Personal data protection policy and cookies

14 juin 2018

ARTICLE 1 Definition

• “Website” refers to the infrastructure developed by ITL and Cerbère in accordance with the computer formats used on the Internet, comprising data of various kinds, and in particular text, sounds, still or animated images, videos and databases, designed to be consulted and accessible at the following address: http://www.itl.fr;
• “Internet” refers to various networks of servers located in different places throughout the world, linked together by means of communication networks, and communicating using a specific protocol known as TCP/IP;
• “Personal data”, “special categories of data”, “process/processing” have the same meaning as defined by Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
• “Data Controller” is the entity that collects and processes nominative information (personal data);
• “Processor”: any person who agrees to process personal data on behalf of the Data Controller or to access personal data in accordance with the Data Controller’s instructions;
• “Recipients” means any person authorised to receive data other than the Data Controller, the Subcontractor and the persons who, by virtue of their duties, are responsible for processing the data;
• “Authorised third parties”: authorities legally empowered, in the context of a particular task or the exercise of a right of communication, to ask the Data Controller to communicate personal data to them;
• “Data subject”: an end user to whom the data being processed belongs;
• “Processing of personal data” means any operation or set of operations performed on personal data, regardless of the process used. It includes the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.

ARTICLE 2 Scope of application

The purpose of this personal data protection policy (hereinafter the “Policy”) is to inform Data Subjects of how their personal data are collected and processed by ITL.

ARTICLE 3 Identity of the Data Controller

Personal data are collected by ITL SAS, a company with a capital of €500,000, registered with the Strasbourg Trade and Companies Registry under the identification number 330414988, and whose head office is located at 13 RUE DU CANAL – 67203 OBERSCHAEFFOLSHEIM, represented by Paul ADAM, in his capacity as CEO

ARTICLE 4 Processing of personal data

ITL is committed to protecting the privacy of its users in compliance with the regulations in force and in particular the French Data Protection Act no. 78-17 of January 6, 1978 as amended and the European Data Protection Regulation 2016/679.

A. Goals

Within the framework of managing the http://www.itl.fr website and its applications, ITL collects personal data. These data are processed in accordance with the purposes set out at the time of collection, namely:

• Managing access to and use of certain Services;
• Managing requests on the website;
• Sending newsletters, requests, and promotional messages;
• Compiling statistics and measuring the number of visitors to the Services and the pages consulted by Internet users;

B. Processed data

When collecting the Data, the User will be informed whether certain Data are mandatory or optional. Data identified by an asterisk in the registration form are mandatory. Failure to provide such Data will prevent the User from accessing and using the Services.

ITL may also collect personal data for other purposes, provided that it obtains the prior consent of the persons concerned.

In particular, ITL may collect the following data:

• Identity: surname, first names, address, telephone number (landline or mobile), fax number, e-mail address, internal processing code allowing to identify the client (this internal processing code is distinct from the registration number in the national register for the identification of physical persons, the social security number and the bank card number);
• Data relating to means of payment: postal or bank statement, transaction number, check number and credit card number;
• Data relating to the commercial partnership: count requests, requests for information on products and services, stored information regarding the consulted lists;
• Data relating to statistics and audience measurement :
• Preferences and settings for time zone, language and font size:
  • Identifiant adresse IP ;
  • Technical information: device type, name and version of the operating system, device manufacturer, browser information (type, version), screen resolution;
  • Basic geographical information: geographical location derived from the IP address;

C. Recipients of the collected data

The database created when registering for services is strictly confidential. ITL undertakes to take all necessary precautions and appropriate organizational and technical measures to preserve the security, integrity, and confidentiality of the Data and, in particular, to prevent it from being distorted, damaged, or accessed by unauthorized third parties.

D. Data transferred to public authorities and/or bodies

In accordance with the regulations in force, Data may be transferred to the competent authorities upon request, and in particular to public bodies, exclusively to meet legal obligations, court officers, legal agents, and bodies responsible for collecting debts.

E. Data transferred to third parties

The Data may, with the explicit and prior consent of the User, be used by ITL, its subcontractors, its affiliates, and/or its commercial partners:

• ITL’s staff, the services responsible for supervision (auditors in particular), and ITL’s subcontractors will have access to the data collected as part of the use of the website and the applications.
• Its data may be transmitted to other companies in the ITL group. This agreement may be withdrawn at any time by the User.

F. Time limits for the storage of personal data

The data collected for the health of our servers is stored for 3 years as regards the website and 30 days on our backup servers.

The data collected by Google Analytics is stored for 38 months.

ARTICLE 5 Rights of the Persons concerned

It is reminded that the Data Subjects have the right to access, delete, rectify and object to the processing of their personal data, except in cases where the processing meets a legal obligation. These rights can be exercised, in accordance with the law n°78-17 of January 6, 1978 modified on August 6, 2004, by providing proof of one’s identity through the transmission of a copy of a national identity card for example, and of a legitimate reason:concernées bénéficient des droits d’accès, de radiation, de rectification et

• by simple request by e-mail to the following address:rgpd@itl.fr ;
• by paper mail to the address: ITL – 13 RUE DU CANAL – 67203 OBERSCHAEFFOLSHEIM

ITL undertakes to ensure that the data collected are kept in a form that allows the identification of the Data Subjects for a period that does not exceed the period necessary for the purposes for which they are collected and processed.

ARTICLE 6 Transfer of Personnal Data

The personal data collected on the website are exclusively reserved for ITL

ITL is the sole recipient of these data. However, ITL reserves the right to transmit your personal data in order to satisfy its legal obligations, and in particular if it is obliged to do so by judicial requisition.

ITL informs you that your data may be transferred outside the European Union. Where applicable, ITL undertakes not to transfer personal data outside the European Union, without having taken the regulatory steps according to the level of data protection in the recipient country: contractual clauses, Privacy Shield or any other step imposed by the regulations.

ARTICLE 7 The Data Protection Officer (DPO)

ITL has appointed ACTECIL as an external DPO in charge of its compliance with the European Data Protection Regulation 2016/679 and the monitoring of its compliance.

ACTECIL can be contacted at the following address:

Postal address: 204 Avenue de Colmar – 67000 STRASBOURG – FRANCE

Dedicated telephone line: 0972272293

Dedicated e-mail address: dpo_itl@actecil.fr

ARTICLE 8 Security

In accordance with articles 34 and 35 of the law N°78-17 of January 6, 1978 modified on August 6, 2004, ITL implements all the technical and organizational measures necessary to guarantee the security and confidentiality of the personal data collected and processed, and in particular to prevent them from being deformed, damaged or communicated to unauthorized third parties, by ensuring a level of security adapted to the risks linked to the processing and to the nature of the data to be protected, taking into account the technological level and the cost of implementation

ARTICLE 9 COOKIES

A cookie (hereinafter the « Cookie(s) ») is a text file that may be stored in a terminal, such as your hard disk, when you consult a Service or Information with a browser. A Cookie allows its issuer, during its validity period, to recognize the terminal concerned each time this terminal accesses digital content containing Cookies from the same issuer.

The User is informed that, when connecting to the Website or the Applications and when using the Services, Cookies are installed on the User’s terminal (computer, tablet, smartphone, etc.), or on the User’s browser, subject to the User’s expressed choice concerning Cookies for the proper functioning of the Services; this choice may be modified at any time.

Several types of cookies are likely to be used by the website:

• The cookies strictly necessary for navigation on the website and to ensure its proper functioning;
• Functional cookies that allow you to identify yourself and therefore access your account, your shopping cart but also to customize your experience on the website;
• The cookies that allow us to establish statistics of frequentation;
• Cookies and social network plug-ins;

If your browser allows it, you can oppose the recording of cookies by configuring the settings of your browser.

The length of time that cookies are kept varies according to the types of cookies. We mostly use cookies that self-destruct after the end of the connection. These are called session or navigation cookies. A log file also allows us to record all accesses to our web pages or the downloading of various files available on our sites, for a period of 6 months. Finally, the information concerning your consent to cookies is kept for a maximum of 13 months. Cookies are used for internal purposes and are not accessible to third parties.