address,
– His telephone number.
▪ In the event that the User is unreachable or does not respond to attempts to contact CREA DIGIT COMPANY SAS:
CREA DIGIT COMPANY SAS is given a mandate to collect, record and use the only information necessary for the performance of the subscribed services, namely:
– If the user was not reachable, the Data of the referent or trusted person designated by him, namely: The name, first name, telephone number and email address of this person, the User taking responsibility for requesting to this person his agreement for the transmission of this Data to CREA DIGIT COMPANY SAS;
– In the case of a group message, of type « The one for the future grown ups » or « Bouquet de messages »,the data of the Co-subscriber identical to those of the subscriber.
▪ As part of the performance of its services:
CREA DIGIT COMPANY SAS is given a mandate to collect, record and use the only information necessary with regard to the services desired by the User, namely:
– The contact details of the Recipient: Name, first name, email address, telephone and postal address
– And also, if the option is chosen: « Recipient search », additional elements that can help find him: his last known school, his last known professional position (position and company), the sport practiced and the contact details of the sports club.
To this end, the User authorizes CREA DIGIT COMPANY SAS to search for said Recipient, in accordance with the provisions of the T & Cs.
These data are required to access the Services. Failure to provide this Data, the User may find it impossible to access the Services offered.
<strong>Article VI. </strong> PURPOSE OF COLLECTION & CONSENT
CREA DIGIT COMPANY SAS undertakes, in its capacity as data controller, to collect only the personal data strictly necessary for the purposes for which they are processed and directly from the persons concerned.
When the consent of the person concerned is necessary for the collection and processing of certain data, CREA DIGIT COMPANY SAS undertakes to obtain this consent in accordance with the requirements of the GDPR.
In the event that data is collected indirectly, CREA DIGIT COMPANY SAS formally undertakes to inform its customers and prospects.
CREA DIGIT COMPANY SAS also undertakes not to process data in a manner incompatible with the purposes for which it was initially collected.
CREA DIGIT COMPANY SAS collects the personal data which are voluntarily communicated on the Site: Your Name, First name, Email address, Telephone, date and place of birth and, optionally, the name of the Company and the Postal address, and, in accordance with article 14.5 of the RGPD, the data of the recipients for the sole purpose of accomplishing the missions which have been assigned to it.
<strong>Article VII. </strong> DIFFERENT TREATMENTS CARRIED OUT
CREA DIGIT COMPANY SAS uses the Data collected from Users for the purposes of satisfying:
• The execution of the Services concluded between it and the User, and in particular, the Orders;
• The transmission to the User, if applicable, of information on the Services by email, SMS or any other means of communication, within the limits of the authorization that the User has given him;
• Improving the quality of Services;
• Ensure compliance with:
– Applicable legislation,
– Normal use of the Services
– This Charter;
• Transmit to the User, in accordance with the applicable legal provisions and with his agreement when the legislation so requires, marketing, advertising and promotional messages, invitations to events and information relating to the use of the Services;
• Proceed with the referencing of the User on internal databases.
<strong>Article VIII. </strong> DATA RETENTION PERIOD
The Data collected and processed will be kept for the duration of the performance of the Services, so as not to exceed the time necessary for the purposes for which they are processed.
In any case, the right to information enjoyed by data subjects implies that they are expressly informed of the retention period of personal data concerning them, namely:
• The data will be kept for a period of 2 (two) years for the transmission of any commercial offer to the User, by any means whatsoever, provided that the latter has requested it.
• Certain categories of Data will be subject to intermediate archiving at the end of the execution of the Services, or their interruption for any reason whatsoever, if this Data is necessary for CREA DIGIT COMPANY SAS to protect itself from proof in the event of a dispute. The duration of this intermediate archiving will be 5 (five) years from the date of interruption, with the exception of proof of subscription to the Services as well as the copy of the Contract, which will be kept, if applicable, for a period of 10 (ten) years from the performance of the Service, in application of article L 213-1 of the Consumer Code;
• In the event that the Contract signed between CREA DIGIT COMPANY SAS and the User has been suspended or blocked, the Data will be kept for a period of 5 years from the suspension with the exception of proof of subscription to Services as well as a copy of the Contract, which will be kept, if applicable, for a period of 10 (ten) years from the execution of the Service, in application of article L 213-1 of the Consumer Code .
<strong>Article IX. </strong> COMMUNICATION OF DATA
CREA DIGIT COMPANY SAS collects and personally processes the Data of the Users of its Site through its legal representative and its team, its collaborators, employees or external service providers, and in any event bound by a confidentiality clause and informed security obligations related to the collection and processing of Data.
CREA DIGIT COMPANY SAS wishes to be transparent about the use made of personal data.
To do this, they are informed that the personal data concerning them may be communicated:
• To CREA DIGIT COMPANY SAS teams (its legal representative and, where applicable, its collaborators, employees, occasional trainees or external service providers) who have a real and justified need to access this data;
• To applications, certified RGPD, which CREA DIGIT COMPANY SAS needs to process the actions it performs, if applicable;
• To the IT department of CREA DIGIT COMPANY SAS;
• To the server for hosting and backing up computer data of CREA DIGIT COMPANY SAS;
• To any subcontractor or service provider with a real and justified need to access this data;
• To any organization (third party) to which CREA DIGIT COMPANY SAS would be required, by virtue of a legal obligation, to communicate such personal data;
• In the event that CREA DIGIT COMPANY SAS cedes its activity by any means whatsoever, to the potential transferee of its business or shares of its share capital.
<strong>Article X.</strong> DATA TRANSFER
The Data is stored in France, at the premises of CREA DIGIT COMPANY SAS and, where applicable, on the server of the CREA DIGIT COMPANY SAS Site.
The service providers selected by CREA DIGIT COMPANY SAS have made a commitment to the latter not to make any transfer outside the European Union. To date, no transfer outside the European Union has been referenced. If this should be the case in the future, the service providers selected by CREA DIGIT COMPANY SAS have undertaken to:
• Inform him beforehand
• Comply, in any case, with the provisions of the GDPR so that the minimum protection guarantees of this regulation are respected.
<strong>Article XI.</strong> RESPECT DES DROITS DES PERSONNES
Within the framework permitted by the European Regulation, CREA DIGIT COMPANY SAS undertakes to respect and ensure respect for the rights enjoyed by its customers and prospects; to know :
• Right to information;
• Right to rectification;
• Right to erasure;
• Right to restriction of processing;
• Right to portability;
• Right of opposition;
• Right not to be the subject of a decision based exclusively on automated processing;
• Right to decide the fate of his personal data after his death. In order to guarantee an effective response and within the prescribed timeframe, CREA DIGIT COMPANY SAS has set up a rights management procedure.
The User has the right to obtain a copy of the Data concerning him held by CREA DIGIT COMPANY SAS.
To do this, it is up to him to:
– or send him his request by email to the following address rgdpd@e-tellyou.net, if applicable,
– or send him his request by letter sent to the address of CREA DIGIT COMPANY SAS as stipulated in the preamble of this Charter.
CREA DIGIT COMPANY SAS will endeavor to respond to the User’s request within a reasonable time and, in any event, within the time limits set by law.
The User also has the possibility of accessing the Data held by CREA DIGIT COMPANY SAS in order to ask him to rectify, modify or delete any incorrect information.
The User has the right to oppose or limit the processing of his Data.
The User has, where applicable, the right to lodge a complaint with the competent supervisory authority (the CNIL) or to obtain redress from the competent courts if he considers that CREA DIGIT COMPANY SAS has not respected his rights.
The User also has the right to the portability of his Data, i.e. the right to receive the Data provided to CREA DIGIT COMPANY SAS in a structured format, commonly used and readable by the machine and the right to transmit this Data to another controller.
Finally, the User also has, where applicable, the right to define directives relating to the fate of his Data after his death.
<strong>Article XII.</strong> MANAGING DATA BREACH
CREA DIGIT COMPANY SAS formally undertakes to take all measures to minimize the impact of a possible breach of personal data for the persons concerned.
To do this, CREA DIGIT COMPANY SAS, in its capacity as data controller, undertakes to notify any personal data breach to the CNIL within a maximum period of 72 hours after becoming aware of it, unless the breach in question is not likely to create a risk for the rights and freedoms of natural persons.
CREA DIGIT COMPANY SAS also undertakes to communicate any personal data breach to the person concerned as soon as possible when the breach in question is likely to create a high risk for their rights and freedoms.
In order to ensure efficient management of personal data breaches, CREA DIGIT COMPANY SAS has set up a dedicated procedure for this purpose.
<strong>Article XIII.</strong> COOKIES AND OTHER TRACERS
CREA DIGIT COMPANY SAS, as publisher of this Site, may install cookies or other tracers on the hard drive of your terminal (computer, tablet, mobile, etc.) in order to guarantee the User a smooth and optimal navigation on its website.
CREA DIGIT COMPANY SAS can carry out an automated collection of standard information from its Users.
This concerns, in particular, all types of personalized information that allows the site to identify its visitors.
All this information collected indirectly will only be used to monitor the volume, type and configuration of the traffic of Users using the Site, in order to develop its design and layout, as well as to ‘other administrative and planning purposes, and more generally to improve the site offered to Site Users.
With the help of the information contained in the tracers and cookies used, CREA DIGIT COMPANY SAS can analyze the frequentation and the use made of the Site and, if necessary, facilitate and improve navigation, carry out prospecting operations, develop business statistics or display targeted advertisements.
In application of the Regulations in force, the collection of cookies is subject to the express consent of the Users of the Site. In this context, CREA DIGIT COMPANY SAS requires the consent of each of the new Users of the Site for the collection of cookies. This consent request is materialized by a button “ I accept “, which is preceded by information relating to the data collected.
A banner presenting information relating to the deposit of cookies and similar technologies appears at the bottom of your screen when you first connect to the CREA DIGIT COMPANY SAS Site. This banner allows the user to obtain information on the cookies used on the Site, and to accept or refuse their implementation.
By clicking on the banner icon “ I accept “, the User is deemed to have given his consent to the deposit of said cookie.
However, in accordance with the recommendations of the CNIL, certain cookies are exempt from the prior collection of the User’s consent to the extent that they are strictly necessary for the operation of the Site or have the exclusive purpose of enabling or facilitating electronic communication. These include session ID, authentication, load balancing session and personalization cookies.
of your interface. These cookies are fully subject to this Charter insofar as they are issued and managed by CREA DIGIT COMPANY SAS. The Site User is free to accept or refuse the collection of cookies. He can click on a button “ Find out more ” in order to have access to additional information concerning the processing of his personal data.
When the collection of the user’s consent is necessary for the deposit of certain cookies, in particular concerning the deposit of audience measurement or advertising cookies, CREA DIGIT COMPANY SAS undertakes to obtain this consent in accordance with the requirements of the GDPR.
Pursuant to the Regulations in force, CREA DIGIT COMPANY SAS sets up a compliance register making it possible to trace all the processing of personal data.
In application of the Regulations in force, the data controller will notify the violation of personal data to the CNIL within 72 hours of becoming aware of this violation.
The tracers and cookies are intended to be stored on the Internet user’s computer workstation for a period of up to 13 months. At the end of this period, consent must be obtained again.
These data are kept in secure conditions in compliance with the provisions of the GDPR and the national legislation in force.
These obligations apply whether the trackers collect Data or not.
The User has the possibility, at any time, to choose to activate or deactivate the trackers on his connection device or to delete them. He can deactivate all the tracers or, on the contrary, modify only the choices in terms of tracers by clicking on the link in the information banner.
Any configuration by the User may modify the use of the Site and the conditions of access to certain services requiring the use of tracers. This malfunction can not, in any case, constitute damage to the User who can not claim any compensation for this fact.
<strong>Article XIV.</strong> SECURITY AND CONFIDENTIALITY
In compliance with regulations and to the extent that the security and confidentiality of personal data of its customers and prospects is a major issue, CREA DIGIT COMPANY SAS is committed to:
• Secure data communications to the various recipients through encryption and pseudonymization measures;
• Secure access to data by ensuring compliance with the Authorizations Charter implemented within the entity;
• Ensure the confidentiality of processing systems and services by implementing and respecting an efficient password charter, as well as pseudonymization measures;
• Ensure the constant integrity and resilience of processing systems and services, in particular by setting up multiple backup systems distributed at least over two geographically spaced sites;
• If necessary, communicate to the person concerned the reference to the appropriate guarantees
when a transfer of personal data is planned to a third country or to an international organization;
• More generally, put in place all the appropriate technical and organizational measures to guarantee a level of security adapted to the risk;
Security can only be optimal if, and to the extent that, the subcontractor also complies with these various technical and organizational measures.
To do this, CREA DIGIT COMPANY SAS formally undertakes to ensure that all of its subcontractors and partners present appropriate guarantees regarding the implementation of technical and organizational measures, in compliance with the GDPR and the rights of data subjects.
CREA DIGIT COMPANY SAS also undertakes that a contract will be concluded between it and its subcontractors in this regard.
<strong>Article XV.</strong> PRIVACY BY DESIGN
In compliance with regulations, CREA DIGIT COMPANY SAS undertakes, before implementing any processing of personal data, to:
• Inform the DPO of any new personal data processing project;
• Follow the opinion of the DPO on questions relating to this project concerning the protection of personal data;
• Carry out or have carried out a DPIA when it is deemed necessary;
• Raise awareness among staff on the protection of personal data through training and / or awareness raising and the setting up of educational tools;
• More generally, put in place all the appropriate technical and organizational measures effectively and to provide the processing with the necessary guarantees in order to meet the requirements of these regulations and protect human rights.