ARTICLE 1: PREAMBLE
The purpose of this confidentiality policy is to expose users of the site to:
The way in which their personal data is collected and processed. All data capable of identifying a user must be considered personal data. These include the first and last name, age, postal address, email address, location of the user or even their IP address.
What are the rights of users regarding this data?
Who is responsible for the processing of personal data collected and processed;
To whom this data is transmitted;
Eventually, the site’s policy in terms of “cookie” files.
ARTICLE 2: GENERAL PRINCIPLES REGARDING DATA COLLECTION AND PROCESSING
In accordance with the provisions of Article 5 of European Regulation 2016/679, the collection and processing of data from users of the site respects the following principles:
Lawfulness, loyalty and transparency: data can only be collected and processed with the consent of the user who owns the data. Each time personal data is collected, the user will be informed that their data is being collected, and for what reasons their data is being collected.
Limited purposes: the collection and processing of data is carried out to meet one or more objectives determined in these general conditions of use
Minimization of data collection and processing: only the data necessary for the proper execution of the objectives pursued by the site are collected
Retention of reduced data over time: the data is kept for a limited period, of which the user is informed. When this information cannot be communicated, the user is informed of the criteria used to determine the retention period;
Integrity and confidentiality of data collected and processed: the data controller undertakes to guarantee the integrity and confidentiality of the data collected
In order to be lawful, and in accordance with the requirements of Article 6 of European Regulation 2016/679, the collection and processing of personal data can only take place if they comply with at least one of the conditions below. after listed
The user has expressly consented to the processing;
Processing is necessary for the proper performance of a contract;
The processing meets a legal obligation;
The processing is explained by a necessity linked to the protection of the vital interests of the data subject or of another natural person
The processing and collection of personal data is necessary for the purposes of the legitimate and private interests pursued by the controller or by a third party.
ARTICLE 3: PERSONAL DATA COLLECTED AND PROCESSED IN THE FRAMEWORK OF BROWSING ON THE SITE
A. DATA COLLECTED AND PROCESSED AND METHOD OF COLLECTION
The personal data collected on the Bleu elements website are as follows:
First name, Last name Email address
This data is collected when the user performs one of the following operations on the site:
When the User uses the contact form to send a request
When the User uses the application form to apply.
The data controller will keep in his computer systems of the site and under reasonable security conditions all the data collected for a period of: -Applications: 2 years
-When the User uses the application form to apply.
The data controller will keep all the data collected in its computer systems on the site and under reasonable security conditions for a period of: – Applications: 2 years;
-Contractual, commercial documents: 3 years;
The collection and processing of data serves the following purposes:
Response to requests sent via the contact form.
Response to requests sent via the application form.
The data processing carried out is based on the following legal bases:
B. TRANSMISSION OF DATA TO THIRD PARTIES
The personal data collected by the site are not transmitted to any third party, and are only processed by the site editor.
C. DATA HOSTING
The Bleu elements site is hosted by: AWS
The data collected and processed by the site are exclusively hosted and processed in France.
ARTICLE 4: DATA PROCESSING RESPONSIBLE AND DATA PROTECTION OFFICER
A. THE DATA PROCESSOR
The person responsible for processing personal data is: Sidonie Bouchet. He can be contacted as follows:
The data controller is responsible for determining the purposes and means used for the processing of personal data.
B. OBLIGATIONS OF THE DATA PROCESSOR
The data controller undertakes to protect the personal data collected, not to transmit them to third parties without the user having been informed and to respect the purposes for which these data were collected.
The site has an SSL certificate to guarantee that the information and data transfer passing through the site are secure.
An SSL certificate (“Secure Socket Layer” Certificate) aims to secure the data exchanged between the user and the site.
In addition, the data controller undertakes to notify the user in the event of rectification or deletion of the data, unless this entails disproportionate formalities, costs and procedures for him.
In the event that the integrity, confidentiality or security of the user’s personal data is compromised, the controller undertakes to inform the user by any means.
C. THE DATA PROTECTION OFFICER
Furthermore, the user is informed that a Data Protection Officer has been appointed: Sidonie BOUCHET
The role of the Data Protection Officer and to ensure the proper implementation of national and supranational provisions relating to the collection and processing of personal data. He can also be named DPO (for Data Protection Officer).
The Data Protection Officer can be contacted as follows:
ARTICLE 5: USER RIGHTS
In accordance with the regulations concerning the processing of personal data, the user has the rights listed below.
In order for the data controller to comply with his request, the user is required to communicate to him: his first and last name as well as his e-mail address.
The Data Controller is obliged to respond to the User within 30 (thirty)
A. PRESENTATION OF THE USER’S RIGHTS REGARDING DATA COLLECTION AND PROCESSING
has. Right of access, rectification and right to erasure
The user can read, update, modify or request the deletion of the data concerning him, by respecting the procedure set out below.
The user must send an e-mail to the person responsible for processing personal data, specifying the subject of his request, to the contact e-mail address.
b. Right to data portability
The user has the right to request the portability of his personal data, held by the site, to another site, by complying with the procedure below
The user must make a request for the portability of his personal data to the data controller, by sending an e-mail to the address provided above.
vs. Right to restriction and opposition of data processing
The user has the right to request the limitation or to oppose the processing of his data by the site, without the site being able to refuse, except to demonstrate the existence of legitimate and compelling reasons, which may prevail over the interests and the rights and freedoms of the user.
In order to request the limitation of the processing of his data or to oppose the processing of his data, the user must follow the following procedure
the user must make a request to limit the processing of his personal data by e-mail to the data controller
d. Right not to be the subject of a decision based exclusively on an automated process
In accordance with the provisions of Regulation 2016/679, the user has the right not to be the subject of a decision based exclusively on an automated process if the decision produces legal effects concerning him, or significantly affects him similar way
e. Right to determine fate of data after death
The user is reminded that he can organize what should be the future of his data collected and processed if he dies, in accordance with law n ° 2016-1321 of October 7, 2016.
f. Right to appeal to the competent supervisory authority
In the event that the data controller decides not to respond to the user’s request, and the user wishes to contest this decision, or, if he believes that one of the rights listed above, he is entitled to refer the matter to the CNIL (Commission Nationale de l’Informatique et des Libertés, https://www.cnil.fr) or any competent judge.
B. PERSONAL DATA OF MINORS
In accordance with the provisions of Article 8 of European Regulation 2016/679 and the Data Protection Act
Freedoms, only minors aged 15 or over can consent to the processing of their personal data
If the user is a minor under 15 years of age, the consent of a legal representative will be required so that personal data can be collected and processed.
The site editor reserves the right to verify by any means that the user is over 15 years old, or that he or she has obtained the consent of a legal representative before browsing the site.
ARTICLE 6: CONDITIONS FOR MODIFICATION OF THE CONFIDENTIALITY POLICY
The site editor reserves the right to modify it in order to guarantee its compliance with current law.
Consequently, the user is invited to regularly consult this confidentiality policy in order to stay informed of the latest changes that will be made to it.
The user is informed that the last update of this confidentiality policy took place on: 11/22/2022