Protection policy of your data

This policy is important for you, who wish to have a positive and confident experience with our services. It is also for us to meet your expectations and take into account your wishes.

En tant que responsable de traitement des Données, nous vous exposons comment nous traitons vos Données, pour vous apporter au quotidien de nouveaux services dans le respect de vos droits.

As Data Processing Manager, we explain how we process your data, to provide you with new services daily while respecting your rights.
We protect your privacy by ensuring the protection, confidentiality, non-alteration, availability, and security of the Data that you entrust to us on all of our communication channels.

To achieve these objectives, we implement the appropriate technical and organizational measures to ensure that the processing complies with the applicable data protection law.

For the proper understanding of this document, we provide you with a glossary in Appendix 1.

1. The processing manager and its DPO

Cdiscount (hereinafter « CSHIELD ») is a public limited company with a capital of € 6,642,912.78, registered in the Bordeaux Trade and Companies Register under number 424 059 822, whose registered office is located at 120-126 quai de Bacalan, 33000 Bordeaux.

The Data Protection Officer (hereinafter the “DPO”) of Cdiscount ensures the compliance of the processing of personal data carried out. You can contact him (i) by email sent to contact@cshield.io or (ii) by postal mail addressed to Cdiscount, Delegate for the protection of personal data, 120-126 quai de Bacalan, 33000 Bordeaux.

2. The processing of your data by Cshield

We process your Data for the purposes set out in the following table (for the correct understanding of the table, we invite you to refer to the glossary in Annex n ° 1) :

Processing purposes

Sub-purposes

Processing basis

Activities n ° 1 – BALEEN Offer

Accommodation

Legitimate interests pursued by CSHIELD

Bot management 

Management of overflows and site overloads

Installation of security devices (Firewall)

3. Who are the recipients of your data ?

Different internal services of CSHIELD may have access to your Data. We do not share your Data with third parties (outside internal services working on processing) except in the following specific circumstances.

Processing purposes

Data Recipients

Activities n ° 1 – BALEEN Offer

  • Internal services

  • Service providers specializing in the provision of IT infrastructure

  • Service customers

4. Is my Data sent outside the EU ?

Your Data may be transmitted for the purposes defined above to companies located in countries outside the European Union and not having an adequate level of protection as regards the protection of personal data.

Before any transfer outside the European Union, CSHIELD makes sure to respect the guarantees necessary to secure such transfers. Transfers outside the European Union can be carried out in particular within the framework of the following activities:

Activity (concerned data)

Country of destination of data

Supervision of data transfer

Use of Baleen commercial website (Google Analytics usage statistics subject to consent)

USA


Upon simple request to our Data Protection Officer, we can provide you with more information about these transfers, as well as a copy of the documents authorizing the transfer of Data outside the European Union.

5. How long do we keep your Data ?


Your Data is collected by CSHIELD for the time necessary to carry out the processing referred to in paragraph 2 of this document.

The main categories of Data collected are kept for the following periods:

Typology of Treatments

Shelf life in current archive

Shelf life in intermediate archive

Treatments relating to Visitors

30 days

6. How to exercise your rights ?

For requests that reach the DPO of CSHIELD by email or postal mail, please attach your ID to the request.

In case of serious doubts about your identity, additional information relating to your identity may be requested from you according to article 12 of the GDPR.

We will send you a response within one (1) month maximum from the date of receipt of your request. This period may be extended by two (2) additional months, given the complexity and the number of requests.

For the sake of transparency, you will find below a table summarizing your rights according to the different treatments.

For the correct understanding of this table, we provide you with a glossary in appendix 1.

Your rights

The conditions of exercise

The treatments concerned

Right of access

All processing of personal data

Right of rectification

All processing of personal data

Right to limitation

It is important to note that this right only applies if:

  • you dispute the accuracy of your Data for the duration allowing us to verify the accuracy of the latter,

  • you consider that we are processing your Data unlawfully and that you require a limitation of their use rather than a deletion,

  • we no longer need your Data concerning the purposes referred to in paragraph 2 but that these are still necessary for the establishment, exercise or defense of your legal rights,

  • in the event of the exercise of your right of objection during the verification period relating to the question whether the legitimate grounds which we are pursuing prevail over yours.

Treatments based on:

– the execution of the contract

– legal obligation

– our legitimate interest

Right to erasure

You have the right to ask an organization to erase personal data concerning you in the following cases:

  • Your Data is used for prospecting purposes;

  • Data is no longer necessary concerning the purposes for which it was initially collected or processed;

  • You withdraw your consent or you object to the processing of your Data;

  • Your Data is subject to unlawful processing;

  • Your Data was collected when you were minor in the context of the information society (blog, forum, social network, website …);

  • Your Data must be erased to comply with a legal obligation.

In the event of a request for the deletion of your Data, CSHIELD may nevertheless keep it in the form of an intermediate archive, for the duration necessary to meet its legal, accounting, and tax obligations.

Treatments based on:

  • the execution of the contract

  • your consent

  • our legitimate interest

Right to object

Processing based on our legitimate interest.

The right to portability

Processing based on:

  • your consent

  • the execution of the contract

The right to formulate post-mortem directives

You have the right to formulate specific and general post-mortem directives concerning the storage, erasure, and communication of your Data.

In the absence of any directive, your heirs can contact CSHIELD to:

  • access Data processing allowing “the organization and the settlement of the estate of the deceased”

  • and / or oppose the further processing of your Data.


In any event, you can indicate to us, at any time, that you do not wish, in the event of death, that your Data be communicated to a third party.

All processing of personal data

The right to complain

You can, at any time, file a complaint with the competent supervisory authority (in France, the CNIL: www.cnil.fr)

All processing of personal data

7. Cookies

This section is dedicated to our cookie management policy on the Site. It allows you to find out more about the origin and use of the navigation information processed when you consult our website and your rights.

7.1. What is a cookie ?

A cookie is a small text file that requests permission to be placed on your computer’s hard drive by the websites you visit. They are widely used to make websites work more efficiently. Some of these cookies are necessary for the operation of the website. Others have the function of identifying you and, depending on your navigation, helping our teams to improve the Site.

A cookie cannot give access to information about you that you do not want to share. A cookie has a lifespan and is deleted by your browser once it has expired. Only the issuer of a cookie may read or modify the information contained in this cookie.

7.2. Purposes and type of cookies

Cookies are used for the following purposes:

Cookies necessary for the operation of the service (or “essential”)

These cookies are mandatory for the provision of offers (for example consolidation of the browsing session) and, as such, exempt from the collection of consent

So-called “audience measurement” cookies

These cookies are used to measure the audience for the Site or to test different versions to optimize editorial choices based on their respective performance. In some cases, these cookies can be regarded as “essential” necessary for the provision of the service explicitly requested by the user, and thus be exempt from the collection of consent (for example, cookie linked to split testing or A / B Test).

There are also several different types of cookies. Here are the most widely used:

Session cookies

Session cookies are only stored for the duration of your visit to the Site.

 

7.3. Responsabilities related to cookies

  • Cookies from CSHIELD and its subcontractors

CSHIELD is responsible for the issuance and use of cookies by it on the Site. Certain types of Cookies (“essential” or audience measurement in certain cases) are exempt from consent.

7.4. Manage cookie deposit

Under the Directive 2002/58 / EC of July 12, 2002, the company CSHIELD collects your prior consent to the deposit of cookies except for “essential” cookies and certain audience measurement cookies.

You can choose at any time to express and modify your wishes in terms of cookies, by the means described below.

  • Configuration of your browser

The configuration of each navigation software is different. It is generally described in the help menu of your navigation software. We, therefore, invite you to read it. You will thus be able to know how to modify your wishes regarding cookies.

Internet Explorer™

http://windows.microsoft.com/fr-FR/windows-vista/Block-or-allow-cookies

Safari™

https://support.apple.com/kb/PH19214?locale=fr_FR&viewlocale=fr_FR

Chrome™

http://support.google.com/chrome/bin/answer.py?hl=fr&hlrm=en&answer=95647

Firefox™ 

http://support.mozilla.org/fr/kb/Activer%20et%20d%C3%A9sactiver%20les%20cookies 

Opera™

http://help.opera.com/Windows/10.20/fr/cookies.html 

Please note: Any configuration that you may undertake on your browser software regarding the acceptance or refusal of cookies may modify your Internet browsing and your conditions of access to certain services requiring the use of these same cookies. If you choose to refuse the registration of cookies in your terminal or if you delete those which are registered there, we decline all responsibility for the consequences linked to the degraded functioning of our services resulting from the impossibility for us to register or consult the cookies necessary for their operation and that you would have refused or deleted.

  • Configuration of your smartphone

You can control the deposit of Cookies directly from your smartphone:

IOS

https://support.apple.com/fr-fr/HT201265

Android

https://support.google.com/chrome/topic/3434352

  • Creation of a list of opposition to the deposit of cookies

To block the collection and use of information about you by advertising companies wishing to offer you advertising based on your interests, you can access the following sites:

8. Security measures

We undertake to implement the appropriate technical and organizational measures to guarantee a level of security adapted to the risk incurred for the rights and freedoms of natural persons in the context of the processing referred to in point 2.


These measures are defined taking into account the state of knowledge, the costs of implementation and the nature, scope, context, and purposes of the processing, as well as the risks identified.

********************

This policy will be updated as necessary to meet the requirements of the regulations applicable to Data protection. It will be revised at least every three (3) years.

June 23, 2020

Validated by the DPO of CSHIELD

APPENDIX 1 – GLOSSARY

For the correct understanding of this privacy policy, here are some key concepts:

Cookies : A cookie is a small text file placed on the user’s hard drive by the server of the site visited or by a third-party server, it contains information on the navigation carried out on this site.

Personal data: Any information allowing direct or indirect identification of a natural person (for example your name, your e-mail address, your billing information, telephone number, date of birth).

Right to access: You have the right to ask us for confirmation that personal data concerning you are or are not processed and if necessary access to said data as well as :

  • the reasons why we hold your data;

  • the categories of data we hold;

  • our use of your data;

  • who has access to your data (and their location);

  • where your data may be transferred;

  • the period during which we keep your data;

  • if you have not communicated your data to us directly, how we obtained it;

  • your rights under applicable laws and the possibility of limiting processing;

  • the possibility of lodging a complaint with the competent supervisory authority;

  • if we use your data for any automatic decision-making and how we do it.

Right to erasure: You have the right to request the erasure of personal data concerning you.

Right to limitation: You have the right to ask an organization to temporarily freeze the use of some of your Data, in particular during the examination of your request to exercise another right. 

Right to object: You can object at any time to an organization using some of your Data by putting forward reasons relating to your particular situation.

Right to portability: You can request the communication of part of the Data that you have provided to us in a machine-readable format but also the transmission of this Data to a third party of your choice.

Right of rectification: You can request the rectification of inaccurate or incomplete information concerning you (for example an incorrect address).

Purpose: The purpose refers to the main objective pursued during the processing of your Personal Data. Your Personal Data is used for specific, explicit, and legitimate purposes.

Processing basis :  To process your Personal Data CSHIELD is based on the following legal bases:

  • The execution of the contract: we process your Personal Data when it is necessary for the execution of the contract concluded with you or for the execution of pre-contractual measures taken at your request.

  • Compliance with a legal obligation: the processing of your Data may be imposed on us by the legislator. For example, the fight against terrorism.

  • Our legitimate interest: the processing of your Data may be necessary for the pursuit of our legitimate interest, in particular ensuring the improvement of the customer experience and allowing our activity to prosper.

Data Subject: This Privacy Policy applies to you if you are:

  • Employees of a CSHIELD client

  • A visitor to the site or application of a CSHIELD client, i.e. the person surfing the site or application of a CSHIELD client

Profiling: Profiling consists of establishing an individualized profile based on an individual’s data to assess this person and predict their behavior..

Data controller: this is the natural or legal person, the public authority, the service, or another body which, alone or jointly with others, determines the purposes and means of the processing. CSHIELD is responsible for the processing referred to in paragraph 2.

Sub-purposes: We inform you here more precisely of all the operations which participate in the same purpose.

Processing: c’est it is any operation or any set of operations carried out or not using automated processes and applied to personal data, such as collection, recording, organization, structuring, conservation, ‘adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection, limitation, erasure or destruction.

Data transfer: Any communication, copy, or movement of personal data intended to be processed in a country outside the European Union.