Privacy policy – Personal data
This privacy policy outlines the personal data policy of MIXSCIENCE (hereinafter the “Company”) on the website www.nolivade.com (hereinafter the “Website”). This Policy applies to any information you provide or that we collect when you browse our Website, in accordance with the applicable regulations in France relating to personal data as established by Act No. 78-17 of 6 January 1878 on information technology, data files and civil liberties, known as the “Data Protection Act”, and EU Regulation 2016/679 of 25 May 28 ) on personal data referred to as the “GDPR”.
The purpose of this privacy policy is to inform all individuals accessing the services available on our Website (hereinafter the “Users”) of the ways in which we collect, use and share their personal data.
You will be informed of any changes or updates to this privacy policy. Your opt-in consent to the new privacy policy will be required in order to use the Company’s services.
1. Who is in charge of your personal data?
The data controller, who collects and manages your data, is the company MIXSCIENCE, a simplified joint stock company with a single shareholder, with a share capital of €7,182,940.00, registered in the Lorient Trade and Companies Register under number 538829136, whose registered office is at 2 avenue de Ker Lann 35170 Bruz, represented by Jean-Pierre Paillot, Director of Publication, duly authorised for the purpose of the present.
2. What types of personal data are collected ?
As a reminder, personal data is defined as any information relating to a natural person who is either identified or identifiable, either directly or indirectly.
While browsing the website and using the various services offered by the Company, you consent to allowing us collect the following categories of data:
- Personal status: surname, first name, address, email address, phone number;
- Career information: Business sector
- Bank details: Credit card number, expiration date, bank account details, card security code;
- Photo, video;
(Hereinafter referred to as “Personal data”).
You agree to provide Personal data that is up-to-date and accurate when providing the information required by this Website, and undertake not to make any statements that are untrue or provide any incorrect information.
3. How and why is your Personal data collected?
3.1. Personal data collection methods
You consent to allow the Company collect your Personal data when you complete the following forms:
- Online registration forms;
- Subscription to our Newsletter;
- Payment forms;
3.2. Legal basis for data collection and processing
Your Personal data is collected based on the following legal grounds:
- The User’s specific, informed and freely-given consent (in particular for newsletter subscriptions);
- For the Company to perform a legal obligation;
- The performance of a contract between the Company and User (in particular the performance of the general terms and conditions of use or sale);
- The Company’s legitimate interest (including ensuring secure transactions)
4. For what purposes do we collect your data?
4.1. General points
Mandatory personal data is data that is strictly necessary for processing or your requests. If this data is not communicated, the User is informed that some of the Company’s services cannot be offered. The mandatory information requested is indicated at the time of collection by means of an asterisk (*).
The optional Personal data collected by the Company is used to get to know you better and improve your browsing experience on the Website.
4.2. List of purposes
Your personal data is collected and processed for the following purposes:
- Creation of your User account;
- Newsletter subscription;
- Initial contact and assistance;
- Customer relationship management (CRM tool);
- Commercial marketing;
- To send goodies (promotional products);
- Complete operations related to service management (contracts, invoices, orders, etc.);
- Consumer relationship management;
- Organize and manage competitions;
- Access a personal account on the website (with a username and password);
Users are hereby informed that, subject to their specific prior consent, the Personal data they communicate may be forwarded to AVRIL Group commercial partners and/or companies belonging to AVRIL Group in order to inform Users of their offers and services.
5. Who has access to your Personal data?
5.1. Company staff members
Your Personal data is viewed by individuals who are duly authorized to process this data on behalf of the Company, including, depending on type of processing and data, individuals in charge of the commercial department, customer department, marketing department, administrative department, and logistics and IT department.
5.2. Company subcontractors
The Company uses subcontractors in the context of its activities and provision of of services. These subcontractors:
- process your Personal data on the Company’s behalf and according to its instructions,
- provide sufficient guarantees regarding the implementation of appropriate technical and organizational measures in order to ensure the security and privacy of your data.
In cases in which the Company’s subcontractors are located in countries where personal data protection legislation is not equivalent to that of the European Union, the Company undertakes to ensure that this transfer will either be protected by the European Union-United States Privacy Shield framework, or through the signing of standard contractual clauses established by the European Commission, or through the establishment of binding corporate rules.
6. How long is my Personal data kept?
The Company will only keep your Personal data for the amount of time required to achieve the objectives for which it is collected and processed, such as for customer relationship management and payment.
After this period, your Personal data may be archived so as to ensure supervised, limited and justified access, only for as long as need to ensure (i) compliance with the Company’s legal and regulatory obligations, and/or (ii) to enable the Company to exercise a legal claim, after which the data is permanently deleted.
7. How does the Company ensure the security and privacy of your personal data?
The Company undertakes to process your Personal data in a way that is:
- lawful,
- honest,
- transparent,
- proportionate,
- relevant,
- strictly compliant with the purposes stated and pursued,
- for the amount of time required for the established processing activities,
- and in a secure manner.
The Company establishes and updates appropriate technical and organizational measures to ensure the security and privacy of your Personal data, by preventing it from being distorted, damaged or communicated to an unauthorized third party.
8. What are your rights regarding your Personal data?
You may, on written request, access your personal data, request a modification or rectification, or demand that your personal data be removed from the Company’s database.
Based on the right of access, you are authorized, under Article 15 of the GDPR, to apply to the Company in order to obtain (i) a copy of your Personal data in an accessible form, (ii) confirmation that your Personal data is or is no longer being processed, (ii) information on the processing purposes, the categories of personal data processed and the recipients to whom your Personal data is communicated, (iv) and the length of time your data is kept, or the criteria used to determine this period.
Pursuant to Article 16 of the GDPR, the right to rectification entitles you to require that the Company to rectify, complete or update your Personal data that is inaccurate, incomplete, ambiguous or out-of-date.
Under the conditions provided for in Article 17 of the GDPR, you have the right to erasure of your Personal data, which entitles you to ask the Company to delete your Personal data at the earliest opportunity, especially when it is no longer needed for the purposes for which it was collected.
You also have a right to restriction of the processing of your Personal data, in the cases listed in Article 18 of the GDPR. You may therefore ask that your personal data be kept for the following purposes only:
- to check the accuracy of the Personal data you are opposing,
- to assist you in the establishment, exercise or defence of legal claims, even if the Company no longer needs the Personal data for processing,
- to verify whether the legitimate grounds of the data controller override your own rights in the event that you object to processing based on the Company’s legitimate interest,
- to honour your request to restrict the use of your data-rather than erasure-in the event that the processing of your data is unlawful.
Under the circumstances referred to in Article 20 of the GDPR, you have a right to data portability related to your Personal data, which entitles you to receive the Personal data you provided to the Company in a structured, commonly used and machine-readable format, in order to transmit this data to another data controller.
Pursuant to Article 21 of the GDPR, you have the right to object, at any time, to the processing of your Personal data for marketing purposes.
To exercise the above-mentioned rights of access, rectification, erasure, restriction, portability and to object, simply send an email to the following address: contact@nolivade.com
The Company will provide the individual who exercises any of these rights with the information on the measures taken at the earliest opportunity and, in any event, no later than one (1) month following receipt of the request. This deadline may be extended up to two (2) months based on the complexity and number of the requests.
If the Company decides not to honour the request, it will inform the individual at the earliest occasion, and at the latest one (1) month following receipt of the request, of the reasons for its inaction and the possibility of lodging a complaint before an independent data protection authority and appealing to the courts.
These rights may be exercised free of charge. However, in cases of unfounded or excessive requests, the Company can (i) require payment which reflects the administrative costs, or (ii) refuse to honour these requests.
9. What recourse do I have in the event of a personal data breach?
In the event of a Personal data breach that is likely to result in a risk to your rights and freedoms, the Company shall notify the French National Commission for Data Protection and Liberties (CNIL) of this breach at the earliest opportunity, within 72 hours, if possible, of receiving the information. The Company will also inform the User at the earliest opportunity, in accordance with the provisions of Article 34 of the GDPR.
Without prejudice to any other administrative or judicial remedy, the User who considers that the processing of his or her Personal data infringes the provisions of the legislation in force may lodge a complaint with a supervisory authority, such as the French National Commission for Data Protection and Liberties (CNIL).
10. Who can answer my questions?
If you have any questions regarding personal data processing and the exercise of your rights, please contact our dedicated department at the following address: gdpr@groupeavril.com