Stone Investment - Confidentiality policy

Stone Investment - Confidentiality policy
Security and protection of personal data
 
SARL STONE INVESTMENT (hereafter "STONE INVESTMENT") puts great emphasis on the protection and the
 
respect of the private life and the personal data of the users of its website (here-
after the “Site”).
 
STONE INVESTMENT undertakes to implement adequate measures for the protection, confidentiality and security
of Personal Data in accordance with the regulations in force in France and in the European Union, in particular the
General Data Protection Regulation EU 2016/679 of 27 April 2016 and the rules of national law adopted for its
application.
Users are informed by this charter of the practices and processing inherent in the collection and use of Personal Data
by STONE INVESTMENT as a controller.
As a result, STONE INVESTMENT invites users to read this document carefully in order to become aware of and
understand the processing of Personal Data.
It is specified that by browsing the Website, users accept this Policy and the general conditions of use.
Nature of the data collected
When using the Site, STONE INVESTMENT may collect the following categories of data concerning its
Users:
• Civil status, identity, identification ...
• Data relating to personal life (lifestyle, family situation, excluding sensitive or dangerous data)
• Connection data (IP addresses, event logs ...)
• Location data (travel, GPS data, mobile phone...)
Communication of personal data to third parties
No communication to third parties
Your data are not subject to any communication to third parties. However, you are informed that it
may be disclosed pursuant to a law, regulation or a decision of a competent regulatory or judicial authority.
Prior information for the communication of personal data to third parties
in case of the merger/acquisition
 
Prior information and opt-out before and after the merger/acquisition
In the event that we take part in a merger, acquisition or any other form of asset transfer, we undertake to
guarantee the confidentiality of your personal data and to inform you
before it is transferred or subject to new rules of confidentiality.
Purpose of the reuse of collected personal data
- Carry out operations related to customer management regarding
• contracts ; the orders ; the deliveries ; the bills ; accounting and especially accounts receivable
management
• a loyalty program within one or more legal entities;
 
• customer relationship monitoring such as conducting satisfaction surveys, claims management and after-
sales service
 
• the selection of clients to carry out studies, surveys and tests produced (except with the consent
of the persons concerned as provided for in Article 6, such operations must not lead to the establishment
of profiles likely to reveal sensitive data - racial or ethnic origins, philosophical, political, trade union,
religious opinions, sexual or health of people)
 
- Perform operations relating to prospecting
• the management of technical prospecting operations (which includes technical operations such as
standardization, enrichment and deduplication)
• the selection of people to carry out loyalty, prospecting, survey, product testing and promotion actions.
Except with the consent of the persons concerned gathered under the conditions
provided for in Article 6, such operations must not lead to the establishment of profiles likely to reveal
sensitive data - racial or ethnic origins, philosophical,
political, trade union, religious opinions, sexual or health of people)
• the performance of soliciting operations
 
- The establishment of commercial statistics
- The organization of contests, lotteries or any promotional operation other than online gambling
subject to the approval of the Regulatory Authority of Online
Gaming
- Management of requests for right of access, rectification and opposition
- Management of people’s opinions on products, services or contents
Aggregation of data
Aggregation with non-personal data
We may publish, disclose and use aggregated information (information about all our
Users or specific groups or categories of Users that we combine in such a way that
 
an individual User can no longer be identified or mentioned) and non-personal information for sector and market
analysis purposes, demographic profiling, promotional and
advertising purposes and other commercial purposes.
Aggregation with personal data available on the user's social accounts
If you connect to an account of another service for cross-mailing, that service may provide us with your profile
information, login information, and any other information you have authorized for disclosure. We can
aggregate information about all our other
Users, groups, accounts, personal data available on the User.
Collecting identity data
Free consultation
The consultation of the Site does not require registration or prior identification. It can be done without you
communicating any personal data about you (surname, first name, address, etc.). We do not
register any personal data for the simple consultation of the Site.
 
Collecting identification data
Use of the user's ID for establishing links and commercial offers
We use your electronic credentials to search for existing relationships by login, by
email address or by services. We may use your contact information to allow other
people to find your account, including through third-party services and client applications. You can download your
address book so that we can help you find out information about our network or to allow other Users in our
network to find you. We can offer suggestions to you and other Network Users from contacts imported from your
address book. We are likely to work in partnership with companies offering incentive offers. To support this type
of promotion and incentive offer, we may share your electronic ID.
Geolocation
Geolocation for the purpose of providing services
We collect and process your geolocation data to provide you with our services. We may
need to use personal data with a view to establishing your real-time geographical location. In accordance with your
right of opposition provided by Law No. 78-17 of January 6, 1978 relating to data, files and freedoms, you have the
possibility, at any time, to disable the functions relating to geolocation.
Geolocation for crossing purposes
We collect and process your geolocation data to enable our services to identify
crossover points in time and in space with other Users of the service with a view to presenting the profile of cross
Users to you. In accordance with your right of opposition provided by Law No. 78-17 of January 6, 1978 relating to
data, files and freedoms, you have the possibility, at any time, to disable the functions relating to geolocation. You
then acknowledge that the service will no longer be able to
present other Users’ profiles to you.
Geolocation with provision of partners for SEO and aggregation (with opt-in)
We can collect and process your geolocation data with our partners. We commit to
 
anonymising the data used. In accordance with your right of opposition provided by Law No. 78-17 of
January 6, 1978 relating to data, files and freedoms, you have the possibility, at any time, to disable the
functions relating to geolocation.
 
Collecting terminal data
Collection of profiling data and technical data for the purpose of providing services
Some of the technical data of your device is automatically collected by the Site. This information includes
your IP address, ISP, hardware configuration,
software configuration, browser type and language... Collecting this data is necessary to be able to provide
services.
Collection of technical data for advertising, commercial and statistical purposes
The technical data of your device is automatically collected and recorded by the Site, for advertising, commercial
and statistical purposes. This information helps us to personalize and continually improve your experience on our
Site. We do not collect or store any nominative
data (last name, first name, address...) possibly attached to a technical data. The collected data may be resold to third
parties.
Cookies
Retention period of cookies
In accordance with the CNIL’s recommendations, the maximum length for keeping cookies it 13
months at the most after they were first deposited in the User's terminal, as well as the duration of validity of the
User's consent to the use of these cookies. The retention period of cookies is not extended at each visit. The
User's consent must therefore be renewed at the end of this period.
Purpose of the cookies
Cookies may be used for statistical purposes, in particular to optimize the services provided to the User, from
the processing of information concerning the frequency of access, the personalization of the pages as well as
the operations carried out and the information consulted.
You are informed that the Publisher may place cookies on your device. The cookie records information about
browsing on the service (the pages you have visited, the date and time of the visit...) that we can read during
your subsequent visits.
User's right to refuse cookies, deactivation resulting in a degraded operation of the service
You acknowledge having been informed that STONE INVESTMENT may use cookies, and authorize them
to do so. If you do not want cookies to be used on your device, most
browsers allow you to disable cookies through the setting options. However, you are informed that some
services may not work properly.
Possible link of cookies to personal data to allow the operation of the service
STONE INVESTMENT may collect browsing information through the use of cookies.
Retention of technical data
 
Retention period for technical data
The technical data are kept for the period strictly necessary for the accomplishment of the purposes
mentioned above.
Retention period for personal data and de-identifying
Data retention during the term of the contractual relationship
In accordance with Article 6-5° of Law No. 78-17 of 6 January 1978 relating to data, files and freedoms, the
personal data subject to processing are not kept beyond the time required to fulfil the obligations defined when
drawing up the contract or the pre-established
period for the contractual relationship.
Retention of anonymous data beyond the contractual relationship/after deletion of the account
We keep the personal data for the time strictly necessary for achieving the purposes described in these Terms
and Conditions. Beyond this period, they will be de-identified and kept for exclusively statistical purposes and
will not give rise to any exploitation of any kind whatsoever.
Deleting data after deleting the account
Means for purging data are set up in order to provide for their effective deletion as long as the storage or
archiving period necessary for the fulfilment of the determined or imposed purposes is reached. In
accordance with law n°78-17 of January 6th, 1978 relative to data processing, files and freedoms, you also
have a right to delete your data which you can exercise at any time by getting in touch with STONE
INVESTMENT.
Deletion of data after 3 years of inactivity
For security reasons, if you have not logged on to the Site for a period of three years, you will receive an e-mail
inviting you to log in as soon as possible, otherwise your data will be deleted from our databases.
Deletion of the account
Deletion of the account on request
The User has the option of deleting his Account at any time, by simple request to STONE INVESTMENT
OR via the account deletion menu present in the Account settings if necessary.
Deletion of the account in case of violation of the Terms and Conditions
In case of violation of one or more provisions of the GTCs or any other document provided in
this document as a reference, STONE INVESTMENT reserves the right to terminate or restrict without any
prior warning and at its sole discretion, your use and access to services, your account and all Sites.
Indications in the event of a security breach detected by STONE INVESTMENT
User information in the event of a security breach
We undertake to implement all appropriate technical and organizational measures to ensure a level of security
adapted to the risks of accidental, unauthorized or unlawful access,
disclosure, alteration, loss or destruction of your personal data.
In the event that we become aware of illegal access to your personal data
stored on our servers or those of our service providers, or unauthorized access resulting
 
in the abovementioned risks coming to be, we commit to:
• Notify you of the incident as soon as possible;
• Assess the causes of the incident and inform you of them;
• Take the necessary measures within reason in order to lessen the negative effects and prejudices
that may result from this incident
Limitation of liability
Under no circumstances will the commitments defined in the above point relating to notification in the event
of a security breach be assimilated to any acknowledgment of fault or liability for the occurrence of the
incident in question.
Modification of the GTCs and the privacy policy
If these GTCs were to be modified, commitment not to substantially lower the level of confidentiality without
the prior information of the persons concerned
We undertake to inform you in the event of a substantial modification of these Terms, and not to
substantially lower the level of confidentiality of your data without informing you and obtaining your
consent.
Applicable law and judicial remedy
Arbitration clause
You expressly agree that any dispute that may arise as a result of these Terms, including its interpretation or
execution, will be subject to an arbitration procedure subject to the rules of the
arbitration platform hosen by mutual agreement, to which you will adhere without reserve.
 
Data portability
Data portability
STONE INVESTMENT undertakes to offer you the possibility of having all of your data
returned to you on simple request. The user is thus guaranteed a better control over his data, and retains the
possibility of reusing them. This data should be provided in an open and easily reusable format.
 
Contact
If you have any questions regarding this Policy for the purpose of rectification, addenda or updates, users are invited
to contact STONE INVESTMENT:
• by sending an email to the Data Protection Officer to the address
• or by completing the following online contact form https://www.stoneinvestment.fr/contact;
• or by sending a letter to the following address: STONE INVESTMENT - Attention: Data Protection
Officer - 64 rue Grignan - 13001 MARSEILLE.