Privacy Notice

Last update: October 23, 2020

Preamble

This Privacy Policy is addressed to the Clients, prospects and Internet users visiting the COREXALYS site, and aims at informing them on the way their personal information can be collected and processed.

In any case, COREXALYS is committed to comply with the three (3) following essential principles:

o the data subject remains in control of its personal data;

o adapted technical and organizational means have been implemented to comply with the obligations of COREXALYS in terms of personal data protection;

o the data is processed in a confidential and secure way;

Section 1. Definitions

Client: means the client of COREXALYS who subscribed to its Services.

Services: means the services provided by COREXALYS within the scope of the Service Agreement for the provision of services entered into with the Client.

Site: means the website published by COREXALYS, as well as all its graphic, sound, visual, software and textual components. The Site is the exclusive property of COREXALYS.

Section 2. Identity of the Controller

COREXALYS as controller

COREXALYS, a French simplified joint stock company, located at 7 rue de Madrid 75008 Paris, France, registered with the trade and companies register of Paris under number 830 455 036, will have the status of data controller for all the processing operations detailed in Section 6 of this Privacy Policy.

COREXALYS as processor

COREXALYS will have the status of data processor of the Client as part of the provision of the Services.

The processing operations for which COREXALYS will be considered as a processor are detailed in the Data Protection Agreement annexed to the contract signed with the Client.

Legal reminder:

The data controller is, within the meaning of the French Data Protection Act and the GDPR, the person which determines the means and purposes of the processing. When two or more data controllers jointly determine the purposes and means of the processing, they are joint data controllers (or co-controllers).

The processor is a person which processes personal data on behalf of the controller and acts under the authority of and on the instructions of the controller.

Having said this, this Privacy Policy concerns the data processing operations carried out by COREXALYS in its capacity as data controller.

Section 3. Contact Details of our Data Protection Officer

COREXALYS has appointed a Data Protection Officer (hereafter "DPO") whose function is to respond to all the requests, including the exercise of rights, relating to the processing of your personal data.

You can contact our DPO:

o Either via this contact form: https://en.corexalys.com/contact, or

o By mail: COREXALYS – Service DPO, 7 rue de Madrid 75008 Paris, France.

The Data Protection Officer's mission is to inform, to advise and to control the conformity of COREXALYS in the performance of the processing operations carried out.

In accordance with the data protection regulations, the DPO acts as a point of contact:

With respect to the data subjects for all topics relating to the data processing operations carried out by COREXALYS or the exercise of your rights;

With respect to the French supervisory authority (the “CNIL”) within the scope of its mission of cooperation. The DPO can also contact this authority to ask for an opinion or a preliminary consultation on all the subjects concerning the protection of the personal data;

With respect to other DPOs appointed by the concerned processor or controller organizations.

Section 4. Presence of Direct and Indirect Collections

In principle, COREXALYS makes sure to collect information directly from you, when you wish to contact us.

By way of exception, information concerning you can be transmitted to us by third partners of COREXALYS.

In all cases, you are informed of the purposes for which your data is collected by us via the various online data collection forms, the emails which would be addressed to you, or by a specific information from the third partners of COREXALYS.

COREXALYS will carry out indirect collection of information only in the event where you will have the status of professional.

The partners with whom we work make sure beforehand to have informed you, and to have obtained your consent if applicable, before any transfer of your personal data.

Section 5. Consent

When necessary, COREXALYS makes sure to obtain your valid and lawful consent before proceeding to any processing operation.

As part of its Services offer only intended to professionals, COREXALYS ensures that:

its clients and prospects have benefited from sufficient information on the prospecting operations carried out;
its clients and prospects are able to object in a simple and free way to the prospecting operations at the time of the collection (Opt-Out); and
the carried-out solicitation is related to the profession of the solicited person.

In terms of commercial prospecting, COREXALYS' offer is only aimed at professionals. Consequently, it is possible for COREXALYS to carry out this processing without obtaining the prior consent of the person insofar as this one was informed beforehand and is able to object to the processing according to the recommendations of the CNIL.

Section 6. Purposes and Legal Basis of Processing

When the legal basis used for the operations of processing carried out by COREXALYS rests on the pursuit of a legitimate interest, you may, on simple request, obtain information relating to the balance of interests.

Your various data is collected and processed by COREXALYS to ensure:

Proper functioning and continuous improvement of our Site and its features

Processing details

Our monitoring of the proper functioning and improvement of the Site and its features covers:

o the overall management of our Site

o responses to your requests via our Contact form

o the exploitation of statistics of use of our Site for security purposes. This processing requires the deposit of cookies and other "technical" tracers on your terminal. No commercial use is made of this information.

Legal basis

Our legitimate interest in ensuring that you have the best possible experience when you browse our Site.

Management of the relationship with our Clients or prospects

Processing details

The management of the relationship with our Clients or prospects covers:

o analysis of your situation and formalization of a quote

o management of contracts

o commercial monitoring of the customer relationship

o development of business statistics

o management of opinions on our products, services and content

o monitoring our e-reputation

Legal basis

The performance of a contract or the performance of pre-contractual measures taken at your request in the context of the establishment of a quote or the management of our contracts.

Our legitimate interest in ensuring the best possible commercial relationship with our Clients and in ensuring the best possible quality of our Services.

Accounting and related operations

Processing details

The accounting management and the performance of associated operations covers:

o payment of Services and monitoring of Client invoicing

o management of unpaid invoices and litigation

o accounting records and legal documents keeping

Legal basis

Our legal obligation under Section L102 B et seq. of the French Tax Procedure Code.

Our legitimate interest to ensure the proper progress of the accounting operations carried out by COREXALYS.

Management of the requests of rights resulting from the GDPR and the French Data Protection Act as amended, or of any other request relating to the protection of the personal data

Processing details

This processing covers all the operations necessary to the monitoring of the requests addressed to COREXALYS (qualification of the request, investigations, performance of specific technical operations...). It only concerns the cases where COREXALYS acts as a data controller.

Legal basis

Our legal obligation resulting from Articles 15 and following of the GDPR and Sections 48 et seq. of the French Data Protection Act.

Section 7. Processed Data

The mandatory or optional nature of the personal data collected and the possible consequences of a failure to reply are mentioned at the time of their collection(s) on the associated forms.

You can consult the details of the personal data we may have on you below.

NB: the detail of the information provided hereafter is not intended to be exhaustive and aims firstly at informing you on the categories of data that COREXALYS is likely to process.

The proper functioning and the permanent improvement of our Site and its features:

o Data relating to your identity: name, first name(s), telephone number, email addresses, company, professional contact details.

o Our confidential exchanges.

o Data relating to the use of our Site, including the data we collect through our technical Cookies.

o Your logs and connection data and hardware identification data

For the management of the relationship with our Clients or prospects, the data likely to be processed are the following:

o Data relating to your identity: title, name, first name(s), address, telephone number, email addresses, internal identifier, date of birth.

o Data relating to the expression of your needs for support.

o Data relating to the transaction such as the transaction number, details of the Services subscribed to

o Data related to the payment of invoices: payment methods, discounts granted, receipts, balances and unpaid invoices

o Your connection logs and connection data when necessary

For the accounting management and the performance of associated operations, the data likely to be processed are the following:

o Data relating to your identity: title, name, first name(s), address, telephone number, email addresses, internal identifier, date of birth.

o Data related to the transaction such as the transaction number, the details of the Services subscribed to

o Payment data, namely:

· Data relating to the methods of payment used (bank transfer information, direct debit mandate, check...)

· Accounting details of the Services

· Data related to the payment of invoices: payment methods, discounts granted, receipts, balances and unpaid invoices

For the management of the requests of right resulting from the GDPR and the French Data Protection Act, as amended, or of any other request relating to the protection of the personal data, the data likely to be processed are the following:

o Data relating to your identity: title, name, first names, address, telephone number, email addresses, internal identifier, date of birth. A copy of an identity document or equivalent may be stored as evidence of the exercise of a right of access, to rectification or object or to meet a legal obligation. In this respect, we must verify your age when you place an order and we must therefore collect a copy of an identity document

o Data relating to your request for exercising your rights.

In any case COREXALYS will process all the collected data in compliance with the GDPR and the French Data Protection Act.

Section 8. Recipients of your Data

Within the limits of their respective attributions and for the purposes recalled in Section 6, the main persons who are likely to have access to your data are the following:

o The authorized personnel of our research and development, marketing, sales, administrative, logistic and IT departments, in charge of improving our services, customer relations and prospecting and quality control.

o Authorized personnel of our processors.

Certain categories of processors have access to the data collected:

o Cloud storage providers.

· Storage location: Europe.

o Email service providers

· Storage location: EU & United States.

o Shared calendar service providers

· Storage location: EU & United States.

o If necessary, the courts concerned, mediators, accountants, auditors, lawyers, judicial officers, debt collection companies

o Third parties likely to deposit cookies on your terminals (computers, tablets, cell phones...) when you agree to it (For more information, consult our Cookie policy).

o The partners of COREXALYS which may intervene within the scope of your assistance, after obtaining your prior agreement.

Your personal data will not be shared, exchanged, sold or rented without your prior express consent in accordance with applicable laws and regulations.

Section 9. Data Transfer outside the European Union

In some cases, your personal information will be stored on servers located outside the EEA (certain email and shared calendar services).

We have taken appropriate measures to ensure that your data is kept secure, including by contracting standard contractual clauses approved by the European Commission (Art. 46 GDPR).

You may request access to documents ensuring appropriate contractual guarantees by making a request to our Data Protection Officer via our contact form (https://en.corexalys.com/contact) or by mail: COREXALYS - Service DPO, 7 rue de Madrid 75008 Paris, France.

Section 10. Data Retention Duration

We retain your data only as long as necessary for the purposes described in Section 6.

For more information, please click below.

o For the proper functioning and continuous improvement of the Site and its features

The data collected in the context of your general requests are retained for the time necessary to process your request.

Cookies and other technical tracers may be deposited on your terminal for a maximum period of 13 months. After this period, the raw traffic data associated with an identifier is either deleted or anonymized.

The information collected through tracers is retained for a period of 25 months. After this period, this data is deleted or anonymized.

Connection data is retained for a maximum period of 6 months.

o For the management of the relationship with our Clients or prospects

The data used in the framework of the management of the Client relationship are retained for the duration necessary for the performance of the contract.

This data is then archived for a period of 5 years for evidential purposes. Invoices and accounting data issued are retained for 10 years from the date of issue.

When no contract is signed, the data of a prospect are retained for a duration of 3 years as from their collection or the last positive contact emanating from the prospect with COREXALYS (for example, a request for documentation or a click on a hypertext link contained in an email).

o For the accounting management and the performance of associated operations

The accounting documents are retained by COREXALYS for a maximum duration of 6 to 10 years, in accordance with the provisions of Section L102B of the French Tax Procedure Code.

Within the scope of the management of a pre-litigation, the data is deleted as of the amicable settlement of the dispute or, failing that, as of the limitation period of the corresponding legal action.

The data collected and processed in the context of a dispute must be deleted when the ordinary and extraordinary remedies are no longer available against the rendered decision.

o For the management of requests for rights arising from the GDPR and the French Data Protection Act, as amended, or any other request relating to data protection

The data relating to the management of requests for rights are retained for the duration necessary to process the request. They are then archived for the duration of the criminal statute of limitations applicable to intermediate archiving, i.e. a period of 6 years pursuant to Section 8 of the French Code of Criminal Procedure.

Section 11. Your Rights

In accordance with the French Data Protection Act and the GDPR, you have the following rights (read more):

o right of access (Article 15 GDPR), to rectification (Article 16 GDPR), update, completeness of your data

o right to erasure (or "right to be forgotten") of your personal data (Article 17 GDPR), when they are inaccurate, incomplete, equivocal, outdated, or whose collection, use, communication or storage is prohibited

o right to withdraw your consent at any time (Article 7 GDPR)

o right to restriction of processing (Article 18 GDPR)

o right to object to processing of personal data (Article 21 GDPR)

o right to data portability you have provided to us, where your data is subject to automated processing based on your consent or on a contract (Article 20 GDPR)

o right not to be subject to a decision based solely on automated processing (Article 22 of the GDPR); no decision of this type is currently applied by COREXALYS

o right to define the fate of your data after your death and to choose that we communicate (or not) your data to a third party that you will have previously designated (Section 85 French Data Protection Act). In the event of your death and in the absence of instructions from you, we will destroy your data, except if their conservation proves necessary for evidentiary purposes or to meet a legal obligation.

You can exercise your rights:

o via our contact form: https://en.corexalys.com/contact

o by mail to COREXALYS - Service DPO, 7 rue de Madrid 75008 Paris, FRANCE.

Finally, you can also lodge a complaint with the supervisory authorities and in particular with the CNIL or any other competent authority, in particular in the EU Member State of its habitual residence or place of work, or in the event of an alleged breach of the GDPR.

Section 12. Connection Data and Cookies

We make use, to ensure the proper functioning and the security of the COREXALYS website, of connection data (date, hour, Internet address, protocol of the visitor's device, visited page) and of cookies (small files recorded on your computer) allowing to identify you indirectly, to memorize your visits, and to benefit from measures and statistics of audience.

The so-called "technical" cookies deposited by COREXALYS on your terminal have the exclusive purpose of allowing or facilitating the communication by electronic way of your terminal equipment with our site, by facilitating the management and the browsing of this one, and to ensure the security and the proper functioning of the Site

Section 13. Minor Children

The Services and the COREXALYS website are not intended for a minor public. COREXALYS does not voluntarily collect personal data from minors under the age of 15.

If you are a parent or guardian and you believe that your child has provided us with Personal Data without your consent, please contact us either via our contact form https://en.corexalys.com/contact or by mail at COREXALYS - Service DPO, 7 rue de Madrid 75008 Paris, FRANCE.

Section 14. Security

Strongly aware of the stakes of security of your data, COREXALYS implements all the means to comply with the requirements imposed by the GDPR and the French Data Protection Act of confidentiality and integrity of the information that you entrust to us.

We implement all the technical and organizational measures adapted to the risks in order to ensure the security of our processing operations.

In this respect, we take all useful precautions, with regard to the nature of the data and the risks presented by the processing to preserve the security and, in particular, to prevent the data from being distorted, damaged or accessed by unauthorized third parties (encryption of exchanges, encryption of storage spaces for sensitive information, authentication procedures for persons accessing the data with personal and secure access via strong identifiers and passwords, strict policy of authorization and sharing of documents, operation in a closed environment for certain Services, etc.).