What is the personal data process policy about?
This policy informs you of the characteristics of the processing of your personal data and of your rights concerning them.
Who is responsible for this policy?
The person in charge of processing is the company Reach Your Market, represented by its legal representative Mr. Pascal Pizelle
The contact details of the data processing manager are as follows: 11 rue Aimé Berey, 38000 Grenoble - France
The manager can be reached at the following number: +33 4 76 25 94 70
The contact email address is: firstname.lastname@example.org
Who is this policy for?
This policy is addressed to the users of the site.
It concerns :
- People to whom we have assigned technical services (host, maintenance, site security);
- People who have access to the back-office of the site for its administration;
- People who write or are mentioned in the contents of the site;
- People who create an account on the site
- People who contact us through the contact form of the site ;
- People we mention on the site as partners.
What is the purpose of the collected data ?
The purpose of the processing is to manage the website.
This processing allows
- Management of newsletter subscriptions;
- Technical management of the site (maintenance, hosting, site security);
- Website administration;
- Managing the editorial content of the site;
- Online account management;
- The management of information requested through the contact form;
- The referencing of the partners on the site.
Legal basis for processing: what gives us the right to process the data
The legal bases for the data processing are the following:
- For the management of subscriptions to the newsletter, the legal basis is the consent of the subscriber;
- For the technical management of the site (maintenance, hosting, site security), the legal basis is the legitimate interest;
- For the administration of the website, the legal basis is the legitimate interest;
- For the management of the editorial contents of the site, the legal basis is the consent of the persons whose information is published;
- For online account management, the legal basis is legitimate interest or consent;
- For the management of information requested through the contact form, the legal basis is the legitimate interest (to allow online communication) or the execution of pre-contractual measures (realization of estimates at the request of the persons);
- For the referencing of partners on the site, the legal basis is the consent of these persons.
Duration of data conservation
The data being processed are kept for a period not exceeding that necessary for the purposes for which they are recorded (principle of minimization of processing).
The maximum retention periods are as follows:
- For the management of subscriptions to the newsletter: the e-mail address is kept as long as the person concerned does not unsubscribe; For the technical management of the site (maintenance, hosting, site security): 12 months for IP addresses and connection logs;
- For the administration of the website: as long as the persons concerned administer the site;
- For the management of the editorial contents of the site: 5 years as from their publication;
- For online account management: as long as the account is active and then for 5 years;
- For the management of information requested through the contact form: 3 years from the date of the request;
- For the management of online support or after-sales service: 5 years from the date of the request
- For the referral of partners on the site: 5 years from publication;
The data manager processes the following categories of data
- Civil status, identity, identification data, images (last name, first name, address, photograph, date and place of birth, etc.);
- Connection data (IP addresses, logs, terminal identifiers, connection identifiers, timestamp information, etc.);
- Economic and financial information (income, financial situation, bank details, etc.).
Mandatory or optional nature of data collection
The collected data are mandatory in order to achieve the purposes of the processing.
The data are transmitted directly by the person concerned.
The recipients of the data
According to their respective needs, are recipients of all or part of the data
- People in charge of technical services (hosting provider, maintenance, site security);
- The editors of the site;
What security measures are in place?
The data manager implements appropriate technical and organizational measures to ensure a level of security adapted to the risk.
The manager shall take measures to assure that any natural person acting under the authority of the manager or the processor, who has access to personal data, shall not process them unless instructed to do so by the manager.
The following specific safety measures have been taken
- All processed data is transmitted encrypted via the HTTPS protocol;
- The server has anti-DDOS protection and a firewall configured specifically for WordPress.
The existence or not of a transfer of data to a country out of European Union and associated guarantees
The data manager does not transfer personal data outside the European Union.
Automated decision making
The processing involves fully automated decision making. The manager undertakes to comply with the conditions of Article 22 of the GDPR.
Fate of personal data after death - Right of access, rectification, deletion and portability of data
The person concerned by data processing can set up directives regarding the conservation, the deletion and the communication of his personal data after his death. These directives can be general or specific.
The person concerned also has the right to access, object to, rectify, delete and, under certain conditions, port his or her personal data. The person concerned has the right to withdraw consent at any time if consent is the legal basis for the processing.
The request must indicate the name and surname, e-mail or postal address of the person concerned, and be signed and accompanied by a valid proof of identity.
He/she can exert these rights by addressing to Mr. Pascal Pizelle, manager of the company Reach Your Market
The person concerned by data processing has the right to lodge a complaint with the control authority (CNIL): https://www.cnil.fr/fr/webform/adresser-une-plainte