GENERAL TERMS AND CONDITIONS
I. Definitions
What is personal data?
Personal data is any information relating to an identified or identifiable natural person, including, for example, reference to his or her name, an identifier, an email address, an IP address or to several factors specific to his or her identity.
What is the processing of personal data?
The processing of personal data consists of any operation carried out, whether or not by automated means, on personal data. This includes the collection, recording, organization, storage, modification or use of personal data.
What is a data controller?
This refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
What is consent?
This refers to any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
What is a recipient?
This refers to a person authorized to obtain communication of personal data recorded in a file or processing system by virtue of their functions.
What is a subcontractor?
This refers to a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
II. Purpose and objective of the privacy policy
The privacy policy of the website www.edu.speechi.net (hereinafter referred to as "the Site") aims to inform you of the methods of processing your personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the French Data Protection Act.
SCOPE OF APPLICATION
The privacy policy applies to the following individuals (the "Users"):
– You are an internet user and are visiting the Site. You are wondering what data is collected and processed during your visit, particularly via the "cookies" section (you can also consult the Cookie Policy below for this purpose); and/or
– You are an internet user and visit the Site. You subscribe to the Site's blog and you wonder how your data is processed in this context; and/or
– You are a customer and you have purchased one of our products on the Site. You have provided some of your personal data to make this purchase, and you are wondering how it is processed in this context.
IDENTITY OF THE DATA CONTROLLER
The person responsible for processing the personal data of Site users is:
The company WOUARF SAS
Whose registered office is located at 12 rue de Weppes, 59800 Lille RCS No. 449 742 667
WOUARF, in its capacity as data controller, collects personal data from Site Users. It is responsible for implementing appropriate measures to ensure that personal data is processed in accordance with the GDPR.
CONTROL AUTHORITY
I. The competent authority
The competent French supervisory authority for personal data, responsible for monitoring the application of the GDPR in order to protect Users with regard to the processing of their personal data, is as follows:
The National Commission for Information Technology and Freedoms (“CNIL”)
3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07
II. Complaint to the CNIL
Each User may exercise their right to complain to the CNIL regarding how their personal data is processed by the data controller: https://www.cnil.fr/fr/agir
THE PROCESSING OF YOUR COLLECTED PERSONAL DATA
I. Categories of personal data collected
The categories of personal data that may be collected are as follows:
| CATEGORIES OF PERSONAL DATA | CATEGORY DESCRIPTION |
| Customer Identity / Data | This refers to the data you provide when you create a customer account on the Site, including:
Name, Surname, Email address, Telephone number |
| Order data | This concerns data relating to product purchases on the Site:
Identity (above) |
| Data relating to means of payment | Bank card number, bank card expiry date, security code, cardholder's name and surname, bank card type |
| -Identification of access to our Site and the number of connections -Determining which cookies to use |
-Article 6) f) of the GDPR: Responds to our legitimate interest - Article 6(a) of the GDPR: Consent (for cookies) |
| Automatic Site Connection/Visit Data | Bank card number, bank card expiry date, security code, cardholder's name and surname, bank card type |
| Automatic Site Connection/Visit Data | This refers to data related to web browsing:
Timestamp, IP address, cookies, browsers used, computers and technical connection elements, computer configuration, internet access point |
| Data necessary for carrying out customer loyalty and prospecting activities | This refers to data collected, in particular, when a user fills out the contact form. Identity (above) |
This personal data may be collected directly on the Site by creating an "account" via a terminal by purchasing a product offered on the Site, or by simply visiting the Site.
II. The purposes, legal bases for the processing of personal data and their respective retention periods
| Category of personal data | Purpose | Legal Basis | Shelf life |
| Customer Identity / Data | -Data necessary for account and order management, including payment, invoicing and delivery management. -To promote the proper functioning of the Site's services |
-Article 6) b) of the GDPR: Necessary for the performance of the contract - Article 6(f) of the GDPR: Responds to our legitimate interest |
For the entire duration of the business relationship and for a maximum of three years from the end of the business relationship. For all billing data, the retention period is ten (10) years in accordance with accounting obligations. |
| Order data | -Compliance with the pre-contractual information obligation;
-Execution of the sales contract; -Order confirmation |
-Article 6) c) Necessary for compliance with a legal obligation
-Article 6) b) of the GDPR: -Article 6) b) of the GDPR: |
5 years under legal obligations |
| Data relating to means of payment | -Execution of the sales contract -Determining which cookies to use |
Article 6) b) of the GDPR: Necessary for the execution of the contract -Article 6) a) of the GDPR: Consent (for cookies) |
This data is not stored: They are collected during the transaction and are deleted as soon as the purchase is settled. Cookies are stored for a maximum of 13 months if they are necessary for the operation of the Site. Otherwise, they are stored for a maximum of 6 months. |
| Automatic Site Connection/Visit Data | -Identification of access to our Site and the number of connections -Determining which cookies to use |
-Article 6) f) of the GDPR: Responds to our legitimate interest - Article 6(a) of the GDPR: Consent (for cookies) |
Cookies are used for the duration of your identification and visit to the site. They are stored for a maximum of 13 months if necessary for the site to function. Otherwise, they are stored for a maximum of 6 months. |
| Data necessary for carrying out customer loyalty and prospecting activities | -To carry out commercial and marketing operations, including customer loyalty and promotional activities.
-Managing customer relations in the context of information requests or complaints that a User may send via the Site, its customer service or the networks. |
-Article 6) a) of the GDPR: Consent
-Article 6) f) of the GDPR: serves our legitimate interest in promoting news and new offers on the Site |
Until the User requests to stop receiving marketing emails Until the blog is unsubscribed Or within a maximum period of three (3) years after the end of the business relationship if it is a customer, or in the case of a prospective customer after the last contact with the latter or the last collection. |
III. Specifics relating to the personal data of minors.
The User must have the legal capacity to order products offered on the Site. We do not collect personal data relating to minors.
IV. Recipients and transfer of personal data
Do we transmit your personal data to recipients external to the Data Controller?
As part of our business, we may need to share your personal data with our delivery providers and installers to ensure the delivery and proper installation of the products ordered.
In addition, we may share your personal data with our network of reseller partners.
Furthermore, we use CRM software, Zoho One, which may collect and process your personal data. In this regard, you can consult their privacy policy here: https://www.zoho.com/privacy.html?zredirect=f
Our website is hosted by AWS. AWS also processes your personal data. You can consult their privacy policy below: https://aws.amazon.com/privacy/?nc1=f_pr
For the Shop section of Speechi, we use PrestaShop which is hosted on one of our AWS servers in Germany.
Do we transmit your personal data to internal recipients within the Data Controller?
We may need to share your personal data with our authorized staff, namely:
– Marketing and E-commerce Department
– Sales Department
– Logistics Department
– Support Service
– Installation Service
– Development Department
– HR and Accounting Department
– Customer Support Service
Do we transfer your personal data outside the European Union?
We use tools that may transfer your personal data outside the European Union, namely:
– Our CRM software, Zoho One.
– Google services (for emails, etc.): https://support.google.com/a/answer/60762?hl=fr?hl=fr#zippy=%2Where-are-my-data-stored-by-google
– Microsoft Office suite: https://privacy.microsoft.com/fr-fr/privacystatement
In any event, if the level of protection of the country importing personal data is not adequate within the meaning of the CNIL or in the absence of an adequacy decision from the European Commission, the Data Controller will have put in place appropriate safeguards such as standard contractual clauses validated by the European Commission with the data importer.
V. Security measures implemented in the processing of your personal data
The data controller undertakes to take all necessary measures to ensure the security and confidentiality of your personal data in the processing thereof.
To do this, your personal data is stored on the Zoho One platform. The data is encrypted using AES encryption. A backup of our database, hosted on AWS servers, is also performed every 15 days. Data stored on Prestashop (see below) is retrieved daily.
YOUR RIGHTS REGARDING YOUR COLLECTED PERSONAL DATA
I. Your Guaranteed Rights
Since the processing of personal data is a fundamental human right, you are entitled to numerous rights guaranteed in particular by the GDPR.
In accordance with the latter, you are entitled to the following rights:
| Right of access | Each user has the right to access all personal data concerning them. Upon request, you may obtain a copy of your personal data being processed. |
| Right of rectification | Each User has the right to obtain a rectification of their personal data if it is proven to be inaccurate or incomplete. |
| Right to erasure or "Right to be forgotten" | Each User has the right to request the deletion of all their personal data |
| Right to restriction of processing | Each User has the right to obtain restriction of the processing of their personal data in the following cases:
a) you contest the accuracy of your personal data for a period enabling us to verify its accuracy; |
| Right to portability | Each user has the right to receive their personal data in a structured, commonly used, and machine-readable format. You also have the right to transmit your personal data to another data controller without hindrance from us. You have the right to request that we transfer your personal data to another data controller if this is technically feasible. |
| Right to object | Each User has the right to object to the processing of their personal data for legitimate reasons without having to justify themselves and can therefore refuse to have their data used for commercial prospecting purposes. |
| Right to complain | In order to guarantee their rights, each User has the right to lodge a complaint with the CNIL, the competent supervisory authority for personal data. |
II. How to Exercise Your Rights
Each User can exercise their rights by contacting the data controller directly through one of the following channels:
– Electronically, by writing to the following address: dpo@speechi.net
– By mail, by writing to the following address: 12 rue de Weppes 59800 Lille FRANCE
We are committed to responding to you promptly and within a maximum of one month. We will make every effort to comply with your requests regarding the processing of your personal data.