Article 1 – Collection and Protection of Personal Data

NOVARC S.A. (hereinafter the “Publisher” and/or the “Data Controller”) processes the personal data of any user, being a natural person with full legal capacity and access to the Internet (hereinafter the “User”).

As Data Controller, the Publisher has implemented a policy covering all personal data processing activities relating to Users, the purposes pursued, and the means available to individuals to exercise their rights.

This privacy policy is established in accordance with applicable legal provisions, in particular:

French Law No. 78-17 of January 6, 1978, as amended (the “Data Protection Act”)
Regulation (EU) 2016/679 of April 27, 2016 (General Data Protection Regulation – GDPR)

Personal data means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to a name, identification number, or one or more specific elements relating to their identity.

Users of the Website may be required to provide certain personal data in order to respond to their requests. The processing of such data is carried out by the Publisher acting as Data Controller.

The personal data collected includes:

• first and last name
• address
• email address
• phone number
• company information (company name, SIRET number, registered office, etc.)
• any personal data voluntarily provided by the User
• where applicable, financial data in the context of payments for products and services offered on the Website
• log data, including:
  >User’s IP address
  >date, time, and duration of connection to the Website

Article 2 – Purposes of Processing and Legal Basis

All personal data collected is used solely for the purposes described below and based on the following legal grounds.

General purposes

Personal data collected from Users is intended to:

• provide access to and use of the Website
• manage and optimize Website performance
• provide user support
• verify, identify, and authenticate User data
• prevent and detect fraud and malicious software
• manage security incidents
• handle disputes

The legal basis for these processing activities is:

compliance with legal obligations
the legitimate interest of the Publisher in providing a secure and high-quality service
Contractual and service-related purposes

Personal data is also used to:

• respond to user requests (information requests, job applications, etc.)
• process quotation requests
• process orders placed via the Website
• invoice products and services
• provide a personal user account

The legal basis is:

the User’s consent (via checkbox)
performance of a contract or pre-contractual measures
compliance with legal obligations
Personalization and marketing

Personal data may also be used to:

personalize services and display advertisements based on browsing history and preferences

Legal basis: User consent.

Users may also receive commercial offers from the Publisher or its partners.

Legal basis: User consent.

Article 3 – User Rights

In accordance with applicable data protection regulations, Users have the following rights:

Right of access: Users may request access to their personal data. Proof of identity may be required.
Right to rectification: Users may request correction of inaccurate data.
Right to erasure: Users may request deletion of their personal data.
Right to restriction: Users may request limitation of processing.
Right to object: Users may object to data processing.
Right to data portability: Users may request their data in a transferable format.

Users may exercise their rights by contacting:

NOVARC S.A.
ZI Les Plaines, 815 C Che Du Razas
26780 Malataverne, France

Email: rgpd@novarc.com

Users may also contact the Data Protection Officer at the same email address.

A response will be provided within one month of the request. This period may be extended by two months if necessary.

Users may also:

define instructions regarding their data after death
file a complaint with the CNIL: https://www.cnil.fr/

Article 4 – Data Retention Policy

Personal data is retained for a duration compliant with applicable legislation and only as long as necessary to:

meet legal and regulatory obligations
resolve disputes
prevent fraud and abuse
enforce the Publisher’s Terms and Conditions

Personal data submitted in the context of recruitment is used exclusively for application management and is retained for a maximum of 2 years.

Article 5 – Sharing of Personal Data with Third Parties

Personal data may be shared with third parties in the following cases:

• when processing a request requires the involvement of a third party, including subsidiaries
• when the User authorizes a third-party website to access their data
• when the Publisher uses service providers (support, advertising, payment services)

These providers:

have limited access to data
are contractually bound to comply with data protection regulations

Data may also be disclosed if required by law or to comply with administrative or legal proceedings.

When using data processors, the Publisher ensures they provide sufficient guarantees regarding:

security
confidentiality
integrity of personal data

Under no circumstances will personal data be transferred outside the European Union without appropriate safeguards or adequacy decisions.

Article 6 – Security

The Publisher implements appropriate technical and organizational measures to protect User data.

Employees and third parties are required to comply with strict security and confidentiality standards.

In the event of a personal data breach, the Publisher undertakes to:

• notify the CNIL as soon as possible and, where feasible, within 72 hours, unless the breach is unlikely to result in a risk to rights and freedoms
• notify affected individuals promptly if the breach is likely to result in a high risk, unless such notification is not necessary (e.g., if appropriate measures have been taken to render the data unintelligible)