Privacy policy

1. PURPOSE AND SCOPE OF THE POLICY

NEPTING attaches the utmost importance and care to the protection of privacy and Personal Data, as well as to compliance with the provisions of the applicable Legislation.

Regulation (EU) 2016/679 of April 27, 2016 on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such Data (hereinafter “RGPD”) affirms that Personal Data must be processed lawfully, fairly, and transparently. Thus, this privacy policy (hereinafter the “Policy”) aims to provide you with simple, clear information on the Processing of Personal Data concerning you, in the context of your browsing and operations carried out on our website.

2. DATA CONTROLLER

As part of your activity on the [www.nepting.com] website, we collect and use personal data relating to you, individuals (hereinafter referred to as the “Data Subject”).

For all Processing, NEPTING, a simplified joint stock company (société par actions simplifiée), RCS Montpellier B 753 521 335, with capital of €45,000.00, having its registered office at 90 rue de la Sauge, 34130 Saint-Aunès, France, determines the means and purposes of the Processing.

As such, we act as a Data Controller, within the meaning of the Personal Data Regulations, and in particular Regulation (EU) 2016/679 on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such Data.

3. WHAT PERSONAL DATA WE COLLECT AND HOW

When you use our website or subscribe to our newsletter, you provide us with a certain amount of information about yourself, some of which may identify you (“Personal Data”). This is the case when you browse our site, fill in the online contact form, or simply subscribe to our newsletter.

The nature and quality of the Personal Data collected about you varies according to the relationship you enter into with NEPTING:

• Identification data: this includes all information that would enable us to identify you, such as your surname, first name and telephone number. We may also collect your e-mail address and the country of your company.
• Connection data: We collect your IP address, browser model and operating system model for maintenance and statistical purposes.
• Browsing information: When you browse our website, you interact with it. As a result, certain information relating to your browsing is collected.
• Data collected from Third Parties: Personal Data that you have agreed to share with us or on publicly accessible social networks and/or that we may collect from other publicly accessible Data bases.

4. WHY AND HOW DO WE COLLECT YOUR PERSONAL DATA?

We collect your Personal Data for specific purposes and on different legal grounds.

In the context of contract performance or pre-contractual measures, your Data is processed for the following purposes:

• Customer relationship management.

On the basis of your consent, your Data is processed for the following purposes:

• Sales and marketing prospecting;
• Transmission of your Data to our sales representatives;
• Newsletter management;
• Management of cookies requiring your consent;

Within the framework of NEPTING’s legitimate interests, your Data is processed for the following purposes:

• Establishment of product and service improvement statistics;
• Carrying out satisfaction surveys and polls;
• Management of pre-litigation and litigation;

5. DO WE SHARE YOUR PERSONAL DATA?

Your Data is intended for use by authorized NEPTING employees in charge of managing and executing contracts and legal obligations, according to the purposes for which it is collected and within the limits of their respective responsibilities.

It may be passed on to the following recipients for certain tasks related to the purposes, and within the limits of their respective missions and authorizations:

• Entities of the NEPTING Group in the event of outsourcing to another group entity;
• Duly authorized public authorities (judicial, supervisory, etc.), as part of our legal and regulatory obligations;
• Regulated professions (lawyers, bailiffs, etc.) who may be involved in the implementation of guarantees, debt collection or litigation;

When your Data is communicated to our service providers and subcontractors, they are also asked not to use the Data for purposes other than those initially intended.

We make every effort to ensure that these third parties maintain the confidentiality and security of your Data.

In all cases, only the necessary Data is provided. We make every effort to ensure secure communication or transmission of your Data.

We do not sell your Data.

6. IS YOUR PERSONAL DATA TRANSFERRED TO THIRD COUNTRIES?

NEPTING endeavors to keep Personal Data in France, or at least within the European Economic Area (EEA).

However, it is possible that the Data we collect when you use our platform or as part of our services may be transferred to other countries. This is the case, for example, if some of our service providers are located outside the European Economic Area.

In the event of such a Transfer, we guarantee that it will be carried out :

• To a country ensuring an adequate level of protection, i.e. a level of protection equivalent to that required by European Regulations;
• Within the framework of standard contractual clauses;
• Within the framework of internal company rules.

7. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We retain your Personal Data only for as long as is necessary to fulfill the purpose for which we hold it, to meet your needs or to comply with our legal obligations.

Retention periods vary depending on a number of factors, such as:

• NEPTING’s business needs;
• Contractual requirements;
• Legal obligations;
• Recommendations from supervisory authorities.

The retention periods for your Data are as follows:

8. HOW DO WE GUARANTEE THE SECURITY OF YOUR PERSONAL DATA?

NEPTING is committed to protecting Personal Data that we collect or process against loss, destruction, alteration, unauthorized access or disclosure.

Accordingly, we implement all appropriate technical and organizational measures, depending on the nature of the Data and the risks involved in processing them. These measures must preserve the security and confidentiality of your Personal Data. They may include practices such as restricted access to Personal Data by authorized persons, by virtue of their functions, pseudonymization or encryption.

In addition, our practices and policies and/or physical and/or logical security measures (secure access, authentication procedure, back-up copy, software, etc.) are regularly checked and updated if necessary.

9. WHAT ARE YOUR RIGHTS?

The RGPD provides Data Subjects with rights that they can exercise.

Thus are provided for:

1. Right to information: the right to clear, precise and complete information on NEPTING’s use of Personal Data.

2. Right of access: the right to obtain a copy of the Personal Data that the Data Controller holds on the applicant.

3. Right of rectification: the right to have Personal Data rectified if they are inaccurate or obsolete and/or to have them completed if they are incomplete.

4. Right to erasure / right to be forgotten: the right, under certain conditions, to have Data erased or deleted, unless NEPTING has a legitimate interest in retaining it.

5. Right to object: the right to object to the Processing of Personal Data by NEPTING for reasons relating to the applicant’s particular situation (under certain conditions).

6. Right to withdraw Consent: the right at any time to withdraw Consent where Processing is based on Consent.

7. Right to limit Processing: the right, under certain conditions, to request that Processing of Personal Data be temporarily suspended.

8. Right to Data Portability: the right to request that Personal Data be transmitted in a reusable format enabling it to be used in another database.

9. Right not to be the subject of an automated decision: the right for the applicant to refuse fully authorized decision-making and/or to exercise the additional guarantees offered in this respect.

10. Right to define post-mortem directives: the right for the applicant to define directives concerning the fate of Personal Data after his/her death.

Additional rights may be granted to Data Subjects by Local Regulations.

• To this end, NEPTING has implemented a procedure for managing the rights of Individuals that complies with the requirements of the applicable Legislation. This procedure establishes :
  The standards to be met to ensure transparent information for Data Subjects;
• Legal requirements that must be met;
• The authorized means of submitting a request for each right, according to the category of Data Subject;
• The operational processes for handling these requests in accordance with the above requirements;
• The parties involved in these processes, their roles and responsibilities. To exercise your rights, please contact the Data Protection Officer (DPO): contact-rgpd@nepting.com, 90 rue de la Sauge – 34130 Saint-Aunès.

When you send us a request to exercise a Right, you are asked to specify as far as possible the scope of the request, the type of Right exercised, the Personal Data Processing concerned, and any other useful information, in order to facilitate the examination of your request. In case of reasonable doubt, you may also be asked to provide proof of your identity.

10. POLICY UPDATE

This Policy may be updated from time to time to take account of changes in regulations relating to personal data.

Date of last update: 18/10/2023