PERSONAL DATA PROTECTION POLICY

Our Philosophy and Commitments

Madeho is committed to protecting your personal data and strives to ensure a high level of protection in accordance with European Regulation 2016/679 and French data protection law No. 78-17.

In this regard, below you will find our policy on protecting your personal data, explaining what data we collect, how it is processed and on what basis, its retention, and your personal rights. We invite you to read it.

Our Data Protection Officer is available to answer any questions you may have. You can contact them at the following address: RGPD@madeho.fr. You can find the text of the applicable European Regulation here: https://eur-lex.europa.eu/legal-content/FR/TXT/?uri=CELEX%3A32016R0679 or contact the regulatory authority (CNIL) via their website www.CNIL.fr.

This version of the personal data policy may be amended by us if necessary, and you will be informed accordingly.

Your Data Controller

Madeho is the data controller of your personal data, and you can find the contact details below: 16 Avenue Hoche, 75008 Paris; referred to by name or "We" herein.

Your Personal Data and Its Collection by Madeho

Your personal data may be collected during:

• Your visit to our website,
• Our exchanges,
• Our prospecting activities,
• Training or execution of our contracts.

We do not collect any data unnecessary for the stated processing purposes or data prohibited by law or regulations.

Some data collection may be mandatory or optional, and you will be informed of mandatory information. Your personal data may be collected by third-party providers or partners who commit to complying with European and national regulations on personal data.

Our policy is not to transfer your data outside the European Union; if we do so exceptionally, such transfers will only occur to countries or organizations covered by an adequacy decision (Art. 45 GDPR) or presenting appropriate sufficient guarantees (Art. 46 GDPR).

We do not make any automated decisions.

We may potentially collect the following personal data from you:

• Civil status, identity, contact details, images,
• Personal life,
• Professional life,
• Economic and financial personal data,
• Connection data,
• Unique national identification number,
• Health data,
• Criminal convictions or offenses.

Our Processing of Your Personal Data

We process your personal data by inputting them into databases; they are stored, retained, and if necessary rectified, deleted, archived, anonymized, or pseudonymized, and transferred to trusted third parties.

We process your personal data for the following processing purposes or for purposes specified to you during collection:

• Informing you about our commercial offers (products, services...) and promotions - Communicating with you,

We may use your personal data for commercial prospecting purposes, including sending you information about our products/services, commercial offers and promotions, quotes, and other pre-contractual documents, our news by email, mail, or phone.

• Performing your contracts in progress and customer follow-up,

We use your personal data to ensure the performance of ongoing contracts as per your requests. We may also send you information about your order or ongoing contracts, their execution, your invoices and contractual documents, advice, warranty execution if applicable, and our legal obligations. We also use your personal data to manage our customer relationship, your requests or complaints, and possibly disputes and track your customer history.

• Improving the use of our services and enhancing our offers,

We process your personal data to enable you to use our services optimally, improve our offers and products/services, and track your user journey, conduct satisfaction surveys, polls, and anonymous statistics.

• Your payments,

Your bank details may be collected either directly by us or by a dedicated and selected provider, which guarantees the complete confidentiality of your banking data, and these details are retained only for the time necessary for the duration of the contractual relationship or within legal limits.

• Protection against fraudulent initiatives,

The personal data collected may be used to combat fraud, especially in payments or withdrawals made. In this regard, our payment security providers may be recipients of this data.

• Ensuring compliance with the law and judicial decisions,

Your Data may be used to:

•   respond to a request from an administrative or judicial authority, a representative of the law, a judicial auxiliary or to comply with a court decision; 
• ensure compliance with our general terms of sale/service;  
• protect our rights and/or obtain compensation for any damage we may suffer or limit the consequences thereof;  
• prevent any act contrary to the laws in force, particularly in the context of preventing fraud risks.

We may also process your personal data for the following purposes:

• Commercial relationship
  Sending marketing campaigns by email, mail or phone (including via a provider)
   
• Miscellaneous
  Electronic signature
   
• Internet
  Create and manage your user account
   
• Cookie management
  - Performance cookies - (allowing anonymous statistics and traffic levels on the site) and tracking and personalization cookies collecting information about your use of the site and enabling customization of our offers,
  - Third-party cookies - to target advertisements that may interest you based on your detected interests (these cookies are subject to emission and processing policies applied by third parties, not Madeho's policy),
  - Analytical cookies - allowing us to understand and analyze your navigation on our site.

Legal Basis for Processing Your Personal Data

In accordance with regulations, the processing of your personal data by us is based if it relies on one of the following legal bases:

• Your consent to the processing of your data by us: you agree to the processing of your personal data through express consent. You can withdraw this consent at any time by contacting our DPO;
• The existence of a contract between you and us: the processing of data is justified by the needs of contract performance;
• Our legitimate interest in processing your personal data provided that this proportionate interest respects your fundamental rights and privacy;
• The law or regulations in force when they require us to process and retain your personal data.

Modalities and Durations of Retaining Your Personal Data

We manage your personal data in three phases:

• An active phase where the data is retained for the time indicated below in the "active" base: your personal data is then accessible only to persons with operational needs to access it in order to perform authorized processing
• An archiving phase (for additional time beyond active retention) when a legitimate reason justifies it: your personal data is then archived with restricted access and for a limited duration.
• A deletion or anonymization phase: at the end of the additional archiving within the deadlines below, your personal data is deleted or anonymized (so that it can no longer constitute personally identifiable information).

Your personal data is retained for the time necessary for the purposes of their processing, our customer relationship if applicable, and contract execution and within specific regulatory limits; we may retain your personal data in archives for the purposes of retaining accounting, tax or evidentiary elements for the duration of applicable statutes of limitations. For example, we indicate below the retention periods applicable to the following processing (subject to regulations imposing different retention periods):

Withdrawal of your consent to the collection or processing of your personal data

Your consent granted for the collection of your personal data may be withdrawn by writing to our DPO by email or by mail to the addresses at the top, stating your name, first name, e-mail, and address with the nature and specific subject of your request for withdrawal. You can also send us any comments on your personal data to Madeho, 16 Avenue Hoche, 75008 Paris.

Exercising Your Rights Regarding Your Personal Data

You have:

• A right of access, which allows you to obtain:   Confirmation whether data concerning you is or is not being processed;   Communication of a copy of all personal data held by the data controller.
• A right to request the portability of certain data: it allows you to retrieve your personal data in a structured, commonly used, and machine-readable format.
• A right to object: it allows you to no longer be the subject of commercial prospecting from us or our partners, or, for reasons related to your particular situation, to cease the processing of your data for research and development, fraud prevention purposes.
• A right to rectification: it allows you to correct information concerning you when it is obsolete or incorrect. It also allows you to complete incomplete information about you.
• A right to erasure: it allows you to obtain the erasure of your personal data subject to legal retention periods. It may apply, for example, if your data is no longer necessary for processing.
• A right to restriction: it allows you to limit the processing of your data in the following cases:  

In case of unlawful use of your data;  
If you dispute the accuracy of your data;  
If you need to have the data to establish, exercise, or defend your rights.
A right to human intervention: data controllers may use automated decision-making for the subscription or management of your contract. In this case, you can ask what were the decisive criteria for the decision from the Data Protection Officer.

You can exercise these rights by email to the attention of the DPO: RGPD@madeho.fr or by letter to the following address: 16 avenue Hoche 75008 Paris, indicating your name, first name, address and email (if applicable your customer references) as well as the subject of your request in clear and readable terms. Madeho undertakes to respond to your verified request within one month of its receipt.

In case of difficulty, you can directly contact our Data Protection Officer by email at louise.couronne@madeho.fr or contact the French Data Protection Authority (CNIL).

Our Subcontractors and Partners

Madeho may transmit your personal data to subcontractors performing services involving the processing of your data, in compliance with the purposes set out herein; these subcontractors must provide your personal data with the same level of confidentiality as Madeho and have committed to full compliance with data protection regulations, especially the GDPR.

We do not engage in any trade of your personal data. If you wish to learn more and specifically know the identity of the providers or partners to whom your personal data has been transmitted, you can contact our DPO at the following address: RGPD@madeho.fr.

The providers or partners likely to access your personal data may include:

• Providers likely to manage outsourced services for the execution of our services and contracts,
• Providers helping us improve our services, conduct data analysis, and optimize our offers, conduct surveys and statistics,
• Auditors, accountants, consultants, lawyers, audit firms, IT service providers and outsourcing, security providers,
• Investors and acquirers.

We may also be required to transmit your personal data to French authorities, administrations, and courts, especially in the context of legal action or legal formalities requiring such communication.