ELVIR SAS, whose registered office is located at 2 Route Neuve - 50890, Condé-sur-Vire, France, respects your privacy and is committed to processing your personal data fairly and transparently, in accordance with applicable data protection regulations, and in particular the General Data Protection Regulation (GDPR).
Please read the following carefully to understand our policy and practices regarding your personal data and how we process it.
ELVIR SAS acts as data controller for the processing of personal data referred to in this document, hereinafter referred to as “the Data Controller” or “we”.
The data controller has appointed a person to be responsible for data protection policy, who can be contacted at :
Proving your identity by any means. In addition, you must clearly indicate your surname(s) and first name(s) and the address to which you would like the reply to be sent.
The Data Protection Officer can be contacted at the following address: dpo@savencia.com.
We collect and process the following categories of data in connection with the processing of personal data, the purposes of which are set out below:
| Purposes of processing | Categories of personal data processed |
|---|---|
| Audience analysis, targeted advertising, statistics, customer categorization, customer and prospect path tracking |
Identification data: IP address; Navigational data |
| Management of contact form requests |
Identification details: title, surname, first name; Contact details: e-mail address, phone number, postal address, country |
| Management of rights requests |
Identification details: surname, first name; Contact details : e-mail address, postal address. |
Data marked with an asterisk in our forms must be provided. Otherwise, the associated service cannot be provided.
ELVIR is committed to processing your personal data fairly and transparently. To this end, we take care to inform you of each processing operation we carry out by means of information notices at the bottom of each collection form.
Your personal data is collected fairly, without any processing taking place without your knowledge and without prior information.
We undertake to process your personal data for specific purposes: each data processing operation pursues a legitimate, specific and explicit purpose.
We ensure that your data is kept up to date and that procedures are in place to enable inaccurate data to be deleted or rectified.
The purposes, legal bases and retention periods implemented by the Data Controller are set out below.
We will retain your personal data in accordance with a retention policy set to ensure that data is retained for a period of time proportionate to the purpose for which it was collected, except where laws and regulations require a different retention period.
Accordingly, we have organised our policy as follows:
| Purposes of processing | Legal Basis | Retention periods |
|---|---|---|
| Audience analysis, targeted advertising, statistics, customer categorization, customer and prospect path tracking | Consent | 14 months |
| Management of contact form requests | Legitimate interest | The time of processing the request in active database, then 1 year in intermediate storage |
| Management of rights requests | Legal obligations (articles 15 and seq. of the GDPR) |
Right of access, rectification, deletion, and restriction: 1 year then anonymization at the end of the period Right to object: 6 years and anonymization at the end of the period |
Data in interim storage may only be consulted on a one-off basis by specifically authorized persons.
The personal data we collect, as well as those collected subsequently, are intended for us in our capacity as Data Controller.
We ensure that only authorised persons have access to this data. Our subcontractors/service providers may receive this data to carry out the services we entrust to them.
When we use a service provider, we only disclose personal data to them after obtaining a commitment and guarantees from them regarding their ability to meet these security and confidentiality requirements.
In compliance with its legal and regulatory obligations, ELVIR SAS concludes contracts with its subcontractors that precisely define the terms and conditions of data processing by the latter, in accordance with the regulations on the protection of personal data.
Your personal data may be combined, pooled or shared between all the parent, sister and subsidiary entities of the Data Controller.
It may be communicated to these entities for the purposes set out in this data protection policy. These operations are carried out based on instruments that comply with the applicable regulations and are capable of ensuring that your rights are protected and respected.
As part of the services we offer, we transfer personal data to recipients in the following countries:
Each of these transfers is governed by legal instruments that comply with the applicable legal framework.
We attach particular importance to the security of personal data.
ELVIR SAS has put in place technical and organizational measures appropriate to the degree of sensitivity of personal data, with a view to ensuring their integrity and confidentiality and protecting them against any malicious intrusion, loss, alteration or disclosure to unauthorized third parties.
However, despite our efforts, no security measure can protect against all risks of misappropriation or piracy, for which we, as the data controller, cannot be held responsible.
In the event of a personal data breach, we undertake to notify the CNIL in accordance with the regulations in force relating to the protection of personal data. In the event of a data breach presenting a high risk to your rights and freedoms, we will inform you as soon as possible in accordance with the conditions set out in the regulations in force relating to the protection of personal data.
ELVIR SAS, as the data controller, is particularly concerned about respecting the rights you are granted in connection with the data processing it carries out.
You acknowledge that this data protection policy informs you of the purposes, legal framework, interests, recipients or categories of recipients with whom your personal data is shared, and of the possibility of data being transferred to a third country or to an international organisation.
In addition to this information and in order to ensure that your data is processed fairly and transparently, you declare that you have received further information concerning:
If we decide to process data for purposes other than those indicated, you will be provided with all the information relating to these new purposes.
By exercising this right, you have confirmation that your personal data is or is not being processed and, where it is, you have the right to request a copy of your data and information about:
You may ask us to correct or supplement your personal data if it is inaccurate, incomplete, ambiguous or out of date.
You may ask us to rectify or complete your personal data if it is inaccurate, incomplete, ambiguous or out of date.
You may ask us to delete your personal data in the cases provided for by legislation and regulations. Please note that the right to erasure of data is not a general right and will only be exercised if one of the grounds provided for in the applicable regulations is present.
You may request that the processing of your personal data be restricted in the cases provided for by law and regulations.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data for which the legal basis is the legitimate interest pursued by the controller.
You have the right to the portability of your personal data. Please note that this is not a general right. Not all data from all processing operations is portable, and this right only applies to automated processing operations, to the exclusion of manual or paper-based processing. This right is limited to processing for which the legal basis is your consent or the performance of pre-contractual measures or a contract.
Where the processing of data by us is based on your consent, you may withdraw it at any time. We will then stop processing your personal data, without affecting any previous operations for which you have given your consent.
You also have the possibility of defining specific directives relating to the conservation, deletion and communication of your personal data after your death in accordance with the procedures set out below. These specific directives only concern the processing carried out by us and will be limited to this area.
You also have the right, once this person has been designated by the Executive, to define general guidelines for the same purposes.
You are informed that if you do not wish to receive commercial prospection by telephone, you may express your opposition thereto by inputting your fixed and/or mobile telephone numbers to the free refusal list accessible via www.bloctel.gouv.fr.
Your refusal will be taken into account within 30 days of the confirmation of your registration and will be valid for a period of 3 years.
All the rights listed above may be exercised:
proving your identity by any means. In addition, you must clearly indicate your surname(s) and first name(s) and the address to which you would like the reply to be sent.
In principle, you may exercise all your rights free of charge. However, regarding the right of access, you may be asked to pay a reasonable fee based on administrative costs for any copy of the data you request.
Regarding the right to information, the Data Controller shall not be obliged to respond if you already have the information you are requesting.
The Data Controller shall inform you if it is unable to comply with your requests within one month of receiving your request. If necessary, this period may be extended by a further two months, in which case you will be informed and given the reasons.
These rights are not absolute and are subject to various conditions under:
The Data Controller wishes to inform you that failure to provide or modify your data may have consequences for the processing of certain requests in the context of the performance of contractual relations and that your request to exercise your rights will be kept for monitoring purposes for 6 years in the case of exercising the right to object and 1 year in the case of exercising other rights.
The Data Protection Officer can be contacted at the following address: dpo@savencia.com.
If necessary, you have the right to lodge a complaint with Commission Nationale de L’Informatique et des Libertés - CNIL (3 place de Fontenoy, 75007 Paris or https://www.cnil.fr/fr/plaintes ) or to take legal action.
This Data Protection Policy may be modified, particularly in the event of changes to the services offered by ELVIR SAS on the site. We therefore recommend that you consult this policy each time you access the site.