Privacy Policy

Definitions

• The Publisher (also referred to as "we" or "our"): The individual or legal entity that publishes online public communication services. It is identified in our Legal Notices.
• The Site: All Sites, Internet pages, and online services offered by the Publisher.
• The Service: The service sold by the Publisher.
• The Customer: The person using the Site and services.

This Privacy Policy complements our Legal Notices and our General Terms of Use.

Article 1: Preamble

This privacy policy aims to expose to the Site's Customers:

• How their personal data is collected and processed. Personal data should be considered as all data that is likely to identify a Customer. This includes first and last name, age, postal address, email address, Customer's location, or his IP address;
• What are the rights of the Customers concerning these data;
• Who is responsible for the processing of the personal data collected and processed;
• To whom this data is transmitted;
• Possibly, the Site's policy on "cookies".

Article 2: General principles in terms of data collection and processing

In accordance with the provisions of Article 5 of European Regulation 2016/679, the collection and processing of data from Site Customers respect the following principles:

• Legality, fairness and transparency: data can only be collected and processed with the consent of the data owner. Whenever personal data will be collected, it will be indicated to the Customer that his data is being collected, and for what reasons his data is collected;
• Limited purposes: the collection and processing of data is carried out to meet one or several objectives determined in these general terms of use;
• Data minimization: only data necessary for the proper execution of the objectives pursued by the Site are collected;
• Data storage reduced in time: data is stored for a limited period, of which the Customer is informed. When this information cannot be communicated, the Customer is informed of the criteria used to determine the storage period;
• Integrity and confidentiality of collected and processed data: the data processing manager commits to guarantee the integrity and confidentiality of the collected data.

To be lawful, and so, according to the requirements of Article 6 of European Regulation 2016/679, the collection and processing of personal data may only occur if they respect at least one of the conditions listed below:

• The Customer has expressly consented to the processing;
• The processing is necessary for the proper performance of a contract;
• The processing meets a legal obligation;
• The processing is due to a need related to the preservation of the vital interests of the concerned person or of another physical person;
• The processing can be explained by a necessity related to the performance of a public interest mission or that comes under the exercise of public authority;
• The collection and processing of personal data are necessary for the purposes of the legitimate and private interests pursued by the data processing manager or by a third party.

Article 3: Personal data collected and processed by Subrequest

3.1. Data collected and processed and method of collection

The personal data collected by Subrequest can include:

• First name ;
• Last name ;
• E-mail address ;
• Phone number ;
• Billing address ;

Other information that you wish to share with us during our various exchanges. These data are collected when the Customer performs one of the following operations on the Site:

• When the Customer subscribes to the Service;
• When Subrequest has accessed the Customer's data by acquiring them from third-party providers.

The data processing manager will keep all the data collected in its Site computer systems and in reasonable security conditions for a period of 3 years.

The collection and processing of data meet the following purposes:

• Contracts;
• Invoices ;
• Accounting and in particular the management of customer accounts ;
• A loyalty program within one or several legal entities ;
• Customer relationship monitoring, such as conducting satisfaction surveys;
• The selection of customers to carry out studies, surveys and product tests (these operations should not lead to the establishment of profiles that reveal sensitive data of racial or ethnic origins, philosophical, political, union, religious, sex life or health of people) ;
• Set up a prospect and customer file;
• Send newsletters, solicitations and promotional messages to our prospects and customers;
• Manage requests for rights exercises.

3.2. Recipient of data to third parties

The data collected by Subrequest will be accessible by:

• Our company's staff;
• Our subcontractors: hosting providers, emailing provider, CRM tool;
• Where applicable: public and private organizations, exclusively to meet our legal obligations.

3.3. Transmission of data in the course of a merger/acquisition operation

In the event that we took part in a merger, an acquisition, or any other form of asset transfer, we commit to guaranteeing the confidentiality of your personal data and to inform you before they are transferred or subjected to new confidentiality rules.

3.4. Data hosting

Information about the Site's Subrequest host is available on our Legal Notices.

The data collected by the Site are processed in France.

Article 4: Transfer of personal data abroad

Your data is kept and stored for the duration of the treatments on the servers of the Subrequest company.

As part of the tools we use, your data may be subject to transfers outside the European Union. The transfer of your data in this context is secured using the following tools:

• either the data is transferred to a country that has been the subject of an adequacy decision by the European Commission, in accordance with Article 45 of the GDPR: in this case, this country provides a level of protection deemed sufficient and adequate to the provisions of the GDPR;
• either the data is transferred to a country whose data protection level has not been recognized as adequate at the GDPR: in this case these transfers are based on appropriate guarantees indicated in Article 46 of the GDPR, suitable for each provider, especially not exhaustively the conclusion of standard contractual clauses approved by the European Commission, the application of binding corporate rules or by virtue of an approved certification mechanism.
• either the data is transferred on the basis of one of the appropriate guarantees described in Chapter V of the GDPR.

Article 5: Data processing manager

5.1. The data processing manager

The manager of the data processing of personal data is Ludovic NAY and can be contacted at the email address [email protected].

The data processing manager is in charge of determining the purposes and the means used for the processing of personal data.

5.2. Data processing manager's obligations

The data processing manager commits to protecting the collected personal data, not to transmit them to third parties without informing the Customer and to respect the purposes for which this data was collected.

The Site has an SSL certificate to guarantee that the information and the transfer of data passing through the Site are secured. An SSL certificate ("Secure Socket Layer" Certificate) aims to secure the data exchanged between the Customer and the Site.

Moreover, the data processing manager commits to notifying the Customer in case of correction or deletion of the data, unless this leads to disproportionate formalities, costs, and procedures for him.

In the event that the integrity, confidentiality or security of the Customer's personal data is compromised, the data processing manager commits to informing the Customer by any means.

Article 6: Customer Rights

In accordance with the regulation concerning the data processing of personal data, the Customer possesses the following rights, hereinafter listed.

In order for the data processing manager to grant his request, the Customer must provide him with: his first and last name, as well as his email address.

The data processing manager must respond to the Customer within a maximum of 30 (thirty) days.

6.1. Presentation of the Customer's rights in terms of data collection and processing

6.1.1. Right of access, rectification and erasure right

The Customer may review, update, modify or request the deletion of data concerning him, by sending an email to the address [email protected].

6.1.2. Right to data portability

The Customer has the right to request the portability of his personal data, held by the Site, to another site, by sending an email to the address [email protected]

6.1.3. Right to limit and oppose data processing

The Customer has the right to request the limitation of, or to oppose, data processing by the Site, without the Site being able to refuse, except to demonstrate the existence of legitimate and compelling reasons, which could prevail over the interests and rights and freedoms of the Customer.

To request the limitation of data processing or to file a complaint against the processing of his data, the Customer must send an email to the address [email protected]

6.1.4. Right not to be the subject of a decision based exclusively on an automated process

In accordance with the provisions of Regulation 2016/679, the Customer has the right not to be the subject of a decision based exclusively on an automated process if the decision produces legal effects concerning him, or affects him significantly in a similar manner.

6.1.5. Right to determine the fate of data after death

It is reminded to the Customer that he can organize what should be the future of his collected and processed data if he dies, in accordance with Law No. 2016-1321 of October 7, 2016.

6.1.6. Right to seize the competent supervisory authority

In the case where the data processing manager decides not to respond to the Customer's request, and the Customer wishes to challenge this decision, or if he thinks that one of the rights listed above has been infringed, he is entitled to seize CNIL (National Commission for Computing and Liberties) or any competent judge.

Article 7: Use of "cookie" files

The Site may employ "cookie" technologies. A "cookie" is a small file (less than 4 KB), stored by the Site on the Customer's hard drive, containing information about the Customer's browsing habits.

These files allow us to process statistics and traffic information, facilitate navigation, and improve the service for the Customer's convenience.

For the use of "cookie" files involving the storage and analysis of personal data, the Customer's consent is necessarily requested.

This Customer's consent is considered valid for a maximum period of 13 (thirteen) months. At the end of this period, the Site will request again the Customer's permission to save "cookie" files on his hard drive.

7.1. Customer opposition to the use of "cookie" files by the Site

The Customer is informed that he can oppose these "cookies" by configuring his browser software.

Here are the steps to follow in order to oppose "cookie" files, based on the customer’s browser:

• Chrome: https://support.google.com/chrome/answer/95647
• Firefox: https://support.mozilla.org/fr/kb/activer-desactiver-cookies-preferences
• Safari: https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
• Opera: https://help.opera.com/en/latest/web-preferences/#cookies

In the event where the Customer decides to deactivate the "cookie" files, he may continue his navigation on the Site. However, any dysfunction of the Site caused by this manipulation could not be considered as being due to the Publisher of the Site.

7.2. Description of the "cookie" files used by the Site

The Publisher of the Site informs the Customer that the following cookies are used when browsing:

• Google Analytics Cookies: They allow us to carry out statistics and measurements of audience on the Site.

By browsing the Site, the Customer is informed that third-party "cookies" can be installed on his terminal. In particular, these are the following cookies:

• Google Cookies: They are used as part of the use of the Google Analytics tool for audience measurement purposes.

The Customer will be given the option to accept or refuse the cookies using a cookie banner. If the Customer refuses these cookies, some information will not be accessible.

Article 8: Conditions for changing the privacy policy

This Privacy Policy can be consulted at any time at the address indicated below:

https://subrequest.com/privacy-policy

The Publisher of the Site reserves the right to modify it in order to guarantee its conformity with the law in force.

Consequently, the Customer is invited to regularly come and consult this Privacy Policy to keep himself informed of the latest changes that will have been made to it.

The Customer is informed that the last update of this Privacy Policy occurred on: March 6, 2024.

Article 9: Customer Acceptance of the Privacy Policy

By browsing the Site, the Customer certifies having read and understood this Privacy Policy and accepts its conditions, more particularly in terms of the collection and processing of his personal data, as well as the use of "cookie" files.