The purpose of this policy is to explain how Artiaf processes your personal data. This policy may be modified according to the evolution of the legislation and regulations in force, and / or internal developments, in terms of protection and processing of personal data.
THE PERSON RESPONSIBLE FOR PROCESSING PERSONAL DATA
Artiaf is a simplified joint-stock company whose registered office is located at 38 rue Anatole France 92300 Levallois-Perret, registered with the RCS of NANTERRE under number 510 097 231, represented by its Chief Executive Officer Mr. Jean-Charles BRANDELY (hereinafter the "Company"). The Company, acting as data controller, carries out computerized processing of the data of users of this site and its customers (hereinafter, together, the "Users"). It ensures that the processing of Users' personal data is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the "GDPR").
WHAT IS PERSONAL DATA?
Personal data is information that relates to an identified or identifiable natural person. A natural person is said to be identifiable when he can be identified, directly or indirectly, in particular by reference to an identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
WHAT PERSONAL DATA DO WE PROCESS?
The Company may collect or obtain Users' personal data (hereinafter the "Data") from the following sources:
Data provided by Users (example: online contact form; data voluntarily communicated in response to a request for information and/or as part of advice provided by the Company). Data collected as part of the registration for training courses and the creation of the Users' personal account on the Company's website. Data from the business relationship.
Data made public by Users (e.g. satisfaction reviews; rating of training modules).
Data relating to the Company's online content and advertising (example: interaction of Users with such content and/or advertisements).
Data from the navigation of Users on the Company's website (example: IP address). In this context, the type of Data that the Company is required to process, in whole or in part, is as follows:
Identity: surname, first name, gender, date of birth, department and postal code of the address, telephone number, email address, internal identifier of the Company allowing the identification of Users.
Professional information: professional status, name and size of the company, sector of activity, last degree obtained.
Order and payment information: transaction number, purchase amount, payment method, billing address.
Information relating to the use of the Company's website: IP address, username and password of the personal account, date and time of connection to the course platform.
Information relating to content and advertising: interactions with the Company's online content and advertising, data relating to cookies. In the event of non-provision of mandatory Data, the Company may be unable to provide Users with all or part of its services. For example, the Company may not be able to contact and/or respond effectively to Users' requests, validate requests for registration, account creation and/or payment for training, or ensure the follow-up and support of Users as part of the realization of their training.
WHY DO WE PROCESS YOUR PERSONAL DATA?
The Company collects and processes Data for the following purposes:
Processing of requests for information from Users and advice provided regarding the training offered, the adequacy of these with their profile and professional project or the possible methods of financing.
Processing of requests for registration of Users to training.
Processing requests for creation, modification and access to Users' personal account on the Company's website.
Processing of payment for training courses (excluding registrations made via the My Training Account platform).
Processing of the business relationship.
Electronic security operations of the website (registration of identifiers and access information).
Communication operations: communication with Users by any means (including email, call, SMS), such as newsletters, on any subject likely to interest them, in compliance with the applicable laws in this area.
Satisfaction surveys.
Legal proceedings (establishment, exercise or defence of legal claims) or actions to prevent, investigate or detect fraud and other offences.
ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA?
The Company is required to process the Data on the basis of the following legal bases: Legal basis Processing User consent (Article 6.1.a of the GDPR) Communication operations with prospects. Execution of a contract or pre-contractual measures taken at the request of the User (Article 6.1.b of the GDPR) – Processing of Users' registration requests. – Processing requests for creation, modification and access to the personal account of Users on the Company's website. – Processing of payment for training. – Processing of the commercial relationship. Compliance with a legal obligation (Article 6.1.c of the GDPR) Legal proceedings / Actions for the prevention, investigation or detection of fraud. Legitimate interest of the Company (Article 6.1.f of the GDPR) – Processing of Users' requests for information. – Electronic security operations of the website. – Satisfaction surveys.
WHO IS THE RECIPIENT OF YOUR PERSONAL DATA?
User Data is used by the Company's internal departments. They may also be communicated, in whole or in part, to the subcontractors used by the Company. In this case, the Company ensures that the subcontractors process the Data in accordance with its instructions and implement appropriate technical and organizational measures, so that the processing of the Data meets the requirements of the GDPR and guarantees the protection of the rights of the Users. The Company may transfer Data outside the European Union, namely Israel and the United States. These transfers are governed by an adequacy decision of the European Commission (Israel) or by the conclusion of standard contractual clauses established by the European Commission (United States). The Company does not sell or rent User Data to third parties for marketing purposes. Finally, when the User uses the Company's services in connection with social networks, this use may result in the collection and exchange of certain Data between social networks and the Company. The latter cannot be held responsible for the use of Data made by social networks. It is up to the User to configure and control directly on them access to, and the confidentiality of his Data.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
The data are kept for the time necessary for the purposes for which they are processed, namely: Data relating to the execution of the contract: for the duration of the commercial relationship, then for five (5) years under the legal limitation period.
Data relating to commercial prospecting: for three (3) years from the last contact from the User or the collection of Data with regard to prospects, or from the end of the commercial relationship with regard to customers.
Invoicing data: for ten (10) years under legal accounting obligations.
Data relating to the account created by the User on the Company's website: until the deletion of the account by the User. However, the account will be considered inactive and deleted, after informing the User, if it has not been closed five (5) years after its last use. If the account has been suspended or blocked, the period is reduced to two (2) years from such suspension or blocking.
Data from browsing the website: for thirteen (13) months.
WHAT ARE YOUR RIGHTS IN RELATION TO PERSONAL DATA?
The Company is particularly concerned about respecting the rights granted to Users in the context of the Data processing it implements, namely:
Your right of access: we hereby confirm that your personal data is or is not being processed and, where it is, you have the right to request a copy of your data and information from us.
Your right to rectification of your Data: you can ask us that your Data be, as the case may be, rectified or completed if it is inaccurate, incomplete, ambiguous, outdated.
Your right to erasure of your Data: you can ask us to erase your Data in the cases provided for by legislation and regulations. Your attention is drawn to the fact that the right to erasure of data is not a general right and that it can only be granted in the cases provided for by the applicable regulations.
Your right to limit the processing of your Data: you may request the limitation of the processing of your Data in the cases provided for by the laws and regulations in force.
Your right to object to the processing of your Data: you have the right to oppose at any time, for reasons relating to your particular situation, to the processing of your Data whose legal basis is the legitimate interest pursued by the Company.In the event of exercising such a right of opposition, the Company will ensure that it no longer processes your Data in the context of the processing concerned, unless it can demonstrate that it may have compelling legitimate grounds for maintaining such processing.
Your right to the portability of your Data: you have the right to the portability of your Data. This right is limited to processing whose legal basis is your consent or the execution of pre-contractual measures or a contract.
Your right to withdraw your consent: when the Data processing implemented by the Company is based on your consent, you may withdraw it at any time.
Your right to lodge an appeal: if you consider, after contacting us, that your rights "Informatique et Libertés" are not respected, you can send a complaint to the CNIL (3 place de Fontenoy 75007 Paris).
Your right to define post-mortem guidelines: you have the possibility to define post-mortem guidelines on the processing of your Data.
The modalities of exercise of your rights: all the rights listed above can be exercised by email or by post, at the addresses indicated below, justifying your identity by any means: donnees-personnelles@lecolefrancaise.fr or 38 rue Anatole France 92300 Levallois-Perret
HOW IS YOUR PERSONAL DATA PROTECTED?
The Company takes the necessary measures to ensure that User Data is protected. It applies generally recognized technological and organizational security measures to ensure that the Data is not lost, misappropriated, accessed, modified or disclosed by unauthorized third parties.
However, as the transmission of information over the Internet is not completely secure, the Company cannot guarantee the security of the Data transmitted to it via the Internet. This transmission is carried out at the risk of the User who must ensure that his data is sent securely.
In addition, Users with an online account on the Company's website undertake to keep their username and password confidential, not to share their account and to declare to the Company any unauthorized use of said account as soon as they become aware of it.