1 - What are the key concepts of the General Data Protection Regulation (GDPR)?
In addition to the concepts already defined in the general terms and conditions, the following terms are added, the meaning of which is defined by the "General Data Protection Regulation" (GDPR), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC:
Personal Data: any information which allows, in any form whatsoever, the identification of the natural persons to whom it applies. An identifiable natural person is one who can be identified in particular by reference to a name, an identification number or one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
Data subjects: persons who may be identified, directly or indirectly, in the context of the Company's activities (commercial activity, marketing, customer relations, etc.), i.e. all Users, Customers and Prospects of Ksaar.
Datacontroller: a body which - alone or jointly with others - determines the "why" and the "how" of data processing, i.e. its purpose (objectives pursued) and its means (conditions of implementation, in particular in technical, material and organisational terms).
Sub-processor: an organisation that processes data on behalf of and on the instructions of another organisation, the Data Controller.
Processing of Personal Data: any operation applied to personal data or sets of data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2 - Who is the Data Controller of your Personal Data?
Ksaar Solutions determines the purposes and means of processing your Personal Data. Within the framework of the publication of the Site and the management of the Accounts, the Company therefore acts as a Data Processor in the sense of Article 4 of the RGPD.
3 - What categories of Personal Data are involved?
Identification data: first and last name; e-mail address; password; telephone number; profession; company (name, company name or SIRET).
Connection data: country of connection; IP address; log; User ID, etc.
Web data: cookies and browsing data; reviews and comments left on multiple channels, such as our websites and social networks.
Financial data: data relating to the data subject's credit card in the context of the payment of the subscription made through a service provider.
Financial data, although highly sensitive or relevant, are not considered as "sensitive" data from the point of view of fundamental rights and freedoms (Article 9 of the GDPR). Although such data must be subject to appropriate safeguards because of their special nature or confidentiality, their processing is not subject to specific rules under the European data protection regulation.
4 - What are the purposes associated with the processing of Personal Data?
5 - Who are the recipients of your Personal Data?
Access to Personal Data is strictly controlled. The Company ensures that the data is only accessible to authorised internal or external recipients.
Internal recipients :
Entitled staff from marketing, sales, customer relations, administration and technical departments and their line managers.
Authorised staff of the control departments (department responsible for internal control procedures, etc.).
External recipients :
The Company's partners and subcontractors and, more specifically, their staff authorised to access only the data necessary for the implementation of their services
Bodies, judicial and legal officers, within the framework of their debt collection mission;
The recipients of your Personal Data within the Company are subject to a specific confidentiality obligation. The Company decides which recipient is entitled to receive data internally.
The clearance policy is regularly updated and takes into account the arrival and departure of Company employees with access to data. If an employee becomes aware that he or she has access to data to which he or she should not have access, he or she is obliged to notify the relevant department without delay. All accesses concerning the processing of Personal Data of Data Subjects are subject to a traceability measure.
In addition, your Personal Data may be transmitted to third-party service providers who are required to use it only for the purposes for which the Company has contracted them, including
When the Company uses subcontractors and independent contractors to assist in the provision of a number of services: customer messaging platform, advertising, statistics, data management and hosting, payment services, etc., these subcontractors and contractors have limited access to the data of the Data Subjects, strictly for the performance of these services. These service providers have limited access to the data of the Data Subjects, within the strict framework of the execution of these services.
When the Person concerned publishes publicly accessible information in the open comment areas (blog, Facebook page, etc.);
When the Data Subject allows a third party website to access his/her data.
In this context, the Company ensures that the security of your Data is preserved through strict control:
In the event that personal information is transferred within the European Union, the Company ensures that these third party service providers adhere to the principles of the "General Data Protection Regulation" (GDPR);
In the event that personal information is transferred outside the European Union, the Company ensures that the third country concerned has a level of protection deemed adequate by European regulations (e.g. in the case of a transfer of data to the United States, checking that the third party service provider adheres to the principles of the Privacy Shield).
Your Personal Data may also be communicated to any authority legally entitled to know it. In particular, the Company may transmit data to follow up on claims made against it and to comply with administrative and judicial procedures. In this case, the Company is not responsible for the conditions under which the personnel of these authorities have access to and use your data.
6 - How long will your Personal Data be kept?
The Company retains your data for a certain period of time in order to provide its services or support to you. The Company may also retain some of your information if necessary, even after you have closed your account or it no longer needs it to provide its services to you. Your Personal Information will not, however, be transferred, rented or traded to third parties.
The duration of data retention is defined by the Company with regard to the legal and contractual constraints on it and, failing that, according to its needs:
Retention periods for each category of Personal Data
Data relating to Users and Customers (identification data, web data, customer relationship follow-up): Data relating to Users and Customers are kept for the entire duration of the opening of the Account and up to 90 days thereafter. This period may be increased by 3 years for animation and canvassing purposes and by 5 years for archiving purposes as from the deletion of the Account or unsubscription.
Data relating to Prospects (identification and web data): Data relating to Prospects is kept for a maximum of 3 years from the date of its collection or the last contact from the Prospect.
Technical data (connection data and cookies): Connection data (IP addresses and logs of the Data Subjects) are kept for a period of one year from the last connection or last use of Ksaar. Cookies may be kept for 13 months from the last time consent was given.
Financial data (payment methods): The financial transactions relating to the payment of subscription fees via the site are entrusted to a payment service provider who ensures the hosting, smooth running and security of the transactions. The recipient of your Personal Data relating to your credit card numbers, it collects and stores them in our name and on our behalf for the time of the execution of the payment operations. We never have access to your payment data.
Data that can be used to establish proof of a right or a contract (customer data, etc.) or that is kept in order to comply with a legal obligation (invoicing data, etc.) are subject to an intermediate archiving policy for no longer than is necessary for the purposes for which they are kept, in accordance with the provisions in force.
After the set deadlines, the data are either deleted or kept after being anonymised, in particular for statistical purposes. Data subjects are reminded that the deletion or anonymisation of data stored in its systems are irreversible operations and that the Company is no longer able to restore them afterwards.
7 - What security measures are applied to your Personal Data?
As a Data Controller, the Company is committed to aligning its practices to comply with European regulations and to ensure a level of security appropriate to the risk (Article 32 ยง1 of the GDPR).
The organisational security measures taken by the Company in the context of its processing of Personal Data include, but are not limited to, the following measures
All staff are trained and regularly informed of developments in data security and personal data protection;
In order to protect the confidentiality of Personal Data, employment contracts signed by staff members include a clause obliging them to acknowledge their duty to protect the confidentiality of all data to which they have access in the course of their duties;
only authorised personnel may have access to Personal Data, provided such access is necessary. Measures to prevent access to Personal Data by unauthorised persons are put in place;
a method of accessing Personal Data has been developed in-house so that an appropriate level of authorisation is required;
no Personal Data is resold by the Company, even anonymously and for any purpose whatsoever.
The technical security measures taken by the Company in the context of its processing of Personal Data include, but are not limited to, the following measures
passwords and usernames are requested before accessing any electronic environment in which Personal Data is stored and an access log is kept;
any electronic media and software on which Personal Data is stored is regularly updated and protected against malware and unauthorised access;
adequate security measures (e.g. firewalls etc.) are put in place at the interface between the environments accessible to third parties and the company's storage areas, as well as measures to combat virtual attacks threatening data security (IDS/IPS etc.);
Personal Data is always transmitted via encrypted communication services (email, FTP, file sharing, HTTPS security mode);
the environment (servers, etc.) in which Personal Data is stored on behalf of the Data Controller is physically protected and access to it must be controlled and limited to authorised personnel only;
Personal Data can be anonymised or deleted using appropriate methods. The deletion of Personal Data stored in an electronic environment has the effect of making it impossible to retrieve the data.
8 - What are your rights regarding your Personal Data and how can you exercise them?
In order to allow regular updating of the personal data collected by the Company, the Company may solicit the Data Subjects who will be obliged to comply with the Company's requests. Pursuant to the regulations applicable to personal data, the Persons concerned have the following rights:
Right of access (article 15 of the RGPD) : they can exercise their right of access, to know the Personal Data concerning them.
Right of rectification (Article 16 of the RGPD) : if the Personal Data held by the Company are inaccurate, they may request that the information be updated; the persons concerned are informed that the Company will not make any so-called "comfort" modifications, as these are possible from the "Profile" tab in the "Settings" section of the Ksaar account. Only substantial modifications to the civil status, identity, profession and contact details of the person concerned will be made.
Right of deletion (Article 5 of the GDPR concerning the "purging" of data and Article 17 of the GDPR concerning the deletion of data or the "right to be forgotten"): Data Subjects may request the deletion (in whole or in part) of their Personal Data, in accordance with applicable data protection regulations;
Right to restrict processing (Article 18 of the GDPR): Data Subjects may request the Company to restrict the processing of their Personal Data in accordance with the assumptions set out in the GDPR;
Right to object to the processing of data (Article 21 of the GDPR): Data subjects may object to their data being processed in accordance with the assumptions set out in the GDPR;
Right to portability (Article 20 of the GDPR): they may request that the Company return the Personal Data they have provided to them for transmission to a new entity, within the strict framework of the applicable data protection regulations.
You can exercise one or more of these rights by contacting us via the dedicated module.
A reply will be sent to you within one month of receipt of the application. This one month period may be extended by two months if the complexity of the request and/or the number of requests so requires. In order to prevent any risk of data leakage or identity theft, certain requests must be accompanied by a photocopy of a valid signed identity document.
9 - How to contact our Data Protection Officer?
A Data Protection Officer is available for any questions or requests for further clarification regarding the Ksaar Privacy Policy. You can contact him via the dedicated module.
For any other more general information on the protection of Personal Data, you can consult the website of the National Commission for Information and Liberties (CNIL) at the following address: www.cnil.fr.
10 - Under what conditions does our Privacy Policy apply?
Continued browsing of the Ksaar websites implies unreserved acceptance of the provisions of this Privacy Policy. The version currently online - which came into force on 25 March 2022 - is the only one that can be enforced during the entire period of use of the site and until a new version replaces it.
Our policy on Personal Data (in terms of confidentiality and cookies) may be modified or amended at any time in the event of changes in the law, case law, decisions and recommendations of the CNIL (French Data Protection Authority) or practices. Any new version of this Policy will be brought to the attention of the Persons concerned by any means defined by the Company, including electronic means (distribution by e-mail or online for example).
โ
Cookie Charter
In 5 questions
1 - What is a cookie?
A cookie is a small text file placed and stored for a limited period of time on your computer, tablet, smartphone or any other device that allows you to browse the Website. Cookies are placed on your terminal by Ksaar or by third parties duly listed in our cookie management tool. They may be kept for a period of 13 months before being destroyed.
2 - How are cookies used by Ksaar?
The Company uses four types of cookies on its various websites:
Strictly necessary cookies are essential for browsing the Ksaar websites. They cannot be set, as their deletion could lead to difficulties in browsing our Services.
Functional cookies allow us to recognize you when you return to use our Services and to offer you content adapted to your preferences (language, display, etc.).
Performance cookies provide us with statistical data on the number of visitors and the use of our Services. This information allows us to understand your experience on the Site, your interactions with our Services and to improve them accordingly.
Marketing or audience measurement cookies enable us to keep track of your visit to our Services, the pages you have consulted and the links you have clicked on in order to display relevant advertisements adapted to your interests.
3 - Do you retain control over the management of cookies on Ksaar?
Ksaar uses the services of www.axeptio.eu as a management tool to collect your consent to cookies. In accordance with European regulations, consent is understood to be any free, specific, informed and unambiguous expression of will by which the person concerned accepts, by means of a declaration or clear positive act, that personal data relating to him or her may be processed. In accordance with the requirements of the RGPD, this consent to cookies can therefore be withdrawn at any time as easily as it was given via our dedicated module: depending on your preferences, you can authorise, refuse or deactivate them (a cookie that has already been deposited can only be deactivated; it will only be deleted at the end of its lifetime). However, we would like to draw your attention to the fact that the total rejection of cookies may lead to some of our Services becoming inaccessible or to a less efficient or less suitable use of our Services.
4 - How to manage cookies more globally on your browser?
You can also express your choices and modify your wishes through the browser used to access the Site. The configuration of each browser is different. It is up to you to follow the instructions of the editor of your browser as follows (links available at the date of the last update of this cookie policy): Chrome, Internet Explorer, Safari, Firefox and Opera.
5 - Under what conditions does our Cookie Policy apply?
Ksaar reserves the right to update this policy at any time and without prior notice, and if necessary, it will make mention of this on the sites concerned, particularly by updating the message on the Cookies banner. The version currently online - which came into force on 25 March 2022 - is the only version that can be used during the entire period of use of the site and until a new version replaces it.
