Privacy Policy

Scope

By using the website luxim.fr, its subdomains (hereinafter referred to as "the Site"), as well as all the services provided through the Site (hereinafter referred to as "the Services"), the user of the Site (hereinafter referred to as "the User") unconditionally accepts this privacy policy (hereinafter referred to as "the Policy") of the Site's publisher (hereinafter referred to as "the Publisher"), along with their Business Information, their General Terms of Use (hereinafter referred to as "the Terms of Use"), and their General Terms of Sale (hereinafter referred to as "the Terms of Sale"), all of which are available on the Site.

If the User refuses to comply with any obligations or conditions set forth in the Terms of Use, the Policy, the Business Information, or the Terms of Sale of the Publisher, they are requested to immediately discontinue use of the Site and/or the Services.

In accordance with Law No. 78-17 of January 6, 1978, on Information Technology, Data Files, and Civil Liberties, as well as Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, or GDPR), in their applicable versions (hereinafter collectively referred to as "the Legislation"), the Publisher, acting as Data Controller, makes the Policy available on the Site.

The purpose of the Policy is to provide information on how the User's personal data (hereinafter referred to as "the Data") is collected and processed, as well as on the measures implemented to ensure the confidentiality, security, and protection of the Data collected in connection with the use of the Site and/or the Services.

The Policy applies, without restriction or reservation, between the User and the Data Controller.

Collected and Processed Data

When using the Site and/or the Services, including but not limited to online payments, information requests, phone calls or contact exchanges, appointment scheduling, or participation in events organized by the Data Controller, its partners, or its providers, the User may provide the Data, such as, but not limited to:

Personal Information: title, name(s), first name(s), date of birth, gender, marital and/or financial status, postal address, age, email address, phone number, messages and requests sent, educational background/last diplomas obtained, nationality, any type of legal document or related personal benefits, and any other personal data deemed necessary by the User or the Data Controller, etc.

Professional Information: professional status, employer, company name or trade name, SIREN/SIRET number, IBAN, number of employees, business sector, collective agreement, capital, website, RCS, NAF code, etc.

Financial Information: amounts, type of payment, payment date, and any other information useful for payment, etc.

Technical Information: browsing behavior on the Site, IP address, consent, etc.

Purposes of Data Collection and Processing

In the context of using the Site and/or the Services, the Data Controller collects and processes the Data. The collected Data is used for specific, legitimate purposes that comply with the Legislation. Each processing activity is based on one of the legal grounds provided by the latter. The purposes of the processing are detailed below, with the corresponding legal bases specified for each purpose.

Purpose 1: management of the business relationship, case follow-up (quotes, contracts, document submission, etc.), technical support and assistance to the User, reminders via SMS and/or email for pending or incomplete cases, management of online payments, unpaid bills and disputes, claims and disputes, invoicing and follow-up on reminders, interaction requests and information, postal mailings, etc.

Legal Basis: performance of a contract or pre-contractual measures.

Purpose 2: combating money laundering and financing of terrorism, management of requests for the exercise of rights.

Legal Basis: legal obligations.

Purpose 3: collection and management of comments and reviews, conducting surveys, recording phone calls for service quality monitoring and employee training, responding to questions and complaints, creating statistics, including commercial ones, preventing and combating IT and/or document fraud, managing job applications, commercial prospecting, sending invitations to participate in certain events, sending newsletters, sending promotional offers via SMS, sending promotional offers via email, sending discount codes and referral offers, organizing contests, monitoring and statistical analysis of Site and/or Service usage, etc.

Legal Basis: legitimate interest.

Data Processing

The Data is subject to any operation or set of operations performed, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure, or destruction.

To provide the User with the best Services, the Data may be disclosed to:

Internal Services: marketing, accounting, human resources, communication, sales, customer service, quality service, etc.

Partners/Providers: partners who may process the Data for their own purposes.

Data Processors: data processors who process the Data solely on behalf of and according to the instructions of the Data Controller. When the Data Controller engages data processors, it ensures that contractual relationships are strictly regulated by the Legislation. The Data Controller may use data processors for the following operations: management of online payments, recovery of unpaid amounts, management of phone calls and customer support, sending mail and parcels via postal services, sending reminder SMS messages, customizing the content of the Site, performing maintenance and technical development of the Site, collecting customer reviews, sending newsletters, sending commercial prospecting emails, managing certain administrative tasks related to customer service, acquiring new customers, etc.

In the event the Data Controller must defend their rights in court: the Data may be transmitted to the relevant authorities and used as part of the Data Controller's legal defense.

Competent Authorities: as part of contract performance and depending on the Services the User has subscribed to, the Data Controller is required to transmit certain Data to authorities (e.g., INPI, registry offices, etc.).

Data Retention

The Data is retained for the duration and based on the following criteria:

Prospect: the Data is retained for 2 (two) years. The retention period begins from the date of the last interaction with the prospect.

Client: the Data is retained for the duration of the contractual relationship and for 3 (three) years after its termination.

Candidate: the Data is retained for 2 (two) years if the candidate has consented to the retention of their application. They may request the deletion of their information at any time.

Service Quality: the Data related to service quality monitoring and employee training, particularly when recording incoming phone calls, is retained for 6 (six) months from the date of recording.

Certain Data may be retained beyond the periods mentioned above to meet legal or regulatory obligations.

Some Data is also retained for statistical purposes regarding the use of the Site and/or the Services. In such cases, the Data will be anonymized and cannot be reconstituted.

User Rights

In accordance with the Legislation, the User has the ability to exercise the following rights with the Data Controller:

Right of Access: the right to request a copy of the Data.

Right to Rectification: the right to request correction and/or completion of the Data if it is inaccurate, incomplete, and/or ambiguous.

Right to Object: the right to object at any time, for reasons related to a particular situation, to the processing of the Data based on the legitimate interests pursued by the Data Controller, unless the latter can demonstrate compelling legitimate grounds to continue such processing.

Right to Erasure: the right to request the erasure of the Data in cases provided by law and regulations. The right to erasure is not a general right. It can only be exercised if the Data is no longer necessary, if the consent upon which the processing is based has been withdrawn, if the right to object has been exercised, if the processing is unlawful, or to comply with a legal obligation to which the Data Controller is subject.

Right to Restrict Data Processing: the right to request the restriction of the Data processing, meaning the Data will be retained but can no longer be used except under certain conditions.

Right to Data Portability: the right to obtain a copy of the Data to transfer it to another platform, provided that this right is limited to processing based on the User's consent or the performance of pre-contractual or contractual measures. This right applies only to automated processing and excludes manual or paper-based processing.

Right to Define Post-Mortem Data Directives: the right to define specific instructions regarding the retention, erasure, and communication of the Data after the User's death. These instructions will only apply to the processing in question and be limited to that scope. In the absence of such instructions, the Data Controller will comply with the requests of the User's heirs, as defined by the Legislation.

To exercise these rights, the User can submit their request to the Data Controller by mail at the address indicated on the Business Information page or via the contact form available on the Site.

If the User believes, after contacting the Data Controller, that one of their rights has not been respected, they may file a complaint with the French National Commission on Informatics and Liberty (CNIL), either via its website cnil.fr, or by mail at the following address: 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07, France.

Combating Money Laundering and Terrorism Financing

To comply with their legal obligations, the Data Controller implements monitoring mechanisms aimed at combating money laundering, terrorism financing, and enabling the enforcement of sanctions provided for by regulations.

To this end, the Service for the Processing of Information and Action Against Clandestine Financial Networks (TRACFIN) may receive information, including the Data processed by the Data Controller.

The Data collected and processed as part of combating money laundering and terrorism financing, along with all information related to transactions carried out by the individuals concerned, is retained for a duration of 5 (five) years from the closure of the contractual relationship with the User.

In accordance with the Monetary and Financial Code, the right to access this Data can only be exercised through the French National Commission on Informatics and Liberty (CNIL), accessible via its website cnil.fr.

Combating Fraud

In order to prevent any unjustified charge and combat fraud, the User is informed that some of their Data may be used for this purpose. Furthermore, the Data Controller implements a specific system aimed at combating fraud, which may involve listing certain individuals as high-risk for fraud.

The Data collected and processed as part of the fight against fraud is retained for a maximum period of 5 (five) years from the closure of the fraud case. In the event of legal proceedings, the Data will be retained until the conclusion of the proceedings and the expiration of the applicable statute of limitations.

Individuals listed as suspected fraudsters will be automatically removed from the list after a period of 5 (five) years from their inclusion on the list.

Rules Applicable to Credit Card Payments and the Protection of Banking Data

To ensure payment security, the services of the provider Stripe are used. Stripe ensures the secure processing of sensitive data, including banking information and the User’s identity, in accordance with the current directives and standards for data protection.

The general terms and conditions of Stripe are available on its website stripe.com.

When a payment for an order is made by credit card on the Site or via the website luxim.setmore.com of the provider Setmore, the order-taking system connects in real-time with the payment processing system. This system collects the necessary Data and makes authorization requests to the banks, as well as conducting checks to prevent abuse or fraud.

The Data collected in this context is stored exclusively on the servers of the service provider (Stripe and/or Setmore) and never passes through the servers of the Data Controller.

Commercial Prospecting

The Data may be used to send the User targeted advertisements, including by email, SMS, and via social media. In this context, the provisions of Directive 2002/58/EC of the European Parliament and Council of 12 July 2002 on the processing of personal data and the protection of privacy in the electronic communications sector are strictly adhered to.

The User is informed that they can unsubscribe from advertising communications at any time using the dedicated options provided in each message, such as unsubscribe links or SMS instructions like "STOP".

However, if the User is already a customer of the Data Controller, they may receive promotional offers for products or services similar to those previously ordered, without the need for prior consent.

In any case, the User can exercise their right to object to such solicitations by sending a "STOP" message to the number indicated in the received message or by directly contacting the Data Controller via the contact form available on the Site.

Furthermore, the User may be contacted by phone for commercial offers related to the Services. If they no longer wish to be contacted, they have the option to register on the list to block unsolicited telemarketing calls, available on the website bloctel.gouv.fr or exercise their right to object using the contact form

Security Measures

The Data Controller takes all necessary steps to ensure the security and confidentiality of the Data. To this end, rigorous technical and organizational measures have been implemented to protect the Data from unauthorized access, loss, alteration, disclosure, or destruction. These measures include:

Access limitation: access to the Data is strictly limited to employees or service providers who need to access it as part of their duties, etc.

IT security systems: the use of firewalls, encryption protocols for sensitive data, and protections against intrusions, etc.

Access controls: the implementation of identification and authentication mechanisms to restrict access to systems processing the Data, etc.

Awareness: regular training of teams on best practices for Data security and confidentiality.

Audits and controls: the performance of regular audits of Data processing systems to ensure compliance and the effectiveness of security measures.

Data Transfer

The Data Controller strives to keep the Data within the European Union, in accordance with legal requirements and the current data protection standards.

However, it may occur that certain Data is transferred to partners, providers, or data processors located outside the European Union, particularly for technical or organizational reasons. In such cases, the Data Controller takes specific measures to ensure an adequate level of protection and safeguard the rights of the User in compliance with the Legislation.

Third Party Websites and Social Networks

The User is informed that the Site may include links to social networks or third party websites with which they can interact. These interactions, such as sharing posts or supporting the Data Controller, involve using the respective social network platforms.

The Data Controller reminds that tey cannot be held responsible in case of disputes or data processing carried out by these platforms during the use of their services.

When clicking on these links or using these features, the User is informed that data about them may be collected or shared by these social networks or third party websites. The User is therefore recommended to consult the privacy policies and adjust their privacy settings directly on the relevant platforms to better understand the nature and use of the data collected.

The terms and conditions and privacy policies of the main social networks accessible via the Site are available at the following websites:

Instagram: instagram.com

Facebook: facebook.com

X: x.com

YouTube: youtube.com

TikTok: tiktok.com

Telegram: telegram.org

WhatsApp: whatsapp.com

The Data Controller encourages the User to regularly check for updates to the terms and conditions and privacy policies of these platforms.

Cookie Policy

A cookie is a set of information stored on the User's device when they browse the Site.

The placing of advertising and/or audience measurement cookies is subject to the User's consent. This is why a cookie banner appears at the bottom of the Site, allowing the User to accept, set preferences, or refuse the placement of these cookies at any time. They also have the option to change their mind at any time via the cookie manager provided on the Site or through their browser settings.

The use of cookies or similar technologies by any third party website or advertising content provider is subject to their own cookie privacy policy.

Types of Cookies Used

Strictly Necessary Cookies: these cookies are necessary for the proper functioning of the Site and the Services provided through it. They enable the basic features of the Site, such as remembering information entered in a form. Without these cookies, the User will not be able to use the Site and/or the Services securely, correctly, and efficiently.

Performance Cookies: these cookies are used to collect anonymous data for statistical purposes. They allow the measurement of the Site's audience and the analysis of how the User navigates the Site (including the total number of visitors, the number of visits per page, time spent on each page, click locations, etc.). They also help detect navigation problems and other difficulties. These cookies help improve the Site, Services, and the User navigation.

Personalization or Functionality Cookies: these cookies are used to remember the User's choices, settings, and content preferences on the Site, thus offering a personalized browsing experience by adapting the content of the Site and/or Services. If the User refuses these cookies, some features of the Site will no longer be available, and some pages may not function properly.

Sharing Cookies: these cookies are specifically linked to the use of share buttons on a page of the Site to social networks. These buttons allow direct sharing of a page of the Site on the relevant social network. By clicking the share button, one or more cookies are placed on the User's device (computer, smartphone, etc.) by the social network. The Data Controller has neither access to nor control over these third party cookies, which may be analytical, performance, or targeting cookies. The cookie policy of these social networks is available on their respective websites.

Cookie Settings and Blocking via the Cookie Manager

The list of cookies used can be viewed through the management tool available on the Site. The User has the option to disable them at any time. However, some cookies are essential for the proper functioning of the Site and/or Services and therefore cannot be disabled through the cookie manager.

Cookie Settings and Blocking via Browser Settings

The User can also control cookies through their browser settings. While most browsers are configured by default to accept the installation of cookies, the User has the option, if they wish, to choose to accept all cookies, reject them systematically, or select which ones to accept based on the issuer. The User can thus configure their browser to accept or reject cookies on a case-by-case basis before they are installed. They can also regularly delete cookies from their device through the browser.

For cookie management, the configuration of each browser is different. It is described in the help menu of the browser installed on the User's device, which will guide how to modify cookie preferences.

Use of Artificial Intelligence

In order to improve the User's experience, the Data Controller may use artificial intelligence (AI) technologies for the Site and/or Services, including, but not limited to, generative AI technologies. These technologies may include, among others, machine learning algorithms, predictive analytics, and other automated methods.

The Data collected and used in this context will be processed in accordance with the Policy.

Update of the Policy

The Policy may be modified at any time. The new terms will take effect as soon as they are published on the Site. The User is advised to consult it regularly.

Severability

If any provision of the Policy is declared illegal or contrary to public order by a final court ruling, such a ruling shall not have any effect on the validity or enforcement of the other provisions or conditions of the Policy.

All provisions of the Policy must be interpreted as written, regardless of the titles of the clauses and/or articles.

Governing Law and Jurisdiction

The Policy is governed by French law and drafted in French. In the event of translation, only the French text of the Policy will be binding in case of disputes.

In the absence of an amicable agreement, any disputes arising from the Policy, whether concerning its validity, interpretation, application, execution, termination, consequences, or follow-up, shall be under the exclusive jurisdiction of the courts of NICE, France.