Personal data protection policy

ARTICLE 1 - DEFINITIONS

"Personal data" or "Data": means any data that can directly or indirectly identify a natural person, such as name, first name, email, postal address, telephone ;

"Data Subject" means any Data relating to an identified or identifiable natural person;

"Data Controller": means the company PUISSANTE, a limited liability company with a share capital of €1,000.00, whose registered office is located at 23 Rue Pierre De Coubertin, 56000 VANNES, registered in the Vannes Trade and Companies Register under number 890 816 903 represented by Marie COMACLE acting and having the necessary powers as manager, which determines the purposes and means of the Processing of your Personal Data;

"Web Site": means the web site accessible at the address http://puissante.co/ published by the company PUISSANTE;

"Sub-processor": means the natural or legal person who processes Personal Data on behalf of the Controller, on its instructions and under its authority ;

"Terminal": means any equipment used by the User to access the Website;

"Processing" means any operation on Personal Data, including, but not limited to, recording, collecting, organizing, storing, adapting or modifying, retrieving, consulting, using, communicating by transmission, dissemination or otherwise making available, matching or linking, and blocking, erasing or destroying;

"User" means any person browsing the Website and/or using the Website.

ARTICLE 2 - INTRODUCTION

Within the framework of its commercial activity, PUISSANTE is brought to treat information concerning you. For example, by filling in a form on the Web Site, by navigating on our Web Site, you transmit information to us, some of which are likely to identify you.

PUISSANTE, as the Data Controller, has established this Personal Data Protection Policy (hereinafter "the Policy"), and undertakes to process such Data in accordance with the principles of transparency, purposefulness and legitimacy, accuracy, proportionality and minimization, security and confidentiality, accountability and protection by design and by default.

This Policy informs you of how we collect and process your Data.

We invite you to read it carefully.

Important

We only use your Data as required by applicable law to:

The performance of a contract we have entered into with you or in the course of a business relationship between us, and/or

Compliance with a legal or regulatory obligation, and/or

Your free, specific and informed consent to the use of your Data, and/or

The existence of a legitimate interest in using your Data. Legitimate interest is a set of commercial or business reasons that justifies the use of your Data by PUISSANTE.

ARTICLE 3 - DATA CONTROLLER

The person in charge of the processing mentioned in this document is the company PUISSANTE, a limited liability company, with a capital of 1 000,00 €, whose head office is located at 23 Rue Pierre De Coubertin, 56000 VANNES, registered in the Trade and Companies Register of Vannes under the number 890 816 903 represented by Marie COMACLE, who determines the means and purposes of the Processing of your Data.

ARTICLE 4 - DATA COLLECTED AND METHOD OF COLLECTION

4.1. Data that you transmit directly to us

During the various contacts we have with you, you may be asked to provide us with information about yourself. They are collected in particular at the time of the creation of an account on the Web site.

This Data includes:

Name, first name, title, date of birth;

Mailing address, e-mail address, phone number;

Username and encrypted password used to identify you on our Website;

Encrypted information relating to your means of payment (in particular credit card number);

Business Development Choices;

Any other information you wish to share with us.

PUISSANTE undertakes to limit the collection of this Data to what is strictly necessary. It is reminded that these are collected at the initiative of PUISSANTE. The collection of Personal Data may also be at the initiative of the Data Subjects.

4.2. The Data we collect automatically

Each time you visit our Website, we collect login and navigation information. Different technologies may be used to collect this Data.

- Data collected through standard Internet technologies

We may use standard Internet technologies such as scripts, pixels and redirects. Scripts (sometimes called tags), written in javascript, are programs that run in your browser and perform various actions, such as sending information to our servers. Scripts are also capable of creating pixels. Pixels (sometimes called transparent GIFs, clear GIFs, or web bugs) are lines of code that display a graphic image (usually invisible) on a web page or in an email. Redirects make a web page available under multiple page addresses (URLs). When a browser opens a redirect URL, a page with a different URL is opened.

The purpose of these technologies is to enhance your experience on our Website.

These technologies give us access to the following information, among others

Information about your use of our Website;

Information about the presence of cookies on your terminal, the time and date of viewing a page, and a description of the page where the web beacon is set;

Information on whether or not you read the e-mails we send you, on the clicks you make on the links contained in these e-mails.

Our Website may also include third-party scripts, pixels and redirects. These technologies allow third party service providers to collect certain information such as your browser type, and the web page that redirected you to our Website. These third party service providers process the information they collect for auditing purposes, research, and to report information about our Website and the advertisements viewed on it. We do not share your identifying information with these third parties in connection with their use of these technologies.

4.3 Data on minors

Our products and services are intended for adults capable of entering into contractual obligations. The minor User must obtain the consent of his or her legal guardian prior to the communication of Personal Data concerning him or her.

ARTICLE 5 - PURPOSES OF DATA PROCESSING

This section tells you the main purposes for which we use the Data mentioned in section 4:

5.1. Operations necessary for the provision of products or services :

Taking into account your registration on the Website, as a Customer;

Taking into account your subscription to our publications;

Taking into account and operational management - delivery and follow-up of your order;

Performance of the contract between you and us;

Billing; Collection of Payments;

Customer relations: a customer service department is available by mail, telephone or e-mail for any questions or complaints;

Conducting satisfaction surveys;

Sending information about changes or developments in our services;

Management of unpaid bills and disputes;

Management of the exercise of your rights on your Data, under the conditions provided for in article 11 below;

Verification of compliance with applicable legislation, our contracts and general conditions of use;

5.2 Marketing operations and commercial prospecting :

Updating, enrichment and deduplication of your personal information in our database;

Sending information about our activity;

Sending a newsletter and commercial prospecting, when you have consented to it;

Analysis of our customers to determine our content and advertising campaigns, personalized or not, by e-mail and on all networks;

Loyalty actions or personalized commercial prospecting;

Elaboration of commercial statistics.

5.3. Transactions related to commercial partnerships :

Sharing, exchanging or renting files with commercial partners in compliance with the regulations in force and security requirements;

Sending marketing, advertising and promotional messages related to partners' products and services via email, mobile notifications, social networks or any other medium;

Setting up contests or other promotional operations or events with commercial partners.

ARTICLE 6 - RETENTION PERIOD

PUISSANTE is the person in charge of the treatment and commits itself to respect the conservation periods imposed by the regulations in force.

PUISSANTE applies the principle of limiting the duration of data retention in order to keep Personal Data only for the time strictly necessary to achieve the purposes of the Processing, it being specified that what is necessary depends on specific circumstances, such as regulations requiring the retention of information for a specific period of time or prescription periods for legal disputes. Where a statute of limitations is imposed by law, the retention period shall not be less than this.

Acting as the person in charge of processing, PUISSANTE undertakes to respect the conservation periods imposed by the regulations in force, in particular as regards the management of customer files and commercial prospecting: personal data may not be kept beyond the period strictly necessary for the management of the commercial relationship.

Your Personal Data is kept for a period of time in accordance with the legal provisions or proportionate to the purposes for which it was collected. Some retention periods are in the legitimate interest of the Data Controller.

The table below lists the main retention periods for your Data.

In any event, we regularly review the information we hold. When its retention is no longer justified by legal, commercial or customer account management requirements, or if you have exercised your right to erasure, we will securely delete it.

Data Categories

Goals

Shelf life

Technical data

Data Set

Operation of the Website, navigation features and preservation of the User's configuration choices

1 year from the date of collection

Prospect data

Data Set

Constitution and management of a file of prospects

3 years from the collection of the Data or the last contact from the prospect

Active customer data

Data Set

Customer account management

During the entire contractual relationship

Inactive customer data

Data related to the execution of the contract

Management of the customer account, orders, deliveries, invoicing, payments

10 years after the end of the contract or the last contact from the inactive customer, in intermediate storage

Identification and contact data - Inactive customers

Sending information about the evolution of our publication and our offers

3 years after the end of the contract or the last contact from the inactive customer

Identification and contact data - Newsletter subscribers

Sending information on the evolution of our publications and our offers

Until you unsubscribe

Identification and contact data - Web account registrants

Sending information on the evolution of our publications and offers

Until the account is closed

Assumed data

Data relating to your uses and your supposed interests

Advertising targeting and information delivery

Annual update

7. RECIPIENTS OF THE DATA

7.1. Recipients internal to PUISSANTE

Are likely to have access to some of your Data the employees of PUISSANTE within the customer relations, administrative, accounting and management control, IT and marketing & sales departments, authorized to operate a Data Processing.

Access to your Data is based on individual and limited access authorizations. Personnel who may have access to Personal Data are subject to an obligation of confidentiality (through a nominal and personal undertaking of confidentiality).

7.2. Recipients external to PUISSANTE

The following may have access to some of your Data:

- The Subcontractors

In the course of its activities, PUISSANTE uses Subcontractors. PUISSANTE shall inform the Users in writing of any change concerning the addition or replacement of Subcontractors.

PUISSANTE shall exercise particular care in the selection of Subcontractors who process Personal Data on its behalf. PUISSANTE undertakes to ensure that the Subcontractors present identical guarantees of confidentiality and security and that the Processing carried out by them is carried out in compliance with the regulations in force, and in particular the RGPD.

Our Subcontractors provide services on our behalf, including

Logistics management of shipments and returns;

Accounting;

Securing online payments and fighting fraud;

Management of telephone calls, sending of postal or digital mail;

Personalization of the contents of the Website ;

Realization of maintenance operations and technical developments;

Collection of customer reviews ;

Provision of analytical solutions or audience measurement statistics;

Our Contractors' access to your Data is based on signed contracts that outline their obligations with respect to Data protection, security and confidentiality. We ensure that our Subcontractors operate Data Processing(s) in accordance with this Policy.

In certain cases, PUISSANTE may have to disclose Personal Data to third parties, such as public bodies or legal authorities, in order to comply with the regulations in force and to respect its legal obligations.

- Social networking platforms

The use of social networks to interact with our Website (in particular the buttons to access our Facebook and Twitter pages) may result in the exchange of Data between PUISSANT and these social networks. For example, if you are connected to the Facebook social network and you visit a page on our Website, Facebook may collect this information.

We therefore invite you to consult the personal data management policies of the various social networks to learn about the collection and processing of your Data.

- Our business partners

They promote products or services on their own behalf or on behalf of advertisers. We have no control over the collection or Processing of your Data by our business partners on their own platform and invite you to consult their policy on the Processing of Personal Data.

- Police, judicial or administrative authorities

When we are legally obliged to do so or in order to safeguard the rights, property and safety of PUISSANTE.

ARTICLE 8 - TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION

We store your Personal Data in the European Union.

However, it is possible that, in the course of some of our assignments and on a marginal basis, the Data we collect when you use our platforms or services may be transferred to Subcontractors or business partners located in other countries. In the event of such a transfer, and in order to protect the privacy and Data of Users, we implement a comprehensive program for the protection of Personal Data and ensure that it is governed by the signature of the European Commission's standard contractual clauses, which ensure an adequate level of protection of the privacy and fundamental rights of individuals.

PUISSANTE will only transfer Users'/Customers' Personal Data to third parties who have agreed in writing to provide an adequate level of protection.

ARTICLE 9 - DATA PROTECTION

As a Data Controller, we implement appropriate technical and organizational measures in accordance with the applicable legal provisions to protect your Personal Data against any breach.

A Data breach within the meaning of the GDPR is a security breach resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.

In accordance with the regulations in force, PUISSANTE undertakes to respect the principles of security, confidentiality and integrity of the personal data collected from the Users.

9.1 Confidentiality

PUISSANTE undertakes to preserve the confidentiality of the Personal Data with regard to its staff, its collaborators and any person likely to have access to it.

The personnel of PUISSANTE who have access to Personal Data are committed to respecting confidentiality and may be subject to a legal or contractual obligation of confidentiality. Likewise, the authorized personnel have received the necessary training in the protection of Personal Data.

PUISSANTE can be led to propose a limitation of the personal Data collected, an anonymization of these Data or to resort to pseudonymization.

9.2 Security measures implemented

PUISSANTE implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

PUISSANTE relies on the combination of several levels of security. The measures can be human, physical or logical in order to contribute to the security of its information systems.

In terms of human security, the measures implemented by PUISSANTE include:

Training sessions to raise awareness among PUISSANTE's staff of the fundamental knowledge of Personal Data protection in general and the RGPD in particular;

Appointment of a Data Protection Officer (DPO)

Support for the teams by the DPO, in regular contact with the PUISSANTE staff.

In terms of physical security, the measures implemented by PUISSANTE include:

Limited and supervised access to the premises of PUISSANTE (badges) ;

Password-protected FTP server that is regularly updated;

Access and privilege management: only administrators can allow access to data from a computer or server;

Use of a personal and secure wifi code;

Perimeter security components such as firewalls and proxies filter access to PUISSANTE resources.

In terms of logical security, the measures put in place by PUISSANTE include:

Setting up computers, servers and cell phones according to an identical protocol that takes into account the latest versions of the editors;

The protection of servers and computers via an anti-virus, regularly updated;

Encryption of all the hard drives of the employees' laptops.

PUISSANTE intends to privilege the storage of the Data within the European Union or, at least, storage solutions in countries outside the European Union presenting sufficient guarantees, and this in conformity with the legislation in force.

PUISSANTE's Data Protection Officer (or DPO) is systematically involved in new IT projects that are likely to modify the Processing of Personal Data: creation of new functionalities, change of software solution, change of medium for hosting Personal Data, etc. This organization favors the deployment of the "Privacy by design" principle.

9.3. Data Breach

In case of violation of Personal Data, PUISSANTE undertakes to promptly inform the CNIL in the conditions prescribed by the RGPD.

If such breach poses a high risk to Data Subjects and the Personal Data has not been adequately protected, POWER will notify Data Subjects and provide the necessary information and recommendations.

ARTICLE 10 - THIRD PARTY WEBSITES

The Website may contain links, in particular hypertext links, and/or offers from partners referring to a third-party website.

PUISSANTE has no control over the content of third party web sites or the privacy practices of such third parties and disclaims any responsibility for such content. It is your responsibility to learn about the privacy policies of such third parties.

ARTICLE 11 - YOUR RIGHTS

In accordance with Regulation (EU) 2016/679 on the protection of Personal Data, known as the RGPD adapted into French law by Law No. 2018-493 of June 20, 2018, and Law No. 78-17 of January 6, 1978, known as the Loi informatique et libertés, you have the following rights over your Data:

RIGHT OF INFORMATION

PUISSANTE is committed to informing the Users of the collection and use of the Personal Data and thus to produce clear, transparent and accessible information on the conditions and modalities of the collection and Processing of the Personal Data.

RIGHT OF ACCESS

You have a right of access to obtain information on the existence of a Processing and its methods.

You also have the right to obtain a copy of the Data, by requesting it in the manner set out below.

RIGHT OF RECTIFICATION

You can ask PUISSANTE to proceed to the rectification of your Data, in particular when they are not up to date.

PUISSANTE will be able, if necessary, to oppose to the request a legitimate interest or compelling reasons when the applicable legislation provides it.

RIGHT TO ERASURE ("RIGHT TO BE FORGOTTEN")

Subject to the regulations in force, and in particular to the exceptions (for example, with regard to the conservation necessary to respect a legal obligation), you can request the deletion of your Personal Data:

When Personal Data are not or are no longer necessary for the purposes for which they were collected or otherwise processed;

When you withdraw the consent on which the Processing is based and no other legal basis for the Processing exists;

When you believe that the Processing of your Personal Data constitutes Unlawful Processing;

When Personal Data must be deleted by virtue of a legal obligation provided for by the law of the Union or the law of the Member State to which POWER is subject, i.e. France ;

Where you have objected to the Processing of Data and PUISSANTE does not have a legitimate or compelling reason to refuse your request.

PUISSANTE will be the only one to decide on the merits of the requests and will be able, if necessary, to oppose to the request a legitimate interest or compelling reasons when the applicable legislation provides it.

For example, PUISSANTE can validly oppose the destruction of the Data contained in the accounting documents, their conservation period being fixed by the law.

RIGHT OF OBJECTION

You have the right to object at any time, for reasons relating to your particular situation, to the Processing of Personal Data concerning you.

The right to object is limited by, among other things, POWER's legitimate interest in processing Personal Data and other legal requirements - such as compelling reasons.

You have the right not to be subject to a decision based exclusively on automated Processing, including profiling, producing legal effects concerning them or affecting them significantly in a similar way.

RIGHT TO LIMITATION OF PROCESSING

Under certain conditions, you may obtain from POWER the limitation of the Processing of your Data:

When the accuracy of your Personal Data is challenged, and for a period of time that allows PUISSANTE to verify the accuracy of the Data;

When the Processing is unlawful and you object to the erasure of your Data and demand, instead, the limitation of the Processing;

When the Data is no longer necessary for the purposes for which it was collected but you need it for the establishment, exercise or defense of legal claims;

When you object to Processing that would be based on the legitimate interest of PUISSANTE, during the verification of whether the legitimate motives pursued by PUISSANTE prevail over yours.

RIGHT TO PORTABILITY

You may obtain from PUISSANTE the Personal Data previously provided to PUISSANTE in a structured, commonly used and machine-readable format.

Under the right to portability, you may also transmit this Data to another Controller or request that your Personal Data be directly transmitted by PUISSANTE to another Controller, if technically possible.

RIGHT TO WITHDRAW CONSENT

You may, using the means provided by PUISSANTE for this purpose, withdraw your consent at any time when your Personal Data is processed on the basis of it.

Withdrawal of consent is only valid for the future, and therefore does not call into question the lawfulness of the Processing carried out prior to such withdrawal.

POST MORTEM LAW

You have the right to formulate directives concerning the conservation, deletion and communication of your post-mortem Data.

RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

The Users of the Website may exercise their right to access, rectify, delete, oppose and limit the Processing or portability of Data with PUISSANTE, by sending a request by e-mail to the Data Protection Officer at the following e-mail address marie@puissante.co or by post to the following address Puissante SARL, 23 rue Pierre de Coubertin, 56000 VANNES.

PUISSANTE may request a copy of a proof of identity in any case where it considers that your identity is not sufficiently established, or that there is or may be reasonable doubt as to the identity of the applicant. The level of verification carried out by PUISSANTE when processing requests to exercise rights will vary according to the nature of the requests, the sensitivity of the information provided and the context in which the request is made.

PUISSANTE undertakes to answer any request as soon as possible, and in any case within one (1) month from the receipt of the complete request. This delay can nevertheless be extended by two (2) months taking into account the complexity and the number of requests.

The DPO of PUISSANTE is at the disposal of the Users for any question on the technologies and procedures deployed in order to protect all the Personal Data transmitted and recorded via the Internet, all in accordance with the requirements of the CNIL and the European Union.

If necessary, Website Users and Data Subjects may file a complaint with the Commission Nationale Informatique et Libertés (CNIL), by mail or electronically at www.cnil.fr or

CNIL - Complaints Department

3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07

Tel : 01 53 73 22 22

ARTICLE 12 - REGISTERS

PUISSANTE agrees to maintain a record of all Processing activities performed.

This register is a document or application that allows for the listing of all the Processing carried out by PUISSANTE as the Data Processor.

PUISSANTE undertakes to provide the control authority, on first request, with the information enabling the said authority to verify the conformity of the Processing with the data-processing and freedom regulations in force.

ARTICLE 13 - UPDATE

This Policy may be modified or amended at any time in the event of changes in the law, case law, decisions and recommendations of the CNIL or practices.

Any new version of this Policy will be brought to the attention of customers and contacts by any means determined by POWER, including electronically (e.g., via e-mail or online through a pop-up window or banner).