Privacy Policy

This privacy policy aims to explain why, in accordance with the General Data Protection Regulation (hereafter 'GDPR'), the Publisher collects personal data, the legal basis for processing, the recipients, the authorized persons who can access it, and how it commits to protecting them in order to best ensure the protection of your privacy.

1 - What personal data is processed, their purposes and their legal bases?

1.1 The Publisher may collect and retain your personal data, including for:

• Process and respond to the Client's messages;
• Manage your newsletter subscriptions;
• Establish and ensure the follow-up of the business relationship that may arise from the messages.
• Write a review/comment posted on the site;
• Receive your payment;
• Ensure accounting and management;
• Improve customer follow-up and service;
• Manage the proper functioning and customization of services;
• Send commercial and advertising information based on the Client's preferences;
• Detection of attacks and legal recourse against fraud;
• Remember the Client's choices regarding the use of cookies;
• Process and respond to requests for the exercise of rights
• Meet current or pending regulatory requirements

1.2 The Publisher may collect the following personal data. :

• Contact details (for example, name, first name, phone number, email) ;
• Data related to means of payment ;
• Technical information and locations generated in the context of using the services.

No sensitive data, as defined by Article 9 of the GDPR, is collected or processed.

1.3 The personal data processing implemented is based on:

• It may be on the consent of the concerned person for all treatments that require prior consent. In online forms, the mandatory fields are marked with an asterisk. In the absence of answers to mandatory questions, the Publisher will not be able to provide the requested services. ;
• Either for the execution of a contract or the execution of pre-contractual measures. ;
• For the pursuit of a legitimate interest ;
• Either for compliance with a legal or regulatory obligation ;

1.4 The data is kept for the time necessary to achieve the purposes mentioned above. The duration of retention of Clients' personal data depends on the specific purpose concerned. In this context, Clients' personal data is retained for the time necessary to fulfill their request. In the absence of any realization, personal data is deleted within the timeframes recommended by the National Commission on Informatics and Liberty (CNIL), after a period of three years from their collection, subject to legal possibilities and obligations regarding archiving and the retention obligations of certain data for evidential purposes and/or their anonymization.

The Client's personal data, collected and processed for the purpose of executing the offers, is kept for the duration necessary to manage the contractual relationship. By way of exception, personal data required for the establishment of evidence of a right or contract is archived for a period of 5 or 10 years after the end of the business relationship, depending on the case.

2 – Who are the recipients of personal data?

Your personal data is intended :

• Varendis and its authorized personnel, due to their duties, need to be aware of it for the purposes of the processing. ;
• The banking institution responsible for processing orders ;
• The service providers, as subcontractors, that the Publisher calls upon to provide its services ;
• Public bodies in order to meet legal obligations and court orders.

3 – How is personal data protected?

The Publisher implements all organizational and technical measures to ensure an appropriate level of security for personal data, particularly to avoid any loss of confidentiality, integrity, or accessibility, with the following measures:

• Data backup ;
• Physical protection of premises and access control ;
• Implementation of technical and organizational measures to ensure that the personal data of Clients is secure, and this, for the necessary duration to achieve the intended purposes. ;
• Internal training of teams

4 – The rights of individuals over their personal data

In accordance with the Applicable Regulations, the Client has the following rights :

• A right of rectification: allows to update the personal data held by the Publisher;
• A right to erasure: allows for the request of the total or partial deletion of personal data. ;
• A right to limit processing: allows for the limitation of the processing of personal data ;
• A right to data portability: allows for the movement, copying, or transmission of personal data to another data controller. ;
• A right to object to processing: allows one to object to the processing of personal data. ;

The conditions for exercising these rights may vary depending on the legal basis for the processing mentioned in the first paragraph. A response to the exercise of the rights will be given, unless the request is complex or difficulties are encountered, in which case the deadline may be extended by two (2) months, within a period of one (1) month following your request. It is understood that the starting point of the deadline is established at the request of the request.

The Publisher reserves the right to request proof of identity from the applicant in case of reasonable doubt regarding the latter and in order to comply with its confidentiality obligations, but also to refuse to respond to a legal request if it is deemed abusive.

For any exercise request, contact : go@varendis.com

If, despite the efforts and commitments of the Publisher, the Client believes that their rights regarding their personal data and privacy protection are not respected, and after exhausting internal remedies, they can submit a complaint to the CNIL.

5 – Reservation of modification of the Data Protection Policy

This Personal Data Protection Policy may evolve to reflect changes in practices, further clarify certain points, or ensure compliance with various applicable regulations.