Privacy Policy

Purpose of this policy ?

Your privacy is very important to us. We are committed to safeguarding the confidentiality of your personal data, which we consider to be a sign of reliability and trust.

The data privacy policy reflects our commitment to ensuring compliance with applicable data protection rules and in particular with the General Data Protection Regulation (“GDPR”).

In particular, the privacy policy aims to inform you about how and why we process your data in the context of the services we provide.

Who is this policy aimed at ?

The policy applies to you if you are at least 18 years old, regardless of where you live, whether you are a customer, a potential customer (“prospect”) or just a visitor.

If you are under 18 years of age, you are not permitted to use our services without the prior consent of your parents or guardian. If you believe that we may be holding information about a child of yours under the age of 18 without your consent, you can request that we delete it at  dpo@stations-e.com.

Why do we process your data and on what basis?

In the course of providing our services, we may need to process your personal data for the following reasons and purposes:

  • So that you can benefit from our services (e.g. creating an online account, paying for our online services, etc.) and so that we can respond to your requests (e.g. requests for information, complaints, etc.) on the basis of our terms and conditions of sale, our terms and conditions of use, and our legitimate interest in providing you with the best possible service.
  • To keep you informed of our latest promotional offers and events by email, and by SMS, based on our legitimate interest in retaining our customers and on your consent, in case you are not yet one of our customers.
  • So that you can subscribe to and receive our newsletter which will inform you of any news about our services based on your consent
  • To ensure and enhance the security and quality of our day-to-day services (e.g. statistics, data security, etc.) based on our legal obligations, our general terms and conditions and our legitimate interest in ensuring the proper functioning of our services.
  • Finally, we may also install “cookies” on your terminal. For more information on the use of “Cookies”, please consult our “Cookies Policy”.

 

We undertake to process your data only for the purposes described above.

What data do we process and for how long?

We have summarised the categories of personal data that we collect directly from you or via databases of potential customers, and their respective retention periods.

If you would like to know more about the retention periods, you can contact us at dpo@stations-e.com.

  • Personal or professional identification data and contact details (e.g. surname, first name, personal or professional email address, personal or professional postal address, etc.) are kept for the duration of the provision of the service, plus the statutory limitation periods, which are generally 5 years.
  • Economic and financial data (e.g. bank account number, verification code, etc.) are kept for the duration necessary for the transaction and for the management of invoicing and payments, plus the legal limitation periods, which are generally 5 to 10 years.
  • Data for the purposes of commercial and marketing prospecting and subscription to our newsletter (e.g. email address, etc.)

 is retained for a maximum of 3 years from the last contact we had with you.

  • Connection data (e.g. logs, IP address, etc.) is kept for a period of 1 year.

Once the above retention periods have expired, we will delete all your personal data to ensure your privacy for future years.

The deletion of your personal data is irreversible, and we will no longer be able to provide it to you after this period. At most, we may only keep anonymous data for statistical purposes.

Please also note that in the event of a dispute, we are obliged to retain all your data for the duration of the case, even after the expiry of the retention periods described above.

What rights do you have to control the use of your data?

The applicable data protection regulations give you specific rights that you can exercise, at any time and free of charge, to control the use we make of your data.

  • The right to access and copy your personal data, provided that this request does not conflict with business secrecy, confidentiality or the secrecy of correspondence.
  • The right to rectify personal data that is incorrect, obsolete or incomplete.
  • The right to object to the processing of your personal data for commercial prospecting purposes.
  • The right to request the deletion (“right to be forgotten”) of your personal data that is not essential to the proper functioning of our services.
  • The right to limit the use of your personal data, which allows us to photograph the use of your data in the event of a dispute over the legitimacy of the processing.
  • The right to portability of your data, which allows you to retrieve part of your personal data in order to store it or transmit it easily from one information system to another.
  • The right to give instructions on what to do with your data in the event of your death, either through you or through a trusted third party or successor in title.

For a request to be taken into account, it is imperative that it is made directly by you to the address dpo@stations-e.com. Any request that is not made in this way cannot be processed.

We will respond to your request as soon as possible, but no later than two months after receipt, or if the request is technically complex or if we receive many requests at the same time.

Please note that we can always refuse to respond to any excessive or unfounded request, especially if it is repetitive.

Who can access your data?

We will only share your data with those persons who are authorised to use it for the purpose of providing our services. 

This may include our staff in charge of service implementation, accounting, marketing or even security at our premises.

We may also share your data with public authorities, external advisers and practitioners, and service providers.

How do we protect your data?

We implement all the technical and organisational means required to guarantee the security of your data on a daily basis and, in particular, to combat any risk of unauthorised destruction, loss, alteration or disclosure of your data.

In particular, we use encryption technology to encrypt your personal data, and all our computer equipment is obviously equipped with the latest antivirus and firewall software

Can your data be transferred outside the European Union?

Unless strictly necessary and on an exceptional basis, we never transfer your data outside the European Union and your data is always hosted on European soil. In addition, we make every effort to use only service providers who host your data within the European Union.

Should our service providers nevertheless transfer your personal data outside the European Union, we take great care to ensure that they implement appropriate safeguards to ensure the confidentiality and protection of your data.

Who can you contact for more information?

Our Data Protection Officer (“DPO”) is always available to explain in more detail how we process your data and to answer your questions on the subject at dpo@stations-e.com.

How can you contact the CNIL?

You may at any time contact the French data protection supervisory authority (the “Commission nationale de l’informatique et des libertés” or “CNIL”) at the following address CNIL Complaints Department 3 place de Fontenoy – TSA 80751, 7533 4 Paris Cedex 07 or by telephone at 01 53.73.22 22.

Can the policy be changed?

We may change our privacy policy at any time to adapt it to new legal requirements and to new processing operations that we may carry out in the future. You will of course be informed of any changes to this policy.

Published le 26 /10 / 2021

Certified by Dipeeo ®