Article 1 – Definitions

For the purposes of this confidentiality policy (hereinafter the “Confidentiality Policy”), the terms used below have the following definition when they are used with a first capital letter, whether they are conjugated, agreed or not, used in the singular or plural:

“Personal Data”: any data enabling a natural person to be identified directly or indirectly;

“Vectracom” is a trademark of Arkhnênum, a société par actions simplifiée (simplified joint stock company) under French law, with capital of 26,240.00 euros, having its registered office at 7 rue Joseph Bonnet 33100 Bordeaux, registered in the Bordeaux Trade and Companies Register under SIREN number 422 085 480 RCS Bordeaux;

“Site”: the website operated by Vectracom and accessible at https://www.vectracom.fr/;

“User”: any person who accesses the Site and/or uses its functionalities;

“Contract”: contract for the provision of services concluded with Vectracom for the preservation and enhancement of heritage and industrial documents;

“Customer” : any person who has concluded a Contract with Vectracom;

“Prospect”: any person potentially interested in the services offered by Vectracom, but who is not a Vectracom customer.

 

Article 2 – Application of the Privacy Policy

Vectracom attaches great importance to protecting the privacy and Personal Data of its Users, Prospects and Clients. Vectracom ensures that it adopts and complies with a rigorous Confidentiality Policy that complies with the regulations in force. The purpose of the Confidentiality Policy is to inform Users, Prospects and Clients of Vectracom’s practices with regard to the collection and processing of their Personal Data. By accessing the Site, Users, Prospects and Clients can consult the Confidentiality Policy and are invited to read it regularly. Vectracom reserves the right to modify its Confidentiality Policy at any time, any new version superseding the previous one as soon as it is first disclosed on the Site. If the User, Prospect or Customer is a minor or incapable, he declares that he has received the consent of his parents or legal representatives prior to the collection and processing of his Personal Data by Vectracom. Where the User, Prospect or Customer is a minor under the age of fifteen (15), the processing of their Personal Data with the legal basis of their consent is subject to the consent of the minor concerned and of the holder(s) of parental authority over this minor. Vectracom undertakes to comply with the provisions of Act No. 78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties, as amended, and Regulation EU 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46.

 

Article 3 – Personal data collected

3.1. Personal Data provided by Users, Prospects and Customers

Using the forms available on the Site

The Personal Data collected by Vectracom on its Site are those provided voluntarily by the User in order to be contacted by Vectracom to carry out a project, to send an unsolicited application or in response to a job offer published on the Site.

Personal Data is thus :

Where applicable, to be contacted by Vectracom: the User’s contact details (surname, first name, email address, telephone number (landline and/or mobile); company name; any personal data communicated in the free text zones by the User to contact Vectracom;

Where applicable, to apply spontaneously or to respond to a job offer posted on the Site: the User’s contact details (surname, first name, email address); any data contained in his/her curriculum vitae; any personal data provided in the free text zones by the User;

The Personal Data indicated by an asterisk at the time of collection must be communicated to Vectracom. If this Personal Data is not provided, Vectracom will not be able to contact Users who have made a request, nor will it be able to respond to online applications from Users.

Apart from the forms accessible on the Site and/or via the Customer Account

With a view to drawing up detailed estimates for the various document conservation and enhancement services offered by Vectracom and then, where applicable, with a view to concluding, performing and monitoring the Contracts entered into, Vectracom will collect additional Personal Data and, where applicable, depending on the services :

The full contact details of the User, Prospect or Customer: surname, maiden name, first name, postal address, business telephone and/or mobile number, business email address;

The data required to create a Customer Account: company name, business name, surname and first name of the contact person, email address, telephone number and postal address;

Data relating to the Contract: transaction number, service(s) purchased, amount, period, history of the Customer relationship, correspondence with Customers and customer service, exchanges and comments from Customers;

Data relating to invoice payments: invoicing entities, invoicing address(es), payment terms, discounts granted, receipts, balances and outstanding amounts.

Where applicable, with a view to drawing up a quotation, data relating to the geographical location of the User or Prospect (which may vary depending on the services required): address of arrival and address of departure of the documents to be processed; scheduled date of the service.

The Personal Data indicated by an asterisk or as mandatory by Vectracom at the time of collection must be communicated to Vectracom. If this Personal Data is not provided, Vectracom will not be able to draw up detailed estimates or mission letters and, where applicable, to execute the Contracts entered into and ensure their follow-up.

Depending on the specific characteristics of the country of departure or arrival concerned, or changes in legislation or regulations, additional Personal Data unforeseen by the Confidentiality Policy and unforeseeable, may be necessary for the performance of the Contract.

Vectracom would then expressly request this from the Customer. Any additional Personal Data would then be processed in the same way as the Personal Data listed in this Privacy Policy and always in compliance with the Privacy Policy.

 

3.2. Personal data from cookies

The User’s Personal Data is also collected via cookies placed on the medium used by the User (computer, tablet, mobile, smartphone) when accessing the Site, subject to the User’s consent, which may be modified at any time.

Cookies are small volumes of information stored by the web browser on the medium used by the User (computer, tablet, mobile, smartphone). Cookies may be permanent or temporary. Permanent cookies are stored on the User’s device for a period not exceeding thirteen (13) months. Temporary cookies disappear at the end of each browsing session.

The use of cookies may involve the collection and use of information about the User, such as his/her IP address or other online mobile identifiers.

The cookies used on the Site are of various types and serve several purposes.

 

3.2.1. Cookies used on the Site

(i) The cookies that do not require the User’s prior consent are the following:

Strictly necessary cookies: These cookies do not store any information that could personally identify the User. However, these cookies are essential for browsing the Site and using its functions. These cookies are generally only set in response to actions requested by the User, which amount to service requests, such as configuring the User’s confidentiality preferences, logging in or filling in forms. Authentication and security cookies are used, for example, to identify and recognise registered Users and to enable them to access the requested content or functions.

Functionality cookies: These cookies facilitate the operation of the Site, as well as the use of all of the Site’s functionalities and the provision of enhanced and personal functionalities, in particular by memorising connection data (IP address), the User’s preferences, etc. These cookies are set by Vectracom or by its third-party suppliers whose services it has added to its pages. For example, these cookies enable the Site to be displayed in English or French depending on the language of the browser used by the User.

Although the deposit of these cookies does not require the User’s prior consent, the User may, at any time, set his/her browser parameters to block them or be alerted to their presence (see point 3.2.2.i).

However, by deleting these cookies, the User may no longer be able to access the Site or use its functions.

Vectracom declines all responsibility for the consequences of the impaired operation of the Site resulting from Vectracom’s inability to save or consult these cookies.

(ii) Cookies subject to the User’s prior consent are analysis and performance cookies. These cookies enable the Site to be monitored and audience statistics to be compiled in order to improve its operation, in particular by determining the number of visitors, the pages most frequently consulted, the duration of the User’s connection, the type of browser used, the pages from which the User accessed the Site, the search engines used to access it and the geographical location from which the User accessed the Site. All the information collected by these cookies is grouped together and is therefore anonymous.

Vectracom obtains the User’s consent prior to depositing these cookies.

The User may at any time withdraw his/her consent to the deposit of these cookies and set his/her browser parameters to block them or to be alerted to their presence (see point 3.2.2.) Blocking these cookies does not affect the functionality of the Site. However, deactivating them will prevent the collection of information relating to the User’s browsing on the Site and therefore the proposal of tailored content.

 

3.2.2. Users’ choices concerning cookies

(i) Refuse all cookies or only those cookies whose deposit is subject to the User’s prior consent via the User’s browser software

Users can configure their browser software so that cookies are stored on their terminal or, conversely, so that they are rejected, either systematically or depending on the sender.

Users may also configure their browser software so that they are offered the option of accepting or refusing cookies from time to time, before a cookie is stored on their terminal.

The User may at any time modify the configuration of their browser to accept or refuse all or some of the cookies, and block or delete cookies that have already been placed on their browser.

For cookie management, the configuration of each browser is different. This is described in the help menu of the User’s browser, which will tell them how to modify their cookie preferences:

For Internet Explorer™: http://windows.microsoft.com/fr-FR/windows-vista/Block-or-allow-cookies

For Internet Explorer™: http://windows.microsoft.com/fr-FR/windows-vista/Block-or-allow-cookies

For Safari™: http://docs.info.apple.com/article.html?path=Safari/3.0/fr/9277.html

For Chrome™: http://support.google.com/chrome/bin/answer.py?hl=fr&hlrm=en&answer=95647

For Firefox™: http://support.mozilla.org/fr/kb/Activer%20et%20d%C3%A9sactiver%20les%20cookies

Users may also consult the website of the Commission Nationale de l’Informatique et des Libertés (hereinafter the “CNIL”) for instructions on how to set the parameters of the most commonly used browsers at the following address: http://www.cnil.fr/vos-droits/vos-traces/les-cookies/conseils-aux-internautes/ or consult the “Help” section of the browser they are using.

In this way, the User has the option of blocking all cookies or only those whose deposit is subject to their prior consent, with the consequences that such blocking is likely to cause, as expressly explained.

(ii) Refuse only those cookies whose deposit is subject to the User’s prior consent by using a deactivation link

The User can click on the following deactivation link: Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=fr

 

Article 4 – Processing of Personal Data

4.1. Person responsible for processing Personal Data

Vectracom is responsible for processing the Personal Data of Users, Prospects and Clients.

 

4.2. Personal Data Protection Officer

The personal data protection representative appointed by Vectracom is Mr Guy Sadoun. For any question relating to the Confidentiality Policy and for any request or question relating to Personal Data, the Customer, Prospect or User shall directly contact the personal data protection delegate whose contact details are as follows:

email address: dataprotectionofficer@mobilitas.org

telephone number: + 33 (0)5 57 02 10 65

postal address: For the attention of the Marketing Department 2 Rue de la Justice, 93210 Saint-Denis – France

 

4.3. Purposes of processing

The Personal Data of Users, Prospects and Clients is processed by Vectracom for the purposes of its business, which vary according to the services concerned, and which are as follows: contacting Users and Prospects who have made a request on the Site; processing unsolicited applications or applications in response to a job offer sent by Users; sending newsletters to Users, Prospects and Customers who have subscribed to them; processing requests for quotations from Users and Prospects, sending quotations, contacting Users and Prospects following the preparation of quotations; answering questions and complaints from Users, Prospects and Customers and providing a customer service to Customers; executing Contracts, informing Customers of the progress of services entrusted to Vectracom by Contract; creating and managing Customer Accounts: Personal Data will be used to identify the Customer and enable him/her to access certain functionalities of the Customer Account, in particular to monitor the progress of the services entrusted to him/her; to collect payments from Customers; to manage unpaid invoices and Customer disputes; to carry out prospecting operations, such as contacting Users, Prospects and Customers to offer them commercial offers and news; to carry out satisfaction surveys; organising promotional operations; analysing Users’, Prospects’ and Customers’ Personal Data in order to provide them with relevant commercial offers and information; testing and improving the Site and the services offered; managing requests for the right to access, rectify, delete, oppose, limit and port Customers’, Prospects’ and Users’ Personal Data; verifying the information provided by Customers, Prospects and Users.

 

4.4. Commercial prospecting

In the absence of the User’s and Prospect’s express prior consent, Vectracom undertakes not to use their Personal Data for commercial prospecting purposes, in particular for sending promotional messages, news, newsletter subscriptions, or for any information operation.

Vectracom informs the Customer of the use of their Personal Data in order to send them commercial prospecting messages concerning services similar to those already provided by Vectracom. Apart from this, Vectracom undertakes to obtain the Customer’s prior express consent.

Users, Prospects and Customers may at any time oppose or withdraw their consent to receive commercial prospecting messages by clicking on a deletion link included in the commercial prospecting emails sent to them, or by changing the settings on the Customer Account.

 

4.5. Legal basis for processing

The processing of Personal Data is necessary for the performance of the Contract and/or pre-contractual measures taken at the request of the Customer or the User (requests for quotations, sending of job applications, etc.).

The processing of Personal Data for the purpose of commercial prospecting is based on the prior and express consent of the User, the Customer and the Prospect. When commercial prospecting concerns services similar to those already provided to the Customer, the processing of the Customer’s Personal Data is based on Vectracom’s legitimate interest in developing its commercial relations with its Customers.

Finally, the processing of Personal Data for specific purposes such as conducting satisfaction surveys, analysing Personal Data to provide relevant commercial offers and information, testing and improving the Site, is based on Vectracom’s legitimate interest in developing and monitoring its commercial relations with Customers, Users and Prospects.

 

4.6. Recipients of Personal Data

The Personal Data of Users, Prospects and Customers collected by Vectracom is intended for the authorised personnel of Vectracom’s Customer, marketing, recruitment, human resources and/or sales departments, as well as for the authorised personnel of sub-contractors used by Vectracom and who need access to Personal Data in order to carry out their tasks, in particular transport service providers, IT service providers, technical service providers, payment service providers, debt collection companies and credit organisations.

Customers’ Personal Data may also be transmitted to the insurance company Helvetia, Vectracom’s partner, in the event that the Customer subscribes to the insurance policy offered by Vectracom.

If necessary for the performance of the Contract, the Customer’s Personal Data may be communicated to the authorised personnel of Vectracom subsidiaries, or to the authorised personnel of Vectracom’s international partner agencies (for countries in which Vectracom does not have subsidiaries), as well as to their own subcontractors, in compliance with the provisions of article 6 of the Confidentiality Policy.

Vectracom undertakes not to disclose the Personal Data of Clients, Prospects and Users to any other third party, except with the explicit and prior consent of the Client, Prospect and/or User, or in the circumstances listed below:

Vectracom may be required, by law, in the context of legal proceedings, litigation and/or any claim against it, to disclose the Personal Data of the Customer, Prospect or User;

Vectracom may also disclose such Personal Data if it believes that disclosure is necessary or appropriate for national security, law enforcement or other matters of public interest;

Vectracom may also disclose Personal Data if it believes that such disclosure is reasonably necessary to enforce compliance with this clause or to protect its business or the Customer or User or Prospect;

In the event of restructuring, Vectracom may legitimately transfer all Personal Data to its successor in title.

 

4.7. Retention period for Personal Data

The Customer’s Personal Data is kept for the entire duration of the Contract with a view to its proper performance by Vectracom and any subcontractors.

The Customer’s Personal Data used to establish proof of the Contract is kept for a period of five (5) years from the end of the performance of the service covered by the Contract.

The Customer’s Personal Data collected as part of the insurance contract is kept for the duration of the insurance contract taken out, and for the period required to manage the claim, where applicable.

The Personal Data relating to the Customer Account is kept for a period of three (3) years from the last activity carried out by the Customer on his/her Customer Account. At the end of this period, the Customer will be considered as inactive and his/her Customer Account will be automatically deactivated.

The Customer’s Personal Data which enables Vectracom to meet its accounting obligations is kept for a period of ten (10) years from the close of the financial year concerned.

Customer Personal Data used for canvassing purposes is kept for a period of three (3) years from the end of the contractual relationship.

The Personal Data of Prospects and Users who have not entered into a Contract with Vectracom used for canvassing purposes are kept for a period of three (3) years from the date of their collection on the Site. At the end of this three (3) year period, Vectracom may contact the User and Prospect again to find out whether they wish to continue receiving commercial solicitations.

Personal Data collected via cookies is kept for a period of thirteen (13) months from the time it is collected on the Site.

In the event of a negative outcome to an application, Vectracom may inform the User of its wish to keep its file, in order to give the User the option of requesting its destruction. If the User does not request the destruction of his/her file, his/her Personal Data is automatically destroyed two (2) years after the last contact with the User. Vectracom undertakes to destroy or make anonymous the Personal Data of Clients, Prospects and Users beyond the periods required for the purposes for which they are processed.

 

Article 5 – Rights of the User, Prospect and Customer

Legislation on the protection of personal data grants the User, Prospect and Customer a number of rights described below.

The right of access gives Users, Prospects and Customers permanent access to their Personal Data.

The right of rectification enables Users, Prospects and Customers to update inaccurate or incomplete data concerning them.

The right to object allows Users, Prospects and Customers to object, on legitimate grounds, to data concerning them being processed.

The right to limitation allows Users, Prospects and Customers to limit the processing of their Personal Data in the cases restrictively listed by the law in force.

The right to data portability allows the User, Prospect and Customer to receive the Personal Data concerning them and which they have provided to Vectracom, and to transmit them to another data controller, under the conditions provided for by the law in force.

The right to erase data enables Users, Prospectors and Customers to obtain the erasure of their Personal Data in the cases restrictively listed by the law in force.

The User, Prospect and Client may withdraw their consent to the processing of their Personal Data by Vectracom at any time.

In addition, Users, Prospects and Customers also have the right to anticipate what will happen to their Personal Data after their death, by defining (general or specific) directives relating to the conservation, deletion or communication of their Personal Data after their death.

The User, the Prospect and the Customer are informed that they may freely designate a person to carry out their instructions and that they may modify or revoke their instructions at any time.

The User, Prospect and Customer may exercise their rights of access, rectification, deletion, opposition, limitation, portability, define directives relating to the conservation, deletion or communication of their Personal Data after their death, and express their wish to withdraw their consent to the processing of their personal data by contacting Vectracom at the following address:

By post: VECTRACOM

For the attention of the Data Protection Officer / Marketing Department

2 Rue de la Justice, 93210 Saint-Denis – France

By e-mail: martin.desurvilliers@thememorist.com

Vectracom shall endeavour to respond to requests from Clients, Prospects and Users within a reasonable timeframe and, in any event, within the timeframes set by the regulations in force.

Vectracom will take all necessary precautions to verify the identity of the person making the request before granting the request, where applicable, in order to prevent the risk of abusive requests.

The User, the Prospect and the Customer also have the right to submit a complaint to the CNIL and to bring an action against Vectracom before the competent courts if they find that Vectracom has infringed their rights in terms of personal data. In the event of an infringement, the User, the Prospect and the Customer may claim full compensation for the loss suffered.

Finally, the User, Prospect and Customer have the right not to be the subject of a decision based exclusively on automated processing, including profiling, producing legal effects concerning them or affecting them significantly in a similar way.

 

Article 6 – Security of Personal Data

6.1. Security and confidentiality measures

Vectracom shall make its best efforts by taking all appropriate measures to ensure the security and confidentiality of the Personal Data of Users, Prospects and Clients in order to prevent them from being damaged or distorted or from being accessed and misused by unauthorised third parties. Customers who believe that their Customer Account has been misused must contact Vectracom without delay at the following address: martin.desurvilliers@thememorist.com

Vectracom implements technical and organisational measures to ensure appropriate security of the Personal Data of Customers, Prospects and Users, including: management and control of access to Personal Data; installation of software to monitor Vectracom’s computer network; use of hardware firewalls to protect ER’s computer networks; installation and use of antivirus software and firewalls; backup and encryption of Personal Data; restricted access to servers using a user name and password and a secure virtual private network (VPN); regular assessment of the integrity of protection measures; encryption of computer communications with Vectracom’s partners; protection of current physical documents; storage of old physical files in a secure archive.

 

6.2. Transfer of Personal Data outside the European Union

Customer Personal Data may be transferred to a country outside the European Union, where such transfer is strictly necessary for the performance of the Contract. The recipients of Customers’ Personal Data established in a country outside the European Union are listed in article 4.5 of the Privacy Policy. Vectracom ensures that these transfers of Personal Data outside the European Union are carried out in accordance with its Privacy Policy. Where the country of destination of Personal Data which is not a member of the European Union has not been officially recognised as offering an adequate level of protection by the European Commission, Vectracom undertakes to provide appropriate guarantees to protect the Personal Data of its Customers, in accordance with Article 46 of the General Data Protection Regulation, in particular by using standard contractual clauses approved by the European Commission. Vectracom also ensures that Customers always have enforceable rights and effective legal remedies.