The company CASSIOPEE attaches great importance to the satisfaction and the respect of the privacy of the users of our sites. We therefore make the protection of personal data a priority. It is also important for us that our users can have access to clear and reliable information on the issues related to the data collected on our sites. This is the purpose of our data protection policy.
Our private data protection policy is shared by all the sites published by CASSIOPEE as well as the services associated with these sites. It is defined in accordance with the Data Protection Act (Law No. 78-17 of 6 January 1978 relating to data, files and freedoms, as amended in 2004) and with the European Regulation on the Protection of personal data of April 27, 2016.
Our policy is based on the following five principles:
– Principle 1: Communicate on the purpose of collection
– Principle 2: Minimize collection
– Principle 3: Limit data retention
– Principle 4: Respect and facilitate the right of access to data
– Principle 5: Secure the data
Principle 1: Communicate about the purpose of collection
Each of our sites offers a clear and transparent definition of the purpose of the collection of personal data. CASSIOPEE undertakes to collect, process or store personal data for specified, legitimate and relevant purposes:
– Distribution of free samples
– Customization of the contents of our sites
– Sending newsletters and notifications by email
– Activation of sharing functionality on social networks
– Organization of contests or advertising games
– Profiling to improve the user experience
Profiling is the automated processing of your personal data that is compiled and analyzed by an algorithm to evaluate and predict your preferences, interests and behavior. This technique allows us, for example, to stop sending emails when we predict that they will not interest you anymore.
Principle 2: Minimize collection
Only the necessary data is collected. We strive to never collect more data than necessary, especially if this data is sensitive.
Personal data collected is data that directly or indirectly identifies a natural person.
When you register and / or participate in our operations, you voluntarily provide us with information about you by completing the forms, or by answering questions and indicating your preferences.
These data are in general:
– data relating to your identity: title, surname, first name, date of birth, email address, postal address and any other data that may appear on the registration form, respecting the principles of proportionality and legitimacy.
– declarative data related to your personal situation, economic or consumption habits or behavioral: family situation, composition of the home, presence of animals, loans contracted, profession …
We do not systematically collect these data, they are immediately erased in cases where their collection can not be of interest.
Essential information is indicated by an asterisk (*) Failing to complete this information, your registration can not be taken into account.
When browsing the Site, your IP address is automatically collected.
Principle 3: Limit data retention
Once the goal of data collection is achieved, there is no longer a need to keep them, so we delete the data. As provided by the “Informatique et Libertés” law, the data are kept for a maximum period of 3 years from their collection or last contact from the prospect. In fact, we decided to reduce this timeframe from 3 years to 18 months, in keeping with the principle of limiting the retention of data.
One of the problems we face is to keep track of the time of unsubscription. To keep this information, we delete the personal data but keep a signature corresponding to his email (hash md5).
Principle 4: Respect and facilitate the right of access to data
Our users have the following basic rights regarding their data: the right to access these data, the right to rectify them and finally the right to oppose their use, initially during collection or at any time thereafter through an “unsubscribe” mechanism.
More specifically, to exercise their right of access, rectification and opposition of data our users can contact us by e-mail to the following address: firstname.lastname@example.org
In the interests of confidentiality and protection of personal data, a copy of a signed identity document must be included in the application. CASSIOPEE will send a reply within one month of receiving the request.
As of May 25, 2018 and in application of the regulation 2016/679 of April 27, 2016, our users will also be able to exercise their right to the limitation of the treatment, the deletion of their data, the portability of the data and not to do the subject of an automated individual decision, including profiling.
Regarding the right to oppose the use of data, unsubscription is made possible by different mechanisms, and we are committed to make it as simple as possible: an unsubscribe link exists on each of our emails, our sites offer a unsubscribe form, and it is also possible to unsubscribe by contacting us.
Principle 5: Secure the data
We take all necessary measures to ensure the security and confidentiality of the data collected, and avoid, among other things, misuse, unauthorized access, disclosure. Beyond concrete measures, it is a philosophy that is passed on to all employees to ensure that every decision is made taking into account security issues. All CASSIOPEE employees are made aware of the protection of personal data through training.
Your data may be passed on to some of our partners or subcontractors. In accordance with the Data Protection Act of 6 January 1978 and the European Regulation, CASSIOPEE has ensured that subcontractors and partners undertake to respect the security and confidentiality of the data. These include:
– Business partners and in particular advertising and marketing agencies
– Subcontractors for sending emails
– Subcontractors for for data storage
– Subcontractors for carrying out profiling operations
We have appointed a DPO (delegate for data protection) in application of the GDPR (Regulation 2016/679 of 27 April 2016).
CASSIOPEE reserves the right to modify this Data Protection Policy at any time. In the event of a substantial change such as the introduction of a new purpose, CASSIOPEE will provide you with prior information about this other purpose. This is to ensure that you have a reasonable time to exercise your rights under the Data Protection Act of 6 January 1978 and the European Regulation.
However, we encourage you to regularly review the Policy to learn about the protection of your personal information provided by CASSIOPEE.
This Policy was last updated on September 04, 2019.