Privacy policy for clients and prospects

What is the purpose of this Privacy Policy?

We attach great importance to the protection and privacy of your personal data, which represents a guarantee of seriousness and trust.

The purpose of this Privacy Policy is precisely to demonstrate our willingness to comply with the applicable rules related to personal data protection and, more particularly, to the General Data Protection Regulation (“GDPR”).

The Privacy Policy aims to inform you about how and why we process your personal data in the context of the services we provide.

Who does this Privacy Policy apply to?

The Privacy Policy applies to you, if you are at least 18 years old, regardless of your location, whether you are a customer, a potential customer (“prospect”) or even a visitor.

Why do we process your personal data and on what legal basis?

In the context of the services offered, we are necessarily required to process your personal data for the following purposes and legal basis:

  • To use our services (e.g. creating an online account, paying our services online, etc.) and to answer to your requests (e.g. requests for information, complaints, etc.) based on our terms and conditions of sale, our terms and conditions of use, and our legitimate interest in providing you with the best possible service.
  • To keep you informed of our latest promotional offers and events by email and by SMS, based on our legitimate interest to retain your loyalty and on your prior consent, in case you are not yet one of our customers.
  • To subscribe and to receive our newsletters which will inform you about all the news concerning our services based on your consent.
  • To ensure and reinforce the security and quality of our services on a daily basis (e.g. statistics, data security, etc.) on the basis of our legal obligations, our general terms and conditions of sales and our legitimate interest in ensuring the proper functioning of our services.
  • Finally, we may also install “cookies” on your device. For more information on the use of cookies, please consult our “Cookies Policy”.

We undertake to process your personal data only for the reasons described above.

What personal data do we process and for how long?

We have summarised thereafter the categories of personal data we collect either directly from you or indirectly through databases of potential customers, as well as their respective retention periods.

If you want more details about the retention periods, you can contact us at dpo@stations-e.com.

  • Personal identification and contact data (e.g. surname, first name, personal or professionnal email address, etc.) stored for the duration of the provision of the service plus the legal limitation periods, which are generally 5 years.
  • Economic and financial data (e.g. bank account number, verification code, etc.) stored for the period of the transaction and for the management of the invoicing and payments, plus the legal limitation periods, which are generally 5 to 10 years.
  • Marketing, direct marketing and newsletter subscription data (e.g. email address, etc.) stored for a maximum period of 3 years from the last contact we had with you.
  • Login data (e.g. logs, IP address, etc.) retained for a period of 1 year.

At the end of the retention periods summarised above, we erase all your personal data to ensure your privacy for future years.

The erasure of your personal data is irreversible and we will no longer be able to communicate it to you after this period. After such erasure, we may only keep anonymous data for statistical purposes.

Please also note that in the event of a dispute, we have the obligation to retain all data we have from you during the case even if the retention periods described previously have expired.

What rights do you have to control the use of your personal data?

The applicable data protection regulations grant you specific rights that you can exercise, at any time and free of charge, to control the use we make of your personal data.

  • The right of access to your personal data and to obtain a copy, provided that this request does not conflict with business secrecy, confidentiality or the secrecy of correspondence.
  • The right to rectification of inaccurate, obsolete or incomplete personal data.
  • The right to object to processing of your personal data for direct marketing purposes.
  • The right to obtain the erasure (“right to be forgotten”) of your personal data that is not essential to the proper functioning of our services.
  • The right to restriction of processing your personal data, which allows you to freeze the use of your data in the event of a dispute over the lawfulness of a processing operation.
  • The right to give instructions on the fate of your personal data in the event of your death. You can give instructions directly by you or through a trusted third party or a beneficiary.
  • The right to your personal data portability which allows you to transfer some of your personal data from one information system to another.

To be taken into account, the request has to be made directly by you at undefined. Any request not made by this means cannot be processed.

We will respond to your request as quickly as possible, up to a maximum of two months from receipt, if the request is technically complex or if we receive many requests at the same time.

Please note that we can always refuse to respond to any excessive or unfounded request, especially if it is repetitive.

Who can access your personal data?

We only share your data with duly authorized persons to perform our services. This may include our staff in charge of the performance of our services, accounting, marketing or even the security of our offices.

We may also disclose your personal data to public authorities, external consultants and legal advisers, as well as to service providers and possibly business partners.

How do we protect your personal data?

We implement all the technical and organisational measures required to guarantee the security of your data on a daily basis and, in particular, to struggle against risks of destruction, loss, alteration or unauthorised disclosure of your data.

In particular,and all our devices are obviously protected by the latest antivirus and firewall software.

Can your personal data be transferred outside the European Union?

Unless strictly necessary and on an exceptional basis, we never transfer your personal data outside the European Union and your personal data are always hosted on European territory. In addition, we do all that we can to use only service providers who host your personal data within the European Union.

In case our service providers transfer your personal data outside the European Union, we scrupulously ensure that they implement the appropriate guarantees to ensure the confidentiality and protection of your personal data.

Who can you contact for more information?

Our Data Protection Officer (“DPO”) is always at your disposal to give you a detailed explanation of how we process your personal data and to answer your questions on this subject at the following address dpo@stations-e.com.

How can you contact the French Supervisory Authority (the “CNIL”)?

You may at any time contact the French Supervisory Authority for personal data protection (the “Commission nationale de l’informatique et des libertés” or “CNIL“) at the following address: Service des plaintes de la CNIL, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 (France) or by phone at +331.53.73.22.22.

Can the policy be modified?

We may modify our Privacy Policy at any time to adapt it to new legal requirements and to new processing operations that we may implement in the future. You will of course be informed of any modification of this Privacy Policy.

Publié le 18/11/2021

Certifiée conforme par Dipeeo ®