Identity of the Data Controllers and of the Data Protection Officer
The joint Data Controllers are:
- POINT S DEVELOPMENT, simplified joint-stock company registered in the Lyon Trade and Companies Register under number 491 028 627 with headquarters at 9, rue Curie, Lyon (69006).
The Data Protection Officer can be reached at the following address: firstname.lastname@example.org
- Address of national headquarters and VAT no.
- E-mail of national headquarters
- Website of national headquarters
Data collected by the Data Controller concerns the following user information: their name, address, email address, telephone number, IP address, connection and browsing data, products viewed, order history and possible claims, the make, model, date of issue and mileage for the customer's vehicle and the date they obtained a driving licence.
Purposes and legal basis for processing:
The purposes of treatment which personal data is used for are:
- the personalisation of services, in particular such as advice concerning products or services to be used or subscribed to, with predicted review dates,
- the transmission of notifications by post or in digital format concerning new services, present services and future services,
- the transmission of current and future promotional offers,
- the transmission of advice concerning the use of products or services,
- commercial prospection.
The processing of user personal data, based on Article 6, Paragraph 1, Point f of the General Data Protection Regulation is necessary for the legitimate interests pursued by the Data Controller.
The Data Controller shall use the personal data of users and carry out profiling in the meaning of Article 4 of the General Data Protection Regulation for the purposes of:
- enabling maintenance of the continued commercial relationship between the Data Controller and the user.
- providing, improving, covering and marketing its services,
- discovering the preferences of its user so as to personalise its provisions and to offer products and services which correspond most appropriately to their needs.
The present agreement notifies the user as to the treatment of their data, as well as to the reasons why all operations carried out on the aforementioned data is required.
Recipients of personal data:
Data collected is received by the Data Controllers. Data may also be transmitted directly and/or indirectly to companies acting under the Point S name situated in the same area as the data controllers and/or subcontractors which the Data Controllers use within the framework of operation of their services.
Duration of data storage:
Personal data is stored only for the duration necessary to manage the commercial relationship.
Transfer of data:
Within the framework of performance of operation of Point S and to optimise the quality of services, the Personal Data referred to above may be subject to transfer outside of France and/or to countries which are not members of the European Economic Area.
In respect to the purposes for which Personal Data was initially collected or to which you have expressly consented at a later stage, information recorded may only be communicated to the following recipients:
- the French legal entity Point S Development acting as a joint Data Controller,
- any company acting under the Point S name, having access to the Personal Data within the framework of its operation,
- Skyway Data Center GmbH, hosting service, with its headquarters situated in Germany,
- towards subcontractors which Point S may use within the framework of its operation,
The details of these subcontractors may be given on request via the address: email of national headquarters
- Any public or private authority to which we are obliged to communicate certain information by law.
We will only provide these recipients with information which they require for the implementation of their services. We require these recipients to keep this information confidential and to only use the information for the performance of their services.
At all events, each recipient of the Personal Data is bound to comply with applicable law, in particular the GDPR, and to implement all appropriate technical and organisational measures to ensure and be able to demonstrate that processing takes place in accordance with regulations.
It is also possible that the transfer of Personal Data to a third-party country will take place. A third country is a country situated outside of the European Union or the European Economic Area in which it is not always possible to assume that the level of data protection is similar or comparable to that of the European Union. Prior to any transfer of data, we ensure that a sufficient level of protection is guaranteed within the country concerned or with the recipient located in a third-party country. This could result from an adequacy decision from the European Commission which ensures that an adequate level of data protection is guaranteed for a certain third-party country in a general manner. In addition to this, we may also carry out data transfer based on a data protection clause adopted by the European Commission, or for recipients located in the United States, a valid EU-US Privacy Shield.