1. General Provisions This Privacy Policy (hereinafter referred to as the "Policy") is developed in accordance with the requirements of the General Data Protection Regulation (GDPR) of the European Union, French Law No. 78-17 "Informatique et Libertés" on Data Protection, and other relevant regulations in force in France.

This Policy defines the procedures for the collection, processing, storage, and protection of personal data provided by individuals (hereinafter referred to as "Data Subjects") in accordance with the objectives of the activities of the Data Controller.


2. Basic Concepts For the purposes of this Policy, the following terms are used:

• Personal Data: Any information related to an identified or identifiable individual, including but not limited to name, address, email, phone number, etc.
• Processing of Personal Data: Any operation or series of operations performed on Personal Data, including collection, recording, storage, alteration, transfer, deletion, etc.
• Data Controller: The entity (individual or legal) that determines the purposes and means of the processing of Personal Data.
• Data Processor: The entity that processes personal data on behalf of the Data Controller.
• Data Subject: Any natural person whose Personal Data is processed.
• Transmission of Personal Data: Transfer of Personal Data to a third party, within or outside the country, or to international organizations.
• Cross-border Data Transfer: Transfer of Personal Data outside the territory of the European Union/European Economic Area.

3. Main Rights and Obligations of the Data Controller The Data Controller commits to:

• Processing Personal Data lawfully, fairly, and transparently.
• Protecting the confidentiality and security of Personal Data.
• Providing clear and comprehensive information to Data Subjects about the processing of their data, including purposes, recipients, and retention periods.
• Ensuring Data Subjects’ rights are respected, including access, rectification, erasure, and data portability.

The Data Controller will take all necessary organizational and technical measures to ensure that Personal Data is protected from unauthorized access, alteration, destruction, or disclosure.


4. Rights and Obligations of Data Subjects Data Subjects have the right to:

• Access their Personal Data and receive a copy.
• Rectify inaccurate or incomplete data.
• Request the erasure of their Personal Data under certain conditions (right to be forgotten).
• Object to the processing of Personal Data for direct marketing purposes.
• Withdraw consent at any time, where processing is based on consent.
• Data portability, i.e., the right to obtain Personal Data in a structured, commonly used, and machine-readable format.

Data Subjects are required to provide accurate and complete Personal Data when submitting it.


5. Principles of Personal Data Processing The following principles shall govern the processing of Personal Data:

• Lawfulness, fairness, and transparency: Personal Data is processed in a lawful, fair, and transparent manner.
• Purpose limitation: Personal Data is collected only for specified, legitimate purposes and is not further processed in a manner incompatible with those purposes.
• Data minimization: Personal Data collected is adequate, relevant, and limited to what is necessary.
• Accuracy: Personal Data is accurate and, where necessary, kept up to date.
• Storage limitation: Personal Data is kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes of processing.
• Integrity and confidentiality: Personal Data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

6. Purposes of Personal Data Processing Personal Data may be processed for the following purposes:

• To provide services and fulfill contractual obligations.
• To communicate with clients, including sending newsletters, offers, and marketing information.
• To ensure compliance with legal and regulatory obligations.
• To improve services and tailor them to individual needs.
• To manage customer support and resolve issues.

7. Legal Basis for Processing Personal Data Personal Data will be processed based on the following legal grounds:

• Consent: Data Subject’s explicit consent, where processing is based on consent.
• Contract: Processing is necessary for the performance of a contract with the Data Subject.
• Legal Obligation: Processing is necessary for compliance with a legal obligation.
• Legitimate Interests: Processing is necessary for the legitimate interests pursued by the Data Controller or a third party, except where such interests are overridden by the Data Subject’s rights and freedoms.

8. Conditions for the Collection, Storage, Transfer, and Other Types of Personal Data Processing

• Collection: Personal Data will be collected for specified and legitimate purposes, limited to what is necessary.
• Storage: Personal Data will be stored securely, ensuring protection against unauthorized access.
• Transfer: Personal Data may be transferred to third parties for processing, in accordance with the purposes outlined in this Policy. Transfers to countries outside the European Economic Area will be carried out in accordance with GDPR requirements.
• Other Processing: Personal Data will be processed only for the purposes defined at the time of collection.

9. Security Measures The Data Controller shall implement appropriate technical and organizational measures to ensure the security of Personal Data, including protection against unauthorized access, alteration, disclosure, or destruction. These measures will be continuously evaluated and updated based on evolving risks.


10. Data Retention Personal Data will be retained only for as long as necessary to fulfill the purposes for which it was collected and processed, in accordance with applicable legal requirements.


11. Cross-border Data Transfers If Personal Data is transferred outside the European Economic Area (EEA), the Data Controller will ensure that such transfers comply with the relevant provisions of GDPR and French data protection laws. This may involve implementing standard contractual clauses or ensuring that the destination country provides an adequate level of protection.


12. Updates to the Privacy Policy This Privacy Policy may be amended from time to time. All changes will be communicated via appropriate channels, and the updated policy will be published on the Data Controller's website.