1- Scope of application of the Policy
The Website’s editorial manager is Patrick Douin.
The Website is hosted by OVH SAS – 2 rue Kellermann – BP 80157 – 59053 ROUBAIX CEDEX 1 – Phone number: 1007
2- Type of personal data collected
Neptune collects your registration data, the data you voluntarily disclose to it, the browsing data concerning your access to and use of the Website, and other miscellaneous information. Specifically, Neptune collects the following information:
- The data that you voluntarily share with Neptune: Neptune may collect your Personal Data, particularly concerning your personal records (name, first name, age, postal address, email address), marital status, profession (job, etc.), and economic and financial information.
This data is exclusively collected in the framework of the performance and management of the contract between you and Neptune, as required by the legal or regulatory obligations applicable to Neptune, to fulfil its legitimate interests (follow-up and maintain the client relationship), or based on your prior consent.
We do not collect:
- Financial data from payment service providers.
- Special categories of Personal Data: we request you not to disclose or communicate to us, via the Website, any data considered by the French Data Protection Authority (CNIL) as Special Categories of Personal Data or assimilated (these include the police record, racial or ethnic origin, political opinions, religious or philosophical beliefs, health data or trade union membership).
3- Purposes for which personal data is collected
We process your Personal Data to:
a) enable your use of the Website and show you our various fields of expertise and services;
b) enhance your user experience of the Website;
c) provide you with assistance as a client and reply to your inquiries;
d) comply with legal obligations or reply to requests from public and governmental authorities;
f) subject to you prior consent, where necessary, conduct business development operations based on your personal preferences and choices.
4 – Legal basis for processing your data
5 – Data storage period
Neptune only collects your Personal Data that is strictly necessary for the intended purposes, as set out above, and for the time strictly necessary for the purpose concerned. In particular, your Personal Data is stored in our active database for the time required to perform the mission entrusted to Neptune. At the end of this storage period, your Personal Data will be erased or archived for the time necessary (i) to enable Neptune to fulfil its legal and regulatory obligations, and/or (ii) to defend a legal claim.
6 – Data processing
Your Personal Data is processed both manually and electronically and is protected by appropriate security measures. Neptune implements technical and organisational measures to ensure the security and privacy of your Personal Data and to prevent it from being damaged, erased or disclosed to unauthorised third parties.
In this respect, although Neptune applies appropriate administrative, technical and organisational measures to protect your Personal Data from theft, loss, or unauthorised use, disclosure or modification, it cannot guarantee that it can protect it against all existing forms of IT risks.
In case of a breach of your Personal Data liable to constitute a risk, Neptune undertakes to send notice of the breach concerned, in accordance with Articles 33 and 34 of the General Data Protection Regulation, to the competent supervisory authority (CNIL) no later than 72 hours after becoming aware thereof, and to the User as soon as possible.
7 – Access to your data
a) Third-party service providers, processors or ultimate processors (i.e., computer service providers, other entities of the group and other service providers, including but not limited to: IT service providers, experts, consultants, companies involved in potential mergers, demergers or other legal processes and, in particular, to other legal advisors (in the scope of exchanges of legal documents, litigations, etc.) or to legal formalityies service providers (for the purpose of filing applications for registration with court registrars or other authorities)).
b) Some processors may be located in the European Union and may process your Personal Data on the behalf, on the instructions or under the authority of Neptune. In accordance with the General Data Protection Regulation, Neptune requires its processors to demonstrate sufficient guarantees concerning the implementation of appropriate technical and organisational measures to ensure the security and privacy of your Personal Data.
8 – Your rights in respect of your Personal Data
You can exercise the following rights at any time, free of charge:
a) right of access, portability, modification, erasure and restriction of the information concerning you;
b) right to refuse the processing of your data on legitimate grounds;
c) possibility to instruct us as to what becomes of your data (storage, erasure, disclosure to third parties, etc.) after your lifetime.
You can exercise these rights by writing to the following email address: firstname.lastname@example.org
You also have the right to file a complaint with a national supervisory authority such as the CNIL in the event of a violation of applicable personal data protection regulations, such as the General Data Protection Regulation.
9 –Processing of third-party personal data disclosed by the client to Neptune, and processed by the latter as processor
You may potentially provide us with third-party Personal Data (e.g.: Client’s employees, Client’s clients, etc.) concerning their personal records (name, first name, age, postal address, email address), marital status, profession (job, etc.) and economic and financial information (“Third-Party Data”).
You will then be the controller for the processing of such Third-Party Data. Neptune, who collects and processes the Third-Party Data on your behalf and according to your instructions, then acts as processor.
In your capacity as controller, you represent and warrant that you fulfil your obligations in terms of the protection of such Third-Party Data and, in particular, that you (i) guarantee the lawfulness of the processing of such Third-Party Data, (ii) have informed and obtained, where necessary, the data subjects’ consent, (iii) have implemented all the appropriate technical and organisational measures to ensure the security and privacy of the Third-Party Data, (iv) allow the data subjects to rapidly and effectively exercise their rights, and (v) have implemented an effective procedure in the event of a Third-Party Data breach.
You are the owner of the Third-Party Data and remain exclusively liable for any violation of personal data regulations committed in the scope of your management of the Third-Party Data as controller, and Neptune will not incur any liability in such respect. In no event may Neptune be held liable for any breach of such personal data that you may commit.
As processor of the Third-Party Data, Neptune undertakes, in accordance with Article 28 of the General Data Protection Regulation, to:
- process the Third-Party Data solely for the purpose of the mission entrusted to it by you;
- process the Third-Party Data only on your instructions;
- ensure that the persons authorised to process the Third-Party Data undertake to maintain confidentiality or are bound by an appropriate legal confidentiality undertaking;
- implement appropriate technical and organisational measures to ensure the security and privacy of the Third-Party Data;
- take into account, in respect of tools, products, applications or services, the principles of data protection by design and data protection by default;
- assist you, where possible, in complying with the obligation to respond to requests for exercising the data subject’s rights;
- inform you of any Third-Party Data breach as soon as possible after becoming aware thereof;
- assist you, in view of the information available, to ensure compliance with legal requirements in terms of security of the processing, notification of data breaches and data protection impact assessment;
- make available to you all the information necessary to demonstrate Neptune’s compliance with its obligations and to enable audits, including inspections, to be conducted by you or another auditor appointed by you, and to contribute towards such audits.
10 – Amendments and updates