PRIVACY POLICY
DEFINITIONS
“Customer”: means any person who has entered into a contract with VETOPHAGE.
“Personal Data“: any information relating to an identified or identifiable natural person as defined by Regulation (EU) No. 2016/679 of April 27, 2016 and any subsequent equivalent regulations.
“Applicable Data Protection Laws” or “Applicable Law(s)”: means Regulation (EU) 2016/679 of April 27, 2016 (applicable since May 25, 2018), Law n°78-17 of January 6, 1978 relating to information technology, files and freedoms as amended by Law n°2004-801 of August 6, 2004 relating to the computerized processing of Personal Data , by Law for a Digital Republic n°2016-1321 of October 8, 2016, Law n°2018-493 of June 20, 2018 relating to the protection of personal data and any subsequent equivalent regulations, and/or any applicable law or applicable and current regulations relating to Data protection.
“Third Country”: means any country outside the European Union which does not have adequate legislation concerning the Processing of Personal Data as decided by the European Commission.
“Data Controller”:
VETOPHAGE – Société par actions simplifiée (simplified joint stock company) registered in the Lyon Trade and Companies Register, with its registered office at 46 allée d’Italie, 69007 Lyon, France, SIRET n° 825 352 024 00020.
“Processing”: any operation or set of operations carried out or not using automated processes and applied to Personal Data or sets of Personal Data , such as, for example, the collection, recording, organization, structuring, storage, communication by transmission, dissemination, extraction, consultation of Personal Data and defined by Regulation (EU) No. 2016/679 of April 27, 2016 and any subsequent equivalent regulations.
“Subcontractor/Processor”: refers to the third party that processes Personal Data on behalf of the Data Controller.
“Site User”: means any person who connects to the Site and uses or does not use the services available there. Site Users may or may not be Customers.
The Data Controller undertakes to comply with the applicable laws in connection with the Processing of Personal Data carried out on the https://vetophage.fr/ website that it publishes (hereinafter referred to as the “Site”) and more generally in connection with any Processing carried out by the Data Controller, particularly in connection with the commercial relationship with the Customer.
Personal Data collected via the Site is processed in a lawful, fair and transparent manner.Personal Data collected is adequate, relevant and limited to what is strictly necessary for the purposes of Processing.
- Purposes of Personal Data Processing
- Processing no. 1: The purpose of Processing is to respond to a User’s request made via the Site’s “Contact” tab.
It is used to respond to a request sent to VETOPHAGE via the Site’s “Contact” page.
Legal basis for processing
Article 6 (1) a) of the RGPD: the Data Subject has consented to the Processing of his/her Personal Data
Categories of Personal Data processed:
Name, first name ;
E-mail address ;
Telephone number (optional) ;
Any information provided by the Data Subject (free fields).
Persons concerned :
Users.
Personal Data collected for this purpose are collected on a mandatory basis.
Automated decision-making:
The Processing does not provide for automated decision-making.
- Processing no. 2: The purpose of processing is to manage the contractual and commercial relationship.
It is used to manage and execute the contract concluded with the Customer and to manage the commercial relationship with the Customer.
Legal basis for Processing
Article 6 (1) b) of the RGPD: the Processing is necessary for the performance of the contract concluded with the Customer.
Categories of Personal Data processed
Last name, first name, e-mail, position, telephone, company name, company address.
Data subjects:
Customers
The Personal Data collected for this purpose is mandatory.
Automated decision-making:
The Processing does not involve automated decision-making.
- Retention period for Personal Data
The Data Controller will retain information and Personal Data for the maximum legal or regulatory period applicable, depending on the purpose of the Processing:
Personal Data collected following a request made on the Site (excluding Customers) are kept for a maximum of three years from the last contact made by the Data Subject;
Personal Data collected as part of the commercial and contractual relationship with Customers are kept for the duration of the contract, plus five years at the end of the contract.
Commitment of the Data Controller
The Data Controller undertakes to :
process Personal Data solely for the purposes described above,
process Personal Data in accordance with applicable laws,
in the event of transfer of Personal Data to a Third Country or to an international organization, to inform the User in advance,
guarantee the confidentiality of Personal Data by taking all appropriate technical and organizational measures to (i) prevent access to Personal Data by unauthorized persons, (ii) by carrying out identity and access controls via an authentication system and password policy, (iii) by opting for an authorization management system and (iiii) processes and devices enabling all actions carried out on its information system to be traced, and to carry out, in accordance with applicable Laws, reporting actions in the event of an incident impacting Personal Data.
ensure that persons authorized to process Personal Data undertake to respect confidentiality or are subject to an obligation of confidentiality, and receive the necessary training in the protection of Personal Data,
take into account, with regard to its tools, applications or services, the principles of protection of Personal Data right from the design stage,
erase, anonymize or archive Personal Data at the end of the retention period,
Under no circumstances will the Data Controller be held responsible for security incidents related to the use of the Internet, in particular in the event of loss, alteration, destruction, disclosure or unauthorized access to User data or information.
- Subcontractors/Contractors/Recipients
The User of the Site and the Customer accept that Personal Data concerning them collected by the Data Controller may be transmitted to Subcontractors/Service Providers with whom it has a contractual relationship for the sole purpose of carrying out the above-mentioned purposes, provided that these third-party recipients of Personal Data are subject to regulations guaranteeing an appropriate and adequate level of protection as defined by the applicable Law.
VETOPHAGE uses the following Subcontractors for the following purposes:
|
Subcontractors |
Processing purposes |
Transfers outside the EU |
|
OVH |
Hosting of the Site and professional internal messaging. |
None |
|
SAGE |
Management of customer and prospect files |
None |
Hosting of the Site and professional internal messaging.
- Exercising the rights of Data Subjects and obtaining their consent
Site Users give their consent to the collection and Processing of their Personal Data by ticking the appropriate boxes on the Site.
The following rights are guaranteed by the Data Controller to any Data Subject: right of access, rectification, erasure and opposition, right to the limitation of Processing, right to data portabilitý, right not to be the subject of an automated individual decision (including profiling).
Any Data Subject may obtain a copy of his or her Personal Data, upon written request and addressed to the Data Controller.
By sending a written request, and at any time, Data Subjects may obtain a correction or deletion of their Personal Data.
All requests must be sent in writing to the following address: administration@vetophage.fr
At any time, Data Subjects may lodge a complaint with the CNIL (Commission Nationale de l’Informatique et des Libertés):
via its website (https://www.cnil.fr/fr/plaintes)
at the following address CNIL – Service des Plaintes – 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07.
- Security and confidentiality of Personal Data – Notification
The Data Controller undertakes to implement:
(a) physical security measures to prevent access to Personal Data by unauthorized persons,
(b) identity and access controls via an authentication system and a password policy,
(c) processes and devices enabling all actions carried out on its information system to be traced and, in accordance with regulations, to be reported in the event of an incident affecting Personal Data.
In terms of IT security, the Data Controller endeavors to apply the recommendations made by the CNIL in this area: password policy coupled with second authentication, regular modification of passwords, etc.
Where required by applicable law, the Data Controller shall notify the Site User, the Customer or any other Person concerned, and the relevant supervisory authority, of any violation of Personal Data within a maximum of 72 hours of becoming aware of it, by e-mail to the e-mail address at its disposal. This notification shall be accompanied by all relevant documentation.
- Documentation
The Data Controller establishes and maintains the documentation necessary to demonstrate compliance with all its obligations under applicable laws.
- Transfer
In the event of the transfer of all or part of the Personal Data subject to Processing to a Third Country, i.e. one located outside the European Union or which does not present a level of protection recognized as adequate within the meaning of the applicable Laws, or to an international organization, the Data Controller undertakes to provide the appropriate safeguards provided for within the applicable Laws and to ensure that these are respected by its Subcontractors.
Under no circumstances will the Data Controller sell, rent or use the personal data it receives other than for the specified purposes. Disclosure of Personal Data to third parties is carried out by the Data Controller only for the purposes of fulfilling the purposes and to third parties having the status of Subcontractors under the conditions set out herein.
- Updating of the Privacy Policy
The Data Controller regularly updates this Privacy Policy, which remains available on the Site at all times.
- Social networks
The Site may contain social network icons enabling users to express opinions or share content on these social networks (“share” or “like” buttons).
The Data Controller cannot be held responsible for content shared on these social networks.
- How to contact us
VETOPHAGE, 46 allée d’Italie, 69007 Lyon, France
administration@vetophage.fr