Privacy Policy (July 2024 update)

In the course of its business, DM SQUARED SAS (hereinafter referred to as “the Company”) is required to process personal data.

This Privacy Policy (hereinafter referred to as “the Policy”) informs you of how the Company collects and processes your personal data. You are invited to read it carefully.

The Policy applies to all persons whose personal data are collected by the Company. These are mainly visitors to the Company’s website (hereinafter referred to as “the Site”), the Company’s Clients, the Company’s Clients’ staff, and more generally any person who may come into contact with the Company. These persons are hereinafter referred to as “Holders”. The policy covers the manner and purposes for which the Company collects, uses and communicates their personal data.

Personal data (hereinafter referred to as “Data”) is any information relating to an identified or identifiable natural person.

By Holder is meant any person whose Data is collected.

Giving particular importance to the protection of the Data entrusted to it by the Holders, the Company undertakes to respect the privacy of the latter.

This Policy is designed to comply with the requirements of applicable privacy laws, including

to the law n°78-17 of 6 January 1978 relating to data processing, files and liberties as amended
the General Data Protection Regulation n°2016/679 which entered into force on 25 May 2018
French laws and decrees transposing the Regulation

The controller of the processing operations mentioned in this document is the Company, whose registered office is 49, rue de Ponthieu.

Article 1. Acceptance of the Policy

This Policy applies to all Services offered by the Company and forms an integral part of the General Terms and Conditions of Use of its website. It applies to Holders.

The Company reserves the right to modify and supplement this Policy at any time, the version in force being the one available on the website at https://contalto.com/, on the date the Holder connects to the site.

It is agreed that the invalidity of a contractual clause does not invalidate the entire Policy.

Article 2. Processing of Personal Data

All Data provided by the Holder to the Company shall be treated with the utmost confidentiality.

The Data collected is reserved for internal use by the Company and is strictly limited to teams that need to know it.

In all cases, the Company limits itself to collecting and processing relevant, adequate, non-excessive and strictly necessary Data for the purposes determined below.

Beyond the storage periods mentioned below, the Data may be anonymised and stored for exclusively statistical purposes and will not give rise to any exploitation of any kind whatsoever.

The operations described above do not serve to establish profiles likely to reveal so-called sensitive Data such as racial or ethnic origins, philosophical opinions, political, trade union, religious, sex life or health.

2.1. Nature of the Data collected, purpose and storage period

– Prospect Data collected via the Site’s contact form:

-Surname, First name, E-mail address

-Any other Data provided in the “Comment” part of the form

They will be used to answer the prospect’s requests and initiate a possible commercial relationship.

This Data will be deleted 3 years after the last request of the prospect.

– Data entrusted by the Client’s staff:

The Company’s Services will be accessible to the Client’s personnel by entering a password and a user name.

The Data collected in the context of access to the service may include the full name and email address of the Client’s employees.

It may also include Data transmitted by the Client’s employees by email, in particular.

All Data relevant to the provision of the service transmitted in this way will be kept for the duration of the performance of the contract plus the limitation period. They will then be deleted or anonymized.

They will be used to manage the commercial relationship between the Company and the Client.

The recipients of the Data are the Company’s employees.

– Data collected spontaneously from Holders when sending an email or when applying spontaneously:

The Company may be made recipient of a certain number of Data, without this being a solicitation on its part. These Data will not be further processed.

The Data is archived within 5 years of the end of the calendar year in which it is collected.

The Archived Data will be accessible only to the Company’s executives, excluding operational services.

2.2. Legal basis for the processing operations

Execution of the contract

This is the legal basis claimed by the Company when the Data collected is necessary to provide the services and any assistance that Customers may require.

Legitimate interest

The Company may also collect personal Data for purposes of legitimate interest such as improving its services and security. You may at any time object to the processing of your Data on this basis.

Consent

In certain circumstances, and in particular when the legal bases mentioned above are not applicable, the Company is required to obtain your express consent to the processing of your Data. In this case, you may withdraw your consent at any time.

2.3 Information shared with third parties

The processing of the Data collected is strictly confidential.

The Company does not transmit any Data to third parties likely to use them for their own purposes, in particular for commercial or advertising purposes, without requiring the prior consent of the Holders.

The Company may transfer certain Data to third party partners on a temporary and secure basis to ensure the proper performance of the services it offers.

As such, the partners concerned may have access to the Holder’s Data and process them on behalf of the Company, in accordance with the Company’s instructions and in compliance with this Policy and any appropriate security and confidentiality measures.

The Company will implement procedures to ensure that third parties it authorizes to access Data, including any subcontractors, respect and preserve the confidentiality and security of the Data.

To this end, the Company undertakes to impose on its subcontractor(s) the same obligations as those set out herein to ensure that the confidentiality, security and integrity of the Data are respected, and that such Data may not be transferred or leased to a third party, whether free of charge or not, or used for purposes other than those defined in this Policy.

When these partners are located outside the European Union or in a country that does not have adequate regulations in place to comply with the requirements of the privacy laws in force, in particular the General Data Protection Regulations and the French laws transposing them, the Company oversees its contractual relationship with this partner by adopting an appropriate contractual mechanism.

2.4. Data Protection Policy

The Company will take all necessary measures to preserve the integrity, availability and confidentiality of personal Data.

In particular, the Company undertakes to implement technical and organisational measures to ensure, taking into account the state of the art, a level of security and confidentiality appropriate to the risks presented by the processing and the nature of the Data processed.

In particular, the Company undertakes to protect the Data against accidental or unlawful destruction, accidental loss, alteration, disclosure or unauthorised access; and to make the Data processed accessible and accessible only to personnel duly authorised by virtue of their functions and qualifications, within the strict limits of what is necessary for the performance of their functions. The Company’s personnel authorised to access the Data must be bound by an obligation of confidentiality.

The Company undertakes to notify the Client without delay of any incident that may have potentially affected the Data, as well as any violation of Data. In this context, the Client shall promptly communicate to the Company all the information at its disposal concerning the conditions surrounding the security incident and in particular the nature and extent of the Data affected, the number of persons concerned, the likely consequences and the technical conditions under which the incident took place.

2.5. Data Hosting

The Data collected is stored on secure servers located in France or in another member country of the European Union.

The Company may have to transfer the Data collected through its servers or to those of its partners located in countries whose legislation provides a level of Data protection that may be different from that of the European Union.

In this event, the Company will take all necessary measures to maintain a level of Data security at least equal to the level required by European regulations on personal data.

Article 3. Rights of the Holders

3.1 Nature of the Holder’s rights

In accordance with the laws in force relating to the protection of personal Data, in particular the General Data Protection Regulations and the French laws transposing them, each Holder has the following rights:

The Holder may object to the processing of his/her Data in the event of a legitimate reason
The Holder has a right of access to Data concerning him/her
The Holder may rectify, update and/or delete Data concerning him/her
The Holder can request the portability of his/her Data
The Holder may request a limitation on the processing of his/her Data by the Company
The Holder may communicate directives relating to the storage, erasure and communication of personal Data after his/her death (post-mortem directive)

In addition, the Holder is informed that he/she may at any time withdraw his/her consent to the processing of his/her Data.

3.2 Exercise of the rights of the Holders

At any time, the Holder may exercise his/her rights by sending his/her request, which must include his/her full name, postal and electronic address and a proof of ID, either:

– By e-mail to the following address: info@contalto.com

– By post to the following address:

DM SQUARED

49, Rue de Ponthieu

75008 Paris

France

A response will be provided within one month of receipt of the request.

The Holder may also at any time request the Company to no longer receive information by e-mail.

Finally, the Holder may file a complaint with the competent authority, namely the CNIL for the French territory.

Article 4. Use of cookies

The Holder is invited to refer to the Terms and Conditions of use of the website.

Article 5. Applicable law – Competent jurisdiction

This privacy policy is governed by French law.

In the event of a conflict between the French version of this Policy and any translations made, the French version shall prevail (see French version on privacy page of French version of this site).

In the event of a dispute concerning in particular the validity, interpretation and/or execution of these conditions, the French courts shall have jurisdiction, regardless of the location and nationality of the Holder.