What is the policy on the use of personal data?
This policy informs you of the characteristics of these processing operations and your rights regarding your personal data.
Who is responsible for this policy?
The data controller is the company Reach Your Market, represented by its legal representative Mr. Pascal Pizelle.
The contact details of the data controller are as follows: 11 rue Aimé Berey, 38000 Grenoble – France
The person in charge can be reached at the following number: +33 4 76 25 94 70
The contact e-mail address is: firstname.lastname@example.org.
Who is this policy for?
This policy is addressed to the users of the site.
It concerns :
The people to whom we have entrusted technical services (hosting provider, maintenance, site security);
People who have access to the site’s back-office for its administration;
The persons who write or who are quoted in the contents of the site;
People who create an account on the site;
The people who contact us through the contact form of the site;
The people we reference on the site as partners.
What is the purpose of the data collected (purposes)?
The purpose of the processing is the management of the website.
This processing allows :
The management of subscriptions to the newsletter (newsletter);
The technical management of the site (maintenance, hosting, site security);
The administration of the website;
The management of the editorial contents of the site;
The management of online accounts;
The management of information requests via the contact form;
The referencing of partner persons on the site.
Legal basis of the processing: what gives us the right to process the data
The legal bases of the processing operations are as follows:
For the management of subscriptions to the newsletter (newsletter), the legal basis is the consent of the subscriber;
For the technical management of the site (maintenance, hosting, site security), the legal basis is the legitimate interest;
For the administration of the website, the legal basis is the legitimate interest;
For the management of the editorial contents of the site, the legal basis is the consent of the persons whose information is published;
For the management of online accounts, the legal basis is the legitimate interest or consent;
For the management of requests for information through the contact form, the legal basis is the legitimate interest (to allow online communication) or the execution of pre-contractual measures (to make estimates at the request of the persons);
For the referencing of partner persons on the site, the legal basis is the consent of these persons.
Duration of data retention
Data undergoing processing are kept for no longer than is necessary for the purposes for which they are recorded (principle of minimisation of processing).
The maximum storage periods are as follows:
For the management of subscriptions to the newsletter (newsletter): the e-mail address is kept as long as the person concerned does not unsubscribe;For the technical management of the site (maintenance, hosting, site security): 12 months for IP addresses and connection logs;
For the administration of the website: as long as the persons concerned administer the site;
For the management of the editorial contents of the site: 5 years from the date of publication;
For the management of online accounts: as long as the account is active, then for 5 years;
For the management of enquiries via the contact form: 3 years from the date of the enquiry;
For the management of the support service or after-sales service online: 5 years from the request;
For the referencing of partners on the site: 5 years from publication;
The controller processes the following categories of data:
Civil status, identity, identification data, images (surname, first name, address, photograph, date and place of birth, etc.) ;
Connection data (IP addresses, logs, terminal identifiers, connection identifiers, timestamp information, etc.) ;
Economic and financial information (income, financial situation, bank details, etc.).
Mandatory or optional nature of data collection
The data collected are mandatory for the purposes of processing.
Sources of the data
The data are transmitted directly by the data subject.
Recipients of the data
Depending on their respective needs, all or part of the data are recipients:
The persons in charge of technical services (hosting provider, maintenance, site security);
The editors of the site;
What security measures have been put in place?
The data controller implements the appropriate technical and organisational measures in order to guarantee a level of security appropriate to the risk.
The controller shall take measures to ensure that any natural person acting under the authority of the controller or under the authority of the processor, who has access to personal data, does not process them, except on instructions from the controller, unless obliged to do so.
The following specific security measures have been taken :
All processed data are transmitted in encrypted form using the HTTPS protocol;
The server has anti-DDOS protection and a firewall configured specifically for WordPress.
The existence or not of a data transfer to a country outside the European Union and associated guarantees
The data controller does not carry out any transfer of personal data outside the European Union.
Automated decision making
The processing involves fully automated decision making. The controller undertakes to comply with the conditions of Article 22 of the DPMR.
Fate of personal data after death – Right of access, rectification, deletion and portability of data
The data subject of a processing operation may lay down guidelines for the storage, erasure and disclosure of his or her personal data after his or her death. These guidelines may be general or specific.
The data subject also has a right of access, opposition, rectification, deletion and, under certain conditions, portability of his personal data. The data subject has the right to withdraw his or her consent at any time if consent constitutes the legal basis for the processing operation.
The request must indicate the surname and first name, e-mail or postal address, of the data subject and be signed and accompanied by a valid proof of identity.
They may exercise these rights by contacting Mr. Pascal Pizelle, manager of the company Reach Your Market.
The data subject of a processing operation has the right to lodge a complaint with the supervisory authority (CNIL): https://www.cnil.fr/fr/webform/adresser-une-plainte.