Privacy and Data Protection Policy

Summary

  1. Introduction
  2. Glossary
  3. Protecting your Personal Data
    1. What Personal Data do we collect?
    2. Storing Personal Data.
    3. For what purpose are your Personal Data used?
    4. Who are the recipients of the Personal Data?
    5. Transfer of your Personal Data
  4. Your rights
    1. What are your rights?
    2. How to exercise your rights?
  5. Social Networks
  6. Cookies
    1. What are the cookies on our Site used for?
    2. Your choices regarding cookies
  7. Personal data of minors under 16 years of age
  8. Updating the Privacy and Data Protection Policy
  9. Contact

1. Introduction

This privacy and personal data protection policy describes the rules applicable to the information processed by SEPADEF, a company in collective name with a capital of €40,000 whose registered office is at PUTEAUX (92800) – 4 place de la Pyramide – Immeuble Ile de France – Bâtiment A, registered in the Nanterre Trade and Companies Register under number 381 904 630 (hereinafter called the “Company”), in its capacity as data controller.

Thep use of the https://ch.arkindigo.com/ Website (hereinafter the “Site”) requires the acceptance by the user (hereinafter the “User”) of this Personal Data Protection Policy, the General Terms and Conditions of Use (hereinafter the “TCU”) and, where applicable, in the event of the purchase of a product or service, the General Terms and Conditions of Sale (hereinafter the “TCS”).

This policy (as well as our TCU and any documents referred to therein) sets out how we handle the personal data collected by the Company and provided by the User. The User is asked to read this document carefully to know and understand our practices regarding the processing of the User’s personal data by the Company.

The Company complies with the General Data Protection Regulation, No. 2016/679 of 27 April 2016, the “Data Protection Act” No. 78-17 of 6 January 1978 as amended, as well as the law “for building confidence in digital economy” No. 2004-575 of 21 June 2004.

The Company has appointed a Data Protection Officer in charge of exercising your rights, in accordance with the said law.

If the User disagrees with any of these terms, they are free to stop using the Site, but also to contact the Data Protection Officer at the address: dpo.fr@group-indigo.com in order to exercise their rights as defined in Article 4.

2. Glossary

Cookies: A cookie is a small text file containing information that is downloaded to the User’s computer or mobile device when the User visits a website or mobile application; they are used to recognise the User’s device when they access a website or application already in use again.

Personal Data or Data: means any information relating to an identified or identifiable natural person that can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, identification number, location data, online identifier, or to one or more aspects specific to their physical, physiological, genetic, psychological, economic, cultural or social identity. Thus, the data collected by the Company may include your strictly personal data, in that they allow you to be identified as a particular person. Conversely, some data does not allow us to identify you directly, such as your navigation data (the type of browser, device and operating system, the path followed on the Site, etc.) but are still considered as Personal Data because they are linked and/or attachable to the former.

Specific Rights: refers to the rights granted to the User by the General Data Protection Regulation and described in Article 4.

Partners: refers to the service providers and subcontractors involved in the performance of the Service.

Personal Data Regulations: refers together to the General Data Protection Regulations, No. 2016/679 of 27 April 2016, the “Data Protection Act” No. 78-17 of 6 January 1978 as amended, the law “for building confidence in digital economy” No. 2004-575 of 21 June 2004, as well as any new law that may be adopted in transposition of the GPDR.

GDPR: refers to the General Data Protection Regulation No. 2016/679 of 27 April 2016 applicable as from 25 May 2018.

Social Networks: refers to the social networks on which we are present, namely: Twitter, facebook, instagram, LinkedIn.

Services: refers to the services marketed by the Company and available on the Site.

Site: refers to the website published by the Company and available at the address: https://ch.parkindigo.com/

Device: refers to the physical equipment (computer, smartphone, tablet, etc.) that you use to view or visit the Site.

3. Protecting your Personal Data

3.1 What Personal Data do we collect?

We may collect the following data about you:

3.1.1 Data that you voluntarily provide to us as part of our Services

The mandatory or optional nature of the Data that you provide is indicated to you at the time of collection by a notice or an asterisk.

Request made via a contact form
We collect the Data that you voluntarily declare to us from a collection form on the Site, upstream or in the context of the performance of the Services, such as:

  • Surname, First name
  • Email
  • Subject and Message

Other data processing frameworks
In addition, we also collect and process the necessary Data:

  • the implementation of loyalty, prospecting, research, survey and promotion actions,
  • the organisation and smooth running of games, lotteries and other commercial and promotional operations, such as the date of participation, the answers given and the nature of the prizes offered.

3.1.2 The Data that we automatically collect when you use our Services

We collect and process information relating to the monitoring of customer relations and transactions carried out (transaction number, subscribed Service, etc.), or the payment of invoices issued by us (payment terms, balances, unpaid invoices, etc.).

3.1.3 Data transmitted to us by our Partners

We may receive Personal Data about you from our Partners.

3.2 Storing Personal Data.

3.2.1 Concerning data relating to the management of our contractual relationship

The data are kept for 5 (five) years from the date of termination of the contract corresponding to the common law limitation period. Some of your data may be kept for more than 5 (five) years in order to meet our legal, accounting and tax obligations.

In the event of litigation proceedings, including personal data, as well as any information, documents and documents containing personal data tending to establish the facts likely to be reproached or concerning the identification of the defendants, victims, witnesses and court officials may be kept for the duration of the proceedings, including for a period longer than those indicated above.

3.2.2 Concerning prospects data

Personal Data is kept for 3 (three) years from the date of collection of your consent. At the end of this period, the Company may contact you again to find out if you wish to continue to receive commercial solicitations. Otherwise we will delete or irreversibly anonymise your Personal Data.

3.2.3 Concerning your browsing data / behaviour / interactions

Your IP address will be kept 1 (one) year, after your visit to the Site, after which it is scrambled and your entire journey then becomes irreversibly anonymous.

Concerning the recordings of your telephone calls received or made. The calls we record are kept for 3 (three) months from their occurrence.

3.3 For what purposes are your Personal Data used?

Your Data is collected and processed in order to allow you to access and use the Services.
They are also processed in order to fulfil the following purposes:

  • the management of your requests to exercise Specific Rights as described below;
  • the execution of the Service and the management of the commercial relationship, customer service, etc.;
  • the management of your messages on our Site, as well as on our pages hosted on Social Networks;
  • the verification of transactions carried out and, more generally, the fight against fraud;
  • the management of unpaid debts and litigation;
  • the organisation of contests, commercial lotteries or other promotional operations;
  • carrying out studies, surveys of loyalty, prospecting and sales promotion actions;
  • the development of statistics, analyses and marketing/commercial studies;
  • the execution of solicitations and commercial prospecting operations;
  • the performance of technical operations carried out on our databases (qualification, enrichment, deduplication, etc.).

3.4 Who are the recipients of the Personal Data?

We may disclose your Personal Data to employees of the group and/or duly authorised service providers and subcontractors. When the Data are communicated to subcontractors, we ensure that they provide sufficient guarantees as to the implementation of appropriate technical and organisational measures so that the processing meets the requirements of the General Data Protection Regulation and guarantees the protection of the rights of the persons concerned.

The Data are communicated for the sole purpose of achieving the purpose for which they are collected. Under no circumstances do we sell or rent your Personal Data to third parties for marketing purposes.

The Company may temporarily and securely transfer to third parties certain Personal Data that are necessary for the operation, animation, maintenance of our Site, to ensure the sending of emails that you have chosen to receive, and/or the execution of the Services, the proper processing of your order, the performance of the service, and to conduct satisfaction surveys, etc.

The third party companies with which the Company works may have access to your Personal Data, and in particular:
Our business partners on our Site.
Our business partners on whose website we may advertise our services.
Subcontractors we use for technical services, payment services, or analytical solutions providers.

In accordance with applicable law and with the User’s consent where required, the Company has the ability to aggregate User Data that we receive or send to our business partners, including all or part of your Personal Data.

Subject to your express prior consent, we may also transmit your Personal Data to business partners who may use it for their own purposes, including commercial and/or direct advertising purposes.

If the User wishes to access the Site via a connection service provided by our business partners, their privacy policies are also enforceable against you. The Company has no control over the collection or processing of data by our business partners on their own sites.

In the event that the Company or all or part of its assets are acquired by a third party, the data in its possession will, if necessary, be transferred to the new owner.

Finally, we may be legally obliged to disclose your Personal Data to the relevant authorities. In particular in the case of a judicial dispute or an order from a public authority.

3.5 Transfer of your Personal Data

In the course of performing the Services, we may securely transfer some of your Data to third parties. In particular, this Data may be transmitted, for the purposes defined above, to companies located in countries outside the European Union. We undertake to implement all appropriate guarantees to ensure the security of such transfers.

Therefore, you are informed that for the above purposes, your Data may be transferred outside the European Union as follows:

We assure you that we take appropriate measures and guarantees to maintain an optimal level of confidentiality and security of your Data in the context of such transfers, in particular by requiring that all our subcontractors and service providers implement all appropriate technical and organisational measures, on a continuous basis, to secure the Data processed and thus ensure them the same level of protection as that required by the General Data Protection Regulation.

4 Your rights

4.1 What are your rights?

In accordance with the General Data Protection Regulation in force, you have the following Specific Rights:

  • Right to withdraw consent at any time (Article 13-2c of the GDPR);
  • “Right of access” to your Data (Article 15 of the GDPR);
  • “Right to rectification” (Article 16 of the GDPR) or completeness of your Data;
  • “Right to erasure” (”right to be forgotten”) of your Data (Article 17 of the GDPR), when it is inaccurate, incomplete, ambiguous, outdated, or whose collection, use, disclosure or storage is prohibited;
  • “Right to restriction of processing” of your Data (Article 18 of the GDPR);
    Notification obligation regarding rectification or erasure of personal data or restriction of processing (Article 19 of the GDPR);
  • “Right to data portability” for the Data you provide, when such Data are subject to automated processing based on their consent or on a contract (Article 20 of the GDPR);
  • “Right to object” to the processing of your Data (Article 21 of the GDPR);
  • Right to define the fate of your data after your death and to choose to whom we will communicate (or not) your Data to a third party that you have previously designated (Article 40-1 of the French Data Protection Act).

In any event, in the context of the processing of your Data, we take all reasonable measures to ensure the accuracy and relevance of your Personal Data with regard to the purposes for which we process them.

4.2 How to exercise your rights?

If you would like more information about the processing of your Personal Data, or if you wish to exercise any of your rights as mentioned in 4.1 above, you can contact us at any time and make your request:

  • in writing to the following address:
    SEPADEF – DPO – Tour Voltaire, 1 place des Degrés 92800 PUTEAUX/LA DEFENSE
  • by email to dpo.fr@group-indigo.com.

As part of your application, you will simply have to provide us with a copy of an identity document (identity card or passport) to prove your identity. Requests to delete Personal Data will be subject to the obligations imposed on us by law, in particular with regard to the storage or archiving of documents.

Finally, you can file a complaint with the supervisory authorities at any time, specifically in France with the CNIL (https://www.cnil.fr/fr/plaintes).

5 Social Networks

We are of course present on Social Networks, and have our dedicated pages on LinkedIn, Instagram and Twitter.

We remind you that access to these Social Networks requires your acceptance of their contractual conditions, which include provisions relating to the General Data Protection Regulation for the processing carried out by them.
To learn more about the protection of your Personal Data when browsing these Social Networks, we invite you to consult their respective privacy policies, available at the links below:

6 Cookies

A cookie is a small text file containing information that is stored on your Device when you visit a website or mobile application; they are used, in particular, to recognise your Device when it accesses a website or application already in use again. Cookies are often used to operate sites or improve their operation, as well as to provide us with certain technical information.

We use cookies to improve your online experience and to better understand how you use the Site. Cookies also make it possible to better target ads that appear online according to your interests.

Cookies can be stored on your Device for varying lengths of time. Some cookies are “session cookies”, which means that they are only present as long as your browser is open. They are automatically deleted when you close your browser. Some cookies are “permanent cookies”, which means that they are stored when you close your browser. These cookies allow us to recognise your Device when you open your browser to browse our Site again.

6.1 What are the Cookies on our Site used for?

6.1.1 Cookies we issue

Subject to your settings, when you connect to our Site, we may install various cookies on your Device.

These are:

  • “necessary cookies”:
    they are essential to provide you with the Services available on our Sites and to use some of their features, including access to certain secure areas (Personal Account). Without these cookies, tools necessary to meet the needs of the Service (creation and access to Personal Account, registration of bank details) could not be provided.
  • “technical cookies”:
    they are used throughout your navigation to facilitate it and perform certain functions. For example, during the validity period of the Cookie concerned, they allow us to store the answers provided in a form, to recognise the browser of your Device, or to recognise your preferences regarding the language or presentation of our Site.
  • The cookies we issue are used for the purposes described in Article 3.3 of this Policy, subject to the settings you make, which result from the settings of the browser software used when you visit our Site.

Your consent, regarding cookies stored on our Site, has a maximum lifetime of thirteen (13) months. Thus, at the end of the thirteen (13) months we will seek your consent again when you connect to our Site or Application. In addition, you can manage the cookies that we place directly via the following link at any time.

6.1.2 Cookies issued by our Partners

Due to third-party applications integrated into our Site, some Cookies may be issued by our Partners allowing them, during the validity period of their Cookies, to collect navigation information relating to browsers visiting our Site.

These are:

  • web-analysis cookies (or audience measurement): these cookies are used to collect information about how you use our Site. We use this information to generate reports and help us improve our Site, make it more user-friendly and ensure that it works properly. These cookies collect information about your activity on our Site in an anonymous form, including the pages visited and the web page that led you to our sites. These cookies are always set by our sites or third party domains.
  • Third party integration cookies or social network cookies: these cookies are used to integrate third-party features on our Site. Cookies in this category may be set by third parties and may include, but are not limited to, cookies set by social networks.

At any time you may prevent the collection of information about yourself via these third-party cookies by clicking on the corresponding links (see the article “Your preferences regarding cookies” below).

The issuance and use of Cookies by these Partners is subject to their own privacy policies. We inform you of the purpose of the cookies of which we are aware and the means at your disposal to make preferences with regard to these cookies.

6.2 Your preferences regarding cookies

You can choose whether or not to accept cookies. However, refusing cookies will not allow you to benefit from all the features of our Site.

You can set your cookie preferences using the cookie acceptance tool available on the Site ” Managing your cookie preferences“, or by changing your browser settings so that cookies from our Site cannot be placed on your Device. To do this, you must follow your browser’s instructions (usually available in the Help, Tools or Browser Editing sections):

Below you will find the list of cookies we place on your device via our Site. By clicking on these links you will be redirected to the Partners’ website, their practice and the preferences they offer you in terms of cookies:

NAME OF COOKIE PUBLISHER PURPOSE RETENTION PERIOD
_ga Google Analytics Audience measurement cookie 24 months
_gat Google Analytics Audience measurement cookie session time
_gid Google Analytics Audience measurement cookie session time
vuid Vimeo Third-party integration cookie 24 months
rgpd_analytics Toutenpixel Functionality​ cookie 7 days
rgpd_vimeo Toutenpixel Functionality​ cookie 7 days

You will find more information about cookies on the CNIL website.

You can also access a cookie management tool that is available online. This will allow you to manage the cookies placed on your electronic devices. To do this, you can click on the following link.

7 Personal data of minors under 16

The Services are intended for a major customer base. Thus, the Company does not intend to collect Personal Data from minors under 16 years of age.

However, if, without our knowledge, such Personal Data have actually been collected and processed without the consent of the holder of parental responsibility for the minor in question, we will then take all necessary measures to delete such Personal Data as soon as possible.

If you are the holder of parental responsibility for a minor under 16 years of age and you learn that we have collected and processed data concerning them, you can contact us at: dpo.fr@group-indigo.com

8 Updating of the Privacy and Personal Data Protection Policy

The Company may update this Privacy and Personal Data Protection Policy at any time. We advise you to consult this page regularly to be aware of any changes or updates to our Privacy and Personal Data Protection Policy.

9 Contact

For any question, comment or complaint aimed at improving our Privacy and Personal Data Protection Policy, the User may contact the Data Protection Officer:

Updated on 28/12/2018