Privacy policy
PRIVACY POLICY
1. PREAMBLE
Alimpex, a simplified joint-stock company with a share capital of €31,200.00, having its registered office at 3 rue du transformateur – 68126 BENNWIHR GARE, registered with the Colmar Trade and Companies Register under number 333211480, as data controller, attaches great importance to the protection and respect of privacy. It undertakes, with respect to its customers and users of the nomad Solution (hereinafter the “nomad Solution”), the nomad mobile Application (hereinafter the “nomad mobile Application”), and the SaaS services (hereinafter the “SaaS Services”), to respect the principles of the protection of personal data in accordance with the General Data Protection Regulation (“GDPR”) and French law n° 78-17 of January 6, 1978 relating to information technology, files and freedoms as amended.
This privacy policy (hereinafter the "Privacy Policy") applies to the processing of personal data carried out by Alimpex in the course of its business and aims to inform its customers and users of the Solution, the nomad Mobile Application, or the SaaS Services of the practices concerning the collection, use, and sharing of information that customers and users are required to provide when using the services and applications offered by Alimpex.
By creating a user account on the Web Application and subscribing to services offered by Alimpex, customers and users acknowledge and, where applicable, accept the processing of Personal Data by Alimpex in accordance with applicable law and the provisions of the Privacy Policy.
2. DEFINITIONS
In the Privacy Policy, the following terms, used with a capital letter and indifferently in the singular or plural, shall have the meanings given to them below:
Nomad Mobile Application: an application usable on Android and iOS that collects contextual and sample progress information, measures this data, and performs microbiological counting.
Web Application: an online application that uses the information communicated by the nomad Mobile Application to organize it, interpret the results, and provide other SaaS Services.
Alimpex: the company that developed and operates the nomad Solution and the Mobile and Web Applications, as well as the associated SaaS Services.
Customer: a legal entity or adult natural person who has opened an account to access the Web Application and SaaS Services, is responsible for implementing procedures and actions to control contamination, and subscribes as part of their professional activity.
Operator Account: a personal account specific to each User, which must be created on the Mobile Application to be able to log in.
User account: personal account created by the Client to access SaaS Services.
Personal Data: any information relating to a Data Subject, an identified or identifiable natural person.
Data Subject: any identified or identifiable natural person, namely a natural person who can be identified, directly or indirectly. For the purposes of this Privacy Policy, Data Subjects are the customers and users of the Application.
Profile: all the settings recorded by the Customer under their User Account to use or benefit from the SaaS Services.
Data Controller: the natural or legal person, public authority, department, or other body that, alone or jointly with others, determines the purposes and means of processing. For the purposes of this Privacy Policy, the Data Controller is Alimpex.
Services: all services, paid or not, offered by Alimpex through the Nomad Solution to detect viruses and bacteria and, more generally, microorganisms in liquids, on surfaces, or in the air, and where applicable, count them (microbiological enumeration), and analyze them to enable the implementation of appropriate solutions.
SaaS Services: Services offered by Alimpex, accessible through an internet platform or a web application, allowing the measurement and quantification of the microbiological level of a surface or liquid, and its analysis in order to implement appropriate preventive measures or any other more broadly defined services.
Nomad Solution: A solution designed to assist manufacturers in detecting viruses and bacteria, and more generally microorganisms in liquids, on surfaces, or in the air, and present in their production environments, to enable them to better control the level of microbial contamination. It consists of i) a microbiological testing device, ii) a mobile application, and iii) SaaS Services based on a web application.
Processing: Any operation or set of operations, whether or not performed using automated processes, and applied to personal data or sets of personal data (i.e., collection, recording, storage, modification, extraction, etc.). User: person using the Mobile Application to make a collection.
3. LEGAL FRAMEWORK
The Data Controller declares that it processes Personal Data in accordance with the GDPR and French Law No. 78-17 of January 6, 1978, relating to information technology, data files, and civil liberties, as amended.
4. DATA CONTROLLER
The Data Controller is Alimpex, a simplified joint-stock company with a share capital of €31,200.00, having its registered office at 3 rue du Transformateur – 68126 BENNWIHR GARE, registered with the Colmar Trade and Companies Register under number 333211480, represented by Mr. Bertrand PRAZ in his capacity as Manager.
Contact information:
Address: 3 rue du Transformateur – 68126 BENNWIHR GARE
Email: bpraz@almipex.fr
Telephone: +33 389 79 89 67
The Data Controller's representative is Mr. Jérôme SCIACCHITANO
5. PERSONAL DATA COLLECTED, PURPOSES, AND BASIS FOR COLLECTION
The Privacy Policy applies to Personal Data that the Data Controller may collect from Data Subjects, in particular through the following resources:
- User Account creation form
- Profile customization settings
- Mobile Application, etc.
As part of our business and your access to our services, we may collect and process the following Personal Data:
|
PURPOSE(S) OF PROCESSING |
PERSONAL DATA COLLECTED |
LEGAL BASIS(S) |
|
Customer relationship management (processing, management and monitoring of the contractual relationship, creation of user account, invoicing, accounting, recovery) |
- Civil status (last name, first name); - Professional contact information (telephone number, postal address, email address); |
Execution of pre-contractual and contractual obligations
Compliance with legal or regulatory obligations |
|
Management of collection identification (mobile identity, position, voice recordings) |
- Civil status (last name, first name of the User*) - Personal contact information* (telephone number, IP address, personal email address), - Professional contact information*: company name and address, GPS location of the sample, business address, business phone number, IP address, business email, - Nature of the production - Company equipment - Images: images of the production environment (including potentially the person on site) - Voice: voice recordings, free comments from the User. |
Execution of pre-contractual and contractual obligations
Compliance with legal or regulatory obligations |
|
Customer information (sending newsletters and promotional offers) |
- Email address |
Legitimate interest pursued by the Data Controller (developing its business)
Consent (beyond three (3) post-contractual years) |
|
Information for non-customer prospects (sending newsletters and promotional offers) |
- Email address |
Consent of the Data Subject |
|
GDPR Request Management |
- Last name - First name - Telephone number - Email address - Copy of national identity card |
Compliance with legal or regulatory obligations |
*: If the Client has chosen to associate the mobile phone's identity with their phone number, the User's name, and the User's professional or personal email address.
To enable the Data Controller to fulfill its obligation to ensure the accuracy and updating of Personal Data, Data Subjects undertake to inform the Data Controller of any changes to their Personal Data.
In the event that the Data Controller wishes to further process Personal Data for a purpose other than that mentioned above and for which the Data Subject has been informed and/or consented to, the Data Controller undertakes to provide the Data Subject with all relevant information regarding this new purpose and any other relevant information in advance.
6. DURATION OF STORAGE OF PERSONAL DATA
|
FINALITES |
SHELF LIFE |
|
Customer relationship management |
Duration of the contractual relationship increased by six (6) years from the end of the contractual relationship. |
|
Management of sample identification |
Duration of the contractual relationship increased by six (6) years from the end of the contractual relationship. For IP addresses, 90 days unless it is a location at the Client's address. |
|
Information about customer prospects |
Three (3) years after the end of the contractual relationship.
Beyond three (3) years after the end of the contractual relationship, the data will be retained, with the Data Subject's consent, for a further period of three (3) years from the date of the Data Subject's express consent or the date of withdrawal of consent. |
|
Information for non-customer prospects |
Three (3) years from the consent given by the Data Subject or from the day of withdrawal of consent. |
|
GDPR Request Management |
Personal Data will be retained for as long as necessary for the Data Controller to fulfil its legal and regulatory obligations, without prejudice to retention obligations or limitation periods. |
7. STORAGE OF PERSONAL DATA
All Personal Data collected and processed is stored on servers located within the European Union, in compliance with applicable regulations.
8. RECIPIENTS OF PERSONAL DATA
The Data is never made available or transferred to third parties pursuing their own commercial purposes.
The Data Controller ensures that access to Personal Data is strictly limited to employees and agents of the Data Controller, authorized to process it by virtue of their duties and in accordance with the purposes pursued by the processing.
The information collected may be disclosed, to the extent strictly necessary, to third parties contractually bound to the Data Controller (partners, service providers, or subcontractors for the shipment of ordered items) for the performance of subcontracted tasks, without the Data Subject's authorization being required.
This Privacy Policy constitutes the basis for the requirements to which the Data Controller will require compliance in terms of data protection and security.
The Data Controller will require its carefully selected Personal Data subcontractors, all located within the European Union, to process the Data exclusively within the scope of the tasks entrusted to them and in accordance with applicable law.
Potential recipients:
- Platform hosting provider
- Platform and web application creation provider;
- Marketing provider.
Potential recipients of the data are located entirely in France or, failing that, in a member country of the European Union.
It is specified that, in the context of the performance of their services, third parties have only limited access to the data and are required to use it in compliance with the provisions of applicable legislation regarding the protection of personal data.
Apart from the cases set out above, the Data Controller undertakes not to sell, rent, transfer or give access to third parties to the data without the prior consent of the Clients, unless required to do so for a legitimate reason (legal obligation, fight against fraud or abuse, exercise of the rights of defense, etc.).
9. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
The Data Controller does not intend to transfer personal data to a third country or to an international organization.
10. RIGHTS OF DATA SUBJECTS
The Data Subject has the right:
|
Right of access |
In any case |
|
Right of rectification |
In any case |
|
Right to erasure |
Only for processing not justified by the performance of a legal obligation, the performance of a mission in the public interest, for archiving purposes, or necessary for the establishment, exercise or defense of legal rights |
|
Right to restriction of processing |
In any case |
|
Right to object to processing |
Only for processing that does not have the legal basis of contract performance or the exercise of a legal obligation |
|
Right to data portability |
Only for processing based on consent, on the performance of a contract or if the processing is carried out using automated processes |
|
Filing a complaint with the CNIL |
In any case |
|
Withdraw consent at any time, without affecting the lawfulness of processing based on consent given before its withdrawal |
Only when the processing is based on the data subject's consent to the processing of his or her personal data for one or more specific purposes |
Data Subjects may exercise all of the above-mentioned rights by sending a formal request to the Data Controller, accompanied by a copy of proof of identity, to the following address:
- Email: contact@alimpex.fr
- Mail: Alimpex – 3 rue du Transformateur – 68126 BENNWIHR GARE
Data Subjects also have the right to file a complaint with the French supervisory authority, the French National Commission for Information Technology and Civil Liberties (CNIL), via its website (www.cnil.fr) or by mail (3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07).
Finally, the Data Subject, upon noting that a violation of the GDPR has been committed, may mandate an association or organization referred to in Article 43 ter IV of the Data Protection Act of 1978, to obtain compensation against the Data Controller or processor before a civil or administrative court or before the CNIL.
11. AUTOMATED DECISION-MAKING AND PROFILING
Unless otherwise stated in specific provisions, no profiling within the meaning of Article 22 of the GDPR will be carried out, and more generally, no automated decision-making will be carried out on the basis of Personal Data.
12. SECURITY
Under the GDPR, the Data Controller undertakes to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including, among others, as needed:
- pseudonymization of personal data;
- means to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;
- means to restore the availability of and access to personal data within an appropriate timeframe in the event of a physical or technical incident;
- a procedure to regularly test, analyze, and evaluate the effectiveness of technical and organizational measures to ensure the security of processing.
13. UPDATING THE PRIVACY POLICY
This privacy policy may change and be updated in light of regulatory, legal, administrative, and jurisprudential developments.
The Data Controller suggests that data subjects regularly consult this privacy policy to be aware of any changes.