The Internet User acknowledges that he is aware of regulations concerning in particular provided at Articles L. 122-8 and L. 122-10 of the Consumer Code, of the Law of 21 June 2014 for Confidence in the Digital Economy, (loi n° 2004-575 pour la confiance dans l’économie numérique du 21 Juin 2014), of the Computer Technology, Computer Files and Freedom Act of 6 January 1978 in its modified version (loi n° 2004-801 relative à l’informatique, aux fichiers et aux libertés du 6 janvier 1978) as well as of the General Data Protection Regulation (GDPR) of 27 April 2016, No. 2016/679.

  1. GENERAL PROVISIONS

As of 25 May 2018, the General Data Protection Regulation (GDPR) has been applicable in all the European Union countries. The GDPR regulates the processing of Personal Data and the respect of their confidentiality by companies within the European Union..

In accordance with the law, Voltalis declares to the National Commission for Computer technology and Freedom (“CNIL”) the processing of Personal Data collected for the purposes of its activity. This Personal Data covers only names, company’s name, addresses, telephone, email contact information, and is only used so that the Company processes information requests from the person providing its Personal Data. This data shall never be used or transmitted to third parties for other purposes, like commercial purposes.

  1. SECURITY

The Company is particularly sensitive to the protection of Internet Users’ Personal Data. Such Personal Data is collected and secured through high-performance software tools (VPN, firewalls, communications encryption…) and stored on servers belonging to Voltalis, hosted by a technical partner located in France, which the Company ensures that it takes all necessary measures to guarantee the Personal Data security and integrity.

The Company undertakes to take all necessary precautions to preserve the security of information, and in particular that it is not shared with unauthorized persons. However, would an incident affecting the integrity or confidentiality of the Internet User’s Personal Data be brought to the attention of the Company, the Company shall inform the Internet User as soon as possible and shall communicate to the Internet User the corrective measures adopted.

  1. RESPONSIBLE FOR COLLECTING PERSONAL DATA

Voltalis appointed a Data Protection Officer (DPO) to ensure the protection of Personal Data collected and processed by the Company, and the compliance by the Company with the applicable laws. The Internet User can contact the DPO in order to obtain any relevant information or for the exercise of his rights at:

Data Protection Officer – VOLTALIS – 75 Avenue des Champs-Élysées – 75008 Paris – France

or by e-mail, at: dpo@voltalis.com

The Company, as the controller of the processing of the Personal Data that it collects, is committed to comply with all applicable legal provisions, to indicate the purpose of data processing, to provide Internet Users, based on the collection of their consents, with complete information on the processing of their Personal Data and to maintain a proper record of its processing activities. Whenever the Company processes Personal Data, it takes all reasonable steps to ensure the protection, confidentiality, accuracy and relevance of such Personal Data in accordance with the purposes of their processing by the Company.

  1. PURPOSES OF THE DATA COLLECTION AND PROCESSING

The Company’s Website is likely to collect and process data for the following purposes:

  • to improve browsing and experience on the Website, to enable the management and traceability of the services used by the Internet User (Website login and usage data, browsing history, browser language, preferences, etc.);
  • to prevent and fight again computer fraud such as spamming or hacking (computer hardware used for browsing, IP address, etc.);
  • for the management of contacts and in order to process information requests from individuals, investors, journalists, and/or suppliers (gender, e-mail, name, first name, telephone, etc.);
  • to conduct optional satisfaction surveys on the Website (email address, phone number, etc.);
  • for the management of spontaneous applications (CV, cover letter, email, etc.).

The Company does not market Personal Data collected by the Company, which is therefore only used or for statistical and/or analysis purposes.

  1. DURATION OF DATA RETENTION

Personal Data is retained for the duration of the purposes necessary to the relationship between the Company and the Internet User. Once the relationship has ended, the Company may, if the Internet User consented to this purpose, retain the data and use certain data (such as name, first name, address, e-mail) for prospecting and/or information purposes for up to three years (as from the last incoming contact). Nevertheless, the Internet User may at any time retract his consent to the processing carried out for prospecting purposes under the conditions provided by the present General Conditions of Use.

  1. RIGHT OF ACCESS, RECTIFICATION AND OPPOSITION

In accordance with the GDPR and its implementation under French law, any voltalis.com Website Internet User has the following rights:

  • rights of access (Article 15 of the GDPR), of rectification (Article 16 of the GDPR), to update and complete his Personal Data;
  • right to erasure of his Personal Data, where it is inaccurate, incomplete, equivocal, outdated, or where collection, processing, communication, or retention is prohibited (Article 17 of the GDPR);
  • right to withdraw his consent to the processing of his Personal Data at any time (Article 13-2c of the GDPR):
  • right to restrict the processing of his Personal Data (Article 18 of the GDPR):
  • right to object to the processing of his Internet User’s Personal Data (Article 21 of the GDPR):
  • right to portability of the Personal Data that the Internet User has provided, when this data is either processed automatically based on the Internet User’s consent, or based on a contract (Article of the 20 GDPR)
  • right to define the fate of his Personal Data after his death and to choose to which third party, designated by himself, the Company shall disclose (or not) his Personal Data (Article 40-1 of the Computer Technology and Freedom Act);
  • right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects towards, or similarly significantly affects, the Internet User (Article 22 of the GDPR).

If the Internet User wants to be informed of the processing of his Personal Data by the Company, if he wants to correct his Personal Data, if he wants to object to their processing, or for the enforcement of any of his Personal Data rights, he shall contact the Company in writing at:

Data Protection Officer – VOLTALIS – 75 Avenue des Champs-Élysées – 75008 Paris – France

or by e-mail, at: dpo@voltalis.com

In any case, the Internet User shall indicate the Personal Data that he wants the Company to correct, update, delete or which is  otherwise subject to the request, by necessarily attaching a copy of an ID (ID card or passport). The Company commits to a processing delay of one month. The requests to delete Personal Data are, however, subject to the obligations imposed on the Company by law, including the retention or archiving of documents.

  1. NON-DISCLOSURE OF PERSONAL DATA

The Company commits not to process, host, or transfer information collected on its customers to a country not belonging to the European Union. However, the Company remains free to choose its technical and commercial subcontractors, on the condition that they provide sufficient safeguards under either the requirements of the GDPR, or those of the “Privacy Shield”.

In addition, the Website does not collect any under the meaning of the GDPR and as interpreted by the CNIL.

The User’s Personal Data may be processed by the Company’ subsidiaries and subcontractors (service providers), exclusively in order to achieve the purposes of this policy. Within their respective responsibilities and for the purposes above recalled, the people likely to have access to Internet User’s Personal Data collected through voltalis.com  are employees of the Company belonging mainly to its marketing and/or commercial services and

No Personal Data collected on the voltalis.com Website shall be published, exchanged, transferred, assigned, or otherwise sold on any medium to third parties without the Internet User’s consent. Should the Company be purchased, along with its rights, by a third party, this would not affect the User’s Personal Data collection, processing, and retention.

  1. INCIDENT NOTIFICATION

Notwithstanding all the efforts made by the Company, no method of electronic transmission through Internet and no electronic storage methods can be completely safe. Therefore, the Company cannot guarantee the absolute safety of the Internet User’s Personal Data. However, if the Company became aware of a security breach, the affected Internet Users would be notified as soon as possible, so that they can take appropriate action. Company’s incident notification procedures take into account its applicable legal obligations, whether they are at national, or European. The Company is committed to fully inform its Internet Users and members of any issue related to the security of their account and to provide them with any the necessary information.