PRIVACY POLICY
The protection and security of Data is important for Cabasson Design (hereinafter “Company“), whose contact details are detailed in Article 2.
Reference is made to the general terms and conditions of services and the general terms and conditions of use accessible on the sites held by the Company (hereinafter together the “Sites“) for the definition of capitalized terms that are not expressly defined in this document.
Cabasson Design assures the Users of the sites, the Clients, and the prospects who provide Data (the “Data Subjects“) a collection and processing of Data in accordance with the provisions of the law no. 78-17 of January 6, 1978 relating to data processing, files and liberties (the “Data Protection and Freedoms Act”) and Regulation No. 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “Regulations”), in accordance with the privacy policy (the “Privacy Policy”).
The Privacy Policy forms an integral part of the General Terms and Conditions of Use of the Sites.
Its purpose is to administer the collection and processing of Data in the context of the use of the websites, the Projects undertaken by Cabasson Design (the “Projects”) and, generally, in the context of Cabasson Design’s relationship with Data Subjects.
Article 1. Lawfulness of the processing of Data – Access to Sites and Services
The Privacy Policy must be expressly accepted by:
- any User wishing to access the Sites during the first visit and at every modification of the Privacy Policy;
- any Client;
- any prospect who communicates Data to the Company, by any means.
In the event of non-acceptance of the Privacy Policy, Data Subjects shall waive access to the Sites and services offered by the Company.
The User or Client certifies to be at least 15 years old to be able to access the Sites.
In the event of non-acceptance of the Privacy Policy, the User or the Client must waive access to the Sites.
Article 2. Person in charge of the processing
The data controller is the Company: Cabasson Design, whose registered office is located at 5, boulevard d'Estienne d'Orves, 83110 Sanary-sur-mer, France, registered in the Companies and Establishments Repertoire under number 903 435 048.
To exercise any of the rights referred to in Article 9 of the Privacy Policy or for any question, the Data Subjects may contact the Company:
5, boulevard d'Estienne d'Orves, 83110 Sanary-sur-mer, France
+33 (0)6 29 91 09 30
Article 3. Collected and Processed Data
Some Data are provided directly by the Data Subjects when they contract with the Company for services or communicate their Data to the Company, for example via a contact form, available on the Sites or in the office.
Other Data are obtained automatically as a result of the interactivity established between the User or Client and the Sites.
The Data collected directly from the Data Subjects include the Data listed below:
- last name, first name;
- marital status;
- email address that identifies an individual;
- postal address that can be used to identify an individual;
- telephone number that can be used to identify an individual;
- billing information that identifies an individual;
- other voluntarily shared Data.
The Data collected passively when visiting the Sites (connection and navigation data and data recorded in cookies) include the Data listed below:
- The IP address of your connection;
- Information relating to your connection method (computer, tablet, smartphone), your connection mode, such as the type and version of your Internet browser, your operating system and other technical characteristics (screen resolution, etc.);
- All urls consulted on the site, including the date and time.
Article 4. Purposes of Data Processing
The Data may be collected and processed by the Company and/or its subcontractors in order to:
- enable the execution of contractual relations;
- enable the Company to comply with its legal obligations, to settle disputes and to enforce its contracts;
- keep the history of the operations carried out in the context of the contractual relationship;
- enable the sending of e-mails and e-marketing campaigns and promotions;
- keep Data Subjects informed of upcoming events;
- develop, use, deliver and improve the technological features of the services provided via the Sites and their performance.
Article 5. Basis of Data Processing
The above-mentioned processing operations are based on:
- the performance of the contract between the Data Subject and the Company, where applicable;
- the legitimate interest of Cabasson Design;
- the consent of the Data Subject in other cases, including the use of cookies for certain purposes and the use of the Data for commercial prospecting purposes.
Where the processing of Data is based on the consent of the Data Subject, the Data Subject has the right to withdraw his/her consent at any time.
An unsubscribe link will be included in newsletters and marketing emails sent by the Company to the Data Subject.
Article 6. Recipients of the Data
The recipients of the Data (excluding subcontractors) are the departments of the Company, its subsidiaries or affiliated companies that use the Data: marketing/communication department, accounting department.
Authorized third parties undertake to process the Data in accordance with this Privacy Policy.
Article 7. Subcontractors
The Company may use subcontractors.
The Company ensures that the subcontractor(s) it uses provide sufficient guarantees to ensure the implementation of appropriate technical and organizational measures so that the processing of Data meets the legal requirements in force.
Article 8. International Transfer of Data Outside the European Union
Data may be shared with third parties, including the Company’s suppliers, collaborators, and/or consultants located or using servers located outside the European Union in countries where data protection laws may differ from those in the European Union.
In such a case, the Company ensures that the Data Subject is informed and that such transfer provides an adequate level of protection for the privacy and fundamental rights of individuals in accordance with applicable laws and regulations.
Article 9. Rights of Data Subjects
Under the provisions of the Data Protection Act and the Regulation, Data Subjects have the right to: access, rectify, delete, limit or object to the processing of their Data, define directives relating to the conservation, deletion and communication of their Data after their death and the portability of their Data.
Data Subjects have the right to obtain from the controller the limitation of processing in certain cases, for example when they dispute the accuracy of the Data.
The right to object is understood to be the possibility for Data Subjects to refuse the use of their Data for certain purposes.
The right to erasure is the possibility for Data Subjects to obtain from the controller the erasure of Data concerning them in certain situations, for example when such Data are no longer necessary for the purposes for which they were collected or processed.
The right to Data portability is the right for Data Subjects to receive the Data concerning them that they have provided to the Data Controller in a structured, commonly used and machine-readable format, and to transmit such Data to another Data Controller.
In order to exercise any of the above rights or if they have any questions, Data Subjects may contact the Company using the contact information provided in Article 2 above.
Data Subjects have the right to file a complaint with the competent supervisory authority (CNIL) or to obtain reparation from the competent courts if they consider that the Company has not respected their rights.
Article 10. Security and Confidentiality of the Data
The Data collected by the Company is kept in a secure environment.
To ensure the security of the Data, the Company uses the following measures in particular:
- access control: identifiers/passwords;
- connection traceability measures: logging of accesses with identifier and IP address used, connection timestamp;
- computer backups;
- software protection measures (antivirus, updates and security patches);
- data encryption.
The persons working for the Company are required to respect the confidentiality of this Data.
The Company is committed to ensuring that adequate levels of protection are in place in accordance with applicable legal and regulatory requirements. However, as no mechanism offers absolute security, there is a degree of risk when the Internet is used to transmit personal data and information.
The Company will notify the CNIL and/or the Data Subject of any Data breaches covered by the Regulation.
Article 11. Duration of Storage of Data
The Data is only stored by the Company for the time necessary to provide its services and/or to execute the contractual relationship and for the applicable statute of limitations (five (5) years for contractual liability), subject to the legal and regulatory obligations applicable to the Company.
However, the necessary Data may be kept for commercial prospecting and/or archiving purposes for a maximum of three (3) years from the last contact with the Data Subject.
The Navigation Data will be kept for a maximum period of twelve (12) months.
Article 12. Use of Cookies
12.1. General
A cookie is a small information file saved by a website on the computer, tablet, or smartphone of the User or Client. This cookie can be reused during a future visit to the same website. A cookie cannot be read by a website other than the one that created it. Most cookies are only valid for the duration of a session or visit.
The Company uses cookies and other services to analyze traffic on the Sites in order to facilitate the User’s or Client’s navigation on the Sites, to optimize technical management, and to carry out visit statistics.
The information recorded by the “cookies” is kept for no longer than twelve (12) months.
Most browsers are set to automatically accept cookies.
However, it is possible for the User to configure his browser to be informed each time a cookie is created or to avoid their recording (see point 12.3 below).
12.2. Type of Cookies Used
The Company may use one or more of the following types of cookies:
- cookies monitoring the use of the Sites in order to generate statistical reports on the use of the Site, without identifying the individual Users/Clients of the Sites, via the audience measurement tool Google Analytics;
- cookies necessary for the proper and efficient operation of the Sites, including cookies that enable the Sites to save User/Client preferences.
12.3. What if the User does not want cookies?
If the User does not want the Site to store cookies on their computer, they have the option of blocking cookies (i.e., setting their browser to refuse all cookies) and/or deleting cookies that have already been placed on their computer:
- in Internet Explorer: one can block cookies by using the settings to modify the way cookies are handled by clicking on “Tools”, “Internet Options”, “Privacy” and then on the “Advanced” button;
- in Firefox: one can block all cookies by clicking on “Tools”, “Options”, “Privacy”, selecting “Use custom settings for history” from the drop-down menu and unchecking “Accept third-party cookies”;
- in Chrome, one can block all cookies by clicking “Personalize and Control” and then “Settings”, “Show Advanced Settings” and “Content Settings”, “Cookies and Site Data” under the heading “Cookies”.
Please note, however, that when the User disables certain cookies, a number of features may no longer be available on the Sites.
Article 13. Updates
The Company may update this Privacy Policy from time to time. Users are invited to check the Privacy Policy regularly for updates.
Last updated: January 24, 2025.