On www.lerem.org (hereinafter the “Site”), the person responsible for processing personal data is Frank Flécheux, director of the laboratory “LEREM”, association, located at Les Marches de l’Oise 100, rue Louis Blanc 60160 Montataire France.
LEREM (hereinafter “we”) is committed to ensuring that the collection and processing of your data is carried out in a lawful, fair and transparent manner, in accordance with the General Data Protection Regulations (“GDPR”) and the amended Data Protection Act of 1978.
Our collection is limited to what is necessary, in accordance with the principle of data minimization. The definitions provided in Article 4 of the GDPR are applicable to this present document. In case of modification of this present, we undertake not to lower the level of confidentiality in a substantial way without informing you beforehand.
We will hereby endeavor to answer the following questions: What personal data do we process? For what purposes? On what legal basis? What are your rights ? How to exercise them? How long is the data kept?
You will also find our commitments in terms of subcontracting, transfers, communication to third parties and in the event of a security breach. For any clarification or complaint, please contact us.
Article 1 – Categories of personal data collected and processed
As part of our activity on this Site, you provide us with the following information by completing the information form(s) and communicating with us:
- When you browse the Site, data collected through cookies and similar technologies used;
- Civil status and contact information (title, surname, first name, company, position, postal address, telephone number and email) will allow us to identify you and communicate with you;
- Information relating to the contractual and commercial relationship.
Article 2 – Goals
- The identification of the people using this Site to order our products and/or services;
- The creation and management of the customer account of the person concerned as well as the execution of payment transactions made at his request;
- The processing of operations relating to the management of files concerning: orders; the deliveries ; the bills ; accounting and monitoring of the commercial relationship;
- Managing the relationship with prospects and customers and people’s opinions on products, services or content;
- The processing of questions and any complaints from people as well as the management of requests for the right of access, rectification and opposition;
- Compliance with the terms of online access to accounts and management of any authentication procedures (registration, connection and loss of password);
- Execution of payments;
- The development of commercial and advertising statistics;
- Prospecting and/or sending information (newsletter), which includes relaunching prospects, managing technical prospecting operations, selecting people to carry out loyalty, prospecting, polling, testing, promotion as well as the carrying out of solicitation operations;
- Participation in special events, such as contests, games, prize draws, offers and participation in the loyalty program, excluding online gambling and games of chance subject to the approval of the Online games ;
- Prevention and fight against fraud and means of payment and in particular against bank card fraud;
- Management of outstanding payments and disputes;
- Improving the Site and our offers;
- Site security.
Article 3 – Legal bases
The processing of personal data respectively finds its legal basis, within the meaning of Article 6 of the GDPR, in the fact that:
- The processing is necessary for the performance of the contractual relationship that unites us and/or that you wish to establish with us;
- Or the processing is also necessary to protect our legitimate interests, in particular by allowing us to carry out commercial prospecting, to keep proof of the transactions carried out and/or, if necessary, to proceed with recovery;
- If the law provides for it or if it is not necessary in one of the two previous cases, we will ask for your consent.
Article 4 – Storage time
The personal data subject to processing are not kept beyond the time necessary for the performance of the obligations defined at the conclusion of the contract or imposed by the legislation in force. We keep personal data for the time strictly necessary to achieve the purposes described herein. Beyond this period, they may be anonymized and kept for exclusively statistical purposes.
Means of erasing data are put in place in order to provide for the effective deletion as soon as the retention or archiving period necessary for the fulfillment of the determined or imposed purposes has been reached.
Article 5 – Cookies
You are informed that we are likely to deposit cookies on your terminal. The cookie records information relating to navigation on the service (the pages you have consulted, the date and time of the consultation, etc.) that we can read during your subsequent visits.
The maximum retention period for cookies is a maximum of 13 months after their first deposit in your terminal, as is the duration of the validity of the consent of your consent to the use of these cookies. The lifetime of cookies is not extended with each visit. Your consent must therefore be renewed at the end of this period.
Cookies can be used for statistical purposes, in particular to optimize the services provided, from the processing of information concerning the frequency of access, the personalization of the pages as well as the operations carried out and the information consulted. They can also be used for advertising purposes, in particular to offer you targeted content in banners and inserts on the Internet. Certain features of the site such as video players or interactive content are likely to use services offered by third parties and to deposit cookies allowing them to identify your consultation of the content. Some cookies also make it possible to save customer account information or the contents of a shopping cart.
Article 6 – Rights and your remedies
You have a right of access to data concerning you, rectification or erasure, query, limitation of the processing of your data, portability, and erasure.
You also have the right to object at any time, for reasons relating to your particular situation, to the processing of personal data having our legitimate interest as a legal basis, as well as a right of opposition to commercial prospecting. . At any time, you can also withdraw your consent to the processing, without affecting the lawfulness of the processing based on the consent given before its withdrawal.
In addition, you have the right to define general and specific directives defining the way in which you would like the rights mentioned above to be exercised after your death. Finally, you can lodge a complaint with the CNIL, if our answers seem unsatisfactory to you.
For any request, you will be asked to prove your identity by any useful means and to justify, if necessary, the reasons for your request.
Requests to exercise your rights should be sent by post or electronically.
From the exercise of the right to erasure, to oppose processing or to withdraw consent, the proper functioning of the Site may be disturbed or even interrupted. For example, if these rights are exercised when ordering products or services, then said order may be canceled and said service may be suspended.
The email you provide may be used to send you information via electronic mailing for example. If at any time you would like to unsubscribe from receiving these emails, you will find unsubscribe instructions at the end of each email.
More information on your rights: https://www.cnil.fr/fr/les-droits-pour-maitriser-vos-donnees-personnelles
Article 7 – Subcontracting
You are informed that we may use one or more subcontractors to carry out specific processing activities.
We undertake that any subcontractor presents sufficient contractual guarantees as to the implementation of appropriate technical and organizational measures, so that the processing meets the requirements of the GDPR (General Data Protection Regulation).
Article 8 – Third parties
We do not share any personal data for commercial purposes with third parties without your consent.
In the event of communication of your personal data to a third party, we will ensure that the latter is required to apply confidentiality conditions identical to ours.
On the basis of legal obligations, your personal data may be disclosed to public authorities pursuant to a law, a regulation or pursuant to a decision of a competent regulatory or judicial authority. In the event of delivery of products abroad, the customs services in particular will be recipients of personal data.
The personal data that you communicate to us when placing your order is transmitted to our suppliers, subcontractors and/or subsidiaries for the processing thereof. This information is considered to be strictly confidential, and these recipients only have access to the data necessary for the performance of the contract that binds us.
In the event that we take part in a merger, acquisition or any other form of asset transfer, we undertake to guarantee the confidentiality of your personal data and to inform you before these are transferred. or subject to new confidentiality rules.
If you connect your account to an account of another service, such as a social network, said service may communicate to us your profile information, connection information, as well as any other information whose disclosure you have authorized.
The Site may provide links to other sites, applications and services than its own, which may be operated by third-party companies. In this case, we are not responsible for the processing of personal data by these third-party sites, the user of which is invited to consult the personal data protection policies for more information.
Article 9 – Transfer abroad
We undertake to comply with the applicable regulations relating to the transfer of data to countries located outside the European Union and in particular according to the following methods:
- We will only transfer visitor, prospect and customer data to countries recognized as offering an equivalent level of protection; In case of transfer to the United States, to organizations that have adhered to the EU-US Privacy Shield only;
- We will only transfer personal data outside the countries recognized by the CNIL as having a sufficient level of protection if we have obtained authorization from the CNIL to proceed with this transfer.
Section 10 – Security
We undertake to implement all appropriate technical and organizational measures using physical and logistical security means in order to guarantee a level of security adapted to the risks of accidental, unauthorized or illegal access, disclosure, alteration, loss or destruction of personal data concerning you.
Under no circumstances can the commitments defined in the point above be assimilated to any acknowledgment of fault or liability for the occurrence of the incident in question.
Article 11 – Legislation
Article 12 – Consent