What is the purpose of this policy?
We attach great importance to the protection and confidentiality of your personal data, which represent for us a pledge of seriousness and trust.
The data confidentiality policy is precisely a testimony of our will to ensure compliance with the applicable rules on data protection and, in particular, those of the General Data Protection Regulation (“GDPR”).
Who does this policy apply to?
The policy applies to you, regardless of where you live, whether you are a customer, a potential customer (“prospect”) or just a visitor to www.derfi.fr.
If you are a candidate for a position within DERFI, we invite you to consult the appropriate policy on the page relating to recruitment.
If you are under 15 years old, you are not allowed to use our services without the prior and explicit consent of one of your parents, which must be sent in writing to email@example.com. If you believe that we may be holding information about a child of yours under the age of 15 without consent, you may request that we delete that information at firstname.lastname@example.org.
Why do we process your data?
As part of the services we offer, we may need to process your personal data for the following reasons and purposes:
- So that you can benefit from our services (e.g.: download a data sheet, access our services, etc.) and to respond to your requests (e.g.: request for information, request for a quote, etc.) on the basis of our general terms and conditions of sale, our general terms and conditions of use, and our legitimate interest in providing you with the best possible service.
- So that you can subscribe and receive our newsletter which will inform you of all the news concerning our services on the basis of your consent.
- To guarantee and reinforce the security and quality of our services on a daily basis (e.g. statistics, data security, etc.) based on our legal obligations, our general terms and conditions of sale and our legitimate interest in ensuring the proper functioning of our services.
Finally, we may also install “Cookies” on your terminal. For more information on the use of “Cookies”, we invite you to consult our “Cookies Policy”.
We will only process your data for the purposes described above. However, when you voluntarily post content on the pages we publish on social networks, you acknowledge that you are fully responsible for any personal information you may transmit, regardless of the nature and origin of the information provided.
What data do we process and for how long?
If you would like to know more about our retention periods, you can contact us at email@example.com.
- Professional identification and contact data (e.g. last name, first name, professional email address, business address, etc.) are kept for the duration of the service provided, plus the legal statute of limitations, which is generally 5 years.
- When there is a confusion between the name of your structure and your personal name (e.g.: auto-entrepreneur, VSE, etc.), economic and financial data (e.g.: bank account number, verification code, etc.) kept for the duration necessary for the transaction and the management of the invoicing and payments to which are added the legal prescription periods which are generally from 5 to 10 years
- Data for the purposes of commercial prospecting, marketing and subscription to our newsletter (e.g.: email address, etc.) kept for a maximum of 3 years from the last contact we had with you.
- Connection data (e.g. logs, IP address, etc.) kept for a period of 1 year.
Once the retention periods summarized above have expired, we will delete all your personal data to ensure your privacy for years to come.
The deletion of your personal data is irreversible and we will no longer be able to communicate them to you after this period. At most, we can only keep anonymous data for statistical purposes.
Please also note that in case of litigation, we are obliged to keep all your data for the entire duration of the case, even after the expiry of the retention periods described above.
What rights do you have to control the use of your data?
The applicable data protection regulations grant you specific rights that you can exercise, at any time and free of charge, to control the use we make of your data.
- The right to access and copy your personal data, provided that this request does not conflict with business secrecy, confidentiality, or the secrecy of correspondence.
- Right to rectify personal data that are erroneous, obsolete or incomplete.
- The right to object to the processing of your personal data for commercial prospecting purposes.
- Right to request the deletion (“right to be forgotten”) of your personal data that are not essential to the proper functioning of our services.
- Right to the limitation of your personal data which allows to photograph the use of your data in case of dispute on the legitimacy of a processing.
- Right to the portability of your data which allows you to recover part of your personal data in order to store them or transmit them easily from one information system to another.
The right to give instructions on what to do with your data in the event of your death, either through you or through a trusted third party or successor.
In order for a request to be considered, it must be made directly by you at firstname.lastname@example.org. Any request that is not made in this manner cannot be processed.
We will respond to your request as soon as possible, within two months of receipt, in the event that the request is technically complex or if we receive many requests at the same time.
Please note that we can always refuse to respond to any excessive or unfounded request, especially if it is repetitive.
Who can access your data?
We will only share your data with those who are authorized to use it to carry out our services. This may include our staff in charge of the implementation of the service, accounting, marketing or even the security of our premises.
We may also share your data with public authorities, external advisors and practitioners, and service providers or possibly business partners.
How do we protect your data?
We implement all the technical and organizational means required to guarantee the security of your data on a daily basis and, in particular, to fight against any risk of destruction, loss, alteration, or disclosure of your data which would not be authorized.
For example, your data is backed up on a regular basis and is encrypted in order to reinforce its security on a daily basis. In addition, access to your personal space can be locked in case of multiple unsuccessful login attempts.
Can your data be transferred outside the European Union?
Unless it is strictly necessary and exceptional, we never transfer your data outside the European Union and your data is always hosted on European soil. In addition, we make every effort to use only service providers who host your data within the European Union.
Should our service providers nevertheless transfer your personal data outside the European Union, we take great care to ensure that they implement appropriate safeguards to ensure the confidentiality and protection of your data.
Who can you contact for more information?
Our Data Protection Officer (“DPO”) is always available to explain in more detail how we process your data and to answer your questions on the subject at email@example.com.
How can you contact the CNIL?
You can contact the French data protection supervisory authority (the “Commission Nationale de l’Informatique et des Libertés” or “CNIL“) at any time at the following address CNIL Complaints Department, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 or by telephone at 01.53.73.22.22.
Can the policy be changed?