On (hereinafter the "Site"), the controller of the personal data is :
- HOLO ELECTRON
HOLO ELECTRON (hereinafter referred to as "we" or "us") undertakes to collect and process your data lawfully, fairly and transparently in accordance with the "GDPR" (General Data Protection Regulation) of 25 May 2018 and the new "Loi Informatique et libertés" (Law n°78-17 of 6 January 1978 on information technology, files and freedoms) on 29 May 2019 following the Decree No. 2019-536.
Our collection is limited to what is necessary, in accordance with the principle of data minimization. The definitions provided in Article 4 of the GDPR are applicable to this Policy. In the event of any changes to this policy, we undertake not to lower the level of privacy substantially without informing you in advance.
In this paper we will try to answer the following questions:
- What personal data do we process?
- For what purpose?
- On what legal basis?
- How long is the data kept?
- What are your rights?
- How can they be exercised?
You will also find our commitments regarding subcontracting, transfers, communication to third parties and in the event of a security breach. For any clarification or complaint, contact us.
Article 1 - Categories of personal data collected and processed
In the course of our business on this Site, you provide us with the following information by filling in the information form(s) and communicating with us:
- Civil status and contact information (title, surname, first name, company, position, postal address, telephone number and e-mail address) will enable us to identify you and communicate with you;
- Information relating to the contractual and commercial relationship (including details of products and/or services ordered) that you may have with us as well as banking information (bank details, card numbers and cryptogram) and transactional information (transaction date, amount, order number and invoice number).
Article 2 - Aims
- The identification of persons using this Site to order our products and/or services;
- The creation and management of the data subject's customer account and the execution of payment transactions made at his/her request;
- The processing of operations relating to the management of files concerning: orders; deliveries; invoices; accounting and follow-up of the commercial relationship;
- Managing the relationship with prospects and customers and people's opinions on products, services or content;
- Handling questions and possible complaints from individuals and managing requests for access, rectification and opposition rights;
- The respect of the modalities of online access to the accounts and management of the possible procedures of authentication (registration, connection and loss of password);
- Payment execution ;
- The development of commercial and advertising statistics;
- Prospecting and/or sending information (newsletter), which includes the follow-up of prospects, the management of technical prospecting operations, the selection of persons to carry out loyalty actions, prospecting, surveys, tests, promotions as well as the realization of solicitation operations;
- Participation in special events, such as competitions, games, prize draws, offers and participation in the loyalty programme, excluding online gambling subject to approval by the French Gaming Regulatory Authority;
- The prevention and fight against fraud and means of payment and in particular against bank card fraud;
- Management of unpaid bills and disputes;
- Improving the Site and our offerings;
- The security of the Site.
Article 3 - Legal basis
The legal basis for the processing of personal data within the meaning of Article 6 of the GDPR is that :
- The processing is necessary for the performance of the contractual relationship between us and/or you wish to enter into with us, since the personal data we collect and process are necessary for the execution of the purchases requested under our General Terms and Conditions (GTC);
- Or the processing is also necessary to protect our legitimate interests, in particular by enabling us to carry out commercial prospecting, to keep proof of transactions carried out and/or, if necessary, to carry out recovery;
- If required by law, or if not required in either of the above cases, we will ask for your consent.
Article 4 - Retention time
Personal data that is processed shall not be kept beyond the time necessary to fulfil the obligations defined at the time of the conclusion of the contract or imposed by the legislation in force. We keep personal data for the time strictly necessary to achieve the purposes described herein. Beyond this period, it may be anonymised and kept exclusively for statistical purposes.
Means of deleting data shall be put in place to provide for effective deletion once the period of retention or archiving necessary for the fulfilment of the purposes determined or imposed has been reached.
Article 5 - Cookies
You are informed that we are likely to deposit cookies on your terminal. The cookie records information relating to navigation on the service (the pages you have consulted, the date and time of the consultation, etc.) which we can read during your subsequent visits.
The maximum duration of conservation of cookies is 13 months after their first deposit in your terminal, as is the duration of the validity of your consent to the use of these cookies. The life of cookies is not extended at each visit. Your consent must therefore be renewed at the end of this period.
Cookies may be used for statistical purposes, in particular to optimise the services provided, based on the processing of information concerning the frequency of access, the personalisation of pages as well as the operations carried out and the information consulted. They may also be used for advertising purposes, in particular to offer you targeted content in banners and inserts on the Internet. Some features of the site, such as video players or interactive content, may use services offered by third parties and deposit cookies that allow them to identify your consultation of the content. Some cookies may also be used to store customer account information or shopping cart contents.
Article 6 - Your rights and remedies
You have the right to access your data, to correct or delete it, to ask questions, to limit the processing of your data, to portability and to erasure.
You also have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data whose legal basis is our legitimate interest, as well as a right to object to commercial prospecting. You may also withdraw your consent to processing at any time, without affecting the lawfulness of the processing based on the consent given prior to the withdrawal of consent.
In addition, you have the right to define general and specific directives defining the way in which you would like the above-mentioned rights to be exercised after your death. Finally, you may lodge a complaint with the CNIL if you feel that our responses are unsatisfactory.
For any request, you will be asked to prove your identity by any useful means and to justify, if necessary, the reasons for your request.
Requests to exercise your rights should be sent electronically to: firstname.lastname@example.org.
As of the exercise of the right to erasure, to object to processing or to withdraw consent, the proper functioning of the Site may be disrupted or interrupted. For example, if these rights are exercised at the time of ordering products or services, then said order may be cancelled and said service may be suspended.
The email you provide may be used to send you information via electronic mailings for example. If at any time you wish to unsubscribe and no longer receive these emails, you will find unsubscribe instructions at the end of each email.
More information on your rights: https://www.cnil.fr/fr/les-droits-pour-maitriser-vos-donnees-personnelles
Article 7 - Subcontracting
You are informed that we may use one or more subcontractors to carry out specific processing activities.
We undertake to ensure that any subcontractor provides sufficient contractual guarantees regarding the implementation of appropriate technical and organisational measures, so that the processing meets the requirements of the GDPR (General Data Protection Regulation).
Article 8 - Third parties
We do not share any personal data for commercial purposes with third parties without your consent.
If we disclose your personal data to a third party, we will ensure that the third party is bound by the same terms of confidentiality as we are.
On the basis of legal obligations, your personal data may be disclosed to public authorities in application of a law, a regulation or by virtue of a decision of a competent regulatory or judicial authority. In the case of deliveries of products abroad, personal data will be sent to customs authorities.
The personal data that you communicate to us at the time of your order are transmitted to our suppliers, subcontractors and/or subsidiaries for the treatment of this one. This information is considered strictly confidential, and these recipients only have access to the data necessary for the execution of the contract between us.
In the event that we become involved in a merger, acquisition or other form of asset transfer, we are committed to maintaining the confidentiality of your personal data and to informing you before your personal data is transferred or subjected to new privacy rules.
If you connect your account to an account on another service, such as a social network, that service may share your profile and login information with us, as well as any other information you have authorized to be shared.
This Site may provide links to other sites, applications and services which may be operated by third parties. In this case, we are not responsible for the processing of personal data by these third party sites, whose privacy policies the user should consult for further information.
Article 9 - Transfer abroad
We undertake to comply with the applicable regulations relating to the transfer of data to countries outside the European Union, in particular in the following ways:
- We will only transfer visitor, prospect and customer data to countries that are recognised as offering an equivalent level of protection; If transferring to the United States, to organisations that have joined the EU-US Privacy Shield only;
- We will only transfer personal data outside of countries recognized by the CNIL as having a sufficient level of protection if we have obtained authorization from the CNIL to do so.
Article 10 - Security
We undertake to implement all appropriate technical and organisational measures using physical and logistical security measures to guarantee a level of security adapted to the risks of accidental, unauthorised or illegal access, disclosure, alteration, loss or destruction of personal data concerning you.
In the event that we become aware of unlawful access to your personal data stored on our servers or those of our service providers, or of unauthorised access resulting in the risks identified above, we undertake to:
- Notify you of the incident as soon as possible if this is a legal requirement;
- Examine the causes of the incident;
- To take the necessary measures within reasonable limits in order to reduce the negative effects and prejudices that may result from the said incident
Under no circumstances shall the undertakings set out in the above point be considered as an admission of fault or responsibility for the occurrence of the incident in question.
Article 11 - Legislation
Article 12 - Consent