In order to comply with the regulation GDPR N° 2016/679, Oriastral is committed to offering you exceptional services while respecting your privacy as well as applicable data protection, confidentiality and privacy laws.
This Privacy and Data Protection Policy describes our rights and obligations with respect to Personal Data in the European Union and is intended to help you understand how we collect, use and protect your Personal Data. Oriastral is very attentive to the confidentiality of your Personal Data and will only use them in accordance with the new GDPR regulation (in force since May 25, 2018).
In order to provide its services to you and in your dealings with Oriastral (hereinafter “We”, “Our”), Oriastral may collect information about you relating to your use of Our services. We are committed to (i) be transparent in Our management of your personal information, and (ii) to comply with the applicable legal framework for the protection of personal data.
The present policy on the protection of personal data (the “Policy”) explains (i) the process by which We collect personally identifiable information about Participants (“Personal Data”), and (ii) describes how and under what circumstances We may use, disclose and transfer such Personal Data in :
• the use of www.oriastral.com (the “Site”), or those of Our Partners,
• the use of any service accessible from the Site or those of Our Partners,
• Your participation in the Platform.
ARTICLE 1: DATA COLLECTION
PERSONAL DATA PROVIDED BY YOU
As part of your registration to the Oriastral sites, through the customer account registration form are collected the following personal data about you:
• Your e-mail address
• Your username and password
As part of the management of your account:
• Your username, surname, first name
• Your e-mail address
• Your mailing address
• Your date of birth
• Your landline or cell phone number
• Your purchase history (on E-commerce Support)
• Any special request that you could send Us (mainly for archiving purposes)
• Your Payment Data: the payment of Transactions concluded on the Platform via the secure payment service presupposes that you have previously opened a Personal Account. You are the holder of a “CB” payment card issued by a banking institution and usable at merchants and service providers affiliated to the “CB” network (French “Carte Bancaire”).
As part of the consultations:
• Data on the number of consultations established in writing with site experts.
• Data on the content of these consultations. The data is encrypted and can be used as evidence in litigation situations.
By Card number, it is understood the 16 (sixteen) digit number (hereafter “Number”) and the expiry date appearing on the front of this Bank Card as well as the security code (CVV) appearing on the back of this same Bank Card.
For all your Payment data, we use the services of the STRIPE provider certified in accordance with PCI DSS 3.2, the main international security standard whose objectives are to ensure the confidentiality and integrity of cardholder data, and the requirements of the European Payment Services Directive (PSD, 2077/64/EC).
We do not store your Card Number. Only the elements necessary to process your orders and their consequences (payment, guarantee, disputes …) are kept: the name of the credit card holder, the first 6 and last 4 digits of the credit card and its expiry date.
PERSONAL DATA COLLECTED AUTOMATICALLY BY ORIASTRAL DURING YOUR USE OF OUR SERVICES
When you use Our services, We automatically record information relating to (i) your use of Our services, (ii) your interaction with Our advertisements and emails, (iii) information about the features of the software and hardware you use, (iv) information obtained from your web browser.
We collect this information in two ways:
Log Files: When you use Our services, certain information is automatically recorded in Our server logs such as (i) your IP address (ii) your unique identifier, (iii) your operating system and its location, (iv) the type of browser you are using, (v) the pages you viewed.
• Cookies: We may use tracking technologies such as web beacons, log files implemented on Our web pages that We store on your devices (called “cookies”). These technologies allow Us to recognize your devices and track your exchanges with Our services, emails and advertisements.
ARTICLE 2: PROCESSING AND USE OF YOUR DATA
We mainly use your Personal Data within the framework of the management of Our clients/prospects for the needs of the supply of Our Tools, the administration of the Platform, the connection of Users and their invoicing as well as in Our relations with the Participants. Your Data also allows Us to offer you promotional offers and to carry out canvassing actions by sending you solicitations and newsletters as soon as you have given your consent.
We also use your Personal Data in order to provide, improve and personalize Our services according to your preferences and thus to adapt Our Site to the medium (computer, tablet, smartphone) that you use in order to facilitate your consultations but also to establish statistics of frequentation and use of the various elements composing our Site.
We collect only the Data necessary for the purpose of the treatment envisaged. If We plan to use your Personal Data for purposes other than those mentioned above, We undertake to inform you first. You will then have the opportunity to withhold or withdraw your consent.
ARTICLE 3: SHARING AND DISCLOSURE OF YOUR DATA
DATA COMMUNICATED WITH OUR SERVICE PROVIDERS
We use third parties for the execution of services and orders, in particular for the following services: private messages, consultations, management, execution, processing and payment. We share the necessary information to enable them to carry out their missions.
Our service providers are obliged to respect Our Charter on the protection of personal data and not to use your Personal Data to serve their own commercial interests.
DATA COMMUNICATED WITH THIRD PARTIES
“PLUG-INS” AND SOCIAL MODULES
We use “plug-ins” or social modules on some of Our sites. These include “like” and “share” buttons on third party social networks such as Facebook, Twitter, Google+…. that you can find on Our sites. They allow you to “like” and share information from Our Sites with your friends on social networks. When you consult a page of Our sites (web or mobile) containing social plug-ins or modules, a connection is established with the servers of the social networks (Facebook, Twitter…) which are then informed that you have accessed the corresponding page of the consulted site, and this even if you do not have a Facebook or Twitter user account, and even if you are not connected to your Facebook or Twitter account.
If you do not want social networks to publish your actions from the plug-ins in your social network accounts, you must disconnect from your social networks before visiting Our sites.
You can disable these Google Analytics advertising features through the ad settings or by downloading and installing the Google Opt-out add-on in your browser.
At Oriastral, we take data security very seriously. We implement all necessary security measures to protect us and our users from unauthorized access, modification, disclosure or destruction of the data we hold. In particular :
– We conduct internal audits of data collection, storage and processing, including physical security measures, to prevent unauthorized access to our systems;
– Access to personal data is strictly reserved to a very limited number of our employees.
ARTICLE 4: WHERE WE STORE/TRANSFER YOUR DATA
Your Personal Data is stored in our databases as well as those of Our service providers.
In some cases, for essentially technical reasons, certain Data may be transferred outside the territory of the European Union. In this case, We undertake to guarantee the protection of your information by setting up protection systems that comply with the applicable legislation, in particular by means of data processing contracts based on the standard contractual clauses of the European Union.
ARTICLE 5: HOW LONG WILL WE KEEP YOUR DATA?
Your Personal Data is stored by Us and/or any sub-contractor of Our choice for the strict performance of Our obligations, and is kept, unless otherwise indicated by you, for a maximum period of three years from the end of the business relationship for the purposes of commercial prospecting and in order to comply with Our legal obligations, and to resolve any disputes that may arise in connection with Our services.
At the end of these three years, We undertake to contact you again to determine whether or not you wish to continue to receive commercial solicitations. Beyond this maximum duration, the data will be archived and anonymized or destroyed.
The archiving of your Personal Data is carried out on a reliable medium in accordance with current legislation. In the event of a dispute between the Data thus retained and any document provided by you, it is expressly agreed by way of evidentiary agreement that the Data collected by Us will prevail and will be the only one admitted as evidence. In the absence of deletion on your part, the Data collected through the implementation of cookies are kept for a period of thirteen months from the implementation of the cookie on your device (smartphone, tablet, computer).
ARTICLE 6: YOUR RIGHTS
RIGHTS OF ACCESS, MODIFICATION, LIMITATION, SUPPRESSION AND PORTABILITY
You have a general right of access, rectification, limitation and deletion, a right not to be subject to an automated individual decision (including profiling) as well as a right to the portability of all Personal Data concerning you, collected as and when you use Our services.
In the event of a specific request to close your account and delete your data, you may at any time exercise these rights by going to your Personal Account and clicking on the “Delete my account” link or by contacting us at the following address: email@example.com attaching a copy of your identity card.
For data deletion, we may retain some data for legitimate business purposes or if required by law.
We take all measures to protect the data managed within the framework of our services against accidental or deliberate destruction. Therefore, even when you close your account, we do not immediately delete the remaining copies on our active servers or those stored in our backup systems. A period of 180 days is established.
RIGHT OF OPPOSITION
You may at any time object to the processing of your Personal Data or withdraw your consent by contacting Us at the following address: firstname.lastname@example.org, enclosing a copy of your identity card.
TARGETED ADVERTISING AND COOKIES
ARTICLE 7: NEWSLETTERS / PROMOTIONAL MESSAGES
We may at any time send you non-promotional emails, SMS and postal mail regarding your Personal Account. If you give your consent during Registration or through your Personal Account, We may also send you newsletters and other promotional messages by email, post and SMS. You may at any time oppose the receipt of any promotional message by using the unsubscribe link provided or by emailing Oriastral’s Customer Service via the following form: contact us.
ARTICLE 8: OBLIGATIONS OF THE EXPERT
Any Expert offering his Services on Oriastral undertakes to respect his obligations under the applicable regulations concerning the protection of personal data as it results in particular from the European Regulation on the protection of personal data. Each Expert declares, in particular, to have informed the Users in accordance with article 38 of the French Data Protection Act.
Except with the express and prior consent of the User, the Expert undertakes not to make any use of the Personal Data relating to the User for purposes other than the strict requirements of the execution and invoicing of his Service or with a view to asserting his rights in any dispute between him and a User. Likewise, the Expert is informed that he is forbidden to communicate any Personal Data to a third party without the User’s express prior consent.
Any Expert undertakes to guarantee and indemnify Us against the consequences of any claim emanating from a User resulting from the violation by the Expert of his obligations under the applicable regulations concerning the protection of personal data and/or under the terms of the Policy.
ARTICLE 9: UPDATING OF THE CHARTER
We reserve the right to modify the present Policy, at any time, in whole or in part, taking into account the modifications and evolutions of Our internal uses and procedures.
We invite you to regularly consult this Policy, before any collection of your Data.
ARTICLE 10: CONTACT AND DATA CONTROLLER