Confidentiality policy

For the website: www.pollen.am



ARTICLE 1: PREAMBLE

This privacy policy applies to the site: www.pollen.am.

The purpose of this privacy policy is to expose users of the website to :

  • The manner in which their personal data is collected and processed. All data that can identify a user shall be considered personal data. This includes first and last name, age, postal address, e-mail address, location of the user or his/her IP address;
  • What are the users' rights regarding this data ;
  • Who is responsible for the processing of the personal data collected and processed;
  • To whom this data is being transmitted.;
  • Possibly, the policy of the site regarding "cookies" files.

This privacy policy complements the Legal Notice and the General Conditions of Use which users can consult at the address below: :
www.pollen.am/legal_notice

ARTICLE 2: GENERAL PRINCIPLES FOR DATA COLLECTION AND PROCESSING

In accordance with the provisions of Article 5 of the European Regulation 2016/679, the collection and processing of data from users of the site respect the following principles:

  • Lawfulness, fairness and transparency: data may only be collected and processed with the consent of the user who owns the data. Whenever personal data is collected, the user will be informed that his/her data is being collected, and for what purposes his/her data is being collected ;
  • Limited purposes: the collection and processing of data is carried out to meet one or more of the purposes set out in these general conditions of use;
  • Minimisation of data collection and processing: only the data necessary for the proper execution of the objectives pursued by the site are collected ;
  • Data retention reduced in time: the data is kept for a limited period of time, of which the user is informed. When this information cannot be provided, the user is informed of the criteria used to determine the retention period ;
  • Integrity and confidentiality of the data collected and processed: the data controller undertakes to guarantee the integrity and confidentiality of the data collected.

In order to be lawful, and in accordance with the requirements of Article 6 of European Regulation 2016/679, the collection and processing of personal data may only take place if it complies with at least one of the following conditions listed below:


  • The user has expressly consented to the treatment
  • The processing is necessary for the proper execution of a contract ;
  • The processing complies with a legal obligation;
  • The processing operation is necessary in order to protect the vital interests of the data subject or of another natural person;
  • The processing may be necessary for the performance of a task carried out in the public interest or in the exercise of official authority;
  • The processing and collection of personal data shall be necessary for the purposes of the legitimate and private interests pursued by the controller or by a third party.

ARTICLE 3: PERSONAL DATA COLLECTED AND PROCESSED IN THE CONTEXT OF NAVIGATION ON THE WEBSITE


A. DATA COLLECTED AND PROCESSED AND METHOD OF COLLECTION

The personal data collected on the Pollen AM site are as follows:

  1. email address
  2. first name
  3. last Name
  4. telephone number
  5. company

This data is collected when the user performs one of the following operations on the site :

  1. Sending a message via the online form
  2. Subscribe to the newsletter

The data controller will keep in its computer systems of the site and in reasonable conditions of security all the data collected for a period of : 3 years (36 months).

The collection and processing of data shall be carried out for the following purposes:
Sending out of newsletters and commercial offers.


B. TRANSFER OF DATA TO THIRD PARTIES

Personal data collected by the site are not transmitted to any third party, and are only processed by the site editor.


C. DATA HOSTING

The Pollen AM website is hosted by : Amazon Web Services, headquartered at the following address :

    31 Place des Corolles - 92400 Courbevoie - France
The data collected and processed by the site is transferred to the following country or countries: United States.


ARTICLE 4: DATA CONTROLLER AND DATA PROTECTION OFFICER 

A. THE DATA CONTROLLER

The person responsible for processing personal data is: Didier Fonta.
He can be contacted as follows:

The data controller shall be responsible for determining the purposes and means of processing personal data.


B. OBLIGATIONS OF THE DATA CONTROLLER

The data controller undertakes to protect the personal data collected, not to transmit them to third parties without the user's knowledge and to respect the purposes for which these data were collected.

The site has an SSL certificate in order to guarantee that the information and the transfer of data transiting through the site are secure.

An SSL certificate ("Secure Socket Layer" Certificate) aims to secure the data exchanged between the user and the site.

In addition, the data controller undertakes to notify the user in the event of rectification or deletion of the data, unless this would entail disproportionate formalities, costs and steps for the user.

In the event that the integrity, confidentiality or security of the user's personal data is compromised, the data controller undertakes to inform the user by any means.


C. THE DATA PROTECTION OFFICER

Furthermore, the user is informed that the following person has been appointed Data Protection Officer : Didier Fonta.
The role of the Data Protection Officer is to ensure the proper implementation of national and supranational provisions relating to the collection and processing of personal data. He or she may also be appointed DPO (Data Protection Officer).

The Data Protection Officer can be reached as follows:


ARTICLE 5: USER RIGHTS

In accordance with the regulations concerning the processing of personal data, the user has the rights listed below. In order for the data controller to comply with his request, the user is required to provide him with: his first and last name and his e-mail address.
The data controller is obliged to respond to the user within a maximum of 30 (thirty) days.


A. PRESENTATION OF THE USER'S RIGHTS WITH REGARD TO THE COLLECTION AND PROCESSING OF DATA

a. Right of access, rectification and right to erasure

The user may consult, update, modify or request the deletion of data concerning him/her, in accordance with the procedure set out below:


b. Right to data portability

The user has the right to request the portability of his/her personal data, held by the site, to another site, by complying with the following procedure:



c. Right to limit and oppose the processing of data

The user has the right to request the limitation or to oppose the processing of his/her data by the site, without the site being able to refuse, unless it can demonstrate the existence of legitimate and compelling reasons, which may take precedence over the interests and rights and freedoms of the user.
In order to request the limitation of the processing of his/her data or to object to the processing of his/her data, the user must follow the following procedure:



d. Right not to be the subject of a decision based exclusively on an automated process

In accordance with the provisions of Regulation 2016/679, the user has the right not to be subject to a decision based exclusively on an automated process if the decision produces legal effects concerning him or her, or affects him or her significantly in a similar way.



e. Right to determine the fate of data after death

The user is reminded that he can organize what should become of his data collected and processed if he dies, in accordance with the law n°2016-1321 of October 7th, 2016.



f. Right to apply to the competent supervisory authority

In the event that the data controller decides not to respond to the user's request, and the user wishes to contest this decision, or, if he or she believes that one of the rights listed above is being infringed, he or she has the right to refer the matter to the CNIL (Commission Nationale de l'Informatique et des Libertés, https://www.cnil.fr) or any competent judge.


B. PERSONAL DATA OF MINORS

In accordance with the provisions of Article 8 of European Regulation 2016/679 and the French Data Protection Act, only minors aged 15 or over may consent to the processing of their personal data.

If the user is a minor under the age of 15, the consent of a legal representative will be required so that personal data can be collected and processed.

The site editor reserves the right to verify by any means that the user is over 15 years old, or that he will have obtained the agreement of a legal representative before navigating on the site.

ARTICLE 6: CONDITIONS FOR AMENDING THE PRIVACY POLICY

This privacy policy can be consulted at any time at the address below:

The publisher of the site reserves the right to modify it in order to guarantee its conformity with the law in force.
Therefore, the user is invited to regularly consult this privacy policy in order to be informed of the latest changes that will be made to it.
It is brought to the user's attention that this privacy policy was last updated on: 20/03/2020.

ARTICLE 7: ACCEPTANCE BY THE USER OF THE PRIVACY POLICY

By browsing the site, the user certifies that he or she has read and understood this privacy policy and accepts its terms and conditions, particularly with regard to the collection and processing of his or her personal data.