Data privacy policy: what is it and what is it for?
Personal data is any data relating to an identified or identifiable natural person. A person can be identified:
- Directly by their first or last name;
- Indirectly by a customer number, a loyalty account number, a telephone number for example.
Particularly in the context of your purchases or when you create an account on our website, you are required to send us some of your data, hereinafter the “Data”, allowing you to benefit from the products and services concerned. We invite you to ensure that the Data you provide to us is accurate and kept up to date.
We attach great importance to the protection and confidentiality of your personal data which represents for us a guarantee of seriousness and trust. The data confidentiality policy demonstrates precisely our desire to enforce the applicable data protection rules and, in particular, those of the General Data Protection Regulation (“GDPR”). In particular, the Privacy Policy aims to inform you about how and why we process your data in connection with the services we provide.
Who is this policy aimed at?
The policy applies to you, regardless of your location, whether you are a customer, a potential customer (“prospect”) or even a simple visitor to the Lafont site.
If you are under 15 years of age, you are not authorized to use our services without the prior and explicit consent of one of your parents which must be sent in writing to our services. If you believe that we may have information about one of your children under the age of 15 without your consent, you can ask us to delete it at the contact details provided.
Why do we process your data?
As part of the services offered, we are necessarily required to process your personal data for the following reasons and bases:
- So that you can benefit from our services (e.g.: create an account, access our services, create websites, etc.) and to respond to your requests (e.g.: request for information, complaints, etc.) on the basis of our general conditions of sale, our general conditions of use, and our legitimate interest in providing you with the best possible service.
- So that you stay informed of our latest promotional offers and events (e.g. webinar) by email on the basis of our legitimate interest in retaining our customers and on the basis of your consent, in the event that you are not yet one of our clients.
- So that you can follow us on social networks and share your opinions based on the general conditions of use of the platform used (eg: Facebook, LinkedIn, etc.) and our legitimate interest in benefiting from a dedicated page on the networks social.
- So that you can register and receive our newsletter which will inform you of all news regarding our services based on your consent.
- To guarantee and strengthen the security and quality of our daily services (e.g. statistics, data security, etc.) on the basis of the legal obligations weighing on us, our general conditions of sale and our legitimate interest in ensuring the proper functioning of our services.
Finally, we can also install “Cookies” on your terminal. To obtain more information on the use of “Cookies”, we invite you to consult our Cookies policy.
We undertake to only process your data for the reasons described above. On the other hand, as soon as you voluntarily publish content on the pages that we publish on social networks, you acknowledge that you are entirely responsible for any personal information that you may transmit, regardless of the nature and origin of the information provided. .
What data do we process and for how long?
- Professional identification data and contact details (e.g. name, first name, professional email address, professional address, etc.) kept for the entire duration of the provision of the service to which are added the legal limitation periods which are generally 5 years .
- When there is confusion between the name of your structure and your personal name (e.g.: self-employed, small business, etc.), economic and financial data (e.g.: bank account number, verification code, etc.) .) kept for the period necessary for the transaction and the management of invoicing and payments to which are added the legal limitation periods which are generally 5 years to 10 years.
- Data for the purposes of commercial prospecting, marketing and subscription to our newsletter (e.g. email address, etc.) kept for a maximum period of 3 years from the last contact we had with you.
- Connection data (e.g. logs, IP address, etc.) kept for a period of 1 year.
At the end of the retention periods summarized above, we delete all your personal data in order to guarantee your confidentiality for future years. The deletion of your personal data is irreversible and we will no longer be able to communicate it to you after this period. At most, we may only store anonymous data for statistical purposes. Please also note that in the event of a dispute, we are obliged to keep all of the data concerning you for the entire duration of processing the file even after the expiration of their retention periods described above.
What rights do you have to control the use of your data?
The applicable data protection regulations grant you specific rights that you can exercise, at any time and free of charge, in order to control the use we make of your data.
- Right of access and copy of your personal data as long as this request is not in contradiction with business secrecy, confidentiality, or even the secrecy of correspondence.
- Right to rectify personal data that is erroneous, obsolete or incomplete.
- Right to object to the processing of your personal data carried out for commercial prospecting purposes.
- Right to request the erasure (“right to be forgotten”) of your personal data which is not essential to the proper functioning of our services.
- Right to limitation of your personal data which allows the use of your data to be photographed in the event of a dispute over the legitimacy of processing.
- Right to the portability of your data which allows you to recover part of your personal data in order to store them or transmit them easily from one information system to another.
- Right to give instructions on the fate of your data in the event of death either through you, or through a trusted third party or a beneficiary.
For a request to be taken into account, it is imperative that it is made directly by you to our services. We will respond to your request as soon as possible, within two months of receipt, in case the request is technically complex or if we receive many requests at the same time. Please note that we can always refuse to respond to any excessive or unfounded request, particularly given its repetitive nature.
Who can have access to your data?
We only communicate your data to people duly authorized to use it to implement our services. This may include our staff responsible for implementing the service, accounting, marketing or even the security of our premises.
We may also communicate your data to public authorities, external advisors and practitioners, as well as service providers or, possibly, commercial partners.
At no time does Lafont transfer or share your Data with companies whose purpose is the acquisition of prospects and the sending of commercial solicitations by SMS or e-mail without your consent.
How do we protect your data?
We implement all technical and organizational means required to guarantee the security of your data on a daily basis and, in particular, to combat any risk of destruction, loss, alteration, or unauthorized disclosure of your data.
For example, your data has regularly renewed backups and is encrypted in order to reinforce its daily security.