Personal Data Protection Policy

Activities related to the website https://geobiohome.fr/en involve personal data processing.

What does the personal data policy cover?

This policy informs you about the characteristics of these processes and your rights regarding your personal data.

This privacy policy is written in accordance with Law No. 78-17 of January 6, 1978 (known as the “Data Protection Act”) and the General Data Protection Regulation (“GDPR”) No. 2016/679.

Who is responsible for this policy?

The data controller is EI DELPHINE FOURET, represented by its legal representative Ms. FOURET Delphine.

The contact details of the data controller are as follows: GéobioHome – 12 B rue Mazagran – 64200 BIARRITZ

The controller can be reached at: +33 6 11 61 01 46

The contact email address is: contact[at]geobiohome.fr

Who is this policy for?

This policy is intended for users of the website.

This concerns:

• People to whom we have entrusted technical services (hosting provider, maintenance, website security);
• People who have access to the back office of the site for its administration;
• People who write or are mentioned in the site’s content;
• People who contact us using the website’s contact form;
• People we reference on the site as partners;

What is the collected data used for (purposes)?

The processing is intended for the management of the website.

This processing allows:

• Technical management of the site (maintenance, hosting, website security);
• Administration of the website;
• Management of editorial content on the site;
• Management of information requests through the contact form;
• Referencing of partner individuals on the site;

Legal basis for processing: what gives us the right to process data

The legal bases for processing are as follows:

• For the technical management of the site (maintenance, hosting, website security), the legal basis is legitimate interest;
• For the administration of the website, the legal basis is legitimate interest;
• For the management of editorial content on the site, the legal basis is the consent of the people whose information is published;
• For the management of information requests through the contact form, the legal basis is legitimate interest (to enable online communication) or the execution of pre-contractual measures (preparation of quotes at the request of individuals);
• For referencing partner individuals on the site, the legal basis is the consent of these individuals;

Data retention period

Data being processed is kept for a period not exceeding that necessary for the purposes for which it is recorded (principle of minimizing processing).

The maximum retention periods are as follows:

• For the technical management of the site (maintenance, hosting, website security): 12 months for IP addresses and connection logs;
• For the administration of the website: as long as the people concerned administer the site;
• For the management of editorial content on the site: 5 years from their publication;
• For the management of information requests through the contact form: 3 years from the request;
• For referencing partner individuals on the site: 5 years from publication;

Processed data

The data controller processes the following categories of data:

• Civil status, identity, identification data, images (name, first name, address, photograph, etc.);
• Connection data (IP addresses, logs, terminal identifiers, connection identifiers, etc.);

Mandatory or optional nature of data collection

The data collected is mandatory for carrying out the processing purposes.

Data sources

The data is transmitted directly by the data subject.

Data recipients

Depending on their respective needs, the recipients of all or part of the data are:

• People in charge of technical services (hosting provider, maintenance, website security);

What security measures are in place?

The data controller implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

The data controller takes measures to ensure that any natural person acting under the authority of the data controller or that of the processor, who has access to personal data, does not process it except on instructions from the data controller, unless required to do so.

The following specific security measures have been taken:

• All processed data is transmitted in an encrypted manner via the HTTPS protocol;
• The server has anti-DDOS protection and a firewall;

Existence or absence of data transfer to a country outside the European Union and associated guarantees

The data controller does not transfer any personal data outside the European Union.

Automated decision making

The processing provides for fully automated decision-making. The data controller undertakes to comply with the conditions of Article 22 of the GDPR.

Fate of personal data after death – Right of access, rectification, deletion, and data portability

The data subject may define guidelines relating to the retention, deletion, and communication of their personal data after their death. These guidelines may be general or specific.

The data subject also has the right to access, object to, rectify, delete, and, under certain conditions, the portability of their personal data. The data subject has the right to withdraw their consent at any time if consent constitutes the legal basis for processing.

The request must indicate the last name, first name, email or postal address of the data subject, and be signed and accompanied by a valid proof of identity.

These rights can be exercised by contacting:
GéobioHome
12 B rue Mazagran
64200 BIARRITZ

contact[at]geobiohome.fr

Complaint

The data subject has the right to lodge a complaint with the supervisory authority (CNIL).