EN | FR

PRIVACY POLICY FOR CUSTOMERS AND PROSPECTS OF ESTIN & CO

Estin & Co (the “Company”) is committed to protecting the personal data of its customers, prospects and visitors on its website at https://estin.com (the “Site”). For this reason, it provides the required level of protection for this data, particularly under the French law “Loi Informatique et Libertés” of 6 January 1978 (amended by article n° 2018-493 of 20 June 2018) and the European Data Protection Regulation of 27 April 2016 (“GDPR”). The Company wishes to inform its customers and prospects of how it protects their personal data, including for sending newsletters or business information or using its Site.

Identity of the Data Processing Manager

The entity responsible for processing collected personal data is:

Estin & Co
RCS Paris No. 414 876 961
3, rue du Docteur Lancereaux, 75008 Paris, France

Collected personal data and purposes

Customer data: name*, first name*, e-mail*, company and position in the company.

Data marked with an asterisk is compulsory for the creation of a customer or prospect record in the Company’s CRM.

This data is collected for the following specific purposes:

  • follow-up on current contracts
  • management of customer relationship
  • business development

The legal basis for the collection and processing of personal data by the Company is based, depending on the processing, on the consent of the customer, prospect or user, the execution of a contract between the Company and the client, or the legitimate interest of the Company with regard in particular to business development.

Recipients of personal data

The Company and its subcontractors:

Collected and processed personal data is intended for the internal services of the Company: marketing; accounting, secretarial work.

The Company has to transfer certain personal data of its customers and prospects to subcontractors, solely with the purpose to enable them to carry out the missions entrusted to them and according to the instructions of the Company.

These subcontractors have an obligation to ensure the security and confidentiality of this personal data and not to use it for any purpose other than the fulfillment of their mission.

These subcontractors are:

  • Salesforce: Salesforce.com France S.A.S, RCS Paris 483 993 226, 3 Avenue Octave Gréard, 75007 Paris – France
  • The Rocket Science Group LLC d/b/a Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA

Data transfer outside the EU

The Company provides access to personal data to its internal employees located in London, Zurich, New York and Shanghai with appropriate safeguards.

In the context of a transfer of personal data to a subcontractor located in a country outside the European Union, or not offering the same degree of protection as the country of residence of the person whose data is being processed, the Company commits to either one of the following:

obtain the consent of the person to share their personal data with these subcontractors,

or conclude data transfer contracts complying at least with the standard contractual clauses adopted by the European Commission,

or to ensure that any potential US subcontractor is a company that has joined the US. Privacy Shield and registered as such with the US administration.

CUSTOMER AND PROSPECT CONTACT

Electronic communication

The Company’s customers and prospects are likely to receive communications from the Company or its subcontractors by electronic means (email and text messages).

The Company is likely to measure the open rate, click-through rates and unsubscribe rates of its mailings in order to adapt them as best as possible.

If the customer or prospect does not wish to receive information and business development messages from the Company, he or she can oppose being contacting at any time by indicating it via the unsubscribe link provided for this purpose in all electronic communications of the Company.

Retention

The personal data of the prospect is kept by the Company for a period of three years from the latest contact.

Personal data necessary to comply with a legal or contractual obligation of the Company is kept and/or archived in accordance with the provisions in force (notably but not exclusively those provided for by the Code of Commerce, the Civil Code or the Consumer Code).

Exercising rights on personal data

In accordance with the amended Computer and Freedoms Act and current European regulations, and under the conditions specified by the provisions of the GPDR, the User whose personal data is collected and processed by the Company benefits from the the following rights on his or her personal data:

  • a right of access which allows him or her to obtain from the Company the communication of personal data relating to him or her,
  • a right to rectification which allows him or her, if necessary, to rectify, complete, update personal data which is inaccurate, incomplete, ambiguous, out of date,
  • a right to erasure (“right to be forgotten”) which allows him or
  • her to obtain from the Company, under certain circumstances and conditions, the erasure or deletion of his personal data,
  • a right to restrict processing, which allows him or her, under certain conditions, to prohibit the Company from using and processing his or her data for a certain time so that verification can take place (verify the accuracy of personal data, check whether the legitimate reasons given by the person prevail over those of the data controller in the event of a request for opposition, etc.).
  • a right to data portability allowing the Company, under the conditions of Article 20 of the GDPR, to retrieve the data it has provided in an easily reusable form, and, if necessary, to then transfer them to a third party.
  • a right to object in certain circumstances and conditions, except in matters of business development and commercial segmentation by the Company (this right can then be exercised without having to justify a legitimate reason), for personal data concerning him or her to be processed,
  • the right to lodge a complaint with a supervisory authority: any complaint on the applicable data protection legislation can be brought before the CNIL: www.cnil.fr.

In accordance with current European regulations, the User can exercise his or her rights by accompanying his or her request with a two-sided copy of his identity card with his signature:

By mail to:

Estin & Co
3, Rue du Docteur Lancereaux, 75008 Paris

By email to: privacy@estin.com

The person concerned can also, at any time, unsubscribe to newsletters or from the Company’s information or business development actions by clicking on the unsubscribe link available in each newsletter.