1. Who is responsible for your personal data?
The data controller collecting and managing your data is THESEO FRANCE, a simplified joint-stock company with an issued capital of 1,000,000 € enrolled in the Trade and Company Register of LAVAL under no. 481 710 051, the head office of which is located at 200 avenue de Mayenne, 53000 – LAVAL, represented by Mr. François MARTIGNONI.
2. What personal data are collected?
We wish to remind you that personal data means any information relating to a natural person who is identified, or is identifiable, either directly or indirectly.
When you browse through the Site and use the various different services that the Company offers, you hereby agree to our collecting the following categories of data:
- Civil status: Surname, First name, Address, Postcode, Email address and Telephone number;
- Professional life: Business sector, CV;
- Login data: IP address, Password, Corporate account identifiers.
(Hereinafter known as “Personal data”).
You hereby undertake to provide up-to-date, valid Personal identification data as part of the information required on the Site and warrant that you will not make any false statements or provide any incorrect information.
3. How and why are your Personal data collected?
3.1. Methods of collecting Personal data
You consent to collection of your Personal data by the Company when you complete the following documents:
- Online registration form;
- Contact form.
3.2. Legal basis for collection and processing of data
Your Personal data are collected on the following legal bases:
- The User’s specific, free and informed consent (particularly for subscription to the Newsletter);
- Execution of a legal obligation incumbent upon the Company;
- Execution of a contract signed between the Company and the User (particularly for the execution of the general terms and conditions of use/sales);
- The legitimate interest of the Company (in particular to ensure security of the transactions).
4. What are the purposes for collecting your Personal data?
4.1. General aspects
Compulsory Personal data are those data strictly necessary for processing your enquiries. If said data are not communicated, the User will be informed that some services offered by the Company cannot be provided. You will be notified of the compulsory nature of the information at the time of collection.
The purpose of optional Personal Data collected by the Company is to get to know you better and enhance your browsing experience on the Site.
4.2. List of purposes
Your Personal data are collected and processed to serve the following purposes:
- Creation of your user account;
- Contact and support;
- Access to the personal area of the website (accessible by login and password);
- Enrichment of browsing experience.
Users are informed that, subject to their prior, specific and affirmative consent, the Personal data transmitted may be transferred to business partners of the AVRIL Group and/or to companies belonging to the AVRIL Group, to allow the latter to inform Users about their offers and services. [MM3]
5. Who can access your Personal data?
5.1. The Company’s personnel
Your personal data are intended for the persons duly authorised to conduct their processing within the Company in particular, and depending on the nature of the processing and the type of data, the persons in charge of the sales department, the customer service department, the marketing department and the administrative department.
5.2. Company subcontractors
The Company calls upon subcontractors as part of carrying out its activities and providing its services. They:
- process your Personal data on its behalf, and according to its instructions;
- provide adequate guarantees with regard to the implementation of appropriate technical and organisational measures to ensure the security and confidentiality of your data.
If the Company calls upon subcontractors located in countries offering levels of protection that are not equivalent to the level of protection of personal data within the European Union, the Company undertakes to ensure that such transfer is governed by the Privacy Shield set up between the European Union and the United States or by the signing of standard contractual clauses laid down by the European Commission or by the implementation of binding company rules (“BCR”).
6. For how long will your Personal Data be stored?
The Company stores your Personal data for the time strictly necessary for fulfilment of the purposes for which they are collected and processed, such as the management of the business relationship or payment.
Beyond this period, your Personal data may also undergo archiving involving controlled, limited and justified access, for the time required (i) for compliance with the Company’s legal and regulatory obligations and/or (ii) to allow the Company to assert a legal claim, before their definitive deletion.
7. How does the Company guarantee the security and confidentiality of your personal data?
The Company undertakes to handle your Personal data in a way that is:
- proportionate and
- within the strict context of the pursued and declared aims,
- for the period required for the processing implemented
- and securely.
The Company applies and maintains appropriate technical and organisational measures to ensure the security and confidentiality of your Personal data, preventing their distortion, damage or disclosure to unauthorised third parties.
8. What are your rights over your Personal data?
You are allowed, by simply submitting a written request, to access your Personal data, request their amendment or correction, or require that they no longer appear in the Company’s database.
Under the right of access, you are entitled, in accordance with article 15 of the GDPR, to question the Company in order to obtain i) communication of your Personal data in an accessible form, (ii) confirmation that your Personal data are or are no longer being processed, (iii) communication of the purposes of the processing, the categories of Personal data processed and the recipients to whom your Personal data are communicated, and (iv) the storage period of your Personal data or the criteria used to determine this period.
Pursuant to article 16 of the GDPR, the right of rectification entitles you to call upon the Company to rectify, complete or update your Personal data when they are inaccurate, incomplete, ambiguous or out of date.
Under the conditions stipulated in article 17 of the GDPR, you have a right of erasure of your Personal data, which allows you to require the Company to erase your Personal data as soon as possible, particularly when they are no longer necessary for the purposes for which they were collected.
Furthermore, you have a right of restriction of processing of your Personal data in the cases listed in article 18 of the GDPR. You may therefore request that your Personal data be kept only for the purposes of:
- checking the accuracy of the Personal data that you are challenging,
- serving you in establishing, exercising or defending your rights in court, even though the company no longer has any use for the data,
- ascertaining whether the legitimate reasons pursued by the data controller prevail over your own, should you object to processing based on the Company’s legitimate interest,
- fulfil your request to limit the use of, rather than delete your data, in the event that processing of your data is unlawful.
Under the circumstances stipulated in article 20 of the GDPR, you have a right of portability of your Personal data, allowing you to retrieve from the Company the Personal data that you have provided to the latter, in a structured, commonly used and machine-readable format, for the purpose of their transmission to another data controller.
Pursuant to article 21 of the GDPR, you have the right to to oppose, at any time, processing of your Personal data for commercial prospecting purposes.
In order to exercise your rights of access, rectification, erasure, limitation, portability and opposition referred to above, all you need is to send your request by email to the following address:
The Company will provide the person exercising any of these rights with information concerning the measures taken, as soon as possible and in any event within one (1) month as and from receipt of the request. This period may be extended by two (2) months, depending on the complexity and number of requests.
If the Company does not comply with the request, it will inform the person, as soon as possible, and at the latest within one (1) month as and from receipt of the request, of the reasons for its inaction and of the possibility of filing a complaint before a supervisory authority and of appealing before court.
These rights are exercised free of charge. However, in the event of a manifestly unjustified or excessive request, the Company shall reserve the right (i) to require payment of expenses taking account of the administrative costs, or (ii) to refuse to accede to such requests.
9. What recourse is available in the event of breach of your data?
In the event of a breach of your Personal data that is liable to incur a risk for your rights and freedoms, the Company shall promptly notify the CNIL of the breach, if possible no later than 72 hours after becoming aware thereof. The Company will also inform the User as soon as possible in accordance with the provisions of article 34 of the GDPR.
Notwithstanding any other administrative or jurisdictional recourse, any User who consider that the processing of his/her Personal data constitutes an infringement of the provisions of currently applicable legislation may file a complaint before a competent supervisory authority, such as the French National Commission on Informatics and Liberty (CNIL).
10. Who can you ask your questions?
For any questions concerning the processing of their personal data and the exercise of their rights, Users may contact our dedicated service at the following address: firstname.lastname@example.org