Privacy and Cookie Policy mercasafe.com
Last update date: 16/06/2020
MERCASAFE is very concerned about the confidentiality of your personal data as Users visiting and browsing our website mercasafe.com. This is why MERCASAFE FRANCE S.A.S., a simplified joint stock company with a share capital of 1.000€, named MERCASAFE FRANCE and registered with the RCS of PARIS under the number SIREN 899 059 968 strives to respect your rights in accordance with the regulations protecting personal data, in particular in accordance with the General Data Protection Regulation 2017/679 (RGPD), the ePrivacy directives of the European Parliament and the Council, as well as Law n°78-17 of January 6, 1978 known as the Data Protection Act amended by Law n°2018-493 of June 20, 2018 relating to the protection of personal data.
Article 1 - Definitions
1 "Personal data" or "personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"); an "identifiable natural person" is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity;
2. "processing" means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3. "data controller": MERCASAFE FRANCE S.A.S.
4. "processor" means the natural or legal person, public authority, department or other body that processes personal data on behalf of the controller;
5. "Recipient" means the natural or legal person, public authority, department or other body receiving personal data, whether a third party or not. However, public authorities 4.5.2016 L 119/33 Official Journal of the European Union EN which may receive personal data in the context of a specific investigation in accordance with Union law or the law of a Member State shall not be regarded as recipients; the processing of such data by the public authorities in question shall comply with the applicable data protection rules according to the purposes of the processing;
5. "Consent" of the data subject means any free, specific, informed and unambiguous expression of will by which the data subject accepts, by a declaration or by a clear positive act, that personal data concerning him or her may be processed;
6. "personal data breach" means a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed;
7. A "cookie" is a text file automatically saved in the browser of any User when visiting a website. This text file may contain personal data and/or information relating to the User's navigation.
Article 2 - Purpose
The purpose of this Privacy and Cookie Policy (hereinafter the "Policy") is to define the terms and conditions for the collection, storage, processing and deletion of personal data (hereinafter "personal data") of any individual or legal entity (hereinafter the "User") who, in the context of a strictly professional activity, simply uses or browses our Website.
The Data Controller assures the User that it implements all necessary means to ensure in particular compliance with the provisions of the General Data Protection Regulation 2017/679 of the European Parliament and of the Council dated 14 April 2016 by ensuring compliance with retention periods, the need to collect the aforementioned personal data, and the confidentiality of the personal data collected (hereinafter the "Regulation" or the "GDPR").
Article 3 - User consent
This Policy must be read and accepted by any User visiting our Website. By clicking on the box mentioning "read and accepted" referring to this Policy at the time of arrival on our Website, the User acknowledges having read and given his free, informed and unequivocal consent to the processing of his personal data under the conditions mentioned in this Policy.
Article 4 - Data collected
In the context of visiting and using our Website, certain personal data of Users may be collected by MERCASAFE, in its capacity as Data Controller, or by one or more subcontractors acting in the name and on behalf of the Data Controller, under the conditions defined below.
1 - Means of collection
The User's personal data is collected by the following means:
When the User provides it
Either by (1) filling in the contact form; and/or (2) filling in the order request or quotation request form; or (3) filling in the registration form for the website's legal review.
By automated collection
During the User's browsing on our Website, the Data Controller automatically records certain information relating to the User's preferences and use of the Website. Cookies are used during the User's browsing on our Website to collect this information automatically.
2 - Type of data collected
The personal data that may be collected are :
- the User's e-mail address
- the User's billing address
- the User's surname, first name and telephone number
- The User's payment details
- The history of orders placed via our website by the User
- The User's browsing preferences on our Website
3 - Data recipients
The recipients of personal data are :
- the Data Controller
- internal employees of the Data Controller acting on its behalf
- the host of our website domain
- any legally or administratively authorized person (e.g. judicial authorities)
Article 5 - Data processing
1 - Legal basis for processing
The processing of Users' personal data via our Website is justified by one of the conditions provided for in Article 6 §1 of the Regulations, as mentioned below. In accordance with the Regulations, Users' personal data will only be processed if one of the following conditions is met:
The User has consented to the processing: the User concerned has consented to the processing of his/her personal data for one or more specific purposes;
The performance of the contract requires it: processing is necessary for the performance of a contract to which the User concerned is a party, or for the performance of pre-contractual measures taken at the User's request;
Compliance with the law requires it: processing is necessary to comply with a legal obligation to which the data controller is subject;
A legitimate interest justifies it: the processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, unless the interests or the fundamental rights and freedoms of the User concerned prevail and require the protection of personal data, in particular where the User concerned is a minor.
2 - Data processing purposes and retention periods
In accordance with Article 13 of the Regulation, the reason and duration for storing and processing personal data is justified by a valid purpose, in addition to the legal basis.
Article 6 - Data protection officer
In accordance with the provisions of the Regulation, a Data Protection Officer (hereinafter "DPO") is appointed by the Data Controller. The DPO is responsible for ensuring compliance with the Regulation in the context of any processing or storage of personal data. The designated DPO, Mr VIALA Jérémy, can be contacted at the following e-mail address: jmt.viala@mercasafe.com
Article 7 - Means of data protection
In accordance with Article 5 and Article 32 of the Regulation, the Data Controller is bound by an obligation to guarantee the security of Users' personal data that it stores and processes.
The Data Controller keeps a register of all personal data collected from Users. The Data Controller affirms that it implements all necessary security measures to protect the User's personal data contained in this register and to avoid any violation of the User's personal data.
To this end, the Data Controller confirms to Users that it :
- allows pseudonymization and encryption of the User's personal data where necessary;
- implements means to guarantee the confidentiality, integrity, availability and constant resilience of processing systems and services;
- implements means to restore availability and access to personal data within appropriate timeframes in the event of a physical or technical incident;
- guarantees the use of a procedure to regularly test, analyze and evaluate the effectiveness of technical and organizational measures to ensure the security of processing.
The Data Controller guarantees Users that the data it stores and processes is stored within the European Union or in a country qualified as "adequate" under the Regulation.
However, if a transfer of data were to be implemented, the Data Controller would always ensure that the processing is legally supervised to guarantee a sufficient level of protection for the privacy and fundamental rights of individuals.
In the event of a breach of the User's personal data, the Data Controller undertakes to notify the competent supervisory authority of this breach within 72 hours in accordance with Articles 33 and 34 of the Regulation, and to notify the User of this breach if this proves necessary in view of the requirements of the Regulation.
Article 8 - Cookies
1 - Purpose of using cookies
As explained above, a cookie is a text file automatically saved in the browser of any User when visiting a website. This text file may contain personal data and/or information relating to the User's browsing.
The sole purpose of the cookies used on the website is to improve your browsing experience as a User. The cookies used facilitate your browsing by storing some of your personal data when you access and browse our Website. Three types of cookies are used on our website, their purpose varying according to their type:
Functional cookies: these are used to store data entered during authentication or searches carried out on our website.
Advertising cookies: these cookies enable us to identify the consumption and search habits and preferences of Users, so that we can offer them advertising content in line with their personal preferences.
Security cookies: these cookies ensure the security of Users' personal data by guaranteeing the encryption of data contained in other cookies.
2 - Cookies used, lifetime and function
The following is a list of the cookies used on our website, together with their name, lifetime and function:
3 - Managing cookies: activation and deactivation
It is possible for the User to manage Cookies on the browser he/she is using at any time. The User can activate or deactivate them at any time. The means of managing cookies depends on each browser. To make it easier for Users to manage their cookies, below is an explanatory guide to managing cookies on the main browsers used by Users:
Google chrome: https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=fr
Safari: https://support.apple.com/fr-fr/guide/safari/sfri11471/mac
Mozilla Firefox: https://support.mozilla.org/fr/kb/activer-ou-desactiver-les-cookies sur-firefox-pour-android
Internet explorer: https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies
Article 9 - User rights
The User has the right to ask the Data Controller for access to his/her personal data, for the rectification or deletion thereof, or for a limitation of the processing relating to the User concerned, or the right to object to the processing and the right to data portability.
Users have the right to withdraw their consent to the processing of their personal data at any time. This withdrawal of consent will take effect when the Data Controller receives notification of the User's withdrawal of consent. The User has the right to define general and/or specific directives concerning the fate of his/her personal data and the manner in which the User wishes his/her rights to be exercised after his/her death. In this respect, in the event of the User's death which is brought to the attention of the Data Controller, personal data will be deleted, unless it is required to be kept for a specific period of time for reasons relating to the Data Controller's legal and regulatory obligations and/or legal prescription periods, and after having been communicated to any third parties designated by the User.
The User has the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) via the contact form available at the following site: https://www.cnil.fr/fr or with the Direction Générale de la Concurrence, de la Consommation et de la répression des fraudes via the contact form available at https://www.economie.gouv.fr/dgccrf.
The User may also exercise the rights set out above in relation to this Policy by notifying the Data Controller at the following e-mail address: contact@mercasafe.com.
