Privacy Policy
Data Protection Policy
This Data Protection Policy (hereinafter referred to as "Data Protection Policy") is effective as of February 27, 2024.
The Data Protection Policy is designed to outline the processing of User data by the company AUTHENTICITY while they use the Services. Please note that this Data Protection Policy is an integral part of the General Terms and Conditions of Sale and Use (GTCU). Therefore, any terms not defined in this document are defined in the GTCU.
AUTHENTICITY is a SAS with a capital of €2,132 – 948 152 004 Paris – 96 Boulevard Sébastopol, 75003 Paris – NAF 62.01Z – represented by Fabien Tardit, President, email: bonjour@eteos.io.
If you disagree with the terms of this Data Protection Policy, please refrain from using the site or the Service.
General Information
Personal data ("Personal Data") refers to information that can identify a natural person, directly or indirectly. This could include a name, first name, email, phone number, or an address.
The information collected by the Company for identification, billing, information, or service improvement purposes has been declared to the National Commission on Informatics and Liberty (CNIL).
A Lawyer may respond to a User who contacts them via email but cannot initiate unsolicited contact with a User. Therefore, no Lawyer may contact a User or Client without prior solicitation.
Who Collects Your Personal Data?
The website www.eteos.io (hereinafter referred to as the "Site") is operated by the company AUTHENTICITY (hereinafter referred to as the "Company").
As part of the management and operation of the Site, the Company, as the data controller, may collect personal data from Users (hereinafter referred to as the "Users").
The Company places great importance on privacy and takes all necessary measures to ensure the confidentiality and security of User personal data.
This Data Protection Policy aims to explain to Users how the Company processes their personal data, in accordance with the principles outlined in the General Data Protection Regulation ("GDPR") that came into effect on February 27, 2024.
To that end, the Company encourages Users to review this Data Protection Policy to understand how their personal data is processed and their rights.
What Data Is Collected and For How Long?
In the event of ordering services, personal data is retained for the duration of the contractual relationship and for three years after collection or the last contact with the User, for marketing purposes.
If the User participates in a promotional offer, personal data is kept for the duration of that offer.
If the User submits a request to the Company, personal data will be kept for the time needed to process the request.
If the User creates an account, personal data will be retained until the User requests the deletion of their account or until after a period of inactivity, within the limits of the legal prescription periods.
If the User has consented to receive marketing messages, personal data is retained until the User unsubscribes or after a period of inactivity, within the limits of the legal prescription periods.
If cookies are placed on the User's computer, personal data will be retained for the duration of a session for shopping cart or session identification cookies and for any period defined according to applicable regulations.
The Company may retain certain data to meet legal or regulatory obligations, to exercise its rights, and/or for statistical or historical purposes.
After the retention periods mentioned above, personal data will be deleted, or the Company will anonymize it.
Why Is Personal Data Collected?
The Company collects Users’ personal data for the following purposes:
Purpose → Legal Basis
Creation and management of an account → Necessary for contract performance.
Provision of services on the Site → Necessary for contract performance.
Order processing → Necessary for contract performance.
Billing → Necessary for contract performance.
Information on the Company, services, and activities → Necessary for the Company’s legitimate interests.
Responding to client inquiries/complaints → Necessary for contract performance.
Developing business statistics → Necessary for the Company’s legitimate interests.
Handling access, erasure, rectification, and opposition rights → Necessary for contract performance.
Managing unpaid invoices and disputes → Necessary for contract performance.
Who Are the Recipients of Personal Data?
User personal data is collected and processed by the Company’s commercial department. Data may also be shared with the Company’s subcontractors who act on behalf of the Company, such as website hosting providers, payment processors, and advertising technology providers.
In the course of delivering services, personal data may be transferred outside the European Union, in compliance with the GDPR and the "Schrems II" decision of the Court of Justice of the European Union dated July 16, 2020. The Company ensures that any third country’s legal framework allows for protection levels equivalent to European Union standards.
For data transfers to the United States, the Company guarantees that its partners, including HubSpot, Inc., ensure an equivalent level of protection as required by GDPR.
Why Does the Company Use Cookies?
In accordance with CNIL deliberation no. 2013-378 dated December 5, 2013, the Company informs Users that cookies store certain information on their hard drives. This information is used to generate site traffic statistics and provide services based on previous selections.
An alert message in the form of a banner will request that Users accept cookies before they proceed. Cookies do not contain confidential information.
For more details about how cookies are managed or to configure them, Users can refer to the "Help" section in their browser or visit the CNIL website.
How Are User Data Hosted?
User data is hosted by Amazon AWS in Ireland, secured by 256-bit SSL protocols.
What Are the Users' Rights?
In accordance with the French Data Protection Act and GDPR, Users have the following rights:
Right of access: Users can request a copy of their personal data.
Right of rectification: Users can request that the Company corrects inaccurate data.
Right to object: Users can object to the processing of their personal data.
Right to erasure: Users can request the deletion of certain data under specific conditions.
Right to restriction of processing: Users can request a temporary restriction on data processing in certain cases.
Right to data portability: Users can request that their data be transferred to another data controller.
Users may exercise their rights by contacting the Company via email at bonjour@eteos.io or by postal mail at 96 Boulevard Sébastopol, 75003 Paris. They may also lodge complaints with the CNIL.
How Are Banking Data Recorded?
To improve the purchasing experience, the Company offers Users the option to save their banking information, but this will only be done with prior consent.
How Are Users Notified of Policy Changes?
© 2024 – Eteos