Personal data – Website management

Activities relating to the www.infinite-value.fr website involve the processing of personal data.

What does the personal data use policy cover?

This policy informs you of the characteristics of this processing and of your rights regarding your personal data.

This privacy policy has been drawn up in accordance with Act no. 78-17 of 6 January 1978 (known as the “Data Protection Act” or “LIL”) and the General Regulation on the Protection of Personal Data (“RGDP”) no. 2016/679.

Who is responsible for this policy?

The data controller is Joimel Claudine, a Managing Director of a Limited Liability Company.

The contact details of the data controller are as follows: 48 rue Raspail, 38000 Grenoble, France.

The manager can be contacted on the following number: +33 (0)679504951.

The contact e-mail address is claudine.joimel@infinite-value.fr.

Who is this policy intended for?

This policy is aimed at users of the site: Internet users browsing the site.

It also concerns:

  • persons to whom we have entrusted technical services (hosting service provider, maintenance, site security)
  • people who have access to the site’s back office for administration purposes
  • people who write or are quoted in content on the site
  • people who contact us using the site’s contact form
  • persons who publish opinions and comments on our site
  • people who make an appointment with us using an e-calendar
  • people whom we list on the site as partners

Purposes (what the data collected is used for)

The purpose of the data processing is to manage the website.

This processing allows:

  • technical management of the site (maintenance, hosting, site security)
  • website administration
  • management of requests for information via the contact form
  • management of opinions and comments published on the site
  • managing appointments (e-calendar)
  • referencing partners on the site

Legal basis for processing: what gives us the right to process data

The legal bases for processing are as follows:

  • for the technical management of the site (maintenance, hosting, site security), the legal basis is legitimate interest
  • for website administration, the legal basis is legitimate interest
  • for the management of requests for information via the contact form, the legal basis is the legitimate interest (to enable online communication) or the execution of pre-contractual measures (production of quotes at the request of individuals)
  • for the management of opinions and comments published on the site, the legal basis is the consent of the persons concerned
  • for the referencing of partners on the site, the legal basis is the consent of these partners

Data retention period

Data that is processed is kept for no longer than is necessary for the purposes for which it is recorded (principle of minimisation of processing).

The maximum retention periods are as follows:

  • for technical management of the site (maintenance, hosting, site security): 12 months for IP addresses and connection logs
  • for website administration: for as long as the persons concerned administer the site
  • for the management of requests for information via the contact form: 3 years from the date of the request
  • for the management of opinions and comments published on the site: 5 years from publication
  • for referencing partners on the site: 5 years from publication

Data processed

The data controller processes the following categories of data:

Civil status, identity, identification data, images (surname, first name, address, photograph, date and place of birth, etc.).

Mandatory or optional nature of data collection

The data collected is mandatory for the purposes of processing, except in certain cases:

Some of the data collected when filling in the contact form is not necessary (e.g. non-mandatory field).

Data sources

The data is transmitted directly by the data subject.

Data recipients

Depending on their respective needs, the following are recipients of all or part of the data:

persons in charge of technical services (hosting provider, maintenance, site security).

What security measures have been put in place?

The data controller implements appropriate technical and organisational measures to guarantee a level of security appropriate to the risk.

The data controller shall take steps to ensure that any natural person acting under the authority of the data controller or the data processor who has access to personal data does not process it unless instructed to do so by the data controller or unless obliged to do so.

Whether or not data is transferred to a country outside the European Union and associated guarantees.

The data controller does not transfer any personal data outside the European Union.

Automated decision-making

The processing does not involve fully automated decision-making.

Fate of personal data after death – Right of access, rectification, deletion and portability of data

The person concerned by a processing operation may define directives relating to the conservation, deletion and communication of his/her personal data after his/her death. These directives may be general or specific.

Data subjects also have the right to access, object to, rectify, delete and, under certain conditions, port their personal data. The data subject has the right to withdraw consent at any time if consent is the legal basis for processing.

The request must indicate the surname and first name, e-mail or postal address of the person concerned, and must be signed and accompanied by valid proof of identity.

These rights may be exercised by contacting:

Claudine Joimel

claudine.joimel@infinite-value.fr

+33 (0)6 79 50 49 51

Complaints

Data subjects have the right to lodge a complaint with the supervisory authority (CNIL): https://www.cnil.fr/fr/webform/adresser-une-plainte