Privacy Policy

Introduction

Navailles is a company that designs, manufactures and markets Office, public authority and medical chairs.

Our site address is: https://navailles.fr

We process your personal data in the capacity of co-controller. That is to say, we jointly process and protect your personal data.

Because your personal and business data is very valuable to us, protecting and respecting it has always been a top priority for us.

Therefore, we have appointed a single data protection officer for the governance of your data, within Navailles, to guarantee the effectiveness of our process for securing and updating your information with strict quality procedures. This officer may be contacted at rgpd@navailles.fr.

Finally, this privacy policy applies to anyone connected to Navailles, both internally and externally.

What data do we collect and how? We only collect the personal data necessary for the operation of our business, according to the profile of our contact. It may be:

identification data (marital status, email address, address, telephones, etc.)
data relating to personal life (family situation, excluding sensitive or dangerous data)
data relating to professional life (CV, education, training, etc.)
economic and financial data (income, financial situation, tax situation, etc.)
data regarding commercial interactions (contact data, reports, etc.)

As part of its business, Navailles does not process any personal data relating to your racial or ethnic origins, political opinions, religion, philosophical beliefs or trade union membership, genetic data, sexual life or orientation, etc.

We collect your personal data through:

our communication tools (website, social networks, trade fairs, etc.)
external contracts binding us (calls for tenders, commercial transactions, etc.)
the internal contract binding us (employment contract)

Your data is not communicated to third parties. However, you are informed that it may be disclosed pursuant to a law, regulation or by virtue of decision of a competent regulatory or judicial authority.

Should we take part in a merger, acquisition or other form of disposal of assets, we undertake to obtain your prior consent to the communication of your personal data and to maintain the level of confidentiality of your personal data to which you have consented.

Why do we use your data?

Your data is used to:

provide pre-contractual information (e.g. information about our products and services)
conclude and perform existing contracts,
manage customer accounts,
provide solutions the best suited to your needs, etc.
monitor the customer relationship such as carrying out satisfaction surveys, managing complaints and after-sales service
compiling commercial statistics
managing your user and employee profile
managing requests relating to the right of access, rectification and objection

For this purpose, we use the following means:

marketing campaigns
commercial documents
website, social networks
phone calls, reports
ERP and other business software

Where is your data hosted?

As the processing controller, we implement all appropriate technical and organisational measures in accordance with the applicable legal provisions, to ensure a level of security in relation to the risks of accidental, unauthorised or illegal access, disclosure, tampering, loss or destruction of your personal data.

All personal data is stored in:

our own on-site servers
outsourced servers in France and owned by sub-contractors, processing co-controllers, the only third parties to whom we are required to disclose your data and which are fully compliant with the GDPR (financial institutions, technology service providers)

Should we become aware of illegal access to your personal data stored on our servers or those of our providers, or of unauthorised access resulting in occurrence of the risks identified above, we undertake to:

notify you of the incident as soon as possible
examine the causes of the incident and inform you of them
take reasonable steps to mitigate any adverse effects or harm that may result from the said incident

In no event may the undertaking stated relating to notification in the event of a security breach be deemed to be recognition in any way of fault or liability in respect of the occurrence of the incident in question.

Data retention period:

In accordance with Article 6-5° of Act No. 78-17 of 6 January 1978 on data processing, files and freedoms, personal data which is processed may not be retained beyond the time necessary for the performance of the obligations defined when entering into the contract or the predefined duration of the contractual relationship.

We retain personal data for the duration strictly necessary for realisation of the purposes described in the general conditions of use. Beyond this period, it shall be erased if possible or else anonymised and retained for statistical purposes only and shall not be exploited in any way.

If you leave a comment, the comment and its metadata are retained indefinitely. This means the following comments will be automatically recognised and approved instead of them being left in the moderation queue.

For accounts that are registered on our website (where applicable), we also store the personal data indicated in their profile. All accounts can view, edit or delete their personal information at any time (except their identifier). The website managers may also view and edit this information.

Comments

When you leave a comment on our site, the data entered in the comment form, as well as your IP address and the user agent of your browser are collected to help us detect unwanted comments.

Une chaîne anonymisée créée à partir de votre adresse e-mail (également appelée hash) peut être envoyée au service Gravatar pour vérifier si vous utilisez ce dernier. Les clauses de confidentialité du service Gravatar sont disponibles ici : https://automattic.com/privacy/. Après validation de votre commentaire, votre photo de profil sera visible publiquement à coté de votre commentaire.

Media

If you upload images to the site, we recommend that you avoid uploading images containing EXIF data of GPS coordinates. People visiting our website can download and extract location data from these images.

Cookies

If you leave a comment on our website, you will be requested to store your name, email address and site in cookies. It is only for your comfort so that you do not have to enter this information again if you leave another comment later. These cookies expire after one year.

If you go to the login page, a temporary cookie will be created to determine whether your browser accepts cookies. It does not contain any personal data and will be deleted automatically when you close your browser.

Lorsque vous vous connecterez, nous mettrons en place un certain nombre de cookies pour enregistrer vos informations de connexion et vos préférences d’écran. La durée de vie d’un cookie de connexion est de deux jours, celle d’un cookie d’option d’écran est d’un an. Si vous cochez « Se souvenir de moi », votre cookie de connexion sera conservé pendant deux semaines. Si vous vous déconnectez de votre compte, le cookie de connexion sera effacé.

By editing or publishing a publication, an additional cookie will be stored in your browser. This cookie does not contain any personal data. It simply shows the ID of the publication you have just modified. It expires after one day.

Embedded content from other sites

Articles on this website may include embedded content (e.g. videos, images, articles, etc.). Content embedded from other websites behaves in the same way as if the visitor were visiting that other website.

These websites may collect data about you, use cookies, embed third-party tracking tools or monitor your interactions with this embedded content if you have an account connected to their website.

Use and transmission of your personal data

If you request a password reset, your IP address will be included in the reset email.

What are your rights?

If you have an account or have left comments on the website, you can ask to receive a file containing all of the personal data that we have about you, including information you have provided to us. You can also ask for your personal data to be deleted. This does not include data stored for administrative, legal or security reasons.

In accordance with the applicable regulations, you have:

a right to access your personal data
a right to correct and update your data
a right to erase or object to the use of your data subject to you providing evidence of a legitimate reason
a right to portability
a right to issue instructions regarding the retention, erasure and disclosure of your personal data after your death

You may exercise these rights by sending a letter to:

NAVAILLES SAS

Rond-point d’Espagne

40700 HAGETMAU

or by sending an email to rgpd@navailles.fr

We may verify your identity and/or ask you to provide us with more information in order to respond to your request. We will endeavour to respond to your request within a reasonable time and, in any event, within the time limits laid down by the law.

In accordance with the applicable regulations, you are entitled to submit a complaint to the competent supervisory authority such as the CNIL (French National Commission for Information Technology and Freedoms) in France