Personal data protection policy
To respect the privacy of Internet users, SOFIOUEST (hereinafter “the Company” or “we”), shall collect and process personal information in accordance with EU Regulation No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, hereinafter “GDPR”, and all the provisions of French regulations applicable in this area.
- DATA CONTROLLER
SOFIOUEST, whose registered office is located at 38 Rue du Pré Botté 35000 Rennes, France, registered with the Rennes Trade and Companies Register as number 549 200 509, and which operates the following website (hereinafter “the Site”):
- DATA COLLECTED
Your personal data is collected and processed on the following legal bases:
- performance of a contract
- legitimate interest consent,
- via personal data collection forms and via check boxes
- for compliance with legal and regulatory requirements.
Data concerning you
Generally speaking, your data is collected directly from you when:
- your private space is created and managed
- your advertisement is published
- you browse the Site
- you register for an event
- or you request information via the contact form.
We may collect and process the following personal data:
- identification data (e.g., last name, first name, e-mail address, telephone number, shareholder number, company name, photo, comment field)
- and connection data (e.g., IP address, connection logs).
Cookies or similar technologies (hereinafter “cookies”) may be installed and/or read in your browser when you visit the Site. Click here to learn more
If your personal data is collected through a form, you will be informed of which information is mandatory by an asterisk (*) next to those fields. The absence of an asterisk means that the information requested is not mandatory.
Only personal data that is strictly necessary for the purposes described below, and in particular for the creation and management of the private space, registration for an event, and to produce statistics on the use of the Site, are collected.
- PURPOSES OF THE PROCESSING
We principally use the data referred to in the previous section for the following purposes:
Operations necessary for the provision of products or services
- managing the private space
- accepting your registration to an event
- accepting the publication of your ad
- managing calendar e-mail alerts
- updating your personal information in a dedicated database
- user relations: providing support accessible by postal mail, telephone, e-mail or via a contact form, for any question
- sending out information about changes or developments in our services
- dealing with the exercise of your rights regarding your personal data
- and verifying compliance with applicable legislation, our contracts and the general terms and conditions.
- DATA RETENTION PERIOD
Your personal data is retained for a period of time in keeping with the requirements of law or with the purposes for which it was collected. However, your personal data shall be kept for a longer period of time if legal or regulatory obligations require us to do so.
|Categories of data||Purposes||Retention period|
|Data relating to a User|
|All data||Private space management||3 years from the request to delete the private space or from the sale of the shares|
|Identification and contact data||Sending out information on changes to our services||13 months from unsubscribing or the last contact[*] from the User|
|Data generated by cookies|
|Data related to your browsing of our online services||Operation
|13 months maximum|
- RECIPIENTS OF YOUR PERSONAL DATA
Your personal data is communicated to the following persons:
5.1 Internally, to the Company
Your data gets communicated to employees of the Company’s internal departments.
In accordance with regulation, access to your data requires individual, limited and supervised authorization.
5.2 To our outsourcers
These provide services on our behalf, including:
- management of telephone calls, sending postal or digital mail
- personalization of the contents of the Site
- maintenance operations and technical improvements
- providing analytical solutions or audience measurement statistics.
- TRANSFER OF DATA OUTSIDE THE EUROPEAN UNION
We store your personal data in the European Union. However, if we were to transfer your data to data processors or business partners outside the European Union, we would ensure that the processing is governed by the European Commission’s standard contractual clauses, which make it possible to guarantee an adequate level of protection of the privacy and fundamental rights of individuals.
- YOUR RIGHTS
In accordance with the legal and regulatory provisions mentioned above, you have
- a right to make inquiry
- a right to access your data
- a right to make corrections
- a right to delete
- a right to limit the processing of your data
- a right to the portability of your data to a certain extent, i.e. the right to receive the personal data you have provided us within a structured, commonly used format and the right to transmit this data to another data controller
- a right to object to the processing of your personal data
- a right to object to your data being used for canvassing purposes, particularly commercial canvassing (see 9.)
- a right to object to marketing profiling, which would mean you continue to receive commercial solicitations but these will be less relevant and no longer be targeted to your areas of interest;
- a right to place general and/or specific directives concerning the fate of your personal data and how you wish your rights to be exercised after your death. In this respect, in the event of your death, your data will be deleted, unless it is necessary to keep it for a specific period of time for reasons relating to our legal and regulatory obligations and/or legal limitation periods, and after having been communicated to any third party you may have designated.
You can exercise your rights with the Data Protection Officer:
- by sending a letter to the following postal address:
Délégué à la Protection des Données Personnelles
ZI Rennes Sud-Est – 10 rue du Breil – 35051 Rennes Cedex 9
- or by sending an e-mail to the following address: firstname.lastname@example.org
In the interest of confidentiality and protection of your personal data, the company must ascertain your identity before responding to such a request. Also, any request to exercise these rights must be accompanied by a copy of a signed identity document.
In the event of an unsatisfactory response, you may lodge a complaint with the French Commission Nationale de l’Informatique et des Libertés (CNIL): https: //www.cnil.fr/fr/plaintes.
- SECURITY OF PERSONAL DATA
As the data controller, we take all necessary measures to preserve the security and confidentiality of the data, and in particular to prevent it from being damaged or accessed by unauthorized third parties. To this end, we make every effort to ensure the physical security of the buildings housing our computer systems, as well as the security of the information system by providing encryption measures. In addition, we ensure that our data processors comply with the rules on the protection of personal data
- UPDATES TO THE PERSONAL DATA PROTECTION POLICY
This personal data protection policy may be modified or adjusted at any time.
In case of substantial modifications, SOFIOUEST will inform you of the new updated policy.
We invite you to consult it regularly.
[*] [Last contact : Positive action from the User, e.g. consultation or modification of their private space, request for information, publication of an ad, etc.