Privacy policy – Personal data
This Privacy Policy details MIXSCIENCE’s (the “Company”) policy regarding personal data on the website (the “Site”) https://www.mixscience.eu/. This Policy applies to all information provided by you, or collected by us while you browse our Site, in accordance with the regulations in force in France regarding personal data, as laid out in Law No. 78-17 of January 6, 1978, on information technology, files, and civil liberties, known as the “loi Informatique et Libertés” and EU Regulation 2016/679 of May 25, 2018 on data protection, known as the “GDPR.”
The purpose of this Privacy policy is to inform individuals accessing the services offered on our Site (hereinafter the “Users”) about how we collect, use, and share their personal data.
You will be notified of any changes or updates to this privacy policy. Your active consent to the new privacy policy will be required to continue using the services offered by the Company.
1. Who is responsible for your personal data?
The data controller, who collects and manages your data, is MIXSCIENCE, a simplified joint-stock company with a single shareholder, with a share capital of €7,182,940.00, registered in the Lorient Trade and Companies Register under No. 538829136, whose registered office is located at 2 avenue de Ker Lann, 35170 Bruz, represented by Véronique Noël, Publishing Director, duly authorized for the purposes hereof.
2. What personal data is collected?
We remind you that personal data is any information relating to an identified natural person or a person who can be identified, directly or indirectly.
When you browse the Site and use the various services offered by the Company, you consent to our collection of the following categories of data: Surname, First name, email address, phone number, country, company, industry sector;
(hereinafter “Personal data”).
You agree to provide up-to-date and valid personal identification data as part of the information required on the Site, and you guarantee that you will not make any false statements or provide any inaccurate information.
3. How and why is your Personal data collected?
3.1. Methods of collecting Personal data
You consent to the Company collecting your Personal data when you fill out the following documents:
– Contact form;
3.2. Legal Basis for data collection and processing
Your Personal data is collected based on the following legal grounds:
– The User’s specific, free, and informed consent;
– The fulfillment of a legal obligation incumbent upon the Company;
– The fulfillment of a contract between the Company and the User;
4. For what purposes is your Personal data collected?
4.1. General information
Mandatory Personal data is data strictly necessary for processing your requests. If such data is not provided, the User is informed that certain services offered by the Company may not be provided to them. The mandatory nature of the requested information is indicated to you at the time of collection.
Optional Personal data collected by the Company is intended to help us better understand you and improve your browsing experience on the Site.
4.2. List of purposes
Your Personal Data is collected and processed for the following purposes:
– Contact and support;
– Commercial relationship management (CRM/GRC tool);
– Commercial prospecting;
– Relationship management with the consumer;
Users are informed that, subject to their prior, specific, and affirmative consent, the Personal data provided may be transferred to AVRIL’s business partners and/or companies owned by AVRIL, so that they may inform Users about their offers and services.
5. Who has access to your Personal data?
5.1. Company staff
Your Personal data is intended for individuals duly authorized to process it within the Company, including, depending on the nature of the processing and the type of data, those responsible for sales, customer service, marketing, administration, logistics, and IT.
5.2. The Company’s subcontractors
In the course of conducting its business and providing its services, the Company uses subcontractors. These subcontractors:
– Process your Personal data on the Company’ behalf and in accordance with its instructions,
– Provide sufficient guarantees regarding the implementation of appropriate technical and organizational measures to ensure the security and confidentiality of your data.
In cases where the Company uses subcontractors located in countries offering levels of protection that are not equivalent to the level of personal data protection in the European Union, the Company undertakes to ensure that such transfer is governed by certification under the transatlantic legal framework validated on July 10, 2023, by the European Commission (hereinafter “US-EU Data Privacy Framework ” or “DPF”), or by the signing of standard contractual clauses established by the European Commission, or by the implementation of binding corporate rules (“BCR”).
6. How long is your Personal data retained?
The Company retains your Personal data for the time strictly necessary to fulfill the purposes for which it is collected and processed, such as managing the commercial relationship or payment.
Beyond this period, your Personal data may also be archived, subject to controlled, limited, and justified access, for the time necessary (i) to comply with the Company’s legal and regulatory obligations, and/or (ii) to enable the Company to assert a legal claim, before being permanently deleted.
7. How does the Company ensure the security and confidentiality of your Personal data?
The Company is committed to processing your Personal data in a manner that is:
– Lawful,
– Fair,
– Transparent,
– Proportionate,
– Relevant,
– Strictly within the scope of the stated and announced purposes,
– For the duration necessary for the processing operations in place,
– In a secure manner.
The Company implements and updates appropriate technical and organizational measures to ensure the security and confidentiality of your Personal data by preventing it from being distorted, damaged, or disclosed to unauthorized third parties.
8. What are your rights regarding your Personal data?
You may, upon simple written request, access your Personal Data, request its modification or correction, or demand to be removed from the Company’s database.
Under the right of access, you are entitled, in accordance with Article 15 of the GDPR, to request of the Company (i) the disclosure of your Personal data in an accessible format, (ii) confirmation as to whether your Personal data is currently being processed or is no longer being processed, (ii) information regarding the purposes of the processing, the categories of Personal data processed, and the recipients to whom your Personal data is disclosed, and (iv) the retention period for your Personal data or the criteria used to determine that period.
In accordance with Article 16 of the GDPR, theright to rectificationgrants you the right to require the Company to rectify, complete, or update your Personal Data when it is inaccurate, incomplete, ambiguous, or out of date.
Under the conditions of Article 17 of the GDPR, you have a right to erasure of your Personal data, allowing you to request that the Company erase your Personal data as soon as possible, particularly when the data is no longer necessary for the purposes for which it was collected.
You also have a right to restriction of the processing of your Personal data in the cases listed in Article 18 of the GDPR. You may therefore request that your Personal data be retained solely for the purposes of:
– Verifying the accuracy of the Personal data you contest,
– Assisting you in the establishment, exercise, or defense of your legal rights, even if the Company no longer requires it,
– Verifying whether the legitimate interests pursued by the data controller override your own in the event that you object to processing based on the Company’s legitimate interest,
– Complying with your request to restrict the use of your data—rather than erasure—in the event that the processing of your data is unlawful.
In the circumstances provided for in Article 20 of the GDPR, you have a right to data portability regarding your Personal data, allowing you to obtain from the Company the Personal data you have provided to it, in a structured, commonly used, and machine-readable format, for the purpose of transmitting it to another data controller.
In accordance with Article 21 of the GDPR, you have the right to object, at any time, to the processing of your Personal data for direct marketing purposes.
To exercise your rights of access, rectification, erasure, restriction, portability, and objection as described above, simply send your request by email to the following address: gdpr@avril.com
The Company will provide the individual exercising any of these rights with information regarding the measures taken as soon as possible and, in any event, within one (1) month of receiving the request. This period may be extended by two (2) months, depending on the complexity and number of requests.
If the Company does not act on the request, it will inform the individual, as soon as possible and no later than one (1) month from receipt of the request, of the reasons for its inaction and of the possibility of filing a complaint with a supervisory authority and seeking judicial remedy.
The exercise of these rights is free of charge. However, in the event of a manifestly unfounded or excessive request, the Company reserves the right (i) to require payment of fees taking into account administrative costs, or (ii) to refuse to comply with such requests.
9. What remedies are available in the event of a data breach?
In the event of a breach of your Personal data that is likely to pose a risk to your rights and freedoms, the Company will notify the CNIL of the breach as soon as possible, and, if possible, no later than 72 hours after becoming aware of it. The Company will also inform the User as soon as possible in accordance with the provisions of Article 34 of the GDPR.
Without prejudice to any other administrative or judicial remedy, a User who believes that the processing of their Personal data constitutes a violation of the provisions of applicable law may file a complaint with a competent supervisory authority such as the Commission Nationale de l’Informatique et des Libertés (CNIL).
10. Who should you contact with questions?
For any questions regarding the processing of their personal data and the exercise of their rights, Users may contact our dedicated department at the following address: gdpr@avril.com