Privacy policy
Version updated to 25/08/2020
__SOCIETE_ is committed to protecting your privacy. Contact us if you have any questions or problems regarding the use of your personal data and we will be happy to help you. This privacy policy is part of our Terms and conditions of sale By accepting the terms and conditions, you also accept this policy. In the event of a conflict between the terms used in the Terms and Conditions and the Privacy Policy, the latter shall prevail.
Definitions
__SOCIETE_ Trade name used by SAS __SOCIETE_, with capital of €50,000, having its registered office at __ADRESSE_ France, registered in the Nantes Trade and Companies Register under number __IMMAT_, represented by Mr __NOM_ in his capacity as Chairman;
Administration State service that gives concrete expression to the exercise of public powers in civil status or immigration matters;
Application IT Solution which allows the User to use the Functionalities and Services offered by __SOCIETE_ ;
Customer Person who has signed and agreed to the T&Cs and the obligations contained therein;
Administrative Document Document requested by the Customer to carry out personal or professional administrative procedures;
Data Any element (information, texts, photographs, photocopies, messages, etc.) collected by the User and implemented by him/her within the Site, the Application and the Services through his/her use;
Personal data Identifiable natural or legal person" means any natural or legal person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, economic, cultural or social identity;
Functionality Each element implemented, accessible and usable within the various Services ;
Access Methods and/or functions by which the User can access one or more Services in order to use them for his or her own needs;
Operator Company that operates the various electronic telecommunications networks required for access to and use of the Services;
Services All the services made available to the User by __SOCIETE_ and accessible via the Means of Access;
Site (or Website) The __SOCIETE_ internet site allowing the User to have access to the Services, namely : https://www.esta.us.org Third party Refers to natural or legal persons who are not linked by common ownership or control to __SOCIETE_ or other individuals not related to __SOCIETE_ and/or the User;
User Any individual or legal entity accessing the Site and, where applicable, the Application.
Data protection principles
__SOCIETE_ undertakes to respect the following data protection principles:
- Processing is lawful, fair and transparent. The processing activities have legitimate reasons. The company __SOCIETE_ always considers your rights before processing personal data. It will provide you with information about the processing on request.
- Processing is limited to the purpose. The processing activities correspond to the purpose for which the personal data was collected.
- __SOCIETE_ collects and processes only the minimum amount of personal data required.
- Processing is limited in time. __SOCIETE_ does not keep your personal data for longer than necessary.
- __SOCIETE_ will do its best to ensure the integrity and confidentiality of the data.
In accordance with Current regulations on Personal Data (RGPD), the processing operations described in this documentation must receive your prior consent. When you request Administrative Documents via the Website, you are asked to accept this Data Protection Policy.
The processing we carry out may also be dictated by a legal obligation incumbent upon us, in particular for accounting or tax purposes.
Most of the processing carried out by __SOCIETE_ falls within the scope of the processing necessary for the contractual relationship and the provision of the service requested, namely the provision of Administrative Documents for the Customer.
The performance of the (pre-)contractual relationship between us, at your initiative, requires us to carry out a certain number of processing operations.
In any event, we ensure that we do not disregard your interests or your fundamental rights and freedoms by allowing you, at any time, to object to all or part of the processing described in this Personal Data Protection Policy.
As minors are also concerned by our services, this confidentiality policy also applies to them. Data concerning them is available to their legal representatives.
Who collects your Personal Data?
The Website is published by SAS __SOCIETE_, with capital of €50,000, whose registered office is located at __ADRESSE_ in France and registered in the Nantes Trade and Companies Register under the number __IMMAT_, represented by Mr __NOM_ in his capacity as Chairman;
As part of the management and operation of the Site, and in its capacity as data controller under the French Data Protection Act of 6 January 1978, as amended, __SOCIETE_ is likely to collect Users' Personal Data.
The Company __SOCIETE_ attaches great importance to the respect of privacy and takes all necessary measures to ensure the confidentiality and security of Users' Personal Data. To this end, __SOCIETE_ invites Users to read the present Data Protection Policy in order to be informed of how their Personal Data is processed and of their rights.
Who are the recipients of the Personal Data?
Users' Personal Data is collected and processed by the Company __SOCIETE_. The data may also be communicated to the sub-contractors of the Company __SOCIETE_ who act in the name and on behalf of the Company __SOCIETE_, and in particular the Site host.
__SOCIETE_ may communicate Users' Personal Data in order to cooperate with administrative and judicial authorities.
Finally, __SOCIETE_ may communicate Users' Personal Data to Third Party service providers as part of statistical studies on the use of the Site and for Site optimisation purposes. In this context, Users' Personal Data will be anonymised.
What personal data does __SOCIETE_ collect?
The Company __SOCIETE_ offers a platform to assist in the provision of Administrative Documents for Clients. In this respect, __SOCIETE_ collects personal data from Users submitting the request. Declarative information, provided by you, including :
- Civility ;
- Full name ;
- Year and place of birth ;
- Telephone number* ;
- Email address ;
- Place of residence (address declared by the User) ;
- Religion
- Level of education
- Spouse's marital status and contact details
- Parents' civil status and place of birth
- The employer (name and address)
- Nationalities (current and of origin)
- Passport (number, place of issue, validity dates)
- Travel details (dates of travel, place of arrival, content of the trip, purpose and history in the country or related countries)
- Contacts in the customer's country of origin and in the customer's target country
Information about you collected automatically
- The identifier of the connection at the origin of the communication ;
- Traces of connections (via cookies);
- The identifier assigned by the information system to the content that is the subject of the operation;
- The types of protocols used to connect to the service and transfer content;
- The nature of the operation.
Information provided by third parties
- The presumed location of the User, based on IP data
- His career on other websites
- Payment information, secured so that it cannot be used for other purposes
* In accordance with article L.223-2 of the French Consumer Code, Users are hereby informed that they may, if they so wish, register on an opposition list against telephone canvassing available on the following website www.bloctel.gouv.frEven though the telephone number provided to __SOCIETE_ is not given to any third party for commercial purposes during the ordering process.
For what purposes is personal data collected?
__SOCIETE_ uses Users' personal data for the following purposes:
- Provision of Services ;
- Billing ;
- Obtaining administrative documents from the authorities;
- Follow-up of files with the authorities;
- Response to any questions or complaints from Users ;
- Drawing up sales statistics;
- Marketing ;
- Management of unpaid bills and disputes.
Does __SOCIETE_ use the services of external service providers?
YES, __SOCIETE_ wishes to offer the best service to its Users. In this respect, __SOCIETE_ relies on the best external service providers to :
- Storage of personal data ;
- Instant messaging ;
- Email marketing;
- Internal messaging ;
- Submitting Customer requests to the authorities;
- Online advertising ;
- Invoicing ;
- Gathering opinions from Users;
- Online payment.
Concerning the storage of personal data:
Concerning the storage of personal data, __SOCIETE_ has selected a third party service provider with all the necessary approvals for the collection and storage of data. The servers used by this third party service provider are located in Switzerland.
The selected service provider is Infomaniak, located at 25 rue Eugène-Marziano, 1227 Les Acacias (Switzerland), Tel: +41 (0) 22 820 35 44. Its confidentiality policy is available at this address: https://www.infomaniak.com/fr/cgv/reglement-general-protection-donnees
__SOCIETE_ also uses Google Cloud solutions to manage its data and its transmission to external service providers. The Google Cloud confidentiality policy is available at this address: https://business.safety.google/intl/fr_fr/
About instant messaging :
__SOCIETE_ has an online instant messaging service through which the User can contact the services of __SOCIETE_. Certain data may be collected in this context. The service used by __SOCIETE_ to provide this service is Brevo.
Brevo's privacy policy is available at : https://www.brevo.com/fr/rgpd/
Concerning email marketing (email & SMS):
__SOCIETE_ takes the liberty of sending you certain emails as part of your transactional process, respecting good practice, in particular with regard to unsubscribing. Certain data may be collected in this context. The service used by __SOCIETE_ to provide this service is Brevo.
Brevo's privacy policy is available at : https://www.brevo.com/fr/rgpd/
Internal messaging :
In order to process your data, __SOCIETE_ uses a high-performance messaging service, enabling us to work efficiently and effectively. To do this, it uses the messaging services of Google Workspace, whose confidentiality policy is set out below: https://business.safety.google/intl/fr_fr/ All data collected by this service provider (Google) via its services are hosted specifically in Europe. No message exchanged leaves the company, except to contact the Customer or the Administrative Services, and unless otherwise instructed by the Customer.
Concerning the submission of Customer requests to the authorities :
Each external partner working with __SOCIETE_ must sign an NDA (non-disclosure agreement) particularly restrictive for a strict use of the data with the sole aim of submitting them to the competent authorities for the execution of the service for which the Client mandates __SOCIETE_.
Online advertising:
__SOCIETE_ may occasionally use services to promote its activities. These services use Users' browsing patterns to provide them with a personalised message. These services are the following:
- Facebook Pixel : https://www.facebook.com/business/gdpr
- Google Ads : https://business.safety.google/intl/fr_fr/
- Microsoft Ads : https://www.microsoft.com/fr-fr/trust-center/privacy?rtc=1
Invoicing:
The company __SOCIETE_ relies on an external invoicing service, entirely dematerialised, in order to centralise and optimise the accounting management processes. This data is used to keep a history of Customer orders on the __SOCIETE_ Internet Sites and to keep accounting documents, as required by the administration of the country in which __SOCIETE_ operates. Incwo's confidentiality policy is accessible at this address: https://go.incwo.com/termes-dutilisation-incwo/
Customer feedback:
__SOCIETE_ uses a trusted third party to collect Customer reviews following their order. The privacy policy of Google Reviews is available at this address: https://privacy.google.com/intl/fr_fr/businesses/compliance/
Online payment:
When making a payment, __SOCIETE_ uses the resources of an external payment service provider in order to guarantee the fluidity and quality of its services.
For online payment, __SOCIETE_ uses the Stripe company. Stripe's confidentiality policy is available at the following address: https://stripe.com/ie/privacy
The service provider collects in particular, during a payment, Personal Data concerning your means of payment (bank card number, expiry date of the bank card, visual cryptogram, the latter not being kept, etc.). It is reminded that __SOCIETE_ does not collect or hold any banking data directly.
How long is my personal data kept?
Your Personal Data on the Website as you have declared and/or completed them on the Website are only kept for a strictly necessary period, i.e. :
Internal messaging :
- Sensitive customer documents: 18 months after receipt
- Form entries: 18 months for a completed application
- Product : 18 months after dispatch to the Customer
- Exchanges with administrations: 18 months after receipt
Website :
- 30 days for partial entries
- 6 months after customer return date for full entries
Cloud :
- Follow-up: 6 months after customer return date
- Files: 6 months after customer return date
Billing and payment :
- 10 years at year-end
These deadlines do not apply in the event of ongoing legal or administrative proceedings.
In the event of a request for complete data on all media, the Customer may make a request to on the Website contact form. You can also exercise your right to be forgotten by submitting a complaint to the CNIL.
On the other hand, cookies and Website audience measurement statistics are not kept for more than thirteen (13) months.
How does __SOCIETE_ ensure the security of Personal Data?
The Company __SOCIETE_ ensures that the Personal Data of the Users is adequately and appropriately secured and has taken the necessary precautions to preserve the security and confidentiality of the Data and in particular to prevent it from being distorted, damaged or communicated to unauthorised persons.
All human service providers handling Customer data have signed a confidentiality contract with __SOCIETE_, guaranteeing discretion over the content exchanged. The company __SOCIETE_ has also subscribed to CYBER RISQUES insurance offers allowing it to compensate for a possible loss of data and to anticipate future risks (contract AXA n°10282430204).
Concerning transmission security
The Website uses an "https" connection encryption protocol with a 128-bit TLS 1.2 key.
The User must be vigilant as to the encryption of the page. They must not provide personal information if the page does not contain this encryption (symbolised by a padlock in the browser address bar), as this page is not administered by __SOCIETE_.
Use of cookies
In accordance with CNIL deliberation no. 2013-378 of 5 December 2013, the Company __SOCIETE_ informs Users that cookies record certain information that is stored in the memory of their hard disk. This information is used to generate Site audience statistics and to offer services according to the Services they have already selected during their previous visits.
Furthermore, Article 30 of the GDPR states: "Individuals may be associated [...] with online identifiers such as IP addresses and cookies or other identifiers [...]. These identifiers can leave traces which, particularly when combined with unique identifiers and other information received by servers, can be used to create profiles of natural persons and to identify those persons."
In this respect, Users wishing to browse the Site must accept the cookie management policy. An alert message, in the form of a banner, asks each person visiting the Site whether they wish to accept cookies. These cookies do not contain any confidential information about Users of the Site..
We use various types of cookies:
- Necessary cookies: these cookies are necessary for you to be able to use certain important functions on our website. These cookies do not collect any personal information.
- Functionality cookies - these cookies provide functionalities that make using our service more convenient and allow us to offer more personalised features.
- Analytical cookies: these cookies are used to track the use and performance of our website and services.
- Advertising cookies: these cookies are used to deliver advertising relevant to you and your interests. They are also used to limit the number of times you see an advertisement. They are generally placed on the website by advertising networks with the permission of the website operator. These cookies remember that you have visited a website and that this information is shared with other organisations such as advertisers.
Users visiting the home page or another page of the Site directly from a search engine will be informed of the possibility of objecting to these cookies and changing the settings by clicking on a link in the banner.
To guarantee the free, informed and unequivocal consent of the User visiting the Site, the banner will not disappear until the User has clicked on one of the action buttons on the banner.
Unless the User has given their prior consent, cookies will not be deposited or read:
- if any person who visits the Site (on the home page or directly on another page of the Site using a search engine, for example) does not continue browsing: a simple absence of action cannot be considered as an expression of will;
- or if they click on the link in the banner allowing them to refuse the deposit of cookies.
The effects of "private browsing" on your Internet browser
The "Private Browsing" mode now offered by almost all Internet browsers enables users to browse the Internet without storing the history of pages visited or downloads. As far as cookies are concerned, all those recorded during your browsing in "private browsing" mode will be deleted automatically when you close your browser. Private browsing" mode does not therefore allow you to refuse or prevent cookies from being stored on your computer during browsing. Private browsing" mode simply allows you to limit the length of time cookies are stored.
How do I delete cookies?
For more information, please consult the conditions for deleting cookies by clicking on the following links:
- Internet Explorer : https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies
- Microsoft Edge : https://privacy.microsoft.com/fr-fr/windows-10-microsoft-edge-and-privacy/
- Google Chrome : https://support.google.com/chrome/answer/95647?co=GENIE.Platform_3DDesktop&hl=fr
- Mozilla Firefox : https://support.mozilla.org/fr/kb/protection-renforcee-contre-pistage-firefox-ordinateur
- Opera : http://help.opera.com/Windows/10.20/fr/cookies.html
- Safari (MacOS) : https://support.apple.com/fr-fr/guide/safari/sfri11471/mac
What are Users' obligations?
Users acknowledge that the Personal Data disclosed by them on the Site and/or the Application is valid, appropriate and up-to-date. Users alone are responsible for the Personal Data they provide.
Users undertake not to infringe the privacy and protection of Personal Data of any Third Party, in particular of persons declared on their behalf as part of a process.
What rights do Users whose Personal Data is collected have?
In accordance with the laws and regulations in force concerning the processing of Personal Data, you may :
- Access all your Data at any time;
- Object to the processing of your Data on legitimate grounds;
- Rectify, update and delete your Declarative Information by contacting us at contact form of this site, subject to legitimate reasons ;
- Request the portability of your Data;
- Request the deletion of certain Data.
In addition, you may give us instructions concerning the retention, deletion and communication of your Personal Data after your death. These directives, or a sort of "digital will", may designate a person to be responsible for their execution; failing this, your heirs will be designated.
In the absence of any instructions, your heirs may contact __SOCIETE_ in order to :
- access to data processing for the "organisation and settlement of the deceased's estate";
- to receive communication of "digital assets" or "data resembling family heirlooms that may be passed on to heirs" within the meaning of the law;
- to have your data deleted from the Sites and to object to the continued processing of your Personal Data.
In any event, you can tell us at any time that you do not wish your Personal Data to be passed on to a third party in the event of your death.
How can I exercise my rights with regard to Personal Data?
In order to exercise your rights towards __SOCIETE_, you can send a request to __SOCIETE_ via the following link contact form or to one of the addresses indicated below. __SOCIETE_ reserves the right to request proof of identity.
A reply will be sent within a week of receipt of the request.
How are Users informed of changes to this Data Protection Policy?
__SOCIETE_ may modify the present Data Protection Policy at any time. The Company __SOCIETE_ will inform the Users by any means of the modifications made to the present Policy. The Company __SOCIETE_ invites Users to regularly read the Data Protection Policy in order to be fully informed of its provisions.
Each transaction carried out on one of __SOCIETE_'s Internet Sites requires acceptance of this data confidentiality policy.
How can I contact __SOCIETE_?
Users may contact __SOCIETE_ for any questions they may have regarding this Data Protection Policy at the following addresses:
- Mail : [email protected]
- Contact form
- Postal address: __SOCIETE___SOCIETE___ADRESSE_
- Telephone: __TEL_
Data Protection Officer (DPO) If you have any questions about the processing of your personal data, your rights or this policy, please do not hesitate to contact our Data Protection Officer (DPO): __NOM_ ([email protected] - __TEL___TEL_)