Updated on the January 25, 2021

Within the framework of its activity, COMMEDI collects and processes the personal data of its users (hereafter the “Users”).

The present privacy policy, established by COMMEDI, is intended to provide Users with synthetic and global information on the processing of personal data operated by COMMEDI.

COMMEDI attaches particular importance to the respect of Users’ privacy and the confidentiality of their personal data, and thus undertakes to process the data in compliance with applicable laws and regulations, and in particular Law n° 78-17 of 6 January 1978 relating to information technology, files and freedoms (hereinafter the “Data Protection Act”), and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR”).

DEFINITIONS

Personal data : Personal data is any information relating to an identified or identifiable natural person, i.e. a person who can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to that person.

Processing of personal data : constitutes processing of personal data, any operation or set of operations concerning such data, regardless of the process used, and in particular the collection, recording, organization, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, andlocking, erasure or destruction.

Cookie : A cookie is a piece of information deposited on the internet user hard disk by the server of the site he visits. It contains several pieces of information: the name of the server that placed it, an identifier in the form of a unique number, and possibly an expiration date. This information is sometimes stored on the computer in a simple text file that a server accesses to read and record information.

DATA CONTROLLER – DPO

The person in charge of processing the personal data referred to herein is COMMEDI, registered in the Auxerre Trade and Companies Register under number 852 294 784, and whose head office is located at Z.A. Les Hâtes du Vernoy, 89130 TOUCY, FRANCE.

COMMEDI can be contacted at the following address: contact@commedi.net.

COMMEDI collects Users’ data in order to provide them with the services for which they have subscribed on the commedi.fr website.

The mandatory or optional nature of the data provided (in order to finalize the User’s registration and provide him with COMMEDI services) is indicated at the time of collection by an asterisk.

In addition, certain data are collected automatically as a result of the User’s actions on the site (see paragraph on cookies).

PURPOSE

The personal data collected by COMMEDI in the course of providing the services are necessary for the performance of the contracts concluded with the User, or to enable COMMEDI to pursue its legitimate interests in the respect of the User’s rights. Certain data may also be processed on the basis of the User’s consent.

The purposes for which COMMEDI processes data are the following :

         -the commercial and accounting management of the contract,

         -the management of activation and marketing activities,

         -detection of malicious behavior (fraud, phishing, spam, etc.),

         -improving the user experience on the site,

         -more generally, any purpose referred to in Article 2 of Deliberation No. 2012-209 of June 21, 2012 creating a simplified standard concerning the automated processing of personal data relating to the management of users and prospects.

DATA RECIPIENTS

The personal data collected are intended for COMMEDI’s sales and accounting departments. It may be transmitted to subcontractors that COMMEDI may call upon in the context of the execution of its services.

In this context, personal data may be transferred to a country within or outside the European Union. COMMEDI implements guarantees ensuring the protection and security of this data, in compliance with the regulations.

COMMEDI does not transfer or rent personal data to third parties for marketing purposes without the express consent of COMMEDI Users.

Apart from these hypotheses, the disclosure of personal data to third parties may only occur in the following cases :

         -upon authorization from them,

         -at the request of legally competent authorities, upon judicial requisition, or within the framework of a legal dispute.

DATA RETENTION PERIOD

In order to meet its legal obligations or to have the necessary elements to enforce its rights, COMMEDI may archive the data under the conditions provided for by the regulations.

Thus, the personal data collected by COMMEDI relating to the identity and contact details of its Users are archived for a maximum period of two years after the termination of the contractual relationship for client Users, or from the date of their collection by the data controller or the last contact from the prospect User for data relating to the latter.

Termination of the contractual relationship is understood as the express termination of the contract by the User or the non-use of COMMEDI services for a period of five years.

USER’S RIGHT

In accordance with the regulations, the User has the right to access and rectify data concerning them, which allows them to rectify, complete, update or delete data that are inaccurate, incomplete, equivocal, outdated or whose collection, use, communication or storage is prohibited.

The User also has the right to request the limitation of the processing, and to object for legitimate reasons to the processing of his personal data. The User may also communicate instructions on the fate of their personal data in the event of their death.

Where applicable, the User may request the portability of their data, or, where the processing has consent as its legal basis, withdraw their consent at any time.

The User may exercise their rights by sending an email to contact@commedi.net.

The User may also modify their data at any time by logging on to commedi.fr and clicking on “My account” or by contacting the customer relations department at contact@commedi.net.

The User may unsubscribe from COMMEDI’s newsletter or marketing emails by following the unsubscribe links included in each of these emails.

In case of dispute, the User may file a complaint with the CNIL, whose contact information is available at https://www.cnil.fr.

The User may access detailed information on the use of their personal data, in particular concerning the purposes of the processing, the legal bases allowing COMMEDI to process the data, their retention periods, their recipients and, if applicable, the transfers thereof to a country outside the European Union as well as the guarantees implemented. To do so, the User may send his request by email to contact@commedi.net.

COOKIES

For further information on how COMMEDI manages cookies, please visit our Legal Notice page.

SECURITY

COMMEDI has taken all necessary precautions to preserve the security of personal data and, in particular, to prevent them from being deformed or damaged or from being accessed by unauthorized third parties.

These measures include the following:

         -Multi-level firewall,

         -recognized anti-virus and intrusion detection tools,

         -encrypted data transmission using SSL/https/VPN technology,

         -Tier 3 and PCI DSS certified data centers

Moreover, access to the processing by COMMEDI’s recipient services requires authentication of the persons accessing the data, by means of an individual access code and password, sufficiently robust and regularly renewed.

The data transiting on non-secure communication channels are subjected to technical measures aiming at making these data incomprehensible to any unauthorized person.

Any questions regarding the security of the COMMEDI website can be addressed to contact@commedi.net.

PRIVACY POLICY CHANGES

COMMEDI reserves the right to change this Privacy Policy in order to comply with changes in applicable laws and regulations.

The modifications made will be available on our website, in the dedicated section.

APPLICABLE LAW AND REMEDIES

You expressly agree that any dispute that may arise hereunder, including but not limited to its interpretation or performance, shall be referred to arbitration under the rules of the mutually agreed upon arbitration platform, to which you shall adhere without reservation.