Privacy policy

Our company has established the present personal data protection policy in order to inform the individuals whose personal data it collects and processes about, in particular, the data that may be collected, the processing carried out on this data, the persons or entities to whom our company communicates this data and the rights that these individuals enjoy.  

This Policy falls within the scope of the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 ("General Data Protection Regulation" or "GDPR") and Law No. 78-17 of January 6, 1978 as amended, relating to information technology, files and freedoms ("Loi Informatique et Libertés") and its implementing texts.

‍

1. What data do we collect?

In the course of our business and the operation of our website, we may collect and process personal data concerning our prospects, customers and other contractual partners (their managers, associates and/or members of their staff), as well as users of our website.

This data includes, in particular, information relating to :

• Identity, including surname, first name, gender ;
• Personal and/or professional information, including postal address, e-mail address, landline and/or mobile telephone numbers;
• Information relating to our contractual relationship, in particular product orders and complaints addressed to our company;
• Records of correspondence and communications with our company, in particular e-mails, SMS and MMS messages;
• Connection data on our website, in particular cookies which collect information such as browser type, pages viewed and other general traffic data;
• As well as any information communicated to us by means of the contact form accessible on our website or, more generally, by communicating with our company.

Where applicable, it is specified at the time of collection whether or not the data is necessary for the purpose in question.

‍

2. On what legal grounds do we process your data?

We collect and process personal data, as appropriate:

• For the purposes of executing contracts concluded with our customers or our other business partners, or for pre-contractual measures taken at their request;
• For the purposes of our legitimate interests, such as prospecting and promotion, as well as managing our relationship with prospects, customers and other business partners;
• In order to comply with our legal and regulatory obligations and to defend our rights; and/or
• Based on the consent of the individuals concerned.

In the event that the individual whose personal data we are processing has objected to such processing, we may nevertheless be authorized to carry out or continue such processing on one of the other legal bases referred to above.

‍

3. For what purposes do we process your data?

We collect and process personal data for the following purposes:

• Safeguarding contracts concluded with our customers and other business partners;
• Product order management ;
• Managing our invoicing and accounting, managing our customer accounts ;
• Management of our customer database, management and follow-up of commercial relations with our customers and other commercial partners;
• Building and managing our prospect file, prospecting ;
• Management of newsletters and other similar communications;
• To improve navigation and the user experience on our website, in particular for the purposes of managing audience measurement statistics.

‍

4. Who do we share your data with?

We communicate or are likely to communicate the data collected to the following persons or entities:

• Authorized members of our staff ;
• Our subcontractors, agents and service providers ;
• Our business partners ;
• Our statutory auditors;
• Control authorities (regulators), administrative authorities, courts.

We do not transfer any personal data collected outside the European Union.

However, in the event that we transfer personal data that we have collected outside the European Union, we undertake, in compliance with legal provisions, to ensure (i) that the country to which the transfer is made ensures an adequate level of protection by virtue of an adequacy decision by the European Commission, (ii) in the absence of such a decision, that appropriate safeguards, as referred to in Article 46 of the RGPD, have been put in place, or (iii) in the absence of an adequacy decision and the aforementioned appropriate safeguards, that the transfer of data falls within one of the hypotheses referred to in Article 49 of the RGPD.

‍

5. How long do we keep your data?

We only keep the personal data collected for the time necessary to achieve the purposes for which they were collected, in compliance with the regulations in force and without prejudice to legal retention obligations and limitation periods.

In particular, customer data is kept for the duration of the contractual relationship, and for a further 3 years for promotional and prospecting purposes.

An indicative table of the retention periods for data collected by our company is provided in the Appendix.

‍

6. How do we ensure the security of your data?

Our company implements appropriate technical and organizational measures to ensure the security of the data collected and compliance with its obligations under applicable regulations. In particular, our company implements measures to guarantee the confidentiality, integrity, availability and resilience of processing systems and services.

‍

7. What rights do the people concerned have?

Any natural person whose personal data is processed by us has the following rights, as recognized by the applicable regulations:

• A right of access to their data as well as to information relating to the processing of which their data is the subject (art. 15 of the RGPD; art. 49 of the Loi Informatique et Libertés)
• A right to rectification of inaccurate or incomplete data (art. 16 RGPD; art. 50 Loi Informatique et Libertés);
• A right to erasure of data (art. 17 RGPD; art. 51 Loi Informatique et Libertés);
• A right to limit the processing of one's data (art. 18 RGPD; art. 53 Loi informatique et Libertés);
• A right to data portability (art. 20 RGPD; art. 55 Loi Informatique et Libertés);
• A right to object to the processing of his/her data (art. 21 of the RGPD; art. 56 of the Loi Informatique et Libertés);
• Where data processing is based on consent, the right to withdraw consent at any time (art. 7.3 RGPD) ;
• The right to define directives concerning the conservation, deletion and communication of personal data after death (art.85 of the French Data Protection Act).

Any person concerned may, if necessary by providing proof of identity, exercise their rights at any time with our company, by means of the contact form accessible on the website www.kate.tech, by e-mail to rgpd@nosmoke.fr or by post to NOSMOKE - RGPD, 132 avenue du 25 août 1944, 79140 CERIZAY (France).

The data subject also has the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) concerning the processing of his/her personal data (www.cnil.fr/fr/plaintes).

‍

8. Identity of the data controller

The data controller is NOSMOKE, a société par actions simplifiée (simplified joint stock company) with capital of 1,972,000 euros, headquartered at 132 avenue du 25 août 1944, 79140 CERIZAY (France), registered in the NIORT Trade and Companies Register under number 507 477 461.

Chairman: Matthias GOLDENBERG

Correspondence address: registered office address above

Telephone: +33 (0) 5.49.80.38.02.

Email : info@nosmoke.fr

Appendix

Indicative shelf-life table