- What personally identifiable information is collected from you through the website, how it is used and with whom it may be shared.
- The choices you have regarding the use of your data.
- Security procedures in place to protect the misuse of your information.
- how you can correct any inaccuracies in the information.
Advance Paris is committed to complying with applicable legal and regulatory requirements in which we operate and when we collect, use, store and process personal data. As part of an ongoing activity, we reserve the right to revise and amend the provisions of this policy at any time in order to protect personal data with the assurance of the right of the data subject. Customers are encouraged to review this policy from time to time.
In the context of our newsletter and taking into account the agreement on the processing of personal data (DPA), we entrust the custody, protection and management of data related to the newsletter to Sendinblue.
II. What information is collected?
We may collect your personal or non-personal data, directly or indirectly. Personal data refers to any information relating to an identified or identifiable natural person, directly or indirectly, by means of an identifier or one or more elements specific to his or her identity. It can be for example a name, a first name, an email address, a location, an ID card number, an IP address, a photo, your payment information, your audio sources, the network you use, etc…
We undertake not to include in the mailing lists uploaded to the platform any personal data known as “sensitive” within the meaning of Article 9 of the GDPR.
Data subjects are any individual whose email address is included in the distribution list, whose information is stored or collected through our services, or persons to whom we send emails or engage or communicate with through the services, specifically customers and prospects.
Network Studio does not collect or process “sensitive” data such as ethnic origin, political opinions or beliefs, union membership, etc.
Network Studio does not retain documents that may contain personal data beyond their minimum legal retention period:
- Commercial correspondence
- Contract with a supplier or a customer
- Quotation, purchase order, invoice
- Hosted customer data
III. Purpose of the processing
- registration to use the site ;
- buy products, browse, use, subscribe to Advance Paris newsletters via the website; – discover the points of sale;
- visit Advance Paris’ various social media platforms and create user-generated content on these platforms (such as likes, comments, discussions, private messages, user requests, etc.);
- Submission of surveys and/or event questionnaires (e.g. via web forms on the website) and participation in sales promotions;
- enrollment in product warranties and maintenance services ;
- Customer service or support requests on the site;
- Storage of contact listings;
- Sending of messages by email or SMS, in an automated way or not (in particular follow-up of order, confirmation of order, newsletters);
- Storage and analysis of email deliverability data;
- Retargeting display;
- Collection of consents;
- Analysis of email recipient behavior (tracking of open rates, click-through rates and bounce rates at the individual level);
IV. How is the information collected?
We only have access to information that you voluntarily provide to us via email or other direct contact. We will not sell or rent this information to anyone.
VI. Social networks
VII. How do we keep and protect the
Information collected ?
We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.
Sendinblue provides a data protection agreement to meet the adequacy and security requirements of the Data Protection Directive issued by the European Parliament and the Council of the European Union, and the General Data Protection Regulation (GDPR).
Sendinblue undertakes to take all necessary precautions, in view of the nature of the personal data and the risks presented by the processing, to preserve the security of the Personal Data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorized third parties.
Sendinblue undertakes in this context to implement all appropriate technical and organizational security and confidentiality measures. Sendinblue undertakes to notify the Data Controller of any personal data breach, within a maximum of 72 hours of becoming aware of it, in particular in order to allow the Data Controller to comply with the obligation set forth in Article 33 of the RGPD. This notification will be accompanied by any useful documentation to enable the Data Controller, if necessary, to notify this violation to the competent supervisory authority.
Whenever we collect sensitive information (such as credit card data), it is encrypted and transmitted to us securely. You can verify this by looking for the closed padlock icon at the bottom of your web browser, or by looking for “https” at the beginning of the web page address.
While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) have access to your personally identifiable information. The computers/servers on which we store personally identifiable information are kept in a secure environment.
We respect your privacy, and ensuring the security of your personal information is an important part of our job. Any personal information you provide is strictly for ordering purposes and is not loaned or sold to anyone for any reason.
As part of its services of expertise / support and web design, Network Studio undertakes to use only tools that comply with the General Regulation on the Protection of Personal Data and to encourage its customers to respect this regulation.
As part of its hosting services (housing, hosting on virtual machine, shared hosting, messaging, etc.), Network Studio refrains from accessing or exploiting the data of its customers, including connection logs and the content of emails, except for an express and motivated request from the Customer or legal authorities or as part of incident management. All data of Network Studio and its Customers are stored exclusively on the French territory. Network Studio ensures the logical security of its own hosting infrastructure in compliance with the rules of the art in terms of computer security.
Any incident affecting the confidentiality of data (unauthorized access, loss, disclosure or alteration of data) is reported to the Customer as soon as possible.
Databank France ensures the security of the datacenter where Network Studio’s hardware infrastructure is installed in Paris, as well as the telecommunications infrastructure under its responsibility. The Databank Customer Privacy Statement is available for download at the following URL: https://www.databank.com/privacy/. Network Studio will not change the location of the data without prior notice to the Customer.
VIII. Recipients of personal data
Personal data are only communicated to those employees who need to know them in order to provide the services and these employees are aware of the instructions and undertake to process the data only in strict compliance with them and for no other purpose.
Sendinblue undertakes to keep a register with a list of the processing operations carried out on behalf of the Data Controller, including all the information listed in Article 30 of the GDPR.
In order to perform the service, Sendinblue may use subcontractors who will have access to/process the personal data entrusted to them. A list of affected subcontractors is available at https://bit.ly/subcontactors-SIB-FR-int. The subsequent subcontractor is required to meet the obligations of the DPA. It is Sendinblue’s responsibility to ensure that the subsequent processor presents sufficient guarantees regarding the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the GDPR. Sendinblue shall remain fully liable to the controller for the performance by the sub-processor of its obligations.
In accordance with the legal provisions of the General Data Protection Regulation, Network Studio only collects and processes personal data of its stakeholders that is necessary for its business. It is only the contact information of its interlocutors collected and kept for business development purposes or for the administration of the services sold.
We will not share your information with third parties outside of our organization except as necessary to fulfill your request, such as shipping an order.
IX. Length of retention of personal data
The duration of data processing under the DPA is the duration of the contractual relationship between Sendinblue and Advance Paris, in accordance with the Sendinblue GTC.
At any time during the performance of the services, the data controller may access or delete the personal data processed by Sendinblue directly from his account. At the end of the contractual relationship, at the option of the data controller, Sendinblue undertakes to destroy all personal data, or to return them to the data controller or to another processor designated by it, if technically feasible and within a maximum period of 3 months. The removal shall be accompanied by the destruction of existing copies in Sendinblue’s information systems, unless required to be retained by applicable law. Sendinblue undertakes to provide the data controller, upon request, with proof of such destruction.
Advance Paris is solely responsible for the management of data retention periods. Sendinblue is only responsible for the deletion of such data at the end of its contractual relationship.
Network Studio does not retain documents that may contain personal data beyond their minimum legal retention period:
- Commercial correspondence: 3 years from the end of the commercial relationship
- Contract with a supplier or a customer: 5 years from the date the document expires
- Quotation, purchase order, invoice: 10 years from the end of the fiscal year
- Hosted customer data: at the end of the service
- Connection logs: 1 year
X. User's rights: the right to refuse collection, the right to access, rectify and delete data
You can choose not to be contacted by us at any time. You may do the following at any time by contacting us at the email address or phone number listed on our website:
- See what data we have about you, if any.
- Change/correct the data we hold about you.
- Ask us to delete any data we hold about you.
- Express any concerns about our use of your data.
Sendinblue undertakes to process data only for the purpose of performing the services, to process personal data in accordance with the instructions of the controller. If Sendinblue considers an instruction to be a violation of the GDPR, it will notify us immediately.
XI. Right to withdraw consent and time limits for ceasing data processing
As part of our processing of collected information based on your consent, you have the right to withdraw your consent at any time. You can do this by using the link at the end of each email sent to you or by contacting us at the following email address: email@example.com. Please note that withdrawing your consent may prevent us from responding to your requests or providing our services to you.
XII. Right to provide instructions on your Collected Information
You may provide us with instructions on what to do with your personal information in the event of your death.
XIII. Your right as a subject
If you wish to exercise your rights as described above, or for any contact related to privacy protection, please contact Advance Paris S.A.S. by sending your request to Advance Paris S.A.S., 13 rue du Coq gaulois, 77170 Brie Comte Robert, France or by sending an e-mail to firstname.lastname@example.org.
XIV. Children's privacy
We do not knowingly collect personal information from children under the age of thirteen (13) because our products and services are not intended for them. If we are notified that we have collected or received information from a child under the age of thirteen (13), we will delete that information.
XVI. Person in charge of the treatment
Advance Paris S.A.S. 13 Rue du Coq gaulois, 77170 Brie Comte Robert, France is the data controller and the person responsible for the processing of the Information collected.
XVII. Contact us
- Advance Paris
- 13 Rue du Coq gaulois – 77170 Brie Comte Robert – France
- Site : www.advanceparis.com
- Tel: +33 1 60 18 59 00
- Fax: + 33 1 60 18 58 95
- E-Mail: email@example.com
- Company headquarters: Paris
- Paris Commercial Court
- RCS Paris 504 534 140 000 26
- Intracommunity VAT number: FR76 504 534 140
- Hosting company Tel : 04 66 59 56 64
- data protection officer (newsletter): firstname.lastname@example.org