DATA PROTECTION POLICY

Date of the current version : November 13th 2024

I. Introduction

This document aims to outline the conditions under which ELCIA, company registered in France under number 421 596 016 with its registered office at 256 avenue Marcel Mérieux, Brignais (69530), commits to processing your personal data as the data controller or as a sub-processor for is Customer

This data protection policy is addressed to ELCIA’s customers and prospects. It is also directed at users of ELCIA’s website, including applicants for job offers.

If you are in any of these situations, it is important that you read and keep this information notice so that you know how and why ELCIA processes your data and what your rights are in this matter.

In this regard, ELCIA is committed to complying with the following regulations :

  • The General Data Protection Regulation (EU) 2016/679 of April 27, 2016 (hereinafter “GDPR”).
  • French Law No. 78-17 of January 6, 1978, relating to data processing, files, and freedoms.

II. What personal data is processed ?

ELCIA collects personal data from its customers, prospects, and/or users when they subscribe to or benefit from access to software developed by ELCIA and/or when they navigate and perform actions on ELCIA’s website or softwares, including ELCIAOnLine platform.

ELCIA may process the following data concerning you

1. Data processed when accessing ELCIAOnLine softwares or the ELCIA.com site:

  • Types of browsers used, IP address, visited pages, access times, and the link that allowed you to access the ELCIA site
  • Date of the last login and/or visits

2. Data processed when you subscribe to an ELCIA Software:

When creating a customer account, ELCIA primarily collects the following information :

  • Professional email
  • SIREN / KBIS of the company (or VAT number)
  • First name
  • Last name
  • Professional phone number
  • Financial information necessary for the payment of services

3. Data processed during your use of ELCIA Services:

  • Supplier library requests
  • Data regarding your quotes (customer information, date, quote number, quoted products, etc.)
  • Data related to your supplier orders (dates, number, and ordered products)
  • Calendar Data when using ‘ELCIA Cal Connect’ mobile application to synchronize ProDevis Calendar on your mobile devices :
    • Login and Password of your ProDevis account
    • Id of the Calendar
    • Event Title
    • Adress (location of the event)
    • Last modification date
    • Start and End dates
    • Technical Information related to the event (Recurrence, Type, Reminder)
    • Description (Body) of the event : free text area that may content any type of peronnal data filled in by the User acting as Responsible for the treatment.

All these types of data are processed by ELCIA as a subprocessor for its Client User of the services based on the legal basis of contract execution between ELCIA and its Customers.

In all these cases, ELCIA’s Customer is the Responsible for the data treatment in front of his own End-Customers

  • Data related to technical or commercial support requests

4. Data voluntarily provided by the user when submitting a contact or application form

III. How does ELCIA processes your personal data ?

A. When ELCIA is Responsible for the Data processing

According to the provisions of Article 5 of the GDPR, the processing of personal data implemented is based on the following legal bases :

  • Contract Exécution : When ELCIA processes data for the purposes of fulfilling its services to the customer (providing its services on the platform, hosting, updates, securing environments, software maintenance, implementation of user assistance, fraud and malware prevention and detection, security incident management, etc.), customer file management, quote requests, purchase transactions on the site, and billing.
  • Legitimate Interest : ELCIA implements processing for the following purposes: prospecting and engagement, managing customer/prospect relationships, organizing events, sending newsletters, providing information on new softwares/services, offering user support, evaluating services to improve customer experience, transmitting information digitally about current and upcoming softwares/services, and recruiting new employees
  • Compliance with Legal Obligations: (billing, accounting, anti money laundering and counter-terrorism financing, anti-corruption, etc.
  • Consent : Cookies are only stored on users’ devices if they explicitly consent beforehand. (Depending on the type of browser, users have the following options: accept, reject, or delete cookies from any origin). ELCIA uses cookies to improve the user experience, develop statistics, conduct research, and optimize the relevance of its services.

B.  When ELCIA is sub-processor for its Clients

ELCIA may be required to access and process personal data entrusted by its Clients strictly within the scope of fulfilling subscribed offers and services.
This access and processing are governed by a contract containing specific data protection clauses signed between ELCIA and its lient.
Thus, ELCIA processes personal data only on behalf of and based on documented instructions from its client, in accordance with the provisions of the contract.

According to the provisions Article 28 of the GDPR, ELCIA guarantees that:

  • The purposes of the processing are described in the contract signed between ELCIA and its Client;
  • The processing of the Client’s personal data is carried out only for the determined purposes and according to its instructions, under the terms outlined in the contract;
  • The deletion of personal data is initiated upon the expiration and under the terms set forth in the contract, unless applicable law or ongoing legitimate processing requires its retention.

IV. What measures does ELCIA implements to secure and retain your data ?

ELCIA takes all necessary precautions to ensure the security and confidentiality of your data and specifically to prevent it from being distorted, damaged, or accessed by unauthorized third parties.

To this end, ELCIA has taken appropriate technical and organizational security measures, such as developing a robust password policy for creating and managing accounts and encrypting users’ passwords upon registration in the database.

ELCIA does not sell any personal data to third parties.

V.  Who can be recipients of your personal data ?

The processed data is intended for the data controller (i.e., ELCIA) as well as authorized personnel who need to know it as part of their duties, particularly for payment of services (SEPA Mandate).
Your personal data are never sold to third parties.

ELCIA may share data with its employees across different departments and with other companies in the ELCIA GROUP only when necessary.

ELCIA may also share data:

  • With third-party service providers that help ELCIA fulfill its mission, such as software providers, hosting services, or legal/tax consulting, and payment platforms.
  • If an ELCIA entity is merged with or sold to another company.

ELCIA shares data only when necessary to ensure efficient business operations (i.e., in its legitimate interest).

For example: sharing data with employees and ELCIA group companies to centrally manage customer or supplier accounts.

In the event of a transfer to third parties, ELCIA ensures that they process and secure the data in compliance with current legal standards regarding personal data.

ELCIA only transfers data outside the European Union to service providers essential to its business operations that adhere to the same protection standards as within the EU.

VI. What is the retention period for your data ?

Your personal data is retained only for the time necessary to achieve the purpose of the processing concerned.

In this regard:

  • Customer data is retained for the duration of the contractual relationship, plus three years for marketing and prospecting purposes, without prejudice to any legal retention obligations or prescription periods. For accounting purposes, data is retained for ten years from the end of the financial year.
  • Prospect data is retained for three years after the end of any prospecting activity.
  • Data sub-processed by ELCIA on behalf of its services users is retained for a maximum period of three years from the last connection to the user’s personal account, before being destroyed or anonymized for statistical purposes.
  • The retention period for cookies is 13 months.
  • Candidate data is retained for two years from the date of a negative outcome to an application

VII. What are your rights ?

A. When ELCIA is Responsible for the Data processing

In accordance with Law No. 78-17 of January 6, 1978, relating to data processing, files, and freedoms, and the GDPR, you can access your data held by ELCIA at any time and request its limitation, portability, rectification, or deletion. Thus, you can request that any inaccurate, incomplete, ambiguous, outdated data concerning you be corrected, completed, clarified, updated, or deleted, or if its collection, use, communication, or retention is prohibited.

You also have the right to object at any time for legitimate reasons to the processing of your personal data based on ELCIA’s legitimate interest, as well as a right of objection to marketing.

You have the right to define general and specific directives concerning how you wish the above-mentioned rights to be exercised after your death.

You can exercise your rights and obtain information about yourself via email by contacting the Data Protection Officer appointed by ELCIA :

  • By email at the following address: contact@elcia.com
  • By mail at the following address:

ELCIA

Attention: Data Protection Officer

256 avenue Marcel Merieux 69530 BRIGNAIS – FRANCE

In this case, ELCIA guarantees that your requests will be addressed promptly.

It is also noted that you have the right to lodge a complaint with the competent supervisory authority in case of non-compliance by ELCIA with its obligations.

B.  When ELCIA is sub-processor for its Clients

If you, as a data subject in the context of the processing of your personal data under the contract between ELCIA and its Client, address a request to ELCIA, ELCIA will promptly forward your request to its Client upon receipt. Taking into account the nature of the processing and under the terms established in the contract, ELCIA will assist its Client to the greatest possible extent, by implementing appropriate technical and organizational measures to help him fulfilling its obligations.

However, the Client remains the data controller and is therefore responsible for responding to any requests from the data subjects.

VIII. What do we use cookies for ?

On its various websites and web applications, ELCIA collects information using “cookies.” These methods allow it to collect various types of information, including the pages visited by the user of the site.

The user can decide at any time to disable cookies under the conditions described below..

A. Definition

A “cookie” is an information file sent to the user’s browser when accessing an online service. A cookie allows its issuer to identify the terminal in which it is stored during the validity period or the registration of the said cookie.

 

B.  Cookies used

Different types of cookies are used on the site for various purposes::

  • Strictly Necessary Cookies :

These are ELCIA cookies that are essential for the proper functioning of the site. They allow the user to utilize the main functionalities of the site (account access, etc.) and secure their connection..

  • Audience Measurement Cookies and Advertising Cookies

These cookies are used to present advertisements to users or provide them with information tailored to their requests. They are notably used to limit the number of times users see an advertisement and help measure the effectiveness of an advertising campaign.

  • Analytical and Performance Cookies

These cookies enable ELCIA to understand the usage and performance of the site and improve its functioning (for example, the most visited pages, user searches, etc.). These cookies allow ELCIA to enhance the ergonomics of the site by analyzing its usage. In some cases, these cookies improve the processing speed of user requests by allowing users to save their preferences for the site. ELCIA uses cookies to provide tailored content and messages to the user and to perform visit statistics, store communicated data, and optimize navigation paths.

 

C.  Analysis of the ElciaOnLine User Experience

  • Audience and Analytical cookies

ELCIA uses cookies to collect audience statistics and track information regarding all visitors to the platform to obtain usage and volume statistics

  • Hotjar

We use Hotjar to better understand our users’ needs and optimize the user experience on ElciaOnLine. Hotjar is a technology service that helps us understand user experiences (which features are most used, the most clicked links, the most common navigation paths, etc.). This allows us to improve our applications and services.

Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (specifically the IP address of the device, captured and stored only in an anonymous form), the screen size of the device, the type of device (unique identifiers), browser information, geographical location (country only), and the preferred language used to display our web software.

Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor ELCIA will ever use this information to identify individual users or associate it with other data about an individual user. or more details, please refer to Hotjar’s privacy policy by clicking on this link

  • WEB beacons

In addition to cookies, ELCIA may use devices called ‘web beacons’ to identify when the emails sent to you have been received and read.

 

D. Managing cookies

If the user has accepted the recording of cookies embedded in the web pages in their browser software, the contents they have viewed may be temporarily stored in a dedicated space on their device.
The user can disable these cookies at any time, free of charge, using the deactivation options provided by their browser.

If the user refuses to allow cookies to be stored, or if they delete those that are already stored, they are informed that their browsing experience on the Site may be limited. In this case, ELCIA declines any responsibility for the consequences related to the degraded functioning of the site and any services that may be offered.

At any time, the users can change their choices. To do this, they will need to access the help menu or the dedicated section of their browser

As examples :

Edge TM : Gérer les cookies dans Microsoft Edge : afficher, autoriser, bloquer, supprimer et utiliser – Support Microsoft

Safari TM : https://support.apple.com/fr-fr/guide/safari/sfri11471/mac

FirefoxTM : https://support.mozilla.org/fr/kb/autoriser-bloquer-cookies-preferences-sites

For more information, the user can read CNIL guidelines : https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser

IX. Updates of the Data Protection Policy

The date of this Policy’s version is indicated on the first page of the document

ELCIA may modify this Policy at any time without prior notice, unless these changes contain significant alterations that could affect users’ rights according to current legal standards

In such cases, ELCIA will inform users of the modifications made by displaying a clearly visible message at the beginning of this Policy.