CHARTE OF PERSONAL DATA PROTECTION
The company CRYOTHEQUE (hereinafter “the Data Controller”) wishes to inform the users of the CRYOAPP application (hereinafter “the Users”) of the processing of personal data collected through the application.
- Which actors?
The processing of Users’ personal data is carried out under the responsibility of the following controller:
The company CRYOTHEQUE
3 impasse de l’industrie – 34880 LAVERUNE,
represented by its President, Mr Nicolas QUEHON.
- What are the treatment modalities?
The table below describes :
(i) the personal data processed by the Controller, (ii) in what situations such data is provided or collected,
(iii) the purposes for which the processing is carried out,
(iv) the legal basis for the processing, and
(v) the period of time for which the data will be retained in connection with such processing.
|
Data |
Time of collection collection |
Purpose |
Basis |
Shelf life |
|
Data of the User (such as name, first name, contact details, etc.) electronic and telephone information of the User); |
Data provided voluntarily by the User through the contact forms on The Application of the Data Controller; |
Responding to solicitations and requests information from the User; |
On the basis of the legitimate and commercial interest of the Data Controller ; |
The data are kept for for as long as is necessary to process the User’s request. the User’s request. |
|
Data of the User (such as name, first name, contact details, etc.) post office, electronic and telephone information of the User); Personal characteristics (such as age, gender, date of birth); |
Data provided voluntarily by the User during his registration on the application or the modification of his account ; |
The creation or modification of an account on the application of the Data Controller; |
On the basis of the execution of the contract ; |
Data is kept for a period of two (2) years and six (6) months from the last interaction of the User, or until the deletion of his account. |
|
Data identification of the User (such as |
Data provided voluntarily |
The realization actions of |
On the basis of legitimate economic and social |
The data are kept for a period of three (3) years from the last contact |
|
name, first name, contact information electronic and telephone); |
by the User to the Data Controller ; |
prospecting commercial ; |
of the Data Controller, to With the exception of prospecting that are based on electronic commerce, which are based on the consent of the User, if the prospecting does not concern products or services similar to those already provided by the Responsible for the treatment of the User; |
from the User, or until the consent is withdrawn. |
|
Data provided voluntarily by the User to the Data Controller ; |
Improving its services by inviting the User to participate in surveys, studies, satisfaction surveys and tests of products and services; |
On the basis of the legitimate economic and commercial interest of the Data Controller ; |
The data is kept for the time necessary to achieve the purpose of the survey, study, poll or test or until the right to object or the withdrawal of consent is exercised. |
|
|
Data provided voluntarily by the User to the Data Controller ; |
The development of statistics commercial ; |
On the basis of the legitimate and commercial interest of the Data Controller ; |
The data is kept for the time necessary to achieve the purpose of the statistics or until exercising the right to object or withdraw consent. |
|
|
Data provided voluntarily by the User to the Data Controller ; |
Supply by parties third parties of functions techniques, logistics or another for the account of the Person in charge of the treatment; |
On the basis of the execution of the contract concluded with the User; |
The data is kept in an active database for the duration of the contractual relationship. |
|
|
Data collected by the Data Controller during the conclusion and performance of contracts |
The processing of requests and complaint of the User, the debt collection and the exercise of any |
On the basis of the legitimate interest of the Data Controller to enforce its rights and |
The data is kept in an archive until five (5) years after the end of the contractual relationship. |
|
with the User; |
right in justice by the Person in charge of the treatment; |
defend its interests ; |
||
|
Data of the User (such as name, first name, contact details, etc.) User’s email address); Data from connection (IP address abbreviated, time of connection) ; |
Data collected by the Data Controller by means of cookies ; |
The display of some contents on the application of the Data Controller ; |
On the basis of the legitimate and commercial interest of the Data Controller ; |
The cookies allow to The data collected by means of these cookies is kept for a maximum of thirteen (13) months and the data collected by means of these cookies is kept for a maximum of 25 months. |
|
Measuring ad performance proposed by the Data Controller on the application; |
||||
|
The realization of measurements audience, including the number of page views, the number of visits from application and networks social of the Person in charge of the treatment, the activity of Users of application and networks and their frequency of back to ; |
On the basis of the User’s consent. |
|||
|
The display of some contained on the website of the Data Controller ; |
On the basis of the legitimate and commercial interest of the Data Controller ; |
|||
|
Data of the User (such as name, first name, contact details, etc.) User’s email address); |
Data provided voluntarily by the User during his newsletter registration ; |
The sending of newsletters by electronic communication to Users; |
On the basis of the User’s consent; |
The data is kept for a period of two (2) years and six (6) months from the last contact from the User, or until the consent is withdrawn. |
|
User’s city of connection ; |
Data collected by the Data Controller at the |
Geolocation of the User in order to offer |
On the basis of the User’s consent; |
The data is kept for a period of one (1) year. |
|
means of cookies ; |
centers cryotherapy whole body to proximity; |
|||
|
Data of the User (such as name, first name, contact details, etc.) electronic, postal and telephone and identification); |
Data provided voluntarily by the User to the Responsible of Processing when requesting to exercise its rights; |
The management of right of access, rectification, opposition, portability, erasure, removal, and to set guidelines for the use of personal information. its data after his death ; |
On the basis of the legal or regulatory obligation of the Data Controller ; |
The data allowing to to take into account the exercise by the User of his right of access or rectification of his data are kept for a period of one (1) year from the exercise of said right by the User. The data allowing to to take into account the exercise by the User of his right The information provided by you to object to receiving marketing will be kept for a period of three (3) years from the time you exercise your right to object. |
|
The compulsory or optional nature of the data to be provided is indicated to the User at the time of collection by an asterisk (*). The requirement to provide mandatory data is of a regulatory or contractual nature or it conditions access and/or use of the Data Controller’s application. By voluntarily providing the optional data, the User expressly agrees that they may be processed under the conditions and for the purposes set out below. |
When the User provides personal data relating to third parties, he/she guarantees that he/she has received the necessary authorizations and consents from the persons concerned by this data.
Should the User’s personal data be processed for different purposes, the Data Controller undertakes to inform the User and, when required by law, to obtain his prior consent.
[Concerning the prospecting and the sending of newsletters:
- Business address containing personal data (e.g. etiertant@pvb-avocats.fr)
Advertising by e-mail is possible provided that individuals have been informed that their e-mail address will be used for marketing purposes and are able to object to such use.
The subject of the canvassing must be directly related to the profession of the person canvassed (e.g.: the solicitation concerning IT services must be addressed to persons having IT manager functions).
- Generic business address (e.g. accueil@pvb-avocats.fr)
Prospecting carried out to a generic email address of a legal entity that does not contain any personal data (e.g. contact@société.com) is not subject to the obligation to obtain consent.
-
Personal address (
e.g. dupont@gmail.fr
)
Advertising by e-mail is possible provided that people have explicitly given their consent to be canvassed, at the time of collecting their e-mail address.
Ex. :
1/if you wish to receive our commercial offers, please check this box. 2/if you wish to receive offers from our partners, please check this box.
Two exceptions to this principle:
-if the person canvassed is already a customer of the company and if the canvassing concerns products or services similar to those already provided by the company. -if the canvassing is not of a commercial nature (e.g. charitable)
In both of these cases, the person must, at the time of collection of their email address:
to be informed that his/her e-mail address will be used for canvassing purposes, – to be able to object to this use in a simple and free way.
Ex. If you do not wish to receive commercial offers from us for services similar to those you have already purchased, please check this box.
Finally, the person concerned must be offered the possibility, free of charge, simply, directly and easily, to stop receiving messages.
Ex. :
1/To stop receiving messages click here.
2/Send STOP by SMS…].
- Personal data and profiling?
The Data Controller does not carry out any profiling activities using the data processed hereunder.
- Who are the recipients of the User’s personal data?
The Data Controller may share some of the User’s data with its service providers and in particular:
– the service provider responsible for the maintenance and hosting of its computer system and the data of the CRYOAPP application;
– advertising and marketing agencies;
PVB AVOCATS – Personal data protection charter 5 / 8
– customer service providers;
– to its legal counsel ;
– to his accounting firm;
This transmission of data by the Data Controller is carried out within the strict limits necessary for the performance of the tasks entrusted to these service providers. These recipients may contact the User directly using the contact information provided.
The Data Controller requires these recipients to use the User’s personal data only to administer the services for which they are responsible and in accordance with the applicable laws and regulations on the protection of personal data.
If necessary, the User’s personal data may be communicated to third parties authorized by law (in particular in the context of an express and motivated request from the legal authorities).
Similarly, if the Data Controller is involved in a merger, acquisition, transfer of assets or receivership, it may be required to transfer or share all or part of its assets, including the User’s personal data. In this case, the user will be informed and will be able to give his or her informed consent before any transfer of personal data to a third party.
- How is the User’s personal data stored and is it transferred outside the European Union?
The User’s personal data is stored within the European Union in the databases of the Data Controller or those of its service providers.
- What protection for the User’s personal data?
The Data Controller implements organizational, technical, software and physical measures for digital security to protect the User’s personal data against alteration, destruction and unauthorized access. However, it should be noted that the Internet is not a completely secure environment and that the Data Controller cannot guarantee the security of the transmission or storage of User data on the Internet.
- What are the User’s rights?
In accordance with the provisions of Regulation No. 2016/679 of 27 April 2016 and Law No. 78- 17 of 6 January 1978 as amended, the Data Controller clearly and fully informs the User of the rights available to him. In the event of further questions from the User, the dedicated service of the Data Controller remains available to guide the User and provide him/her with all the information required to preserve his/her rights.
The User has :
– a right of access to his/her data: the User has the right to obtain confirmation as to whether or not his/her data is being processed, as well as the communication of a copy of his/her data and information on the characteristics of the processing carried out by the Data Controller on such data;
– a right to rectification of inaccurate information and incomplete data;
– a right to erase data that are no longer necessary for processing, a right to withdraw consent to processing, a right to object to the processing of his data when there are no legitimate and compelling reasons justifying the processing, a right to object to commercial prospecting;
– a right to limit the processing in case of inaccuracy of the data during the time of their verification, or when they are no longer necessary for the exercise of a legal right;
– a right to the portability of his data, in order to request the transmission to another person in charge of the data provided with his consent or on the occasion of the conclusion of the contract;
– a right not to be subject to a decision based exclusively on automated processing that produces significant legal effects concerning him/her;
– a right to define directives concerning the fate of his or her data after his or her death.
The User may exercise his rights at any time with the Data Controller:
– By mail at the following address
Company CRYOTHEQUE
3 impasse de l’industrie
34880 LAVERUNE ;
– By email at the following address
contact@cryo-app.com
The User must specify in his request his name, surname, e-mail address or postal address to which he would like the Data Controller’s reply to be sent.
For security reasons and to avoid fraudulent requests, this request must be accompanied by proof of identity. After processing the request, this receipt will be destroyed.
In accordance with the law, this request will be answered within one month of receipt.
Finally, the User has the right to lodge a complaint with the CNIL or any other competent supervisory authority in his or her country of residence.
The User can make this claim to the French CNIL: – By mail to the following address
3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07
– By phone at 01 53 73 22 22 (Monday to Thursday from 9am to 6:30pm / Friday from 9am to 6pm);
– By fax to 01 53 73 22 00 ;
– Via the CNIL website at the following address https://www.cnil.fr/fr/plaintes
.