Telephone: +0800 123 4567
+0800 123 4567
 

Privacy policy

Home » Privacy policy

We attach great importance to the protection of data. The collection and processing of your personal data complies with the applicable data protection regulations, in particular the General Data Protection Regulation (or “GDPR”).

1 – Data controller

Pursuant to Article 4 (7) of the GDPR, the party responsible for the collection, processing and use of your data is:

id2m SARL

1 rue Gambetta

35000 Rennes

Tel.: +33 (0)2 99 79 82 00

contact@id2m.fr

If you wish to object to the collection, processing or use of your data by us in accordance with data protection provisions, either as a whole or for individual activities, you can address your objection to the data controller.

You may save and print this privacy policy at any time.

2 – Purpose of data processing

The data collected by id2m are used for:

• processing and managing all and any information you provide via our website or any other means;

• responding to your questions submitted via our contact form;

• communicating with you when you contact us by email or any other means.

3 – What data do we use and for what purpose?

3.1 – Data used to meet our contractual obligations

We process personal data (name, postal address, email address, billing and payment data) to meet our contractual obligations pursuant to Article 6 (1) (b) of the GDPR. Collection of these data is necessary for the execution of the contract that binds us.

Your data will be erased following expiry of the legal retention period.

3.2 – Dedicated data exchange platform – Customer account

The dedicated platform on our website (www.id2m.fr) is available for the secure transfer of data and large files. When you sign up, we collect the following data: basic data (e.g. name and postal address), communication data (e.g. email address) and access data (user ID and password). The next time you sign in, only your email address or user ID and chosen password will be required.

To ensure authentication and prevent unauthorised access, you will receive your user ID and password by email after registration. It is only once your registration has been confirmed that the data submitted will be permanently saved in our system.

You can ‘unsign’ from our platform whenever you wish. Simply notify us of your wish in writing (by email or letter, etc.) at the address mentioned in item 1. We will then erase any personal data we hold about you, unless we need to keep them to process orders or due to legal archiving obligations.

Pursuant to Article 6 (1) (a) of the GDPR, your consent is the legal basis for data processing.

3.3 – Contact by electronic means

If you contact us via the contact form or via email, for instance, we will use your personal data to process your request or to answer any questions you may ask.

If data processing occurs in connection with pre-contractual measures taken on your request or, if you are already a customer, for the purposes of concluding a contract, the legal basis for data processing is Article 6 (1) (b) of the GDPR.

We will only process other personal data with your consent (Article 6 (1) (a) of the GDPR) or if we have a legitimate interest in doing so (Article 6 (1) (f) of the GDPR). An example of a legitimate interest is responding to your email.

4 – Data retention periods

Unless indicated otherwise, we retain personal data only for as long as is needed to fulfil the purpose for which they were collected.

In some cases, e.g. tax or commercial law, legislators prescribe the retention of personal data. In these cases, the data continue to be stored by us for these statutory purposes only, but are not processed in any other way and are deleted upon expiry of the statutory period of retention.

5 – Data subject rights

Pursuant to the applicable laws, you have certain rights regarding your personal data. If you wish to assert these rights, please send your request by email or post, clearly identifying yourself, to the address indicated in section 1.

Please find below a summary of your rights.

5.1 – Right of confirmation and access

You have the right to request confirmation of whether your personal data are being processed at any time. If you wish to assert this right, you may obtain information from us, free of charge, about your personal data stored as well as a copy of such data.

If personal data are transferred to third countries or international organisations, you have the right to be informed of the appropriate guarantees under Article 46 of the GDPR in relation to the transfer.

5.2 – Right to rectification

You have the right to obtain immediate rectification of inaccurate personal data concerning you. Given the purposes of the processing, you are entitled to have incomplete personal data completed, including by means of providing a supplementary statement.

5.3 – Right to erasure (‘right to be forgotten’)

Under Article 17 (1) of the GDPR, you have the right to demand the immediate removal of your personal data. Moreover, we are obliged to immediately delete your personal data in the presence of one of the following reasons:

  1. The personal data are no longer required for the purposes for which they were collected or otherwise processed;
  2. You withdraw the consent on which the processing of your personal data is based, in accordance with Article 6 (1) (a) or Article 9 (2) (a) of the GDPR, and there is no other legal basis for the processing;
  3. You object to processing pursuant to Article 21 (1) of the GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) of the GDPR;
  4. Your personal data have been unlawfully processed;
  5. The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject;
  6. The personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) of the GDPR.

Where we have made the personal data public and are obliged pursuant to Article 17 (1) of the GDPR to erase such personal data, taking account of available technology and the cost of implementation, we shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data, that you have requested the erasure of any links to, or copy or replication of, those personal data.

5.4 – Right to restriction of processing

You have the right to obtain restriction of processing of your personal data where one of the following applies:

  1. You contest the accuracy of the personal data for a period enabling us to verify the accuracy of the personal data;
  2. The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  3. We no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
  4. You have objected to processing of the personal data pursuant to Article 21 (1) of the GDPR pending verification of whether the legitimate grounds of our company override those claimed by you.

5.5 – Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance, where:

  1. the processing is based on consent pursuant to point (a) of Article 6 (1) or point (a) of Article 9 (2), or on a contract pursuant to point (b) of Article 6 (1) of the GDPR; and
  2. the processing is carried out by automated means.

In exercising your right to data portability pursuant to section 1, you have the right to have the personal data transmitted directly to another controller, where technically feasible.

5.6 – Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6 (1) of the GDPR.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing.

5.7 – Right to withdraw consent under data protection law

You have the right to withdraw your consent to processing of personal data at any time.

5.8 – Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data is unlawful. The competent authority in France is the CNIL. You can submit an electronic request to this body by clicking on the following link: https://www.cnil.fr/fr/plaintes/internet.

6 – Data security

We make every effort to ensure the security of your data within the framework of prevailing data protection law and technological possibilities.

To process your data securely, we implement appropriate technical and organisational measures, such as the pseudonymisation and encryption of personal data, pursuant to Article 32 of the GDPR. These measures are constantly adapted to the current state of technology. We ensure to make regular backups of the servers we use.

7 – Data transfer to third parties

As a rule, we only use your personal data in our company.

In the event that we call on third parties in connection with the execution of contracts, we disclose only the personal data necessary for the corresponding services.

In the event that we outsource certain parts of the data processing, our sub-contractors sign a data protection and confidentiality declaration, in which they undertake to use confidential and personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject concerned.