This charter – “The Charter” has been drawn up to define the commitments to data protection and to specify how to implement the General Data Protection Regulations – “RGPD” by Ms. SABINE PETIT. Ms. SABINE PETIT attaches particular importance to the protection of the personal data of his employees, customers, partners, and users of his website and apps.
Ms. SABINE PETIT informs about the procedures for collecting personal data, their use and the options available to the persons concerned. This CHARTER may be amended by Ms. SABINE PETIT in the event of regulatory, judicial or technical changes.
Ms. SABINE PETIT agrees to comply with the “Informatique & Libertés” law n° 78-17 of 6 January 1978 as amended, as well as with the law on “building confidence in digital economy n° 2004-575 of 21 June 2004, and the General Data Protection Regulation n° 2016/679 of 27 April 2016.
This General Data Protection Regulation, No 2016/679 of 27 April 2016, came into force throughout the European Union on 25 May 2018.
ARTICLE 1 – DEFINITIONS
Personal data shall mean any personal information relating to an identified or natural person or one that can be identified, directly or indirectly, by reference to an identification number or to one or more elements specific to that person.
The processing of Personal Data shall mean any operation or set of operations dealing with such Data, whatever the process used, and in particular the collection, recording, organization, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form for making available, matching or interconnecting as well as blocking, erasing or destroying Personal Data.
COOKIES: A Cookie is a piece of information stored on a user’s hard disk by the server of the site he/she visits, which contains several Data: name of the server which has stored it, a user name or identifier in the form of a unique number, possibly an expiry date; this information is sometimes stored on the computer in the form of a simple text file that a server can access to read and save information.
ARTICLE 2 – COLLECTING PERSONAL DATA
Ms. SABINE PETIT shall refrain from collecting Personal Data without first informing the persons concerned,
Ms. SABINE PETIT shall collect such Data as required to deliver the services and/or products requested by the persons concerned, to meet their needs and to inform them of the use made of it.
Ms. SABINE PETIT shall ensure that the Personal Data collected is relevant in order to better know the persons concerned.
Ms. SABINE PETIT shall automatically collect information submitted by the data subjects relating to the use of the website itself, this information may include unique device identifiers, Internet Protocol (“IP”) addresses, browser characteristics, language preferences, details of operating summaries and referral URLs, as well as the duration of visits to the website and the type and number of pages viewed.
Ms. SABINE PETIT may use tools, such as cookies, web beacons, embedded scripts, web server logs or other similar technologies to collect details about the services and devices used to access to the website of SABINE PETIT
ARTICLE 3 – USING THE PERSONAL DATA COLLECTED
Ms. SABINE PETIT shall keep confidential the Personal Data entrusted to him, from the design of services to that of sites and apps, and follow all data protection guidelines.
Ms. SABINE PETIT shall use the Personal Data provided by the data subjects in order to authenticate them, provide them with the service and/or product subscribed to and make them offers geared to their needs and requirements.
Ms. SABINE PETIT shall disclose Personal Data only to his authorized service providers or subcontractors and see to it that they comply with strict conditions of data confidentiality, usage and protection.
Ms. SABINE PETIT undertakes not to disclose Personal Data to third parties without informing the data subjects and giving them the opportunity to exercise their right of opposition.
Ms. SABINE PETIT may use the Data provided, which has been irreversibly anonymized beforehand, for purposes of statistical study.
ARTICLE 4 – END PURPOSE OF PROCESSING
Whenever users visit the website published by Ms. SABINE PETIT, they are likely to provide Ms. SABINE PETIT with a certain number of Personal Data in order to avail themselves of the services and/or products offered by Ms. SABINE PETIT.
The Processing of Personal Data is necessary to deliver the services offered by Ms. SABINE PETIT or to safeguard the legitimate interest of Ms. SABINE PETIT. Collecting Personal Data enables Ms. SABINE PETIT to provide the data subjects with the best possible follow-up of the services/products sold by Ms. SABINE PETIT, and to improve the way the site or apps (if any) function. This also permits Ms. SABINE PETIT to conduct optional customer satisfaction surveys regarding the services/products sold, in order to improve them.
Finally, if necessary, in the event that Ms. SABINE PETIT’s customers expressly consent to this, the Personal Data may be used for the purpose of communicating commercial or trade information.
ARTICLE 5 –SECURITY OF THE PERSONAL DATA COLLECTED
Ms. SABINE PETIT shall put in place security measures adapted to the degree of sensitivity of the Personal Data collected so as to protect it against any malicious intrusion, loss, alteration or disclosure to unauthorized third parties.
Ms. SABINE PETIT guarantees that the information shared in the context of online transactions or on-line payment shall remain secure.
Ms. SABINE PETIT shall only authorize authorized persons that need the information to perform their duties to access his system.
Ms. SABINE PETIT shall make his employees aware of the need to protect the Personal Data made available to them in the course of their duties and ensure that they comply with the rules in force and the code of ethics set up by Ms. SABINE PETIT.
ARTICLE 6 – LENGTH OF RETENTION OF THE PERSONAL DATA COLLECTED
Ms. SABINE PETIT agrees not to keep the Personal Data beyond the time required to achieve the purpose for which they are being processed, while respecting the applicable legal and regulatory limits or another time period, given the operational constraints faced by Ms. SABINE PETIT.
As for Ms. SABINE PETIT’s customers, most of the information is kept for the duration of the contractual relationship and for ten years after the contractual period has ended.
As for prospects, information is kept for three years from the date of its collection or of the last contact with Ms. SABINE PETIT.
ARTICLE 7 – INFORMATION AND EXERCISING ONE’S RIGHTS
The data subjects whose Personal Data are collected shall have a right to access to the Personal Data concerning them, to rectify or delete them or limit their Processing or portability, as well as the right to object to their being processed.
These Rights can be exercised by sending an e-mail to the following address email@example.com or by post to Ms. SABINE PETIT at 6bis Rue Jean Jaurès – 77300 FONTAINEBLEAU. Ms. SABINE PETIT undertakes to reply to any person who has made use of one of the aforementioned Rights within one month of receipt of the request.
However, this deadline may be extended by two months depending on the complexity and/or number of requests to be handled.
Should the Data Controller refuse to comply with the data subject’s request for information, the Data Controller must specify the reasons for such refusal.
The data subject may file a complaint with the National Commission on Data Processing, Data Files and Individual Liberties or the Supervisory Authority of the Member State of the European Union in which he or she resides, and lodge a judicial appeal.
7.1.- Rights of access :
Any person may contact the Controller if personal data concerning him/her are being processed. Thereupon, the data subject may obtain a copy of the Personal Data being processed and the following information:
• End purposes of the processing;
• Categories of Personal Data involved
– Recipients or categories of recipients of the Data;
– Whenever possible, the proposed retention period for the Data or, where this is not possible, the criteria used to determine this period;
– Where the Personal Data are not obtained from the data subject, any available information as to their source;
– where applicable, the existence of automated decision-making, including profiling, and relevant information concerning the underlying line of reasoning, as well as the import and the consequences anticipated from such processing for the data subject.
7.2.- Right of rectification
-All persons whose Personal Data are processed can avail themselves of the right to obtain rectification of inaccurate Personal Data concerning them and to ensure that such Data are supplemented, if required by the purpose of the processing.
7.3.- Right of deletion:
• Any person whose Personal Data is processed has the right to obtain from the Data Controller the deletion of the said Data in the following cases:
• – when the Personal Data are no longer necessary for the purposes for which they were collected or otherwise processed;
• – where the data subject has withdrawn its consent which resulted in the data being processed, and there is no other legal basis for processing them;
• – If processing is based on the legitimate interests of the Data Controller;
• – where the data subject demands that its data be processed and there are no compelling legitimate grounds for processing them;
If the purpose of processing is to prospect for or profile customers to that end, and the data subjects have objected to their data being processed;
– when the Personal Data have been unlawfully processed;
– when the Personal Data must be deleted in order to comply with a legal obligation provided for by the Right of the Union or by the Right of the Member State to which the data controller is subject;
– the controller may, however, refuse to delete or erase the Data in the following cases:
. to comply with a legal obligation that requires that the data be processed as provided for by the Right of the Union or by French legislation;
. where data are solely processed for statistical purposes;
When processing the data is required for exercising or defending one’s rights in court;
7.4.- Right of limitation
• Any person whose Personal Data are processed may request that the Data Controller limit their processing in the following cases:
• – Where the person challenges the accuracy of its Personal Data, for a period of time that enables the Data Controller to check their accuracy;
• – when Processing does not comply with the regulations, but the Data Owner does not wish to delete them;
• – When the Data Controller no longer needs the Personal Data for the purposes of Processing, but these are still necessary for the data subject to establish, exercise or defend its Rights in court;
– where the person has objected to Processing, when checking whether the legitimate goals pursued by the Data Controller take precedence over those of the data subject;
– when the Processing of data has been restricted, save for storing and retaining them, they may only be processed in the following cases:
with the consent of the person concerned;
. for the recognition, exercise or defense of Rights in court;
. for the protection of the Rights of another natural or legal person, or for reasons of public interest on the part of the Union or a Member State.
If the restriction is subsequently lifted, the Data Controller will inform the data subject in advance.
7.5. – Right of portability
Any person whose Personal Data are being Processed may request that the Data Controller communicate his/her Data to him or her or forward them to another controller in the following cases:
– where the processing has been carried out based on the consent of the data subject;
– where processing is necessary for the performance of a contract to which the data subject is party or for the performance of a pre-contractual measure taken at the request of the data subject;
– where the Processing is carried out by means of automated procedures.
7.6.- Right of opposition :
Any person whose Personal Data are processed has a right to object to such processing under the following conditions:
– where Processing is aimed at satisfying the legitimate interests pursued by the Data Controller, by a third party, or for reasons related to that particular situation and where the Data Controller fails to demonstrate that there exist legitimate and compelling reasons for processing the data that override the interests and Rights and freedoms of the data subject, or reasons that are needed for ascertaining exercising or defending their Rights in court;
– Where Processing is carried out for the purpose of prospecting or profiling customers, the person may unconditionally object to such Processing.
– Where Processing is carried out for statistical purposes, or for reasons related to the particular situation the person is in.
ARTICLE 8 – PROTECTION OF PRIVACY
Ms. SABINE PETIT has installed appropriate physical, electronic, administrative and security devices intended to protect the personal information obtained from data subjects, customers and prospects, in accordance with this charter.
Ms. SABINE PETIT undertakes to take all necessary and useful measures to limit invasive actions by third parties and inform his customers of possible electronic hacking attacks.
Ms. SABINE PETIT’s website may contain hypertext links to other third party websites or third party online spaces for the convenience and information of the persons concerned.
These linked third-party websites may be operated by unaffiliated entities and pursue their own privacy policies or notices.
Ms. SABINE PETIT therefore recommends that individuals who might visit his websites consult the privacy policies governing such third party websites to understand how they might come to collect and use Personal Data.
Ms. SABINE PETIT cannot be held liable for the content or privacy practices of third party websites over which Ms. SABINE PETIT has no control.
ARTICLE 9 – COOKIES
Cookies will be stored on the terminals of the data subjects for a maximum period of thirteen months from the date that the persons concerned have given their consent.
Past this period, consent must be obtained anew.
9.1.- Type of cookies used:
The cookies necessary for browsing Ms. SABINE PETIT’s website are strictly required for operating the said website. Removing them might cause browsing issues.
Four types of cookies, corresponding to the purposes described below, can thus be stored in the terminal of the persons concerned when connecting to or visiting Ms. SABINE PETIT’s website.
Number 1: Technical cookies are necessary for browsing Ms. SABINE PETIT’s website and accessing the various products and services on offer.
They cannot be deactivated or configured; at risk of persons no longer being able to access the site and/or website services.
Number 2: Audience measurement cookies are installed by Ms. SABINE PETIT or his technical service providers to measure the traffic and the audience for the various contents and sections posted on the website, in order to evaluate and better organize them.
These cookies only produce anonymous statistics and traffic volumes, to the exclusion of any individual information.
Number 3: “Social network” cookies will make it possible to share content posted on Ms. SABINE PETIT’s website with other people or to tell them about visits or opinions regarding some content posted on Ms. SABINE PETIT’s website.
9.2.- Management of cookies :
People have the option of accepting or rejecting cookies on a case-by-case basis or refusing them once and for all by configuring their browser. If the person chooses to refuse all cookies, browsing certain pages posted on Ms. SABINE PETIT’s website may be limited.
For any support concerning the various browsers, methods of deleting cookies, Ms. SABINE PETIT recommends that you refer to official documents provided by the companies that sell his browsers.
ARTICLE 10 – UPDATING THE CHARTER
Ms. SABINE PETIT may amend this charter at any time, in particular owing to the introduction of new services or new technologies or due to changes in the legislative and regulatory framework.
Ms. SABINE PETIT recommends that the persons concerned consult this page as often as they wish to be informed of any changes.
ARTICLE 11 – RIGHT OF EMPLOYEES TO BE INFORMED AND PUBLICITY
This Charter will be provided to each of Ms. SABINE PETIT’s Employees individually
It will also be available on Ms. SABINE PETIT’s website
ARTICLE 12 – ENTRY INTO FORCE OF THE CHARTER
This present shall come into force from its date of publication.
Data Protection Charter